summaryrefslogtreecommitdiffstats
path: root/kernel
Commit message (Collapse)AuthorAgeFilesLines
...
* netfilter: ipset: add missing include to xt_set.hPatrick McHardy2011-02-011-0/+1
| | | | Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: ipset: remove unnecessary includesPatrick McHardy2011-02-019-27/+0
| | | | | | | | | None of the set types need uaccess.h since this is handled centrally in ip_set_core. Most set types additionally don't need bitops.h and spinlock.h since they use neither. tcp.h is only needed by those using before(), udp.h is not needed at all. Signed-off-by: Patrick McHardy <kaber@trash.net>
* netfilter: ipset: use nla_parse_nested()Patrick McHardy2011-02-011-26/+16
| | | | | | | | | | | | Replace calls of the form: nla_parse(tb, ATTR_MAX, nla_data(attr), nla_len(attr), policy) by: nla_parse_nested(tb, ATTR_MAX, attr, policy) Signed-off-by: Patrick McHardy <kaber@trash.net>
* Separate ipset errnos completely from system ones and bump protocol version.Jozsef Kadlecsik2011-01-311-3/+3
|
* Use better error codes in xt_set.cJozsef Kadlecsik2011-01-311-12/+12
|
* Fix sparse warning about shadowed definitionJozsef Kadlecsik2011-01-271-1/+1
|
* bitmap:ip type: flavour specific adt functionsJozsef Kadlecsik2011-01-271-301/+168
| | | | | Use flavour-specific ADT functions and use shared ones for all other type functions (Patrick McHardy's review)
* bitmap:port type: flavour specific adt functionsJozsef Kadlecsik2011-01-271-278/+159
| | | | | Use flavour-specific ADT functions and use shared ones for all other type functions (Patrick McHardy's review)
* Move the type specifici attribute validation to the coreJozsef Kadlecsik2011-01-2713-392/+254
| | | | | | The type specific attribute validation can be moved to the ipset core. That way it's done centrally and thus can be eliminated from the individual set types (suggested by Patrick McHardy).
* Use vzalloc() instead of __vmalloc()Jozsef Kadlecsik2011-01-2612-24/+20
| | | | Use vzalloc() if kernel version supports it. (Eric Dumazet, Patrick McHardy)
* Use meaningful error messages in xt_set.cJozsef Kadlecsik2011-01-261-8/+12
| | | | Old cryptic error messages are not useful (Patrick McHardy's review)
* Constified attribute cannot be writtenJozsef Kadlecsik2011-01-261-1/+11
| | | | | | Attribute is const so a little bit more work is needed to return the error line number. A test is also added in order to check the functionality. (Patrick McHardy's review)
* Send (N)ACK at dumping only when NLM_F_ACK is setJozsef Kadlecsik2011-01-261-1/+3
| | | | | Missing check of the flag NLM_F_ACK is added to the kernel - and userspace does set it too (Patrick McHardy's review)
* Correct the error codes: use ENOENT and EMSGSIZEJozsef Kadlecsik2011-01-266-43/+69
| | | | Use correct error codes (Patrick McHardy's review)
* ipset 5.4 releasedv5.4Jozsef Kadlecsik2011-01-211-0/+23
|
* Fixed broken ICMP and ICMPv6 handlingJozsef Kadlecsik2011-01-211-6/+7
| | | | | | I mistyped the bitwise operator and the network-order conversion was missing too. Sigh, sendip cannot generate proper packets to check ICMP and ICMPv6 in the testsuite. :-(
* Fix trailing whitespaces and pr_* messagesJozsef Kadlecsik2011-01-2112-69/+67
| | | | | | Some trailing whitespace slipped in, those are removed. With the deleted ip_set_kernel.h, the pr_* messages lost the trailing "\n" character. The messages were completed with it.
* Un-inline functions which are not small enoughJozsef Kadlecsik2011-01-2012-161/+42
|
* Fix module loading at create/header commandsJozsef Kadlecsik2011-01-202-50/+37
| | | | | While holding the nfnl_mutex, module loading is not allowed. Bug spotted by Patrick McHardy in his reviewing.
* Fix wrong kzalloc flag in type_pf_expireJozsef Kadlecsik2011-01-201-1/+1
| | | | | The expire functions of the hash types are called while locked, so kzalloc must be called with GFP_ATOMIC.
* The get_ip*_port functions are too large to be inlined, moved into the core.Jozsef Kadlecsik2011-01-208-138/+160
|
* Add missing __GFP_HIGHMEM flag to __vmallocJozsef Kadlecsik2011-01-201-1/+2
| | | | | We may call ip_set_alloc with GFP_ATOMIC, so we cannot replace __vmalloc with vzalloc. Missing flag was noticed by Eric Dumazet.
* Enforce network-order data in the netlink protocolJozsef Kadlecsik2011-01-2012-86/+214
| | | | | | Allow only network-order data, with NLA_F_NET_BYTEORDER flag. Sanity checks also added to prevent processing broken messages where mandatory attributes are missing. (Patrick McHardy's review)
* Use annotated types and fix sparse warningsJozsef Kadlecsik2011-01-2014-123/+110
| | | | | | Annotated types are introduced and sparse warnings fixed. Two warnings remained in ip_set_core.c but those are false ones. (Patrick McHardy's review)
* Move ip_set_alloc, ip_set_free and ip_set_get_ipaddr* into coreJozsef Kadlecsik2011-01-202-77/+88
| | | | | | The functions are too large to be inlined, so move them into the core. Also, fix the unnecessary initializations in ip_set_get_ipaddr*. (Patrick McHardy's review)
* NETMASK*, HOSTMASK* macros are too genericJozsef Kadlecsik2011-01-2010-55/+74
| | | | | NETMASK*, HOSTMASK* macros are rewritten to small inline functions ip_set_netmask* and ip_set_hostmask* (Patrick McHardy's review)
* Use static LIST_HEAD() for ip_set_type_listJozsef Kadlecsik2011-01-201-3/+1
| | | | | Avoid the need for explicit initialization during runtime (Patrick McHardy's review)
* Move NLA_PUT_NET* macros to include/net/netlink.hJozsef Kadlecsik2011-01-201-6/+0
| | | | These macros can be useful in general (Patrick McHardy's review)
* The module parameter max_sets should be unsigned intJozsef Kadlecsik2011-01-201-1/+1
| | | | Negative set numbers are strange :-) (Patrick McHardy's review)
* Get rid of ip_set_kernel.hJozsef Kadlecsik2011-01-2012-26/+0
| | | | | The header file was useful at deep debugging only, we can get rid of now. (Patrick McHardy's review)
* Fix the placement style of boolean operators at continued linesJozsef Kadlecsik2011-01-2014-219/+219
| | | | Fix "&&" and "||" continuation style (Patrick McHardy's review)
* ipset 5.3 releasedv5.3Jozsef Kadlecsik2011-01-181-0/+9
|
* There is no need to call synchronize_net() at swapping.Jozsef Kadlecsik2011-01-141-4/+0
| | | | | | Ongoing add/del can happen to referenced sets and delete can be issued to unreferenced sets. So the bogus call to synchronize_net() can safely be removed.
* Replace strncpy with strlcpy at creating a set.Jozsef Kadlecsik2011-01-141-1/+1
| | | | Better add more safety nets against user input.
* Update copyright date and some style changes.Jozsef Kadlecsik2011-01-1414-16/+16
|
* Use jhash.h accepted in kernel, with backward compatibility.Jozsef Kadlecsik2011-01-139-9/+9
|
* Separate prefixlens from ip_set core.Jozsef Kadlecsik2011-01-1313-297/+314
| | | | | | Separate prefixlens from ip_set core for better readibility and honoring the independence. Also, comment that prefixlens were borrowed from Jan Engelhardt.
* kernel: remove unused ctnl parameter from call_adJan Engelhardt2011-01-031-6/+5
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* Comment the possible return values of the add/del/test type-functionsJozsef Kadlecsik2010-12-231-2/+8
|
* ipset 5.2 releasedv5.2Jozsef Kadlecsik2010-12-231-0/+3
|
* Kernel version check at minimal supported version is mistyped, now fixed.Jozsef Kadlecsik2010-12-221-2/+2
|
* ipset 5.1 releasedv5.1Jozsef Kadlecsik2010-12-221-0/+13
|
* Kernel version compatibility: support from 2.6.34Jozsef Kadlecsik2010-12-214-38/+42
| | | | | The basic kernel compatibility issues are verified back to 2.6.24. The minimal supported kernel version had to be bumped from 2.6.31 to 2.6.34.
* kernel: use EXPORT_SYMBOL_GPLJan Engelhardt2010-12-191-13/+13
|
* kernel: const annotationsJan Engelhardt2010-12-1913-71/+71
|
* kernel: use __read_mostly for registration-type structuresJan Engelhardt2010-12-199-10/+10
| | | | Here is where __read_mostly goes :-)
* kernel: do not mix const and __read_mostlyJan Engelhardt2010-12-1914-51/+40
| | | | | It makes no sense to mix these two. Either it is writable-plus-read-mostly, or it is constant.
* xt_set: avoid user types in exported kernel headersJan Engelhardt2010-12-191-6/+6
| | | | Within isolated code it would be ok, but not so in exported headers.
* Prevent calling Makefile directly in the kernel/ subdirectoryJozsef Kadlecsik2010-12-191-0/+4
|
* Fix Kbuild for me to delete backup filesJozsef Kadlecsik2010-12-171-1/+1
|
generated by cgit v1.2.3 (git 2.25.0) at 2024-11-12 18:17:06 +0000