6.8 - Update the manpage and document the limits in hash:net,iface. - README file corrections from Richard Lucassen 6.7 - Whitespace and coding fixes, detected by checkpatch.pl - hash:net,iface type introduced - hash:* tests may seem to fail due to the too wide grep pattern, fix them - Remove iptree tests and compatibility element parsing - hash:net test may seem to fail due to the too wide grep pattern, fix it - Fix long time uncovered bug at adding string attributes to the netlink messages - Fix warnings reported by valgrind - Remove supporting set types iptree and iptreemap 6.6 - Restore with bitmap:port and list:set types did not work, fixed - Accept "\r\n" terminated COMMIT command in restore files - Fix the message sequence number book-keeping - Protocol-level debugging support added - hash:net stress test in range notation added - ipset_mnl_query: in debug mode print the errno returned by the cb function - Accept "\r\n" terminated lines in restore files - Remove outdated checking of IPv6 support from configure.ac 6.5 - Support range for IPv4 at adding/deleting elements for hash:*net* types - Disable type revisions which are not supported both by the kernel and ipset - Update ipset help text to reflect SCTP and UDPLITE support - Ignore -n flag (list just setnames) when sets are to be saved 6.4 - Get rid of the trailing empty line at listing sets - Fix XML listing, remove broken unused "elements" tag - Support listing setnames and headers too - Sorting is dependent on the locale settings, use LC_ALL=C - Use unified diff output in tests 6.3 - Testsuite changes: keep temporary files - bitmap:ip,mac type requires "src" for MAC: manpage is updated to reflect the change - Testsuite checks added (SET target and dir parameter checks) 6.2 - Manpage update 6.1 - Manpage was not installed (reported by Mark A. Ziesemer) - SCTP, UDPLITE support to the hash:*port* types added 6.0 - Print protocol version together with ipset version - Testsuite compatibility with debugging enabled - Allow "new" as a commad alias to "create" - ipset: improve command argument parsing (Holger Eitzenberger) - ipset: avoid the unnecessary argv[] loop (Holger Eitzenberger) - ipset: pass ipset_arg argument pointer (Holger Eitzenberger) - Separate ipset errnos completely from system ones and bump protocol version - Fix the spelling error fix :-) (Ferenc Wagner) - Resolving IP addresses did not work at listing/saving sets, fixed - ipset: fix spelling error (Holger Eitzenberger) - ipset: fix the Netlink sequence number (Holger Eitzenberger) - ipset: turn Set name[] into a const pointer (Holger Eitzenberger) - Check ICMP and ICMPv6 with the set match and target in the testsuite - Avoid possible syntax clashing at saving hostnames 5.3 - Set the non-debug compiling the default - Testsuite fix of ospf replaced with vrrp. - Fix build with NDEBUG defined (Holger Eitzenberger) - Do session initialization once (Holger Eitzenberger) - Make IPv4 and IPv6 address handling similar (Holger Eitzenberger) - Show correct line numbers in restore output for parser errors (Holger Eitzenberger) - Replace ospf with vrrp in the testsuite - Remove autogenerated files (Jan Engelhardt) - Use only AC_CANONICAL_HOST (Jan Engelhardt) 5.2 - Handle internal printing errors - Use cast to void * instead of memcpy as Sparc workaround at sockaddr_XXX (suggested by Jan Engelhardt) - Listing/saving of large sets could produce broken listing, fixed. - Support libtool < 2.2 5.1 - Test cases for IPv6 restore and more complex restore sessions added - Restore mode did not work for IPv6, fixed (reported by Elie Rosenblum) - libipset: static annotations (Jan Engelhardt) - libipset: const annotations (Jan Engelhardt) - libipset: remove redundant casts (Jan Engelhardt) - libipset: remove redundant indirection via union name (Jan Engelhardt) - libipset: ipset_strncpy is really a strlcpy-type operation (Jan Engelhardt) - Prevent calling Makefile directly in the kernel/ subdirectory - Put back the Sparc specific workaround at getaddrinfo (reported by Jan Engelhardt) - Check old system kernel header files - Check from `configure` that the kernel source is patched with netlink.patch - Use configure to detect compiler warning flags - Try to solve PKG_CHECK_MODULES issue (reported by Rob Sterenborg) - Fix incorrect comparison in check_allowed (reported by Jan Engelhardt) 5.0 - New main branch - ipset completely rewritten 4.2 - Checking null entries when listing/saving hash types of sets deleted because it's unnecessary and can mask possible errors. 4.1 - Manpage fixes and corrections (Jan Engelhardt) 4.0 - New protocol is introduced to handle aligment issues properly (bug reported by Georg Chini) - Binding support is removed 3.1 - Correct format specifiers and change %i to %d (Jan Engelhardt) 3.0 - New kernel-userspace protocol release - Bigendian and 64/32bit fixes (Stefan Gula, bugzilla id 593) - tests/runtests.sh changed to support old bash shells 2.5.0 - On parisc architecture cast increases required aligment (bugzilla id 582), fixed. - Respect LDFLAGS settings at compile time (Peter Volkov). 2.4.8 - In order to disable the extra warning flags, NO_EXTRA_WARN_FLAGS variable added to userspace Makefile 2.4.5 - Some compiler warning options are too aggressive and therefore disabled. 2.4.4 - Premature checking prevents to add valid elements to hash types, fixed (bug reported by JC Janos). - Local variable shadows another variable, fixed (reported by Jan Engelhardt). - More compiler warning options added and warnings fixed. 2.4.3 - Include file was missing from userspace set type modules, reported by Krzysztof Oledzki and Sven Wegener. 2.4.2 - Only kernel part changes, see kernel/ChangeLog 2.4.1 - macipmap type reported misleading deprecated separator tokens and printed the old one at listing set elements (bug reported by Krzysztof Oledzki) - Warn only once about deprecated separator tokens in restore mode. 2.4 - Added KBUILD_OUTPUT support (Sven Wegener) - Fix memory leak in ipset_iptreemap (Sven Wegener) - Fix multiple compiler warnings (Sven Wegener) - ipportiphash, ipportnethash and setlist types added - binding marked as deprecated functionality - element separator token changed to ',' in anticipating IPv6 addresses, old separator tokens are still supported - unnecessary includes removed - ipset does not try to resolve IP addresses when listing the content of sets (default changed) - manpage updated - ChangeLog forked for kernel part 2.3.3a - Fix to compile ipset with 2.4.26.x tree statically (bug reported by G.W. Haywood) 2.3.3 - compatibility for the 2.6.x kernel tree improved and compiler warnings fixed (Jan Engelhardt) - compatibility fixes for the 2.4.36.x kernel tree added 2.3.2 - including limits.h for UINT_MAX is required with glibc-2.8 (pud) - needless cast from and to void pointers cleanups in iptreemap (Sven Wegener) - Initial ipset release with kernel modules included. 2.3.1 - segfault on --unbind :all: :all: fixed (reported by bugzilla, report and patch sent by Tom Eastep) - User input parameters are sanitized everywhere - Initial testsuite added and 'test' target to the Makefile added: few bugs discovered and fixed - typo in macipmap type prevented to use max size set of this type - *map types are made sure to allow and use max size of sets 2.3.0 - jiffies rollover bug in iptree type fixed (reported by Lukasz Nierycho and others) - endiannes bug in iptree type fixed (spotted by Jan Engelhardt) - iptreemap type added (submitted by Sven Wegener) - 2.6.22/23 compatibility fixes (Jeremy Jacque) - typo fixes in ipset (Neville D) - separator changed to ':' from '%' (old one still supported) in ipset 2.2.9a - use correct type (socklen_t) for getsockopt (H. Nakano) - incorrect return codes fixed (Tomasz Lemiech, Alexey Bortnikov) - kernel header dependency removed (asm/bitops.h) - ipset now tries to load in the ip_set kernel module if the protocol is not available 2.2.9 - 'ipset -N' did not generate proper return code - 'limit' module parameter added to the kernel modules of the iphash, ipporthash, nethash and iptree type of sets so that the maximal number of elements can now be limited - zero valued entries (port 0 or IP address 0.0.0.0) were detected as members of the hash/tree kind of sets (reported by Andrew Kraslavsky) - list and save operations used the external identifier of the sets for the bindings instead of the internal one (reported by Amin Azez) 2.2.8 - Nasty off-by-one bug fixed in iptree type of sets (bug reported by Pablo Sole) 2.2.7 All patches were submitted by Jones Desougi - missing or confusing error message fixes for ipporthash - minor correction in debugging in nethash - copy-paste bug in kernel set types at memory allocation checking fixed - unified memory allocations in ipset 2.2.6 - memory allocation in iptree is changed to GFP_ATOMIC because we hold a lock (bug reported by Radek Hladik) - compatibility fix: __nocast is not defined in all 2.6 branches (problem reported by Ming-Ching Tiew) - manpage corrections 2.2.5 - garbage collector of iptree type of sets is fixed: flushing sets/removing kernel module could corrupt the timer - new ipporthash type added - manpage fixes and corrections 2.2.4 - half-fixed memory allocation bug in iphash and nethash finally completely fixed (bug reported by Nikolai Malykh) - restrictions to enter zero-valued entries into all non-hash type sets were removed - Too strict check on the set size of ipmap type was corrected 2.2.3 - memory allocation bug in iphash and nethash in connection with the SET target was fixed (bug reported by Nikolai Malykh) - lockhelp.h was removed from the 2.6.13 kernel tree, ip_set.c is updated accordingly (Cardoso Didier, Samir Bellabes) - manpage is updated to clearly state the command order in restore mode 2.2.2 - Jiffies rollover bug in ip_set_iptree reported and fixed by Rob Nielsen - Compiler warning in the non-SMP case fixed (Marcus Sundberg) - slab cache names shrunk in order to be compatible with 2.4.* (Marcus Sundberg) 2.2.1 - Magic number in ip_set_nethash.h was mistyped (bug reported by Rob Carlson) - ipset can now test IP addresses in nethash type of sets (i.e. addresses in netblocks added to the set) 2.2.0 - Locking bug in ip_set_nethash.c (Clifford Wolf and Rob Carlson) - Makefile contained an unnecessary variable in IPSET_LIB_DIR (Clifford Wolf) - Safety checkings of restore in ipset was incomplete (Robin H. Johnson) - More careful resizing by avoiding locking completely - stdin stored internally in a temporary file, so we can feed 'ipset -R' from a pipe - iptree maptype added 2.1 - Lock debugging used with debugless lock definiton (Piotr Chytla and others). - Bindings were not properly filled out at listing (kernel) - When listing sets from kernel, id was not added to the set structure (ipset) - nethash maptype added - ipset manpage corrections (macipmap) 2.0.1 - Missing -fPIC in Makefile (Robert Iakobashvili) - Cut'n'paste bug at saving macipmap types (Vincent Bernat). - Bug in printing/saving SET targets reported and fixed by Michal Pokrywka 2.0 - Chaining of sets are changed: child sets replaced by bindings - Kernel-userspace communication reorganized to minimize the number of syscalls - Save and restore functionality implemented - iphash type reworked: clashing resolved by double-hashing and by dynamically growing the set 1.0 - Renamed to ipset - Rewritten to support child pools - portmap, iphash pool support added - too much other mods here and there to list...