Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ipset for openSUSE:Factory checked
in at 2024-02-01 18:03:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ipset (Old)
and /work/SRC/openSUSE:Factory/.ipset.new.1815 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ipset"
Thu Feb 1 18:03:55 2024 rev:48 rq:1143103 version:7.20
Changes:
--------
--- /work/SRC/openSUSE:Factory/ipset/ipset.changes 2023-09-29
21:13:03.732641053 +0200
+++ /work/SRC/openSUSE:Factory/.ipset.new.1815/ipset.changes 2024-02-01
18:03:58.216058519 +0100
@@ -1,0 +2,6 @@
+Wed Jan 31 18:08:54 UTC 2024 - Jan Engelhardt <jeng...@inai.de>
+
+- Update to release 7.20
+ * Bash completion utility updated
+
+-------------------------------------------------------------------
Old:
----
ipset-7.19.tar.bz2
New:
----
ipset-7.20.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ipset.spec ++++++
--- /var/tmp/diff_new_pack.KJHvN0/_old 2024-02-01 18:03:59.908119863 +0100
+++ /var/tmp/diff_new_pack.KJHvN0/_new 2024-02-01 18:03:59.924120443 +0100
@@ -1,7 +1,7 @@
#
# spec file for package ipset
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +25,7 @@
%define ipset_build_kmp 0
%endif
Name: ipset
-Version: 7.19
+Version: 7.20
Release: 0
Summary: Netfilter ipset administration utility
License: GPL-2.0-only
@@ -57,6 +57,7 @@
when matching an entry against a set.
ipset can:
+
* store multiple IP addresses or port numbers and match against the
collection by iptables in one swoop;
* dynamically update iptables rules against IP addresses or ports
++++++ ipset-7.19.tar.bz2 -> ipset-7.20.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/.gitignore new/ipset-7.20/.gitignore
--- old/ipset-7.19/.gitignore 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/.gitignore 2024-01-31 11:32:03.000000000 +0100
@@ -16,6 +16,8 @@
*.mod.o.cmd
*.mod.cmd
*.mod
+*.order.cmd
+*.symvers.cmd
.tmp_versions
Module.symvers
modules.order
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/ChangeLog new/ipset-7.20/ChangeLog
--- old/ipset-7.19/ChangeLog 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/ChangeLog 2024-01-31 11:32:03.000000000 +0100
@@ -1,3 +1,10 @@
+7.20
+ - Ignore *.order.cmd and *.symvers.cmd files in kernel builds
+ - Bash completion utility updated
+ - Fix json output for -name option (Mark)
+ - Fix hex literals in json output
+ - tests: increase timeout to cope with slow virtual test machine
+
7.19
- build: Fix the double-prefix in pkgconfig (Sam James)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/Makefile.in new/ipset-7.20/Makefile.in
--- old/ipset-7.19/Makefile.in 2023-09-21 08:15:45.000000000 +0200
+++ new/ipset-7.20/Makefile.in 2024-01-31 11:33:41.000000000 +0100
@@ -373,6 +373,7 @@
HAVE_TCF_EMATCH_STRUCT_NET = @HAVE_TCF_EMATCH_STRUCT_NET@
HAVE_TC_SKB_PROTOCOL = @HAVE_TC_SKB_PROTOCOL@
HAVE_TIMER_SETUP = @HAVE_TIMER_SETUP@
+HAVE_TIMER_SHUTDOWN_SYNC = @HAVE_TIMER_SHUTDOWN_SYNC@
HAVE_TYPEDEF_SCTP_SCTPHDR_T = @HAVE_TYPEDEF_SCTP_SCTPHDR_T@
HAVE_USER_NS_IN_STRUCT_NET = @HAVE_USER_NS_IN_STRUCT_NET@
HAVE_VLAN_PROTO_IN_SK_BUFF = @HAVE_VLAN_PROTO_IN_SK_BUFF@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/configure new/ipset-7.20/configure
--- old/ipset-7.19/configure 2023-09-21 08:15:44.000000000 +0200
+++ new/ipset-7.20/configure 2024-01-31 11:33:40.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for ipset 7.19.
+# Generated by GNU Autoconf 2.69 for ipset 7.20.
#
# Report bugs to <kad...@netfilter.org>.
#
@@ -594,8 +594,8 @@
# Identity of this package.
PACKAGE_NAME='ipset'
PACKAGE_TARNAME='ipset'
-PACKAGE_VERSION='7.19'
-PACKAGE_STRING='ipset 7.19'
+PACKAGE_VERSION='7.20'
+PACKAGE_STRING='ipset 7.20'
PACKAGE_BUGREPORT='kad...@netfilter.org'
PACKAGE_URL=''
@@ -656,6 +656,7 @@
HAVE_STRSCPY
HAVE_NLA_STRSCPY
HAVE_LOCKDEP_NFNL_IS_HELD
+HAVE_TIMER_SHUTDOWN_SYNC
HAVE_TIMER_SETUP
HAVE_TYPEDEF_SCTP_SCTPHDR_T
HAVE_PASSING_EXTENDED_ACK_TO_CALLBACKS
@@ -1455,7 +1456,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures ipset 7.19 to adapt to many kinds of systems.
+\`configure' configures ipset 7.20 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1526,7 +1527,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of ipset 7.19:";;
+ short | recursive ) echo "Configuration of ipset 7.20:";;
esac
cat <<\_ACEOF
@@ -1666,7 +1667,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-ipset configure 7.19
+ipset configure 7.20
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2044,7 +2045,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by ipset $as_me 7.19, which was
+It was created by ipset $as_me 7.20, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2976,7 +2977,7 @@
# Define the identity of the package.
PACKAGE='ipset'
- VERSION='7.19'
+ VERSION='7.20'
cat >>confdefs.h <<_ACEOF
@@ -15493,6 +15494,21 @@
fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel source for
timer_shutdown_sync() in timer.h" >&5
+$as_echo_n "checking kernel source for timer_shutdown_sync() in timer.h... "
>&6; }
+if test -f $ksourcedir/include/linux/timer.h && \
+ $GREP -q ' timer_shutdown_sync' $ksourcedir/include/linux/timer.h; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ HAVE_TIMER_SHUTDOWN_SYNC=define
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ HAVE_TIMER_SHUTDOWN_SYNC=undef
+
+fi
+
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking kernel source for
lockdep_nfnl_is_held() in nfnetlink.h" >&5
$as_echo_n "checking kernel source for lockdep_nfnl_is_held() in
nfnetlink.h... " >&6; }
if test -f $ksourcedir/include/linux/netfilter/nfnetlink.h && \
@@ -18315,7 +18331,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by ipset $as_me 7.19, which was
+This file was extended by ipset $as_me 7.20, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -18381,7 +18397,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-ipset config.status 7.19
+ipset config.status 7.20
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/configure.ac new/ipset-7.20/configure.ac
--- old/ipset-7.19/configure.ac 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/configure.ac 2024-01-31 11:32:03.000000000 +0100
@@ -1,5 +1,5 @@
dnl Boilerplate
-AC_INIT([ipset], [7.19], [kad...@netfilter.org])
+AC_INIT([ipset], [7.20], [kad...@netfilter.org])
AC_CONFIG_AUX_DIR([build-aux])
AC_CANONICAL_HOST
AC_CONFIG_MACRO_DIR([m4])
@@ -725,6 +725,16 @@
AC_SUBST(HAVE_TIMER_SETUP, undef)
fi
+AC_MSG_CHECKING([kernel source for timer_shutdown_sync() in timer.h])
+if test -f $ksourcedir/include/linux/timer.h && \
+ $GREP -q ' timer_shutdown_sync' $ksourcedir/include/linux/timer.h; then
+ AC_MSG_RESULT(yes)
+ AC_SUBST(HAVE_TIMER_SHUTDOWN_SYNC, define)
+else
+ AC_MSG_RESULT(no)
+ AC_SUBST(HAVE_TIMER_SHUTDOWN_SYNC, undef)
+fi
+
AC_MSG_CHECKING([kernel source for lockdep_nfnl_is_held() in nfnetlink.h])
if test -f $ksourcedir/include/linux/netfilter/nfnetlink.h && \
$GREP -q ' lockdep_nfnl_is_held'
$ksourcedir/include/linux/netfilter/nfnetlink.h; then
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/include/libipset/Makefile.in
new/ipset-7.20/include/libipset/Makefile.in
--- old/ipset-7.19/include/libipset/Makefile.in 2023-09-21 08:15:45.000000000
+0200
+++ new/ipset-7.20/include/libipset/Makefile.in 2024-01-31 11:33:41.000000000
+0100
@@ -254,6 +254,7 @@
HAVE_TCF_EMATCH_STRUCT_NET = @HAVE_TCF_EMATCH_STRUCT_NET@
HAVE_TC_SKB_PROTOCOL = @HAVE_TC_SKB_PROTOCOL@
HAVE_TIMER_SETUP = @HAVE_TIMER_SETUP@
+HAVE_TIMER_SHUTDOWN_SYNC = @HAVE_TIMER_SHUTDOWN_SYNC@
HAVE_TYPEDEF_SCTP_SCTPHDR_T = @HAVE_TYPEDEF_SCTP_SCTPHDR_T@
HAVE_USER_NS_IN_STRUCT_NET = @HAVE_USER_NS_IN_STRUCT_NET@
HAVE_VLAN_PROTO_IN_SK_BUFF = @HAVE_VLAN_PROTO_IN_SK_BUFF@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/include/libipset/session.h
new/ipset-7.20/include/libipset/session.h
--- old/ipset-7.19/include/libipset/session.h 2023-09-21 08:14:18.000000000
+0200
+++ new/ipset-7.20/include/libipset/session.h 2024-01-31 11:32:03.000000000
+0100
@@ -84,6 +84,8 @@
IPSET_ENV_LIST_SETNAME = (1 << IPSET_ENV_BIT_LIST_SETNAME),
IPSET_ENV_BIT_LIST_HEADER = 5,
IPSET_ENV_LIST_HEADER = (1 << IPSET_ENV_BIT_LIST_HEADER),
+ IPSET_ENV_BIT_QUOTED = 6,
+ IPSET_ENV_QUOTED = (1 << IPSET_ENV_BIT_QUOTED),
};
extern bool ipset_envopt_test(struct ipset_session *session,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/kernel/ChangeLog
new/ipset-7.20/kernel/ChangeLog
--- old/ipset-7.19/kernel/ChangeLog 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/kernel/ChangeLog 2024-01-31 11:32:03.000000000 +0100
@@ -1,3 +1,15 @@
+7.20
+ - treewide: Convert del_timer*() to timer_shutdown*() (Steven Rostedt)
+ - Use timer_shutdown_sync() when available, instead of del_timer_sync()
+ - netfilter: ipset: fix race condition between swap/destroy and kernel
+ side add/del/test v4
+ - netfilter: ipset: fix race condition between swap/destroy and kernel
+ side add/del/test v3
+ - netfilter: ipset: fix race condition between swap/destroy and kernel
+ side add/del/test v2
+ - netfilter: ipset: fix race condition between swap/destroy and kernel
+ side add/del/test
+
7.18
- netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
(reported by Kyle Zeng)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.19/kernel/include/linux/netfilter/ipset/ip_set.h
new/ipset-7.20/kernel/include/linux/netfilter/ipset/ip_set.h
--- old/ipset-7.19/kernel/include/linux/netfilter/ipset/ip_set.h
2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/kernel/include/linux/netfilter/ipset/ip_set.h
2024-01-31 11:32:03.000000000 +0100
@@ -189,6 +189,8 @@
/* Return true if "b" set is the same as "a"
* according to the create set parameters */
bool (*same_set)(const struct ip_set *a, const struct ip_set *b);
+ /* Cancel ongoing garbage collectors before destroying the set*/
+ void (*cancel_gc)(struct ip_set *set);
/* Region-locking is used */
bool region_lock;
};
@@ -245,6 +247,8 @@
/* A generic IP set */
struct ip_set {
+ /* For call_cru in destroy */
+ struct rcu_head rcu;
/* The name of the set */
char name[IPSET_MAXNAMELEN];
/* Lock protecting the set data */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.19/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
new/ipset-7.20/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
--- old/ipset-7.19/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
2024-01-31 11:32:03.000000000 +0100
@@ -51,6 +51,7 @@
#@HAVE_PASSING_EXTENDED_ACK_TO_CALLBACKS@
HAVE_PASSING_EXTENDED_ACK_TO_CALLBACKS
#@HAVE_TYPEDEF_SCTP_SCTPHDR_T@ HAVE_TYPEDEF_SCTP_SCTPHDR_T
#@HAVE_TIMER_SETUP@ HAVE_TIMER_SETUP
+#@HAVE_TIMER_SHUTDOWN_SYNC@ HAVE_TIMER_SHUTDOWN_SYNC
#@HAVE_STRSCPY@ HAVE_STRSCPY
#@HAVE_STRSCPY_PAD@ HAVE_STRSCPY_PAD
#@HAVE_SYNCHRONIZE_RCU_BH@ HAVE_SYNCHRONIZE_RCU_BH
@@ -506,6 +507,10 @@
struct type *var = set->data
#endif
+#ifndef HAVE_TIMER_SHUTDOWN_SYNC
+#define timer_shutdown_sync(timer) del_timer_sync(timer)
+#endif
+
#ifndef HAVE_STRSCPY
static inline ssize_t strscpy(char * dest, const char * src, size_t count)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_bitmap_gen.h
new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_bitmap_gen.h
--- old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_bitmap_gen.h
2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_bitmap_gen.h
2024-01-31 11:32:03.000000000 +0100
@@ -29,6 +29,7 @@
#define mtype_del IPSET_TOKEN(MTYPE, _del)
#define mtype_list IPSET_TOKEN(MTYPE, _list)
#define mtype_gc IPSET_TOKEN(MTYPE, _gc)
+#define mtype_cancel_gc IPSET_TOKEN(MTYPE, _cancel_gc)
#define mtype MTYPE
#define get_ext(set, map, id) ((map)->extensions + ((set)->dsize * (id)))
@@ -58,9 +59,6 @@
{
struct mtype *map = set->data;
- if (SET_WITH_TIMEOUT(set))
- del_timer_sync(&map->gc);
-
if (set->dsize && set->extensions & IPSET_EXT_DESTROY)
mtype_ext_cleanup(set);
ip_set_free(map->members);
@@ -290,6 +288,15 @@
add_timer(&map->gc);
}
+static void
+mtype_cancel_gc(struct ip_set *set)
+{
+ struct mtype *map = set->data;
+
+ if (SET_WITH_TIMEOUT(set))
+ del_timer_sync(&map->gc);
+}
+
static const struct ip_set_type_variant mtype = {
.kadt = mtype_kadt,
.uadt = mtype_uadt,
@@ -303,6 +310,7 @@
.head = mtype_head,
.list = mtype_list,
.same_set = mtype_same_set,
+ .cancel_gc = mtype_cancel_gc,
};
#endif /* __IP_SET_BITMAP_IP_GEN_H */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_core.c
new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_core.c
--- old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_core.c 2023-09-21
08:14:18.000000000 +0200
+++ new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_core.c 2024-01-31
11:32:03.000000000 +0100
@@ -62,6 +62,8 @@
ip_set_dereference((inst)->ip_set_list)[id]
#define ip_set_ref_netlink(inst,id) \
rcu_dereference_raw((inst)->ip_set_list)[id]
+#define ip_set_dereference_nfnl(p) \
+ rcu_dereference_check(p, lockdep_nfnl_is_held(NFNL_SUBSYS_IPSET))
/* The set types are implemented in modules and registered set types
* can be found in ip_set_type_list. Adding/deleting types is
@@ -709,15 +711,10 @@
static struct ip_set *
ip_set_rcu_get(struct net *net, ip_set_id_t index)
{
- struct ip_set *set;
struct ip_set_net *inst = ip_set_pernet(net);
- rcu_read_lock();
- /* ip_set_list itself needs to be protected */
- set = rcu_dereference(inst->ip_set_list)[index];
- rcu_read_unlock();
-
- return set;
+ /* ip_set_list and the set pointer need to be protected */
+ return ip_set_dereference_nfnl(inst->ip_set_list)[index];
}
static inline void
@@ -1195,6 +1192,14 @@
kfree(set);
}
+static void
+ip_set_destroy_set_rcu(struct rcu_head *head)
+{
+ struct ip_set *set = container_of(head, struct ip_set, rcu);
+
+ ip_set_destroy_set(set);
+}
+
static int
IPSET_CBFN(ip_set_destroy, struct net *net, struct sock *ctnl,
struct sk_buff *skb, const struct nlmsghdr *nlh,
@@ -1210,9 +1215,6 @@
if (unlikely(protocol_min_failed(attr)))
return -IPSET_ERR_PROTOCOL;
- /* Must wait for flush to be really finished in list:set */
- rcu_barrier();
-
/* Commands are serialized and references are
* protected by the ip_set_ref_lock.
* External systems (i.e. xt_set) must call
@@ -1223,8 +1225,10 @@
* counter, so if it's already zero, we can proceed
* without holding the lock.
*/
- read_lock_bh(&ip_set_ref_lock);
if (!attr[IPSET_ATTR_SETNAME]) {
+ /* Must wait for flush to be really finished in list:set */
+ rcu_barrier();
+ read_lock_bh(&ip_set_ref_lock);
for (i = 0; i < inst->ip_set_max; i++) {
s = ip_set(inst, i);
if (s && (s->ref || s->ref_netlink)) {
@@ -1238,6 +1242,8 @@
s = ip_set(inst, i);
if (s) {
ip_set(inst, i) = NULL;
+ /* Must cancel garbage collectors */
+ s->variant->cancel_gc(s);
ip_set_destroy_set(s);
}
}
@@ -1245,6 +1251,9 @@
inst->is_destroyed = false;
} else {
u32 flags = flag_exist(INFO_NLH(info, nlh));
+ u16 features = 0;
+
+ read_lock_bh(&ip_set_ref_lock);
s = find_set_and_id(inst, nla_data(attr[IPSET_ATTR_SETNAME]),
&i);
if (!s) {
@@ -1255,10 +1264,16 @@
ret = -IPSET_ERR_BUSY;
goto out;
}
+ features = s->type->features;
ip_set(inst, i) = NULL;
read_unlock_bh(&ip_set_ref_lock);
-
- ip_set_destroy_set(s);
+ if (features & IPSET_TYPE_NAME) {
+ /* Must wait for flush to be really finished */
+ rcu_barrier();
+ }
+ /* Must cancel garbage collectors */
+ s->variant->cancel_gc(s);
+ call_rcu(&s->rcu, ip_set_destroy_set_rcu);
}
return 0;
out:
@@ -2540,8 +2555,11 @@
{
nf_unregister_sockopt(&so_set);
nfnetlink_subsys_unregister(&ip_set_netlink_subsys);
-
UNREGISTER_PERNET_SUBSYS(&ip_set_net_ops);
+
+ /* Wait for call_rcu() in destroy */
+ rcu_barrier();
+
pr_debug("these are the famous last words\n");
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_hash_gen.h
new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_hash_gen.h
--- old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_hash_gen.h 2023-09-21
08:14:18.000000000 +0200
+++ new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_hash_gen.h 2024-01-31
11:32:03.000000000 +0100
@@ -222,6 +222,7 @@
#undef mtype_gc_do
#undef mtype_gc
#undef mtype_gc_init
+#undef mtype_cancel_gc
#undef mtype_variant
#undef mtype_data_match
@@ -266,6 +267,7 @@
#define mtype_gc_do IPSET_TOKEN(MTYPE, _gc_do)
#define mtype_gc IPSET_TOKEN(MTYPE, _gc)
#define mtype_gc_init IPSET_TOKEN(MTYPE, _gc_init)
+#define mtype_cancel_gc IPSET_TOKEN(MTYPE, _cancel_gc)
#define mtype_variant IPSET_TOKEN(MTYPE, _variant)
#define mtype_data_match IPSET_TOKEN(MTYPE, _data_match)
@@ -450,9 +452,6 @@
struct htype *h = set->data;
struct list_head *l, *lt;
- if (SET_WITH_TIMEOUT(set))
- cancel_delayed_work_sync(&h->gc.dwork);
-
mtype_ahash_destroy(set, ipset_dereference_nfnl(h->table), true);
list_for_each_safe(l, lt, &h->ad) {
list_del(l);
@@ -598,6 +597,15 @@
queue_delayed_work(system_power_efficient_wq, &gc->dwork, HZ);
}
+static void
+mtype_cancel_gc(struct ip_set *set)
+{
+ struct htype *h = set->data;
+
+ if (SET_WITH_TIMEOUT(set))
+ cancel_delayed_work_sync(&h->gc.dwork);
+}
+
static int
mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
struct ip_set_ext *mext, u32 flags);
@@ -1441,6 +1449,7 @@
.uref = mtype_uref,
.resize = mtype_resize,
.same_set = mtype_same_set,
+ .cancel_gc = mtype_cancel_gc,
.region_lock = true,
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_list_set.c
new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_list_set.c
--- old/ipset-7.19/kernel/net/netfilter/ipset/ip_set_list_set.c 2023-09-21
08:14:18.000000000 +0200
+++ new/ipset-7.20/kernel/net/netfilter/ipset/ip_set_list_set.c 2024-01-31
11:32:03.000000000 +0100
@@ -429,9 +429,6 @@
struct list_set *map = set->data;
struct set_elem *e, *n;
- if (SET_WITH_TIMEOUT(set))
- del_timer_sync(&map->gc);
-
list_for_each_entry_safe(e, n, &map->members, list) {
list_del(&e->list);
ip_set_put_byindex(map->net, e->id);
@@ -548,6 +545,15 @@
a->extensions == b->extensions;
}
+static void
+list_set_cancel_gc(struct ip_set *set)
+{
+ struct list_set *map = set->data;
+
+ if (SET_WITH_TIMEOUT(set))
+ timer_shutdown_sync(&map->gc);
+}
+
static const struct ip_set_type_variant set_variant = {
.kadt = list_set_kadt,
.uadt = list_set_uadt,
@@ -561,6 +567,7 @@
.head = list_set_head,
.list = list_set_list,
.same_set = list_set_same_set,
+ .cancel_gc = list_set_cancel_gc,
};
static void
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/lib/Makefile.in
new/ipset-7.20/lib/Makefile.in
--- old/ipset-7.19/lib/Makefile.in 2023-09-21 08:15:45.000000000 +0200
+++ new/ipset-7.20/lib/Makefile.in 2024-01-31 11:33:41.000000000 +0100
@@ -380,6 +380,7 @@
HAVE_TCF_EMATCH_STRUCT_NET = @HAVE_TCF_EMATCH_STRUCT_NET@
HAVE_TC_SKB_PROTOCOL = @HAVE_TC_SKB_PROTOCOL@
HAVE_TIMER_SETUP = @HAVE_TIMER_SETUP@
+HAVE_TIMER_SHUTDOWN_SYNC = @HAVE_TIMER_SHUTDOWN_SYNC@
HAVE_TYPEDEF_SCTP_SCTPHDR_T = @HAVE_TYPEDEF_SCTP_SCTPHDR_T@
HAVE_USER_NS_IN_STRUCT_NET = @HAVE_USER_NS_IN_STRUCT_NET@
HAVE_VLAN_PROTO_IN_SK_BUFF = @HAVE_VLAN_PROTO_IN_SK_BUFF@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/lib/print.c new/ipset-7.20/lib/print.c
--- old/ipset-7.19/lib/print.c 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/lib/print.c 2024-01-31 11:32:03.000000000 +0100
@@ -411,10 +411,11 @@
int
ipset_print_hexnumber(char *buf, unsigned int len,
const struct ipset_data *data, enum ipset_opt opt,
- uint8_t env UNUSED)
+ uint8_t env)
{
size_t maxsize;
const void *number;
+ const char *quoted = env & IPSET_ENV_QUOTED ? "\"" : "";
assert(buf);
assert(len > 0);
@@ -424,17 +425,17 @@
maxsize = ipset_data_sizeof(opt, AF_INET);
D("opt: %u, maxsize %zu", opt, maxsize);
if (maxsize == sizeof(uint8_t))
- return snprintf(buf, len, "0x%02"PRIx8,
- *(const uint8_t *) number);
+ return snprintf(buf, len, "%s0x%02"PRIx8"%s",
+ quoted, *(const uint8_t *) number, quoted);
else if (maxsize == sizeof(uint16_t))
- return snprintf(buf, len, "0x%04"PRIx16,
- *(const uint16_t *) number);
+ return snprintf(buf, len, "%s0x%04"PRIx16"%s",
+ quoted, *(const uint16_t *) number, quoted);
else if (maxsize == sizeof(uint32_t))
- return snprintf(buf, len, "0x%08"PRIx32,
- *(const uint32_t *) number);
+ return snprintf(buf, len, "%s0x%08"PRIx32"%s",
+ quoted, *(const uint32_t *) number, quoted);
else if (maxsize == sizeof(uint64_t))
- return snprintf(buf, len, "0x%016"PRIx64,
- *(const uint64_t *) number);
+ return snprintf(buf, len, "%s0x%016"PRIx64"%s",
+ quoted, *(const uint64_t *) number, quoted);
else
assert(0);
return 0;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/lib/session.c new/ipset-7.20/lib/session.c
--- old/ipset-7.19/lib/session.c 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/lib/session.c 2024-01-31 11:32:03.000000000 +0100
@@ -1306,6 +1306,7 @@
enum ipset_cmd cmd)
{
struct ipset_data *data = session->data;
+ static bool firstipset = true;
if (setjmp(printf_failure)) {
session->saved_setname[0] = '\0';
@@ -1324,10 +1325,13 @@
if (session->mode == IPSET_LIST_XML)
safe_snprintf(session, "<ipset name=\"%s\"/>\n",
ipset_data_setname(data));
- if (session->mode == IPSET_LIST_JSON)
- safe_snprintf(session, "\"name\" : \"%s\"\n",
+ else if (session->mode == IPSET_LIST_JSON) {
+ if (!firstipset)
+ safe_snprintf(session, ",\n");
+ firstipset = false;
+ safe_snprintf(session, " { \"name\" : \"%s\" }",
ipset_data_setname(data));
- else
+ } else
safe_snprintf(session, "%s\n",
ipset_data_setname(data));
return call_outfn(session) ? MNL_CB_ERROR : MNL_CB_OK;
@@ -2277,23 +2281,26 @@
session->cmd = cmd;
session->lineno = lineno;
- /* Set default output mode */
- if (cmd == IPSET_CMD_LIST) {
+ if (cmd == IPSET_CMD_LIST || cmd == IPSET_CMD_SAVE) {
+ /* Set default output mode */
if (session->mode == IPSET_LIST_NONE)
session->mode = IPSET_LIST_PLAIN;
- } else if (cmd == IPSET_CMD_SAVE) {
- if (session->mode == IPSET_LIST_NONE)
- session->mode = IPSET_LIST_SAVE;
+ /* Reset just in case there are multiple modes in a session */
+ ipset_envopt_unset(session, IPSET_ENV_QUOTED);
+ switch (session->mode) {
+ case IPSET_LIST_XML:
+ /* Start the root element in XML mode */
+ safe_snprintf(session, "<ipsets>\n");
+ break;
+ case IPSET_LIST_JSON:
+ /* Start the root element in json mode */
+ ipset_envopt_set(session, IPSET_ENV_QUOTED);
+ safe_snprintf(session, "[\n");
+ break;
+ default:
+ break;
+ }
}
- /* Start the root element in XML mode */
- if ((cmd == IPSET_CMD_LIST || cmd == IPSET_CMD_SAVE) &&
- session->mode == IPSET_LIST_XML)
- safe_snprintf(session, "<ipsets>\n");
-
- /* Start the root element in json mode */
- if ((cmd == IPSET_CMD_LIST || cmd == IPSET_CMD_SAVE) &&
- session->mode == IPSET_LIST_JSON)
- safe_snprintf(session, "[\n");
D("next: build_msg");
/* Build new message or append buffered commands */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/src/Makefile.in
new/ipset-7.20/src/Makefile.in
--- old/ipset-7.19/src/Makefile.in 2023-09-21 08:15:45.000000000 +0200
+++ new/ipset-7.20/src/Makefile.in 2024-01-31 11:33:41.000000000 +0100
@@ -360,6 +360,7 @@
HAVE_TCF_EMATCH_STRUCT_NET = @HAVE_TCF_EMATCH_STRUCT_NET@
HAVE_TC_SKB_PROTOCOL = @HAVE_TC_SKB_PROTOCOL@
HAVE_TIMER_SETUP = @HAVE_TIMER_SETUP@
+HAVE_TIMER_SHUTDOWN_SYNC = @HAVE_TIMER_SHUTDOWN_SYNC@
HAVE_TYPEDEF_SCTP_SCTPHDR_T = @HAVE_TYPEDEF_SCTP_SCTPHDR_T@
HAVE_USER_NS_IN_STRUCT_NET = @HAVE_USER_NS_IN_STRUCT_NET@
HAVE_VLAN_PROTO_IN_SK_BUFF = @HAVE_VLAN_PROTO_IN_SK_BUFF@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/tests/netnetgen.sh
new/ipset-7.20/tests/netnetgen.sh
--- old/ipset-7.19/tests/netnetgen.sh 2023-09-21 08:14:18.000000000 +0200
+++ new/ipset-7.20/tests/netnetgen.sh 2024-01-31 11:32:03.000000000 +0100
@@ -6,7 +6,7 @@
comment=" comment"
;;
timeout)
- timeout=" timeout 10"
+ timeout=" timeout 60"
;;
*)
;;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/utils/Makefile.in
new/ipset-7.20/utils/Makefile.in
--- old/ipset-7.19/utils/Makefile.in 2023-09-21 08:15:45.000000000 +0200
+++ new/ipset-7.20/utils/Makefile.in 2024-01-31 11:33:41.000000000 +0100
@@ -308,6 +308,7 @@
HAVE_TCF_EMATCH_STRUCT_NET = @HAVE_TCF_EMATCH_STRUCT_NET@
HAVE_TC_SKB_PROTOCOL = @HAVE_TC_SKB_PROTOCOL@
HAVE_TIMER_SETUP = @HAVE_TIMER_SETUP@
+HAVE_TIMER_SHUTDOWN_SYNC = @HAVE_TIMER_SHUTDOWN_SYNC@
HAVE_TYPEDEF_SCTP_SCTPHDR_T = @HAVE_TYPEDEF_SCTP_SCTPHDR_T@
HAVE_USER_NS_IN_STRUCT_NET = @HAVE_USER_NS_IN_STRUCT_NET@
HAVE_VLAN_PROTO_IN_SK_BUFF = @HAVE_VLAN_PROTO_IN_SK_BUFF@
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ipset-7.19/utils/ipset_bash_completion/ipset
new/ipset-7.20/utils/ipset_bash_completion/ipset
--- old/ipset-7.19/utils/ipset_bash_completion/ipset 2023-09-21
08:14:18.000000000 +0200
+++ new/ipset-7.20/utils/ipset_bash_completion/ipset 2024-01-31
11:32:03.000000000 +0100
@@ -362,7 +362,7 @@
while read -r; do
REPLY="${REPLY#*: }"
printf "%s\n" ${REPLY%%:*}
-done < <(( PATH=${PATH}:/sbin command ip -o link show ) 2>/dev/null)
+done < <(PATH=${PATH}:/sbin ( command ip -o link show ) 2>/dev/null)
}
_ipset_get_iplist() {
@@ -1130,9 +1130,9 @@
# make sure it's not a filename named -o or -output
if [[ $str_filename != $prev ]]; then
if ((names_only || headers_only)); then
- COMPREPLY=( $( compgen -W 'plain xml json' -- "$cur" ) )
+ COMPREPLY=( $( compgen -W 'plain xml' -- "$cur" ) )
else
- COMPREPLY=( $( compgen -W 'plain save xml json' -- "$cur" ) )
+ COMPREPLY=( $( compgen -W 'plain save xml' -- "$cur" ) )
fi
return 0
fi
