path: root/kernel/ip_set_core.c
Commit message (Collapse)AuthorAgeFilesLines
* Reorganized kernel/ subdirJozsef Kadlecsik2011-02-031-1676/+0
| | | | | The kernel/ subdirectory is reorganized to follow the kernel directory structure.
* netfilter: ipset: send error message manuallyJozsef Kadlecsik2011-02-021-7/+26
| | | | | | | | | | | When a message carries multiple commands and one of them triggers an error, we have to report to the userspace which one was that. The line number of the command plays this role and there's an attribute reserved in the header part of the message to be filled out with the error line number. In order not to modify the original message received from the userspace, we construct a new, complete netlink error message and modifies the attribute there, then send it. Netlink is notified not to send its ACK/error message.
* netfilter: ipset: use nla_parse_nested()Patrick McHardy2011-02-011-26/+16
| | | | | | | | | | | | Replace calls of the form: nla_parse(tb, ATTR_MAX, nla_data(attr), nla_len(attr), policy) by: nla_parse_nested(tb, ATTR_MAX, attr, policy) Signed-off-by: Patrick McHardy <>
* Fix sparse warning about shadowed definitionJozsef Kadlecsik2011-01-271-1/+1
* Move the type specifici attribute validation to the coreJozsef Kadlecsik2011-01-271-28/+58
| | | | | | The type specific attribute validation can be moved to the ipset core. That way it's done centrally and thus can be eliminated from the individual set types (suggested by Patrick McHardy).
* Use vzalloc() instead of __vmalloc()Jozsef Kadlecsik2011-01-261-3/+8
| | | | Use vzalloc() if kernel version supports it. (Eric Dumazet, Patrick McHardy)
* Constified attribute cannot be writtenJozsef Kadlecsik2011-01-261-1/+11
| | | | | | Attribute is const so a little bit more work is needed to return the error line number. A test is also added in order to check the functionality. (Patrick McHardy's review)
* Send (N)ACK at dumping only when NLM_F_ACK is setJozsef Kadlecsik2011-01-261-1/+3
| | | | | Missing check of the flag NLM_F_ACK is added to the kernel - and userspace does set it too (Patrick McHardy's review)
* Correct the error codes: use ENOENT and EMSGSIZEJozsef Kadlecsik2011-01-261-17/+17
| | | | Use correct error codes (Patrick McHardy's review)
* Fix trailing whitespaces and pr_* messagesJozsef Kadlecsik2011-01-211-27/+27
| | | | | | Some trailing whitespace slipped in, those are removed. With the deleted ip_set_kernel.h, the pr_* messages lost the trailing "\n" character. The messages were completed with it.
* Un-inline functions which are not small enoughJozsef Kadlecsik2011-01-201-4/+4
* Fix module loading at create/header commandsJozsef Kadlecsik2011-01-201-49/+36
| | | | | While holding the nfnl_mutex, module loading is not allowed. Bug spotted by Patrick McHardy in his reviewing.
* Add missing __GFP_HIGHMEM flag to __vmallocJozsef Kadlecsik2011-01-201-1/+2
| | | | | We may call ip_set_alloc with GFP_ATOMIC, so we cannot replace __vmalloc with vzalloc. Missing flag was noticed by Eric Dumazet.
* Enforce network-order data in the netlink protocolJozsef Kadlecsik2011-01-201-19/+16
| | | | | | Allow only network-order data, with NLA_F_NET_BYTEORDER flag. Sanity checks also added to prevent processing broken messages where mandatory attributes are missing. (Patrick McHardy's review)
* Use annotated types and fix sparse warningsJozsef Kadlecsik2011-01-201-3/+3
| | | | | | Annotated types are introduced and sparse warnings fixed. Two warnings remained in ip_set_core.c but those are false ones. (Patrick McHardy's review)
* Move ip_set_alloc, ip_set_free and ip_set_get_ipaddr* into coreJozsef Kadlecsik2011-01-201-0/+82
| | | | | | The functions are too large to be inlined, so move them into the core. Also, fix the unnecessary initializations in ip_set_get_ipaddr*. (Patrick McHardy's review)
* Use static LIST_HEAD() for ip_set_type_listJozsef Kadlecsik2011-01-201-3/+1
| | | | | Avoid the need for explicit initialization during runtime (Patrick McHardy's review)
* The module parameter max_sets should be unsigned intJozsef Kadlecsik2011-01-201-1/+1
| | | | Negative set numbers are strange :-) (Patrick McHardy's review)
* Get rid of ip_set_kernel.hJozsef Kadlecsik2011-01-201-1/+0
| | | | | The header file was useful at deep debugging only, we can get rid of now. (Patrick McHardy's review)
* Fix the placement style of boolean operators at continued linesJozsef Kadlecsik2011-01-201-77/+77
| | | | Fix "&&" and "||" continuation style (Patrick McHardy's review)
* There is no need to call synchronize_net() at swapping.Jozsef Kadlecsik2011-01-141-4/+0
| | | | | | Ongoing add/del can happen to referenced sets and delete can be issued to unreferenced sets. So the bogus call to synchronize_net() can safely be removed.
* Replace strncpy with strlcpy at creating a set.Jozsef Kadlecsik2011-01-141-1/+1
| | | | Better add more safety nets against user input.
* Update copyright date and some style changes.Jozsef Kadlecsik2011-01-141-3/+2
* Separate prefixlens from ip_set core.Jozsef Kadlecsik2011-01-131-0/+1561
Separate prefixlens from ip_set core for better readibility and honoring the independence. Also, comment that prefixlens were borrowed from Jan Engelhardt.