summaryrefslogtreecommitdiffstats
path: root/extensions/libxt_set.c
Commit message (Collapse)AuthorAgeFilesLines
* Alignment problem between 64bit kernel 32bit userspaceJozsef Kadlecsik2014-11-061-9/+191
| | | | | | | | | | | | | | | | | | Sven-Haegar Koch reported the issue: sims:~# iptables -A OUTPUT -m set --match-set testset src -j ACCEPT iptables: Invalid argument. Run `dmesg' for more information. In syslog: x_tables: ip_tables: set.3 match: invalid size 48 (kernel) != (user) 32 which was introduced by the counter extension in ipset. The patch fixes the alignment issue with introducing a new set match revision with the fixed underlying 'struct ip_set_counter_match' structure. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Introduce a new revision for the set match with the counters supportJozsef Kadlecsik2013-06-071-0/+222
| | | | | | | | The revision add the support of matching the packet/byte counters if the set was defined with the extension. Also, a new flag is introduced to suppress updating the packet/byte counters if required. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* New set match revision with --return-nomatch flag supportJozsef Kadlecsik2012-09-211-0/+98
|
* libxt_set: put differing variable names in directlyJan Engelhardt2011-08-201-8/+3
| | | | Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* option: remove last traces of intrapositional negationJan Engelhardt2011-07-101-4/+0
| | | | | | Intrapositional negation was deprecated in 1.4.3. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* SET target revision 2 addedJozsef Kadlecsik2011-04-171-22/+30
| | | | | | | | | The new revision of the SET target supports the following new operations - specifying the timeout value of the entry to be added - flag to instruct the kernel that if the entry already exists then reset the timeout value to the specified one (or to the default from the set definition)
* iptables: do not print trailing whitespacesJan Engelhardt2011-01-311-6/+4
| | | | | | | | | | | | | | | | | Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=429579 Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* extensions: remove no longer necessary default: casesJan Engelhardt2011-01-081-6/+0
| | | | | | | Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* all: consistent syntax use in struct optionJan Engelhardt2010-07-231-3/+4
| | | | | | Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
* libxt_set: new revision addedJozsef Kadlecsik2010-06-161-0/+250
libipt_set renamed to libxt_set and the support for the forthcoming ipset release added. I have tested backward (IPv4) and forward compatibility (IPv4/IPv6): ipset -N test iphash ipset -A test test-address iptables -N test-set iptables -A test-set -j LOG --log-prefix "match " iptables -A test-set -j DROP iptables -A OUTPUT -m set --match-set test dst -j test-set ping test-address
generated by cgit v1.2.3 (git 2.25.0) at 2024-11-12 18:14:25 +0000