6.3 - ipset/Kconfig was a mixed up kernel config file, fixed (Michael Tokarev) - bitmap:ip,mac type requires "src" for MAC, enforce it - whitespace fixes: some space before tab slipped in - set match and SET target fixes (bugs reported by Lennert Buytenhek) 6.2 - list:set timeout variant fixes - References are protected by rwlock instead of mutex - Add explicit text message to detect patched kernel (netlink.patch) - Timeout can be modified for already added elements 6.1 - The hash:*port* types ignored the address range with non TCP/UDP, fixed - Fix checking the revision number of the set type at create command - SCTP, UDPLITE support to hash:*port* types added - Fix revision reporting got broken by the revision checking patch 6.0 - Reorganized kernel/ subdir - netfilter: ipset: fix linking with CONFIG_IPV6=n (Patrick McHardy) - netfilter: ipset: send error message manually - netfilter: ipset: add missing break statemtns in ip_set_get_ip_port() (Patrick McHardy) - netfilter: ipset: add missing include to xt_set.h (Patrick McHardy) - netfilter: ipset: remove unnecessary includes (Patrick McHardy) - netfilter: ipset: use nla_parse_nested() (Patrick McHardy) - Separate ipset errnos completely from system ones and bump protocol version - Use better error codes in xt_set.c - Fix sparse warning about shadowed definition - bitmap:ip type: flavour specific adt functions (Patrick McHardy's review) - bitmap:port type: flavour specific adt functions (Patrick McHardy's review) - Move the type specifici attribute validation to the core (suggested by Patrick McHardy) - Use vzalloc() instead of __vmalloc() (Eric Dumazet, Patrick McHardy) - Use meaningful error messages in xt_set.c (Patrick McHardy's review) - Constified attribute cannot be written (Patrick McHardy's review) - Send (N)ACK at dumping only when NLM_F_ACK is set (Patrick McHardy's review) - Correct the error codes: use ENOENT and EMSGSIZE (Patrick McHardy's review) 5.4 - Fixed broken ICMP and ICMPv6 handling - Fix trailing whitespaces and pr_* messages - Un-inline functions which are not small enough (suggested by Patrick McHardy) - Fix module loading at create/header command (reported by Patrick McHardy) - Fix wrong kzalloc flag in type_pf_expire - The get_ip*_port functions are too large to be inlined, move into the core - Add missing __GFP_HIGHMEM flag to __vmalloc (suggested by Eric Dumazet) - Enforce network-order data in the netlink protocol - Use annotated types and fix sparse warnings (suggested by Patrick McHardy) - Move ip_set_alloc, ip_set_free and ip_set_get_ipaddr* into core (suggested by Patrick McHardy) - NETMASK*, HOSTMASK* macros are too generic, use small inline functions (suggested by Patrick McHardy) - Use static LIST_HEAD() for ip_set_type_list (suggested by Patrick McHardy) - Move NLA_PUT_NET* macros to include/net/netlink.h (suggested by Patrick McHardy) - The module parameter max_sets should be unsigned int (reported by Patrick McHardy) - Get rid of ip_set_kernel.h (suggested by Patrick McHardy) - Fix the placement style of boolean operators at continued lines (suggested by Patrick McHardy) 5.3 - There is no need to call synchronize_net() at swapping - Replace strncpy with strlcpy at creating a set - Update copyright date and some style changes - Use jhash.h accepted in kernel, with backward compatibility - Separate prefixlens from ip_set core - Remove unused ctnl parameter from call_ad (Jan Engelhardt) - Comment the possible return values of the add/del/test type-functions 5.2 - Kernel version check at minimal supported version was mistyped, now fixed. 5.1 - Kernel version compatibility: support bumped starting from 2.6.34 (Supporting older kernel releases would mean too much burden for me, sorry.) - kernel: use EXPORT_SYMBOL_GPL (Jan Engelhardt) - kernel: const annotations (Jan Engelhardt) - kernel: use __read_mostly for registration-type structures (Jan Engelhardt) - kernel: do not mix const and __read_mostly (Jan Engelhardt) - xt_set: avoid user types in exported kernel headers (Jan Engelhardt) - build: enable parallel building (Jan Engelhardt) - Fix Kbuild for me to delete backup files 5.0 - New main branch - ipset completely rewritten 4.2 - nethash and ipportnethash types counted every entry twice which could produce bogus entries when listing/saving these types of sets (bug reported by Husnu Demir) 4.1 - Do not use init_MUTEX either (Jan Engelhardt) - Improve listing/saving hash type of sets by not copying empty entries unnecessarily to userspace. 4.0 - Compilation of ip_set_iptree.c fails with kernel 2.6.20 due to missing include of linux/jiffies.h (Jan Engelhardt) - Do not use DECLARE_MUTEX (compatibility fix on 2.6.31-rt, Jan Engelhardt) - Flushing iptreemap type of sets caused high ksoftirqd load due to zeroed out gc parameter (bug reported by Georg Chini) - New protocol is introduced to handle aligment issues properly (bug reported by Georg Chini) - Binding support is removed 3.2 - Mixed up formats in ip_set_iptree.c (Rob Sterenborg) - Don't use 'bool' for backward compatibility reasons (Rob Sterenborg) 3.1 - Nonexistent sets were reported as existing sets when testing from userspace in setlist type of sets (bug reported by Victor A. Safronov) - When saving sets, setlist type of sets must come last in order to satisfy the dependency from the elements (bug reported by Marty B.) - Sparse insists that the flags argument to kmalloc() is gfp_t (Stephen Hemminger) - Correct format specifiers and change %i to %d (Jan Engelhardt) - Fix the definition of 'bool' for kernels <= 2.6.18 (Jan Engelhardt) 3.0 - New kernel-userspace protocol release - Bigendian and 64/32bit fixes (Stefan Gula, bugzilla id 593) - Support of 2.4.3[67].* kernels fixed - Compiling with debugging enabled fixed 2.5.0 - Use the spinlock initiator instead of setting the locks directly as it causes compilation errors with 2.6.29-rt (Jan Engelhardt). 2.4.9 - References to the old include file replaced with new one in order to really use the new Jenkins' hash function. 2.4.8 - The Jenkins' hash lookup2() replaced with Jenkins' faster/better lookup3() hash function. - Bug fixed: after elements are added and deleted from a hash, an element can successfully be added in spite it's already in the hash and thus duplicates can occur (Shih-Yi Chen). - Compatibility with old gcc without 'bool' added. 2.4.7 - Typo which broke compilation with kernels < 2.6.28 fixed (reported by Richard Lucassen, Danny Rawlins) 2.4.6 - Compatibility fix for kernels >= 2.6.28 2.4.5 - setlist type does not work properly together with swapping sets, bug reported by Thomas Jacob. - Include linux/capability.h explicitly in ip_set.c (Jan Engelhardt) 2.4.4 - Premature checking prevents to add valid elements to hash types, fixed (bug reported by JC Janos). 2.4.2 - When flushing a nethash/ipportnethash type of set, it can lead to a kernel crash due to a wrong type declaration, bug reported by Krzysztof Oledzki. - iptree and iptreemap types require the header file linux/timer.h, also reported by Krzysztof Oledzki. 2.4.1 - Zero-valued element are not accepted by hash type of sets because we cannot make a difference between a zero-valued element and not-set element. 2.4 - ipportiphash, ipportnethash and setlist types added - set type modules reworked to avoid code duplication as much as possible, code unification macros - expand_macros Makefile target added to help debugging code unification macros - ip_set_addip_kernel and ip_set_delip_kernel changed from void to int, __ip_set_get_byname and __ip_set_put_byid added for the sake of setlist type - unnecessary includes removed - compatibility fix for kernels >= 2.6.27: semaphore.h was moved from asm/ to linux/ (James King) - ChangeLog forked for kernel part