path: root/kernel/net/netfilter/ipset/ip_set_bitmap_port.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix coding styles reported by checkpatch.plJozsef Kadlecsik2015-01-061-3/+4
* netfilter: ipset: Add skbinfo extension kernel support for the bitmap set types.Anton Danilov2014-09-081-2/+9
| | | | | | | | Add skbinfo extension kernel support for the bitmap set types. Inroduce the new revisions of bitmap_ip, bitmap_ipmac and bitmap_port set types. Signed-off-by: Anton Danilov <> Signed-off-by: Jozsef Kadlecsik <>
* net/netfilter/ipset: Resolve missing-field-initializer warningsMark Rustad2014-08-051-2/+2
| | | | | | | | | Resolve missing-field-initializer warnings by providing a directed initializer. Signed-off-by: Mark Rustad <> Signed-off-by: Jeff Kirsher <> Signed-off-by: Jozsef Kadlecsik <>
* Fix memory allocation for bitmap:portJozsef Kadlecsik2013-10-181-1/+1
| | | | | | | | At the restructuring of the bitmap types creation in ipset, for the bitmap:port type wrong (too large) memory allocation was copied (netfilter bugzilla id #859). Reported-by: Quentin Armitage <>
* ipset: Add net namespace for ipsetVitaly Lavrov2013-09-281-1/+2
| | | | | | | | | | | | | | | | This patch adds netns support for ipset. Major changes were made in ip_set_core.c and ip_set.h. Global variables are moved to per net namespace. Added initialization code and the destruction of the network namespace ipset subsystem. In the prototypes of public functions ip_set_* added parameter "struct net*". The remaining corrections related to the change prototypes of public functions ip_set_*. The patch for git:// commit 6a4ec96c0b8caac5c35474e40e319704d92ca347 Signed-off-by: Vitaly Lavrov <> Signed-off-by: Jozsef Kadlecsik <>
* netfilter: ipset: Support comments in bitmap-type ipsets.Oliver Smith2013-09-231-1/+3
| | | | | | | | | | | | | | This provides kernel support for creating bitmap ipsets with comment support. As is the case for hashes, this incurs a penalty when flushing or destroying the entire ipset as the entries must first be walked in order to free the comment strings. This penalty is of course far less than the cost of listing an ipset to userspace. Any set created without support for comments will be flushed/destroyed as before. Signed-off-by: Oliver Smith <> Signed-off-by: Jozsef Kadlecsik <>
* Generalize extensions supportJozsef Kadlecsik2013-09-071-65/+6
| | | | | Get rid of the structure based extensions and introduce a blob for the extensions. Thus we can support more extension types easily.
* Move extension data to set structureJozsef Kadlecsik2013-09-071-23/+21
| | | | | | Default timeout and extension offsets are moved to struct set, because all set types supports all extensions and it makes possible to generalize extension support.
* Rename extension offset ids to extension idsJozsef Kadlecsik2013-09-061-5/+5
* Rename simple macro names to avoid namespace issues.Jozsef Kadlecsik2013-05-011-5/+5
| | | | Reported-by: David Laight <David.Laight@ACULAB.COM>
* The bitmap types with counter supportJozsef Kadlecsik2013-04-091-4/+53
| | | | Signed-off-by: Jozsef Kadlecsik <>
* Bitmap types using the unified code baseJozsef Kadlecsik2013-04-091-282/+79
| | | | Signed-off-by: Jozsef Kadlecsik <>
* Include supported revisions in module descriptionJozsef Kadlecsik2012-09-111-3/+6
* ipset: Stop using NLA_PUT*().David S. Miller2012-05-101-13/+16
| | | | | | | These macros contain a hidden goto, and are thus extremely error prone and make code hard to audit. Signed-off-by: David S. Miller <>
* ipset: use NFPROTO_ constantsJan Engelhardt2011-08-311-2/+2
| | | | | ipset is actually using NFPROTO values rather than AF (xt_set passes that along).
* Add xt_action_param to the variant level kadt functions, ipset API changeJozsef Kadlecsik2011-05-271-0/+1
| | | | | | With the change the sets can use any parameter available for the match and target extensions, like input/output interface. It's required for the hash:net,iface set type.
* Set type support with multiple revisions addedJozsef Kadlecsik2011-05-111-1/+2
| | | | | A set type may have multiple revisions, for example when syntax is extended. Support continuous revision ranges in set types.
* Fix adding ranges to hash typesJozsef Kadlecsik2011-05-061-1/+1
| | | | | | When ranges are added to hash types, the elements may trigger rehashing the set. However, the last successfully added element was not kept track so the adding started again with the first element after the rehashing. Bug reported by Mr Dash Four.
* Options and flags support added to the kernel APIJozsef Kadlecsik2011-04-181-3/+4
| | | | | | The support makes possible to specify the timeout value for the SET target and a flag to reset the timeout for already existing entries.
* Timeout can be modified for already added elementsJozsef Kadlecsik2011-03-271-10/+10
| | | | | | | | | | When an element to a set with timeout added, one can change the timeout by "readding" the element with the "-exist" flag. That means the timeout value is reset to the specified one (or to the default from the set specification if the "timeout n" option is not used). Example ipset add foo timeout 10 ipset add foo timeout 600 -exist
* References are protected by rwlock instead of mutexJozsef Kadlecsik2011-03-251-2/+1
| | | | | | | The timeout variant of the list:set type must reference the member sets. However, its garbage collector runs at timer interrupt so the mutex protection of the references is a no go. Therefore the reference protection is converted to rwlock.
* Reorganized kernel/ subdirJozsef Kadlecsik2011-02-031-0/+515
The kernel/ subdirectory is reorganized to follow the kernel directory structure.