ported-by: Li Shuang
Fixes: 45040978c899 ("netfilter: ipset: Fix set:list type crash when flush/dump
set in parallel")
Signed-off-by: Stefano Brivio
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 2 +-
net/netfilter/ipset/ip_set_core.c | 23
The function is called when rcu_read_lock() is held and not
when rcu_read_lock_bh() is held.
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set_comment.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/include/linux/netfilter/ipset/ip_set_comment.h
The ip_set() macro is called when either ip_set_ref_lock held only
or no lock/nfnl mutex is held at dumping. Take this into account
properly.
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_core.c | 23 +++
1 file changed, 19 insertions(+), 4 deletions
allow allowable CIDR 0 in hash:net,port,net
Jozsef Kadlecsik (2):
netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment()
netfilter: ipset: Fix calling ip_set() macro at dumping
Stefano Brivio (1):
netfilter: ipset: list:set: Decrease refcount synchronously on del
1f003ff1a7580d6c1d9c
Signed-off-by: Eric Westbrook
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_netportnet.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_hash_netportnet.c
b/net/netfilter/ipset/ip_set_hash_netpor
ip netns exec A iptables -I INPUT -m set --match-set test dst -j ACCEPT
ipset will match packets based on destination MAC address:
# ping -c1 192.0.2.2 >/dev/null
# echo $?
0
Reported-by: Yi Chen
Signed-off-by: Stefano Brivio
Signed-off-by: Jozsef Kadlecsik
---
net/netfilt
, userspace can exactly know which functionality is
supported by the running kernel.
Both the kernel and userspace is fully backward compatible.
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 2 +-
include/uapi/linux/netfilter/ipset/ip_set.h | 19 ++--
net
kfki.hu/nf-next 23c42a403a9cfdbad6
for you to fetch changes up to 23c42a403a9cfdbad6004a556c927be7dd61a8ee:
netfilter: ipset: Introduction of new commands and protocol version 7
(2018-10-27 15:49:09 +0200)
--------
Jozsef Ka
sets in commit 26c97c5d8dac
("netfilter: ipset: Use is_zero_ether_addr instead of static and
memcmp").
Signed-off-by: Stefano Brivio
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 3 +++
net/netfilter/ipset/ip_set_hash_ipmac.c | 11 ---
2 fil
Hi,
I'm happy to announce ipset 7.0 which - besides of a couple fixes and
corrections - brings a new internal protocol version between the kernel
and userspace.
The system is fully backward compatible:
- the new kernel modules work fine with any older ipset userspace binary,
- the new ipset bin
Hi Pablo,
On Mon, 29 Oct 2018, Pablo Neira Ayuso wrote:
> On Sat, Oct 27, 2018 at 06:05:43PM +0200, Jozsef Kadlecsik wrote:
> > The ip_set() macro is called when either ip_set_ref_lock held only
> > or no lock/nfnl mutex is held at dumping. Take this into account
> > prop
The ip_set() macro is called when either ip_set_ref_lock held only
or no lock/nfnl mutex is held at dumping. Take this into account
properly. Also, use Pablo's suggestion to use rcu_dereference_raw(),
the ref_netlink protects the set.
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/
Hi,
On Wed, 21 Nov 2018, Qian Cai wrote:
> To make overflows as obvious as possible and to prevent code from blithely
> proceeding with a truncated string. This also has a side-effect to fix a
> compilation warning using GCC 8.2.1.
>
> net/netfilter/ipset/ip_set_core.c: In function 'ip_set_sockf
Hi,
On Mon, 26 Nov 2018, Qian Cai wrote:
> To make overflows as obvious as possible and to prevent code from blithely
> proceeding with a truncated string. This also has a side-effect to fix a
> compilation warning when using GCC 8.2.1.
>
> net/netfilter/ipset/ip_set_core.c: In function 'ip_set_
On Tue, 27 Nov 2018, Florent Fourcot wrote:
> New function added by "Introduction of new commands and protocol
> version 7" is not working, since we return skb2 to user
Oh my, I dunno, maybe copy&paste bug.
Thanks, patch is applied.
Best regards,
Jozsef
> Signed-off-by: Victorien Molle
> Sign
Hi,
On Sat, 1 Dec 2018, Qian Cai wrote:
> To make overflows as obvious as possible and to prevent code from blithely
> proceeding with a truncated string. This also has a side-effect to fix a
> compilation warning when using GCC 8.2.1.
>
> net/netfilter/ipset/ip_set_core.c: In function 'ip_set_s
On Tue, 28 Aug 2018, Eric Westbrook wrote:
> Allow /0 as advertised for hash:net,port,net sets.
>
> For "hash:net,port,net", ipset(8) says that "either subnet
> is permitted to be a /0 should you wish to match port
> between all destinations."
>
> Make that statement true.
>
> Before:
>
>
; Cc: Pablo Neira Ayuso
> Cc: Jozsef Kadlecsik
> Cc: Florian Westphal
> Cc: "David S. Miller"
> Cc:
> Cc:
> Cc:
> ---
> net/netfilter/ipset/ip_set_hash_gen.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
Acked-by: Jozsef Kadlecsi
Hi,
On Mon, 26 Nov 2018, Pan Bian wrote:
> In the error handling block, nla_nest_cancel(skb, atd) is called to
> cancel the nest operation. But then, ipset_nest_end(skb, atd) is
> unexpected called to end the nest operation. This patch calls the
> ipset_nest_end only on the branch that nla_nest_c
: 45040978c89("netfilter: ipset: Fix set:list type crash when
flush/dump set in parallel")
Signed-off-by: Pan Bian
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_list_set.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/ipset/ip_set_list_se
fd
for you to fetch changes up to c8770d8908fd5a5abc5061f5c57d55593ba86d8b:
netfilter: ipset: replace a strncpy() with strscpy() (2018-12-10 14:12:50
+0100)
--------
Jozsef Kadlecsik (1):
netfilter: ipset: Introduction of new c
: Jozsef Kadlecsik
Signed-off-by: Victorien Molle
Signed-off-by: Florent Fourcot
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 2 +-
include/uapi/linux/netfilter/ipset/ip_set.h | 19 ++--
net/netfilter/ipset/ip_set_core.c | 164
lter/ipset/ip_set_core.c:2027:3: warning: 'strncpy' writing 32
bytes into a region of size 2 overflows the destination
[-Wstringop-overflow=]
Signed-off-by: Qian Cai
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_core.c | 6 --
1 file changed, 4 insertions(+), 2 deleti
sets in commit 26c97c5d8dac
("netfilter: ipset: Use is_zero_ether_addr instead of static and
memcmp").
Signed-off-by: Stefano Brivio
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_bitmap_ipmac.c | 3 +++
net/netfilter/ipset/ip_set_hash_ipmac.c | 11 ---
2 fil
ip netns exec A iptables -I INPUT -m set --match-set test dst -j ACCEPT
ipset will match packets based on destination MAC address:
# ping -c1 192.0.2.2 >/dev/null
# echo $?
0
Reported-by: Yi Chen
Signed-off-by: Stefano Brivio
Signed-off-by: Jozsef Kadlecsik
---
net/netfilt
Hi,
I'm happy to announce ipset 7.1. Besides the usual bugfixes there's a new
feature: sorting is implemented for the hash types of the sets, which is
useful for config management systems (ansible, chef, puppet, etc.).
Userspace changes:
- Add compatibility support for strscpy()
- Correct t
Hi Pablo,
On Thu, 13 Dec 2018, Pablo Neira Ayuso wrote:
> On Mon, Dec 10, 2018 at 02:39:33PM +0100, Jozsef Kadlecsik wrote:
> >
> > Please consider to pull the next patches for nf-next:
> >
> > - Replace a strncpy() with strscpy() from Qian Cai.
> > - D
Hi Oliver,
On Sun, 16 Dec 2018, Oliver Smith wrote:
> The proceeding patch-set adds three new sets for usage:
>
> * ip,port,ip,port
> * ip,port,net,port
> * net,port,net,port
>
> I would like to solicit some feedback as I am fairly certain that there
> are bugs or possibly backwards-incompatib
Hi,
On Sun, 16 Dec 2018, Oliver Smith wrote:
> When using GCC8.2, since --enable-debug treats warnings as errors, the
> compiler detects that a switch/case is falling through.
>
> Since the fallthrough is intentional, we apply the attribute to indicate
> to the compiler that this is correct beha
be activated).
Use setup_timer() and mod_timer() to setup and arm a timer, making the
code compact and easier to read.
Signed-off-by: Muhammad Falak R Wani
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 7 ++-
1 file changed, 2 insertions(+), 5 deletions(-)
d
Hash types already has it's memsize calculation code in separate
functions. Do the same for *bitmap* and *list* sets.
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_bitmap_gen.h
be activated).
Use setup_timer() and mod_timer() to setup and arm a timer, making the
code compact and easier to read.
Signed-off-by: Muhammad Falak R Wani
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_list_set.c | 7 ++-
1 file changed, 2 insertions(+), 5 deletions(-)
d
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 95 +-
include/linux/netfilter/ipset/ip_set_counter.h | 75
include/linux/netfilter
Data for hashing required to be array of u32. Make sure that
element data always multiple of u32.
Ported from a patch proposed by Sergey Popovich .
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff
Exit as easly as possible on error and use RCU_INIT_POINTER()
as set is not seen at creation time.
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 63 ---
1 file changed, 29 insertions(+), 34 deletions(-)
diff --git a/net/netfilter
Hash types define HOST_MASK before inclusion of ip_set_hash_gen.h
and the only place where NLEN needed to be calculated at runtime
is *_create() method.
Ported from a patch proposed by Sergey Popovich .
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 51
.
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h| 51 +++-
net/netfilter/ipset/ip_set_hash_ip.c | 10 +++---
net/netfilter/ipset/ip_set_hash_ipmark.c | 10 +++---
net/netfilter/ipset/ip_set_hash_ipport.c | 6 ++--
net
Allocate memory with kmalloc() rather than kzalloc().
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set_comment.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include
n type bool
Return statements in functions returning bool should use
true/false instead of 1/0.
Generated by: scripts/coccinelle/misc/boolreturn.cocci
CC: Tomasz Chilinski
Signed-off-by: Fengguang Wu
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_ipmac.c | 8 ---
: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h
b/net/netfilter/ipset/ip_set_hash_gen.h
index d32fd6b..bc54be4 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b
Remove redundant parameters nets_length and dsize:
they could be get from other parameters.
Remove one leve of intendation by using continue while
iterating over elements in bucket.
Ported from a patch proposed by Sergey Popovich .
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset
It is better to list the set elements for all set types, thus the
header information is uniform. Element counts are therefore added
to the bitmap and list types.
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h| 2 ++
include/linux/netfilter/ipset
userspace. This field is then printed by the userspace
tool for hashes.
Signed-off-by: Eric B Munson
Cc: Pablo Neira Ayuso
Cc: Josh Hunt
Cc: netfilter-devel@vger.kernel.org
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 3 ++-
1 file changed, 2 insertions(+), 1
be activated).
Use setup_timer() and mod_timer() to setup and arm a timer, making the
code compact and easier to read.
Signed-off-by: Muhammad Falak R Wani
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_bitmap_gen.h | 7 ++-
1 file changed, 2 insertions(+), 5 deletions(-)
d
Munson (1):
netfilter: ipset: Add element count to hash headers
Jozsef Kadlecsik (16):
netfilter: ipset: Correct rcu_dereference_bh_nfnl() usage
netfilter: ipset: Headers file cleanup
netfilter: ipset: Improve skbinfo get/init helpers
netfilter: ipset: Improve comment extensi
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/include/linux/netfilter/ipset/ip_set.h
b/include/linux/netfilter/ipset/ip_set.h
index b5bd0fb3..7a218eb 100644
--- a/include/linux/netfilter/ipset
The calculation of the full allocated memory did not take
into account the size of the base hash bucket structure at some
places.
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 16 +---
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/net
: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 8 ++--
include/linux/netfilter/ipset/ip_set_comment.h | 7 +--
net/netfilter/ipset/ip_set_bitmap_gen.h| 5 +++--
net/netfilter/ipset/ip_set_core.c | 2 +-
net/netfilter/ipset/ip_set_hash_gen.h
Use struct ip_set_skbinfo in struct ip_set_ext instead of open
coded fields and assign structure members in get/init helpers
instead of copying members one by one.
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
include/linux
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 8 +---
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h
b/net/netfilter/ipset/ip_set_hash_gen.h
index 0082ccf..f4b30b6 100644
--- a/net/netfilter/ipset
Remove extra whitespace, group counter helper together. Mark some of
the helpers arguments as const.
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 57
From: Tomasz Chilinski
Signed-off-by: Tomasz Chili??ski
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/Kconfig | 9 +
net/netfilter/ipset/Makefile| 1 +
net/netfilter/ipset/ip_set_hash_ipmac.c | 315
3 files changed, 325
Hi,
I'm happy to announce ipset 6.30 which introduces a new set type,
hash:ip,mac, and brings a couple of small corrections and backports from
the most recent kernel tree.
Userspace changes:
- Drop extra comma from error message (Neutron Soutmun)
- Fix the incorrect dynamic/static modules l
: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h
b/net/netfilter/ipset/ip_set_hash_gen.h
index d32fd6b..bc54be4 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b
userspace. This field is then printed by the userspace
tool for hashes.
Signed-off-by: Eric B Munson
Cc: Pablo Neira Ayuso
Cc: Josh Hunt
Cc: netfilter-devel@vger.kernel.org
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 3 ++-
1 file changed, 2 insertions(+), 1
Hash types define HOST_MASK before inclusion of ip_set_hash_gen.h
and the only place where NLEN needed to be calculated at runtime
is *_create() method.
Ported from a patch proposed by Sergey Popovich .
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 51
Data for hashing required to be array of u32. Make sure that
element data always multiple of u32.
Ported from a patch proposed by Sergey Popovich .
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff
Use struct ip_set_skbinfo in struct ip_set_ext instead of open
coded fields and assign structure members in get/init helpers
instead of copying members one by one.
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
include/linux
: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 8 ++--
include/linux/netfilter/ipset/ip_set_comment.h | 7 +--
net/netfilter/ipset/ip_set_bitmap_gen.h| 5 +++--
net/netfilter/ipset/ip_set_core.c | 2 +-
net/netfilter/ipset/ip_set_hash_gen.h
n type bool
Return statements in functions returning bool should use
true/false instead of 1/0.
Generated by: scripts/coccinelle/misc/boolreturn.cocci
CC: Tomasz Chilinski
Signed-off-by: Fengguang Wu
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_ipmac.c | 8 ---
Hash types already has it's memsize calculation code in separate
functions. Do the same for *bitmap* and *list* sets.
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_bitmap_gen.h
be activated).
Use setup_timer() and mod_timer() to setup and arm a timer, making the
code compact and easier to read.
Signed-off-by: Muhammad Falak R Wani
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_bitmap_gen.h | 7 ++-
1 file changed, 2 insertions(+), 5 deletions(-)
d
It is better to list the set elements for all set types, thus the
header information is uniform. Element counts are therefore added
to the bitmap and list types.
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h| 2 ++
include/linux/netfilter/ipset
be activated).
Use setup_timer() and mod_timer() to setup and arm a timer, making the
code compact and easier to read.
Signed-off-by: Muhammad Falak R Wani
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_list_set.c | 7 ++-
1 file changed, 2 insertions(+), 5 deletions(-)
d
Allocate memory with kmalloc() rather than kzalloc().
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set_comment.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include
.
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h| 51 +++-
net/netfilter/ipset/ip_set_hash_ip.c | 10 +++---
net/netfilter/ipset/ip_set_hash_ipmark.c | 10 +++---
net/netfilter/ipset/ip_set_hash_ipport.c | 6 ++--
net
From: Tomasz Chilinski
Signed-off-by: Tomasz Chili??ski
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/Kconfig | 9 +
net/netfilter/ipset/Makefile| 1 +
net/netfilter/ipset/ip_set_hash_ipmac.c | 315
3 files changed, 325
Remove redundant parameters nets_length and dsize:
they could be get from other parameters.
Remove one leve of intendation by using continue while
iterating over elements in bucket.
Ported from a patch proposed by Sergey Popovich .
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 95 +-
include/linux/netfilter/ipset/ip_set_counter.h | 75
include/linux/netfilter
Remove extra whitespace, group counter helper together. Mark some of
the helpers arguments as const.
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 57
The calculation of the full allocated memory did not take
into account the size of the base hash bucket structure at some
places.
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 16 +---
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/net
be activated).
Use setup_timer() and mod_timer() to setup and arm a timer, making the
code compact and easier to read.
Signed-off-by: Muhammad Falak R Wani
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 7 ++-
1 file changed, 2 insertions(+), 5 deletions(-)
d
Exit as easly as possible on error and use RCU_INIT_POINTER()
as set is not seen at creation time.
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 63 ---
1 file changed, 29 insertions(+), 34 deletions(-)
diff --git a/net/netfilter
pset: hash: fix boolreturn.cocci warnings (2016-10-23 22:24:56
+0200)
Eric B Munson (1):
netfilter: ipset: Add element count to hash headers
Jozsef Kadlecsik (16):
netfilter: ipset: Correct rcu_dereference_bh_nf
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 8 +---
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h
b/net/netfilter/ipset/ip_set_hash_gen.h
index 0082ccf..f4b30b6 100644
--- a/net/netfilter/ipset
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/include/linux/netfilter/ipset/ip_set.h
b/include/linux/netfilter/ipset/ip_set.h
index b5bd0fb3..7a218eb 100644
--- a/include/linux/netfilter/ipset
Remove unnecessary whitespaces.
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 13 +++--
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/include/linux/netfilter
Mark some of the helpers arguments as const.
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 4 ++--
include/linux/netfilter/ipset/ip_set_comment.h | 2 +-
include/linux
)
Eric B Munson (1):
netfilter: ipset: Add element count to hash headers
Jozsef Kadlecsik (19):
netfilter: ipset: Remove extra whitespaces in ip_set.h
netfilter: ipset: Mark some helper args as const.
netfilter: ipset: Headers file cleanup
netfilter: ipset: Improve
userspace. This field is then printed by the userspace
tool for hashes.
Signed-off-by: Eric B Munson
Cc: Pablo Neira Ayuso
Cc: Josh Hunt
Cc: netfilter-devel@vger.kernel.org
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 3 ++-
1 file changed, 2 insertions(+), 1
Remove one leve of intendation by using continue while
iterating over elements in bucket.
Ported from a patch proposed by Sergey Popovich .
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 25 -
1 file changed, 12 insertions(+), 13 deletions
Remove redundant parameters nets_length and dsize, because
they can be get from other parameters.
Ported from a patch proposed by Sergey Popovich .
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff
n type bool
Return statements in functions returning bool should use
true/false instead of 1/0.
Generated by: scripts/coccinelle/misc/boolreturn.cocci
CC: Tomasz Chilinski
Signed-off-by: Fengguang Wu
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_ipmac.c | 8 ---
Cleanup: group ip_set_put_extensions and ip_set_get_extensions
together and add missing extern.
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 6 ++
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/include/linux/netfilter/ipset/ip_set.h
b/include
Hash types define HOST_MASK before inclusion of ip_set_hash_gen.h
and the only place where NLEN needed to be calculated at runtime
is *_create() method.
Ported from a patch proposed by Sergey Popovich .
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 51
The set full case (with net_ratelimit()-ed pr_warn()) is already
handled, simply jump there.
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 8 +---
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h
b/net
Allocate memory with kmalloc() rather than kzalloc(): the string
is immediately initialized so it is unnecessary to zero out
the allocated memory area.
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter
It is better to list the set elements for all set types, thus the
header information is uniform. Element counts are therefore added
to the bitmap and list types.
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h| 2 ++
include/linux/netfilter/ipset
mer() and mod_timer() to setup and arm a timer, making the
code compact and easier to read.
Signed-off-by: Muhammad Falak R Wani
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_bitmap_gen.h | 7 ++-
net/netfilter/ipset/ip_set_hash_gen.h | 7 ++-
net/netfilter/ip
From: Tomasz Chilinski
Introduce the hash:ipmac type.
Signed-off-by: Tomasz Chili??ski
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/Kconfig | 9 +
net/netfilter/ipset/Makefile| 1 +
net/netfilter/ipset/ip_set_hash_ipmac.c | 315
Cleanup to separate all extensions into individual files.
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 95 +-
include/linux/netfilter/ipset
: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 8 ++--
include/linux/netfilter/ipset/ip_set_comment.h | 7 +--
net/netfilter/ipset/ip_set_bitmap_gen.h| 5 +++--
net/netfilter/ipset/ip_set_core.c | 2 +-
net/netfilter/ipset/ip_set_hash_gen.h
proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 30 +++---
net/netfilter/ipset/ip_set_core.c | 12 ++--
net/netfilter/xt_set.c | 12 +++-
3 files
The calculation of the full allocated memory did not take
into account the size of the base hash bucket structure at some
places.
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 16 +---
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/net
Group counter helper functions together.
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
include/linux/netfilter/ipset/ip_set.h | 42 +-
1 file changed, 21 insertions(+), 21 deletions(-)
diff
Exit as easly as possible on error and use RCU_INIT_POINTER()
as set is not seen at creation time.
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 63 ---
1 file changed, 29 insertions(+), 34 deletions(-)
diff --git a/net/netfilter
.
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h| 51 +++-
net/netfilter/ipset/ip_set_hash_ip.c | 10 +++---
net/netfilter/ipset/ip_set_hash_ipmark.c | 10 +++---
net/netfilter/ipset/ip_set_hash_ipport.c | 6 ++--
net
Hash types already has it's memsize calculation code in separate
functions. Clean up and do the same for *bitmap* and *list* sets.
Ported from a patch proposed by Sergey Popovich .
Suggested-by: Sergey Popovich
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_bitmap_gen.h
Data for hashing required to be array of u32. Make sure that
element data always multiple of u32.
Ported from a patch proposed by Sergey Popovich .
Signed-off-by: Jozsef Kadlecsik
---
net/netfilter/ipset/ip_set_hash_gen.h | 10 --
1 file changed, 8 insertions(+), 2 deletions(-)
diff
Hi Florian,
On Mon, 23 Jan 2017, Florian Westphal wrote:
> Pablo Neira Ayuso wrote:
> > On Mon, Jan 23, 2017 at 01:28:48PM +0100, Florian Westphal wrote:
> > > diff --git a/net/netfilter/core.c b/net/netfilter/core.c
> > > index 0c629fdf90e1..ce6adfae521a 100644
> > > --- a/net/netfilter/core.c
101 - 200 of 279 matches
Mail list logo
