summaryrefslogtreecommitdiffstats
path: root/lib/ipset_hash_netiface.c
Commit message (Collapse)AuthorAgeFilesLines
* Library reworked to support embedding ipset completelyJozsef Kadlecsik2018-10-181-1/+1
| | | | | | | | | | | The ipset library is rewritten/extended to support embedding ipset, so that sets can fully be managed without calling the ipset binary. The ipset binary relies completely on the new library. The libipset.3 manpage was written about the library functions and usage. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Userspace revision handling is reworkedJozsef Kadlecsik2018-01-021-679/+456
| | | | | | | | | | | In order to make it simpler and more straightforward to express the revisions of the set type, all keywords and their parsing are separated from the individual set types. All backward compatibility arguments are recognized and ignored arguments are supported. Recognized but ignored arguments will be removed in a later release.
* libipset: Add userspace support of the skbinfo extension of the hash set types.Anton Danilov2014-09-141-0/+170
| | | | | | | | Add userspace part for support of new revisions of the hash set types with the skbinfo extension. Signed-off-by: Anton Danilov <littlesmilingcloud@gmail.com> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* ipset: add userspace support for forceaddJosh Hunt2014-03-041-0/+125
| | | | | | | The userspace side of the forceadd changes. Signed-off-by: Josh Hunt <johunt@akamai.com> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Missing comment support added to hash:ip,port,ip and hash:net,iface typesJozsef Kadlecsik2013-10-021-0/+151
|
* Introduce the new set type revisions with counter supportJozsef Kadlecsik2013-04-091-14/+155
| | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Help prints list type revision and terse descriptionJozsef Kadlecsik2012-09-101-0/+3
| | | | | In order to catch kernel/userspace revision mismatch, better print all available data.
* Add /0 network support to hash:net,iface typeJozsef Kadlecsik2012-09-101-0/+58
| | | | | Now it is possible to setup a single hash:net,iface type of set and a single ip6?tables match which covers all egress/ingress filtering.
* Add more CC warning option to debug modeJozsef Kadlecsik2012-05-101-0/+1
|
* Add dynamic module support to ipset userspace toolNeutron Soutmun2012-05-101-2/+7
| | | | | | | | | | | | | The patch adds supporting dynamic modules for the set types to ipset userspace tool. The dynamic module support can be enabled by the --enable-settype-modules of "configure". The list of set types to be compiled as dynamic modules can be specified in the --with-settype-modules-list option. Example --enable-settype-modules \ --with-settype-modules-list="ipset_hash_ip ipset_hash_ipport" The keyword "all" can be used to compile all set types as dynamic modules.
* Fix timeout value overflow bug at large timeout parametersJozsef Kadlecsik2012-05-041-3/+3
| | | | | Large timeout parameters could result wrong timeout values due to an overflow at msec to jiffies conversion (reported by Andreas Herz)
* Exceptions support added to hash:*net* typesJozsef Kadlecsik2012-01-131-0/+82
| | | | | | | | | | | | The "nomatch" keyword and option is added to the hash:*net* types, by which one can add exception entries to sets. Example: ipset create test hash:net ipset add test 192.168.0/24 ipset add test 192.168.0/30 nomatch In this case the IP addresses from 192.168.0/24 except 192.168.0/30 match the elements of the set.
* Set types moved into libipset libraryJozsef Kadlecsik2012-01-051-0/+120
The libipset library is complete by this step, and "ipset" just a CLI interface based on the lib.