New branch 'upstream6' available with the following commits:
commit 033a882864ea2cfcb39937c214c2f74685a6b7ac
Author: Shan Wei <[email protected]>
Date: Fri Mar 4 15:34:35 2011 +0800
netfilter:ipset: fix the compile warning in ip_set_create
net/netfilter/ipset/ip_set_core.c:615: warning: ?clash? may be used
uninitialized in this function
Signed-off-by: shanw <shanw@shanw-desktop.(none)>
Signed-off-by: Jozsef Kadlecsik <[email protected]>
commit d6ee5bb4e5346b84efa33858091ba4add2b26de2
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Feb 3 13:40:23 2011 +0100
ipset 6.0 released
commit 8d3ea3476cec69b31423e34bc5b7576198c37668
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Feb 3 13:05:22 2011 +0100
Print protocol version together with ipset version
commit bc76594d91f3953d676201e3f06534338ab01524
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Feb 3 11:44:27 2011 +0100
Reorganized kernel/ subdir
The kernel/ subdirectory is reorganized to follow the kernel directory
structure.
commit 43b0532ea90ae4140233f1e293ff663f7e49bec8
Author: Patrick McHardy <[email protected]>
Date: Thu Feb 3 10:27:49 2011 +0100
netfilter: ipset: fix linking with CONFIG_IPV6=n
Add some #ifdefs to unconditionally return false in
ip_set_get_ip6_port() when CONFIG_IPV6=n and convert
to ipv6_skip_exthdr() to avoid pulling in the ip6_tables
module when loading ipset.
Signed-off-by: Patrick McHardy <[email protected]>
commit a7586eb0a0eed3554a104ace4fda912c3ab087ab
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Feb 2 20:43:18 2011 +0100
netfilter: ipset: send error message manually
When a message carries multiple commands and one of them triggers
an error, we have to report to the userspace which one was that.
The line number of the command plays this role and there's an attribute
reserved in the header part of the message to be filled out with the error
line number. In order not to modify the original message received from
the userspace, we construct a new, complete netlink error message and
modifies the attribute there, then send it.
Netlink is notified not to send its ACK/error message.
commit 85cee26417bb1456575028fdfe343b3db777a5c9
Author: Patrick McHardy <[email protected]>
Date: Wed Feb 2 20:40:12 2011 +0100
netfilter: ipset: add missing break statemtns in ip_set_get_ip_port()
Don't fall through in the switch statement, otherwise IPv4 headers
are incorrectly parsed again as IPv6 and the return value will always
be 'false'.
Signed-off-by: Patrick McHardy <[email protected]>
commit ad80ed358b507d5159e1212673e7c7811e9fa539
Author: Patrick McHardy <[email protected]>
Date: Tue Feb 1 20:55:58 2011 +0100
netfilter: ipset: add missing include to xt_set.h
Signed-off-by: Patrick McHardy <[email protected]>
commit 5a43ddf57de0935d15a0502552e2ede695c524b7
Author: Patrick McHardy <[email protected]>
Date: Tue Feb 1 20:53:53 2011 +0100
netfilter: ipset: remove unnecessary includes
None of the set types need uaccess.h since this is handled centrally
in ip_set_core. Most set types additionally don't need bitops.h and
spinlock.h since they use neither. tcp.h is only needed by those
using before(), udp.h is not needed at all.
Signed-off-by: Patrick McHardy <[email protected]>
commit 9cfc5ea36de727bf51c821e120434ce967f8a1d4
Author: Patrick McHardy <[email protected]>
Date: Tue Feb 1 20:51:56 2011 +0100
netfilter: ipset: use nla_parse_nested()
Replace calls of the form:
nla_parse(tb, ATTR_MAX, nla_data(attr), nla_len(attr), policy)
by:
nla_parse_nested(tb, ATTR_MAX, attr, policy)
Signed-off-by: Patrick McHardy <[email protected]>
commit d68997e09448eeca990dbc2c55b02b698a392c8d
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Feb 1 20:37:42 2011 +0100
Testsuite compatibility with debugging enabled
The error line checking would fail when debugging is enabled
(and spit out junk lines), fixed.
commit f8f9e25aea2bce144e037286357f9c4dc9f9b8bb
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Feb 1 20:35:33 2011 +0100
Allow "new" as a commad alias to "create"
It's too easy to mistype "n" to "new", so just allow it.
commit ff1939dd4f7e1ccb2e98e2a17d8d2b8088fc2ac6
Author: Holger Eitzenberger <[email protected]>
Date: Tue Feb 1 18:13:10 2011 +0100
ipset: improve command argument parsing
The number of comparisons for a matching a command name can be
made smaller by just checking on argv[1].
As an example consider the following 'create' arguments 'hashsize',
'family' and 'timeout'. When having the command
create foo hash:ip timeout 60 family inet hashsize 64
it compares without this patch:
strcmp("timeout", "hashsize")
strcmp("64", "hashsize")
strcmp("family", "hashsize")
strcmp("inet", "hashsize")
strcmp("hashsize", "hashsize")
It is worse in practice, as 'create' has more arguments than this.
Signed-off-by: Holger Eitzenberger <[email protected]>
commit 004f06f32dd28f225a00d3ba7648a29eab28132e
Author: Holger Eitzenberger <[email protected]>
Date: Mon Jan 24 22:36:35 2011 +0100
ipset: avoid the unnecessary argv[] loop
After stripping off the global options there simply has to follow
a command name, there is no other syntax possible. Therefore the
argv[] loop is unnecessary.
Signed-off-by: Holger Eitzenberger <[email protected]>
commit 236c10d33b1027d83caf6127336b924e81d32135
Author: Holger Eitzenberger <[email protected]>
Date: Tue Feb 1 17:30:57 2011 +0100
ipset: pass ipset_arg argument pointer
Signed-off-by: Holger Eitzenberger <[email protected]>
commit 77ae557f809e0f8cb33d1514934fe3876c6fd798
Author: Jozsef Kadlecsik <[email protected]>
Date: Mon Jan 31 23:32:51 2011 +0100
Separate ipset errnos completely from system ones and bump protocol version.
commit 8dd419e75bbddecfae682a2175ac785ce59a0e30
Author: Jozsef Kadlecsik <[email protected]>
Date: Mon Jan 31 23:30:31 2011 +0100
Use better error codes in xt_set.c
commit cb74c577311b2bda5938c5979800b02322852793
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 27 22:22:26 2011 +0100
Fix sparse warning about shadowed definition
commit a8574584c3b031f98f7e8175ead5def84fcd8c06
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 27 22:17:38 2011 +0100
bitmap:ip type: flavour specific adt functions
Use flavour-specific ADT functions and use shared ones for all
other type functions (Patrick McHardy's review)
commit 7d08070166cc8fb780c61e856974798dc68bcf45
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 27 21:54:21 2011 +0100
bitmap:port type: flavour specific adt functions
Use flavour-specific ADT functions and use shared ones for all
other type functions (Patrick McHardy's review)
commit b84145e442d1b8adec11648d09b2b45ccbe31c4e
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 27 12:44:17 2011 +0100
Move the type specifici attribute validation to the core
The type specific attribute validation can be moved to the ipset core.
That way it's done centrally and thus can be eliminated from the individual
set types (suggested by Patrick McHardy).
commit 9113631680f783fc1a920c3320ba1ed3ca527562
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Jan 26 23:50:56 2011 +0100
Fix the spelling error fix :-)
Spelling error fixed (Ferenc Wagner)
commit 1fd89ab65388aec6cb58ad50b2c543dd6c89087c
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Jan 26 23:47:20 2011 +0100
Use vzalloc() instead of __vmalloc()
Use vzalloc() if kernel version supports it. (Eric Dumazet, Patrick McHardy)
commit 4348ddda619ef356085fd7faff598edd07f6d618
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Jan 26 23:22:58 2011 +0100
Use meaningful error messages in xt_set.c
Old cryptic error messages are not useful (Patrick McHardy's review)
commit 36c7d241b6486d1ce3c4dd1c8a1fa42e870c3355
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Jan 26 22:59:25 2011 +0100
Constified attribute cannot be written
Attribute is const so a little bit more work is needed to return
the error line number. A test is also added in order to check
the functionality. (Patrick McHardy's review)
commit 8271afcab2f219158ec5d63f6b625cd64dcc98a8
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Jan 26 22:37:11 2011 +0100
Send (N)ACK at dumping only when NLM_F_ACK is set
Missing check of the flag NLM_F_ACK is added to the kernel -
and userspace does set it too (Patrick McHardy's review)
commit fa7f70f8042c5fd8b64821cbfd66fdea5c1a2a67
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Jan 26 22:26:01 2011 +0100
Correct the error codes: use ENOENT and EMSGSIZE
Use correct error codes (Patrick McHardy's review)
commit 16cfb322781f4555a2a385a3a9df8edbe5f58fe9
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Jan 26 21:49:30 2011 +0100
Resolving IP addresses did not work at listing/saving sets, fixed.
commit 61db64b016b7954aa21884f6c3b8bd2ee8e7a5ed
Author: Holger Eitzenberger <[email protected]>
Date: Mon Jan 24 22:36:37 2011 +0100
ipset: fix spelling error
Signed-off-by: Holger Eitzenberger <[email protected]>
Signed-off-by: Jozsef Kadlecsik <[email protected]>
commit 7d9ab336bb12c15bae566ee1389cf3da23ef6067
Author: Holger Eitzenberger <[email protected]>
Date: Mon Jan 24 22:36:33 2011 +0100
ipset: fix the Netlink sequence number
Do not use time() as a Netlink sequence number for each message,
as otherwise the same seq number will be used when sending
another message in the same second. Instead use time() just for
initialization, then increment per message.
Signed-off-by: Holger Eitzenberger <[email protected]>
Signed-off-by: Jozsef Kadlecsik <[email protected]>
commit ba623ef3b9ce8f2a92f0f1e47163468932816ab3
Author: Holger Eitzenberger <[email protected]>
Date: Mon Jan 24 22:36:32 2011 +0100
ipset: turn Set name[] into a const pointer
Also check for the name length.
Note that passing errno values back is not done consistently at
various place, as there are some functions which set errno manually,
others pass -errno back. I use the -errno approach here, as it is
slightly shorter.
Signed-off-by: Holger Eitzenberger <[email protected]>
Signed-off-by: Jozsef Kadlecsik <[email protected]>
commit d3b9fa094d693f05a747eda21db715a5bbf8dbbc
Author: Jozsef Kadlecsik <[email protected]>
Date: Mon Jan 24 18:14:01 2011 +0100
Check ICMP and ICMPv6 with the set match and target in the testsuite
"sendip" needs data otherwise ICMP/ICMPv6 gets truncated...
commit 15d91179ef61df920bf5e90bab538cb71f36d0f8
Author: Jozsef Kadlecsik <[email protected]>
Date: Mon Jan 24 17:38:26 2011 +0100
Avoid possible syntax clashing at saving hostnames
If resolving is requested and the resolved hostname contains a dash
character, print the unresolved IP address instead in order not to
clash with the IP/hostname range syntax.
commit 174a7deab7f02ab1cd9f041a934a4d9b6a4c675b
Author: Jozsef Kadlecsik <[email protected]>
Date: Sat Jan 22 10:35:45 2011 +0100
ipset 5.4.1 released
commit 905b3981fa9c05b6f6da27453e5f913ceae7df28
Author: Jozsef Kadlecsik <[email protected]>
Date: Sat Jan 22 10:31:08 2011 +0100
Add UPGRADE instructions
commit 1aea91818d2c0d5949005724b669699025a4c7bf
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Jan 21 22:47:01 2011 +0100
ipset 5.4 released
commit c3ad618ce8e52a484d9cea024a4cd5d7cade444f
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Jan 21 21:29:50 2011 +0100
Fixed broken ICMP and ICMPv6 handling
I mistyped the bitwise operator and the network-order conversion was
missing too. Sigh, sendip cannot generate proper packets to check
ICMP and ICMPv6 in the testsuite. :-(
commit 133dacf17131daa138f22b7ac38f3b94de203681
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Jan 21 11:39:56 2011 +0100
Fix trailing whitespaces and pr_* messages
Some trailing whitespace slipped in, those are removed. With the deleted
ip_set_kernel.h, the pr_* messages lost the trailing "\n" character.
The messages were completed with it.
commit ed3c453a0787ddc10c5ce6010bd6ac663c740b68
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 20 23:10:26 2011 +0100
Un-inline functions which are not small enough
commit eb873d2fc5240a873bc52d0cc57e4062288b291b
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 20 22:24:03 2011 +0100
Fix module loading at create/header commands
While holding the nfnl_mutex, module loading is not allowed.
Bug spotted by Patrick McHardy in his reviewing.
commit d08860f0569d20a5b759e5747921d29592bb326c
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 20 18:55:48 2011 +0100
Fix wrong kzalloc flag in type_pf_expire
The expire functions of the hash types are called while locked, so
kzalloc must be called with GFP_ATOMIC.
commit 07d2ca530d353bc8a2b401674732ec3ba3d11977
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 20 18:51:54 2011 +0100
The get_ip*_port functions are too large to be inlined, moved into the core.
commit e1594c72f5d9e79b782b193525c77adcfb9ae4ee
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 20 18:19:31 2011 +0100
Add missing __GFP_HIGHMEM flag to __vmalloc
We may call ip_set_alloc with GFP_ATOMIC, so we cannot replace __vmalloc
with vzalloc. Missing flag was noticed by Eric Dumazet.
commit 13f42a71e49164769a98fc51033c65a211861404
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 20 17:54:26 2011 +0100
Enforce network-order data in the netlink protocol
Allow only network-order data, with NLA_F_NET_BYTEORDER flag.
Sanity checks also added to prevent processing broken messages
where mandatory attributes are missing. (Patrick McHardy's review)
commit c8396bdc040f4b16e6f6e3f8b81b9fb67a499d9c
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 20 14:48:23 2011 +0100
Use annotated types and fix sparse warnings
Annotated types are introduced and sparse warnings fixed.
Two warnings remained in ip_set_core.c but those are false ones.
(Patrick McHardy's review)
commit 13dcc23a375f61d8286072b20067fb31bcc3ad46
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 20 11:45:37 2011 +0100
Move ip_set_alloc, ip_set_free and ip_set_get_ipaddr* into core
The functions are too large to be inlined, so move them into the core.
Also, fix the unnecessary initializations in ip_set_get_ipaddr*.
(Patrick McHardy's review)
commit e0d7b66f0a3eb9528eebb59b83ce14e8f2025b1d
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 20 11:34:00 2011 +0100
NETMASK*, HOSTMASK* macros are too generic
NETMASK*, HOSTMASK* macros are rewritten to small inline functions
ip_set_netmask* and ip_set_hostmask* (Patrick McHardy's review)
commit cbeaceead3416d4522ef1e97977469e0633f1eea
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 20 10:58:43 2011 +0100
Use static LIST_HEAD() for ip_set_type_list
Avoid the need for explicit initialization during runtime
(Patrick McHardy's review)
commit 0bd2dd6f87f802af37bf037aa084ec4bd9280fae
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 20 10:39:01 2011 +0100
Move NLA_PUT_NET* macros to include/net/netlink.h
These macros can be useful in general (Patrick McHardy's review)
commit cfb2375a3a0d018b1f3dac518126e0dff9191e78
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 20 10:26:44 2011 +0100
The module parameter max_sets should be unsigned int
Negative set numbers are strange :-) (Patrick McHardy's review)
commit eb0a9bd761f019f9d5588090c193a39506506240
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 20 10:25:04 2011 +0100
Get rid of ip_set_kernel.h
The header file was useful at deep debugging only, we can get rid of now.
(Patrick McHardy's review)
commit c2d28607e25b8884ffb893ab4bc6cbb3b1c5a386
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 20 10:20:14 2011 +0100
Fix the placement style of boolean operators at continued lines
Fix "&&" and "||" continuation style (Patrick McHardy's review)
commit 7cd45445d55b14b7aca69a81b7815a98afc51784
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Jan 18 20:47:44 2011 +0100
ipset 5.3 released
commit 5039472d2669707031df7d04e132b434e4d0c8f8
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Jan 18 20:39:51 2011 +0100
Set the non-debug compiling the default
Compiling with debugging can be enabled with the "--enable-debug" option
of the configure script.
commit 06b188635ecfac9c5ad46cb95845b83e96a17bc7
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Jan 18 17:49:55 2011 +0100
Testsuite fix of ospf replaced with vrrp.
The testsuite failed incorrectly, because the order of the elements
changed.
commit 712154704964906a59d481dc7edf43554f9eaf83
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Jan 18 17:48:22 2011 +0100
Fix build with NDEBUG defined
The usage of the gcc option -Wunused-parameter interferes badly with
the assert() macros. In case -DNDEBUG is specified build fails with:
cc1: warnings being treated as errors
print.c: In function 'ipset_print_family':
print.c:92: error: unused parameter 'opt'
print.c: In function 'ipset_print_port':
print.c:413: error: unused parameter 'opt'
print.c: In function 'ipset_print_proto':
Fix it by taking into accout NDEBUG in the function arguments.
Bug reported by Holger Eitzenberger.
commit 7ba43e68db3e61e0e8c13d5189f153a06954259d
Author: Holger Eitzenberger <[email protected]>
Date: Tue Jan 18 17:30:50 2011 +0100
Do session initialization once
Signed-off-by: Jozsef Kadlecsik <[email protected]>
commit 321ed946b892bcc6ce069553418c1b706912e8df
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Jan 18 17:20:30 2011 +0100
Make IPv4 and IPv6 address handling similar
While the following works for AF_INET:
ipset add foo 192.168.1.1/32
this does not work for AF_INET6:
ipset add foo6 20a1:1:2:3:4:5:6:7/128
ipset v5.2: Syntax error: plain IP address must be supplied:
20a1:1:2:3:4:5:6:7/128
Bug reported by Holger Eitzenberger.
The complete fix is to handle the special host prefixes in the general
IP address parser function.
commit cac607bd8850e00356e4d97b05e7c8adfb3fa640
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Jan 18 17:17:46 2011 +0100
Show correct line numbers in restore output for parser errors
Parser errors are reported by a wrong lineno at restore, bug reported
by Holger Eitzenberger:
create foo6 hash:ip hashsize 64 family inet6
add foo6 20a1:1234:5678::/64
add foo6 20a1:1234:5679::/64
you get:
ipset v5.2: Error in line 1: Syntax error: plain IP address must be
supplied: 20a1:1234:5678::/64
Should be line 2 though.
The solution is to set the session lineno before parsing.
commit 1d4c46ed1088f40315695bc2de12bddc35b536a1
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Jan 14 19:30:28 2011 +0100
There is no need to call synchronize_net() at swapping.
Ongoing add/del can happen to referenced sets and delete can be issued
to unreferenced sets. So the bogus call to synchronize_net() can safely
be removed.
commit fac5c2a3607058f61a7d142852d4376bd11bb5ec
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Jan 14 17:24:38 2011 +0100
Replace strncpy with strlcpy at creating a set.
Better add more safety nets against user input.
commit 5473f88e13ae551192fb682c0e23fab49597f71c
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Jan 14 17:16:10 2011 +0100
Update copyright date and some style changes.
commit 692fd7db42487f4c173cfb2743e40baee160b359
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 13 22:01:51 2011 +0100
Use jhash.h accepted in kernel, with backward compatibility.
commit 9c4b9a1ca942ae933fe4693a25e2ddea873cc341
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 13 21:48:17 2011 +0100
Separate prefixlens from ip_set core.
Separate prefixlens from ip_set core for better readibility and honoring
the independence.
Also, comment that prefixlens were borrowed from Jan Engelhardt.
commit 4d5fdf0b5086aa6d5b38240c39e00d9ac3c34976
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Jan 13 15:46:26 2011 +0100
Replace ospf with vrrp in the testsuite
Some systems do not contain ospf in /etc/protocols but ospfigp only.
commit d0c45cd09b929c31b41a4458c6d3784cfea5e948
Merge: 2c76d78838671f1e7da9a0b01703801d8996eb98
b31b2d6cbadc0ffb1259e8b833447aadfb4e316d
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Jan 12 13:33:11 2011 +0100
Merge branch 'master' of git://dev.medozas.de/ipset
Signed-off-by: Jozsef Kadlecsik <[email protected]>
commit b31b2d6cbadc0ffb1259e8b833447aadfb4e316d
Author: Jan Engelhardt <[email protected]>
Date: Mon Jan 3 22:32:41 2011 +0100
kernel: remove unused ctnl parameter from call_ad
Signed-off-by: Jan Engelhardt <[email protected]>
commit 2c76d78838671f1e7da9a0b01703801d8996eb98
Merge: 6e0145723621f476d10c81d57e1bb6b0bb3c6ddb
2005427f18f5015c4228565d388d67ddb3c772d7
Author: Jozsef Kadlecsik <[email protected]>
Date: Mon Jan 3 10:07:40 2011 +0100
Merge branch 'master' of git://dev.medozas.de/ipset
Signed-off-by: Jozsef Kadlecsik <[email protected]>
commit 2005427f18f5015c4228565d388d67ddb3c772d7
Author: Jan Engelhardt <[email protected]>
Date: Fri Dec 31 00:23:25 2010 +0100
build: remove autogenerated files
Signed-off-by: Jan Engelhardt <[email protected]>
commit 159593b699d162b3c1ef2944b5f9f8951ec3ca5f
Author: Jan Engelhardt <[email protected]>
Date: Fri Dec 31 00:19:23 2010 +0100
build: use only AC_CANONICAL_HOST
Calculating AC_CANONICAL_TARGET is superfluous, because ipset is not a
code generator.
Signed-off-by: Jan Engelhardt <[email protected]>
commit 6e0145723621f476d10c81d57e1bb6b0bb3c6ddb
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Dec 23 21:39:12 2010 +0100
Comment the possible return values of the add/del/test type-functions
commit b4473693732dfe760f907d78fb83e155427f6632
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Dec 23 15:48:56 2010 +0100
ipset 5.2 released
commit ad4d802717b4fa60a65a6f4a6d64f007fcb82cf9
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Dec 23 15:28:28 2010 +0100
Handle internal printing errors
Internal printing errors were not reported, handle them by setjmp/longjmp.
commit 7c80f67c0c16620e8b0425a129b3dfe72a72aaed
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Dec 23 14:44:44 2010 +0100
Use cast to void * instead of memcpy as Sparc workaround at sockaddr_XXX.
Direct cast results "cast increases required alignment of target type" on
Sparc: use indirect cast to void * instead of memcpy, as Jan Engelhardt
suggested.
commit cce6edeef0e3829fb88185cebf13b21963afe032
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Dec 23 14:33:16 2010 +0100
Listing/saving of large sets could produce broken listing, fixed.
The wrapper around getnameinfo was not snprintf-compatible and
that could cause broken listing/saving for large sets.
commit 6c4f5407eb7470a0a1522212667bb28119e52118
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Dec 22 21:57:01 2010 +0100
Kernel version check at minimal supported version is mistyped, now fixed.
commit c3ef879875a4ce533c60d9c67aa428d5b26c4ec7
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Dec 22 21:49:34 2010 +0100
Support libtool < 2.2
LT_INIT is not present before libtool 2.2. Revert to use AC_PROG_LIBTOOL.
commit 8935f8bd213509b34066343c5236940c34794a3d
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Dec 22 11:09:20 2010 +0100
ipset 5.1 released
commit 3ac783ff62b91880d4f7edd6bda650169e70cb4f
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Dec 22 10:46:26 2010 +0100
Test cases for IPv6 restore and more complex restore sessions added.
commit d794a110478866311416bf73e2a5239253aead40
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Dec 22 10:43:05 2010 +0100
Restore mode did not work for IPv6 (reported by Elie Rosenblum)
The set cache stored the default family (INET) instead of the set family,
therefore restore mode for IPv6 did not work. The set cache fixed and
message aggregation reworked.
commit cffe9a53f6bacb0c72d83efa19b1a9764d44dc72
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Dec 21 20:47:08 2010 +0100
Kernel version compatibility: support from 2.6.34
The basic kernel compatibility issues are verified back to 2.6.24.
The minimal supported kernel version had to be bumped from 2.6.31 to 2.6.34.
commit 57d871ad46bfaed44e556cb872f4bfab1004d9e1
Merge: 06366c172c487b3038b52e8fe640747b4092a544
95b9dfb393232f384ccfc671971a0a9387e138d4
Author: Jozsef Kadlecsik <[email protected]>
Date: Mon Dec 20 11:54:26 2010 +0100
Merge branch 'master' of git://dev.medozas.de/ipset into ipset-5
Signed-off-by: Jozsef Kadlecsik <[email protected]>
commit 95b9dfb393232f384ccfc671971a0a9387e138d4
Author: Jan Engelhardt <[email protected]>
Date: Sun Dec 19 05:57:52 2010 +0100
libipset: static annotations
commit 404c46381d01088867fdcd92ea6b97978f4c95a7
Author: Jan Engelhardt <[email protected]>
Date: Sun Dec 19 05:56:19 2010 +0100
libipset: const annotations
commit 8673a740e4279e553e31e1b82ac8e4061ab5dc6f
Author: Jan Engelhardt <[email protected]>
Date: Sun Dec 19 03:09:09 2010 +0100
libipset: remove redundant casts
commit bab610b39445a95ea2d566bc41d4be14074bf1c8
Author: Jan Engelhardt <[email protected]>
Date: Sun Dec 19 03:13:06 2010 +0100
libipset: remove redundant indirection via union name
There are no uses of C99 static initializers, so let's make the union
anonymous and reduce accessor lengths.
commit 0298f9c14163f0a255662a7bfc4749f82ecb77ff
Author: Jan Engelhardt <[email protected]>
Date: Sun Dec 19 03:09:56 2010 +0100
libipset: ipset_strncpy is really a strlcpy-type operation
commit 4f9d32575abfb37e01dd33fa28f4a91ff85b514b
Author: Jan Engelhardt <[email protected]>
Date: Sun Dec 19 02:45:54 2010 +0100
kernel: use EXPORT_SYMBOL_GPL
commit 3850182ab671a7726f02c495dd5422629e2520dd
Author: Jan Engelhardt <[email protected]>
Date: Sun Dec 19 02:44:14 2010 +0100
kernel: const annotations
commit 7e476b3d15ae050137906a9e572d255e66c05d62
Author: Jan Engelhardt <[email protected]>
Date: Sun Dec 19 02:48:32 2010 +0100
kernel: use __read_mostly for registration-type structures
Here is where __read_mostly goes :-)
commit 8f88de56d8ab22e6b34dba81ebf69e75929706ff
Author: Jan Engelhardt <[email protected]>
Date: Sun Dec 19 02:09:19 2010 +0100
kernel: do not mix const and __read_mostly
It makes no sense to mix these two. Either it is
writable-plus-read-mostly, or it is constant.
commit 81145c5548a7ab94ff69fc92359ba17fdb03f4d6
Author: Jan Engelhardt <[email protected]>
Date: Sun Dec 19 02:27:53 2010 +0100
xt_set: avoid user types in exported kernel headers
Within isolated code it would be ok, but not so in exported headers.
commit 7009adda3d6ded19cfcf4fb41b239c067e2805b0
Author: Jan Engelhardt <[email protected]>
Date: Sun Dec 19 02:39:32 2010 +0100
build: enable parallel building
$ make modules -j8
cd kernel; make -C /lib/modules/`uname -r`/build M=`pwd` V=0 \
IP_SET_MAX=256 \
NETLINK_DUMP_CONST=const \
NFNL_CB_CONST=const modules
make[1]: Entering directory
"/usr/src/linux-2.6.36-rc8-34-obj/x86_64/default"
make[1]: warning: jobserver unavailable: using -j1.
Add '+' to parent make rule.
The "fix" here is that we have to use ${MAKE} instead of make.
(NB: The extra cd is redundant and can be appended to M=.)
commit 06366c172c487b3038b52e8fe640747b4092a544
Author: Jozsef Kadlecsik <[email protected]>
Date: Sun Dec 19 00:56:03 2010 +0100
Prevent calling Makefile directly in the kernel/ subdirectory
commit 35b9b20a7398e4a5ea919cd0a2d4a2664039cbd2
Author: Jozsef Kadlecsik <[email protected]>
Date: Sun Dec 19 00:42:03 2010 +0100
Put back the Sparc specific workaround at getaddrinfo.
commit 3ded98f40b3fbd08657571f2646397a5f71e10d5
Author: Jozsef Kadlecsik <[email protected]>
Date: Sun Dec 19 00:38:32 2010 +0100
Should have gone to sleep: fix check_allowed. Really.
It's not as nice as I'd like to be: IPSET_CREATE_FLAGS and
IPSET_ADT_FLAGS are required elsewhere, but to make life
simpler, some flags (like IPSET_OPT_TYPENAME) are *not*
added to the types full[] flags. So those must be excluded here.
commit 2a2334920166d20bf091e3212ae3970154d5b8c2
Author: Jozsef Kadlecsik <[email protected]>
Date: Sat Dec 18 23:32:30 2010 +0100
Check old system kernel header files
commit 18ae855bc06472e7fa714ec177f2db4b32f82d8a
Author: Jozsef Kadlecsik <[email protected]>
Date: Sat Dec 18 23:02:48 2010 +0100
Check from `configure` that the kernel source is patched with netlink.patch
commit c35dbd0a66f5abede84a4ea966bd765ed6942edb
Author: Jozsef Kadlecsik <[email protected]>
Date: Sat Dec 18 22:54:49 2010 +0100
Use configure to detect compiler warning flags
By checking the supported compiler warning flags, different gcc releases
are supported without the crude --disable-extra-flags option.
commit 82b83ffa0b69cfd8f81d4b122b9d5c020d68ea46
Author: Jozsef Kadlecsik <[email protected]>
Date: Sat Dec 18 12:34:16 2010 +0100
The fix of incorrect comparison in check_allowed completed.
There was still some other incorrect usage of 'enum ipset_cmd' and
'enum ipset_adt' - corrected.
commit 528bef7fc97c3b917c0387bea4c5a71202f32799
Author: Jozsef Kadlecsik <[email protected]>
Date: Sat Dec 18 11:48:49 2010 +0100
Try to solve PKG_CHECK_MODULES issue
Rob Sterenborg reported, that on CentOs configure can fail with
./configure: line 11510: syntax error near unexpected token `[libmnl],'
./configure: line 11510: `PKG_CHECK_MODULES([libmnl], [libmnl >= 1])'
Therefore I added 'aclocal -I m4' to autogen.sh, hoping that it solves
the issue.
commit 92cc6bd3c5e62623fa37489ec17b331554561c37
Author: Jozsef Kadlecsik <[email protected]>
Date: Sat Dec 18 11:30:29 2010 +0100
Fix incorrect comparison in check_allowed
Wrong enum type was used in the comparison, reported by Jan Engelhardt.
commit 0b864252f72fd6e6638490d887c65b53d37aaf11
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 17 22:45:13 2010 +0100
Fix Kbuild for me to delete backup files
commit 07a807764d0d05de7876fa8396940f65e428e27a
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 17 22:32:09 2010 +0100
Initialize ChangeLog for the new release
commit 42ff703f312aa787a7d7cf16fa8d7f599cf8b8cd
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 17 22:10:01 2010 +0100
Add tests to check hash:ip,port,net type
commit 33b0506702a12c48dcdfde3484dae208c4bf1158
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 17 21:43:18 2010 +0100
Match command prefixes
Match not only the first letter or the full command name, but
an arbitrary prefix too.
commit 6da3c49b9b4e7eb2890f63ea7f8eb956ec655640
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 17 21:34:20 2010 +0100
Add more test to check adding/deleting multiple entries.
commit 8c55ba2eb0b4ad5b4dc0ad7a685c4d17d8d3f7bf
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 17 21:33:07 2010 +0100
Updated manpage to reflect wider input possibilities in the ipset tool.
commit 593d2082912a9fdef12f2e69e40b5505d358690a
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 17 21:32:29 2010 +0100
Updated help texts for the hash:ip and list:set types.
commit 984023490f88346e58db68d77489e67b0c6c4ce8
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 17 21:31:12 2010 +0100
Support adding/deleting multiple entries, userspace part.
Support adding/deleting multiple entries in the userspace part
of the hash:ip,port, hash:ip,port,ip, hash:ip,port,net and
hash:net,port types.
commit 62a05ab5fe3e5b60057fef9e669137cacab6b614
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 17 21:28:18 2010 +0100
Support adding/deleting multiple entries, kernel part.
Support adding/deleting multiple entries in the kernel side
of the hash:ip,port, hash:ip,port,ip, hash:ip,port,net and
hash:net,port types.
commit 0aec3af45d839beb5054c6f0ed7ff9b115b8d907
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 17 21:26:43 2010 +0100
Add ipset_parse_tcpudp_port function
Add new parser function to parse TCP/UDP port name, number, or range of
them.
commit 5c269cc6982f664153bd73af93c41312b862e15d
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 17 11:52:30 2010 +0100
Missing spaces in error strings fixed.
commit ff0e8fef74b1307d3c5ae8a0f5dd291c72dd40ad
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 17 11:45:26 2010 +0100
Use the 'full' flags of the types and check not allowed flags.
commit 5200ad226e7fcbbd069f539c309d17a9e66719af
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Dec 16 12:34:49 2010 +0100
Remove unnecessary gfp_flags arguments
Where the argument was used, the set lock was already activated, therefore
the argument value was always GFP_ATOMIC.
commit 3080a55074a595acdeb5bc85bbcd8dba9fa1bfc2
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Dec 16 12:19:00 2010 +0100
Add test to check multi-message listing and swapping.
commit 61592cb11c2839a3f5bb2bc26ceb62da7165a045
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Dec 16 12:02:59 2010 +0100
Mistypeing in the hbucket() macro fixed.
commit 2ec3fba5025a0b1ca247d2ca9d6680b19397b443
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Dec 15 17:39:57 2010 +0100
Manpage cleanups, so it's more clear and straightforward.
commit 87f9c118a3ade11f0a60a07933275a68d3bbd0b8
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Dec 14 21:23:41 2010 +0100
Fix outdated messages in the tests
commit 1532d1c64528e9ff57c304b00736e93e60130e21
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Dec 14 17:45:49 2010 +0100
Document which elements cannot be stored in the different hash types.
And enforce from kernel side as well...
commit d5125000ff9d5af0f3b4b4c1dde9230c2438b110
Author: Jozsef Kadlecsik <[email protected]>
Date: Mon Dec 13 17:46:23 2010 +0100
Speed up testing a little bit
Lower timeout values to max 5s, so we can lower sleep values too.
commit 49e8041b484d32f2b18443f2d60184a83eb0392a
Author: Jozsef Kadlecsik <[email protected]>
Date: Mon Dec 13 13:41:21 2010 +0100
Convert last printks to pr_debug in ip_set_ahash.h
commit bfe98c9a41236630a405ad1e34b3cd7cf8056b55
Author: Jozsef Kadlecsik <[email protected]>
Date: Mon Dec 13 12:40:06 2010 +0100
Remove remnants of slist from ip_set_ahash.h
commit d137c0bd736985444f5ed43860d47d626250b67a
Author: Jozsef Kadlecsik <[email protected]>
Date: Mon Dec 13 12:31:12 2010 +0100
Buffered commands are just ... buffered.
Calculate the free buffer size when adding the existing attributes at the
buffered
commands. If the buffer is full, cancel the unfinished nested attribute and
commit
the previously buffered commands. Then restart with the current buffered
command.
Thus we can get rid of the ugly maxsize parameter of the set types.
commit dcf7ea57f13f3b1e1b0d87cfa71a6a73335825c2
Author: Jozsef Kadlecsik <[email protected]>
Date: Mon Dec 13 12:25:21 2010 +0100
Fixing dangling empty line produced backward-incompatible exit codes, fixed.
commit f1b2412ed58f56e86a70697ae3eaf55c585c39fe
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 10 23:04:59 2010 +0100
Support case-insensitive ICMP and ICMPv6 type/code names.
commit 834f20138660369342cea889e8ce81bccf3ab976
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 10 23:02:30 2010 +0100
Compiler flag compatibility fix with libmnl
libmnl now uses void pointer arithmetic, remove -Wpointer-arith from
the compiler flags.
commit 36266d901666786ed314641fa6d02ea1140dc167
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 10 17:19:59 2010 +0100
Fix dangling empty line at error/warning messages emitted by ipset.
commit f40abbbef2032beeeda7b7cc2f2330d75c3fc7dc
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 10 17:04:38 2010 +0100
Add proper RCU protection to resizing
Resizing can be triggered by userspace command only, and those
are serialized by the nfnl mutex. During resizing the set is
read-locked, so the only possible concurrent operations are
the kernel side readers. Those must be protected by proper RCU locking.
commit 5a5c5896d89670a853c5b6557c1480ac0e239f86
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Dec 10 13:54:51 2010 +0100
Convert hash types from chash to ahash.
Instead of the cache friendly hashing, use the array based hashing.
According to my tests the latter uses less memory, faster at lookup and
deletion, and only slower at insertion.
commit 4150bd9b04e91e6e5b24b918f5d1c4c338a0755c
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Dec 8 16:57:20 2010 +0100
Strip off ip_set_ prefix from non-ipset specific header files.
commit ad75e5387cb0b89f26e8950b8947b17293b82a43
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Dec 8 16:52:43 2010 +0100
Update ip_set_jhash.h
Update ip_set_jhash.h with the version which was submitted for kernel
inclusion.
commit 4902415c1e95003068343d69206887be0e202615
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Dec 7 17:46:40 2010 +0100
Create include/linux/netfilter/ipset/ directory
Separate the ipset header files from netfilter header files.
commit b4e9b45a615898bf81aead9f55f87c5a37c5d6df
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Dec 7 17:33:16 2010 +0100
Complete Kconfig.ipset with hash:net,port type.
commit 6743bb20a71cdae0255c473ab4d088a08d5be18d
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Dec 7 17:28:17 2010 +0100
Remove include/net/pfxlen.h
Spare some memory by moving the static prefixlen maps to the ipset core.
Thus we can get rid of include/net/pfxlen.h too.
commit bf1ae494ed67e9b44bc57c91d885218e2cf64cec
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Dec 7 17:08:12 2010 +0100
Remove command MODIFY
Modifying a set can be performed by save/modify/restore/swap, without
adding kernel part support.
commit 9d317732eeeed959b3d0fa2f7997f059d74ad75b
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Dec 7 17:01:55 2010 +0100
Whitespace, checkpatch.pl cleanups.
commit 6e42ee58c2710f9cbe36655e3c3093af5b7c87c5
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Nov 5 17:02:21 2010 +0100
The protocol extended with the command MODIFY.
The command is not used yet, but better to reserve it already.
commit 48d8a10a545e4ef4092550b45f6cba38e0a8c94f
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Nov 5 17:00:42 2010 +0100
Update README file
Cleaned up the netlink.patch part: there's no more multiple patches.
The incompatibilities against 4.x are listed in details.
commit 8886766ed31d244d8a1871082c02eb23b25b7fb4
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Nov 2 14:51:17 2010 +0100
Manpage and help text fixes.
The manpage is updated to reflect the recent modifications and
the addition of the hash:net,port type. The help text of hash:ip
is updated: adding/deleting multiple entries are supported for
IPv4 only.
commit 8be6f7382fd216319c5cdb8f4c6c6295949b0f54
Author: Jozsef Kadlecsik <[email protected]>
Date: Sat Oct 30 23:14:37 2010 +0200
Enforce handling IPv4 and IPv6 differently for hash:ip type.
Use the newly added parser function ipset_parse_ip4_single6 instead
of the generic ipset_parse_ip.
commit 984c309c5996c9ecaafeda473188a78f0f8eac63
Author: Jozsef Kadlecsik <[email protected]>
Date: Sat Oct 30 23:11:47 2010 +0200
Add parser function to handle IPv4 and IPv6 differently.
At present IPv6 does not support adding/deleting multiple IPv6 addresses
specified as an ip-ip range or ip/prefix block. A parser function is
added by which can enforce it at parsing the address pattern.
commit 3f8f60c2115992ecf6678fb6ce24d46dbb09e5f8
Author: Jozsef Kadlecsik <[email protected]>
Date: Sat Oct 30 18:52:53 2010 +0200
Resizing converted to run under read-locking of the set
With restricting resizing so that it can be triggered by an add
from userspace only, we can modify it so that it uses read-locking
instead of write-locking. Thus the matching in the set can run parallel
with resizing.
commit a9bfa58f6b893d14cd4ffff7ef14084fcdc0ebe9
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Oct 29 22:50:12 2010 +0200
Remove to support resizing from kernel context.
Resizing in kernel context is simply too expensive. Drop the feature:
if a set is used as a dynamic container by a SET target, then the set
must be created with a proper size from now on.
commit dc1f7b114b84cd54bc03c75c521c57cb79a30cfc
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Oct 29 22:35:14 2010 +0200
Fix gfp_flags at resizing
Resizing functions are called without holding any lock. So we can
allocate using the flag GFP_KERNEL.
commit f484d856492fb66a6b658f4b753a64d7c151b5fd
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Oct 29 22:24:18 2010 +0200
Test to list large hash sets added.
commit 0eb4188f9ccf186f1a01800fbc3c54724a6c0a2a
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Oct 29 22:21:01 2010 +0200
Listing for hash types fixed
The listing was incorrect for large sets, when multiple messages were
required. I assume that one full hash bucket fills into one message,
but that is true for all current hash types.
commit 2797afef4fcb1675dcbb64cc2568dc2be5a3a345
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Oct 29 22:19:58 2010 +0200
Kernel compile-time files are added to .gitignore
commit 0bd46e82f1457c3a55b635ced540e59c912bf330
Author: Jozsef Kadlecsik <[email protected]>
Date: Mon Oct 25 22:44:31 2010 +0200
Build and source kernel directories
Fall back to the build directory if the source directory is not specified.
Check that it looks like as a source directory.
commit a68e0f336a746d6f23f6af1d2ce632069c671d17
Merge: f2a0643f55af5ac826c65706ee133dd251bccd05
a2297acbaed4174f27a7caef98f2d84f9bde8c5c
Author: Jozsef Kadlecsik <[email protected]>
Date: Mon Oct 25 14:53:04 2010 +0200
Merge branch 'ipset-5' of git://dev.medozas.de/ipset into ipset-5
commit f2a0643f55af5ac826c65706ee133dd251bccd05
Author: Jozsef Kadlecsik <[email protected]>
Date: Mon Oct 25 12:03:27 2010 +0200
Rollback to fix commit history
commit 0d32c5c070f817229110f92d7b31df9a3e4eeec5
Author: Jozsef Kadlecsik <[email protected]>
Date: Sun Oct 24 21:42:48 2010 +0200
Fixes, cleanups, comments
- More comments added to the code
- ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip
and hash:ip,port,net types
- hash:net and hash:ip,port,net types are reworked
- hash:net,port type added
- Wrong direction parameters fixed in hash:ip,port
- Helps and manpage are updated
- More tests added
- Ugly macros are rewritten to functions in parse.c
(Holger Eitzenberger)
- resize related bug in hash types fixed (Holger Eitzenberger)
- autoreconf patches by Jan Engelhardt applied
- netlink patch minimalized: dumping can be initialized by a second
parsing of the message (thanks to David and Patrick for the suggestion)
- IPv4/IPv6 address attributes are introduced in order to fix the context
(suggested by David)
commit a2297acbaed4174f27a7caef98f2d84f9bde8c5c
Author: Jan Engelhardt <[email protected]>
Date: Tue Oct 19 18:05:29 2010 +0200
Add .gitignore files
Signed-off-by: Jan Engelhardt <[email protected]>
commit 554784c070ba034a2a5dae867480f91ec242a27a
Author: Jan Engelhardt <[email protected]>
Date: Tue Oct 19 18:03:03 2010 +0200
build: run autoupdate
AC_CANONICAL_SYSTEM is deprecated in favor of calling one or more of
AC_CANONICAL_{BUILD,HOST,TARGET}. Since configure.ac only uses $target,
only AC_CANONICAL_TARGET is needed.
Signed-off-by: Jan Engelhardt <[email protected]>
commit 6fd3b2350dae31d16166d66e7e143f78b5d5b6e3
Author: Jan Engelhardt <[email protected]>
Date: Tue Oct 19 18:01:19 2010 +0200
build: use subdir-objects and CC_C_O
Signed-off-by: Jan Engelhardt <[email protected]>
commit 91c7437c25066cc94bf81be18a6f94c0c83bfb6c
Author: Jan Engelhardt <[email protected]>
Date: Tue Oct 19 17:54:33 2010 +0200
build: remove manual -fPIC flag
libtool will take care of adding -fPIC as needed. In fact, static
libraries are often not desired to be compiled with -fPIC.
Signed-off-by: Jan Engelhardt <[email protected]>
commit 7607e809e947dbdc89de84cbad960e5aa0accc91
Author: Jan Engelhardt <[email protected]>
Date: Tue Oct 19 16:02:04 2010 +0200
build: use libmnl's pkgconfig files
libmnl installs .pc files that we can directly use and which are
preferable over AC_CHECK_LIB.
Also make sure that libipset.so is linked with libmnl, otherwise
linking errors can ensue when a program tries to link to libipset.
Furthermore, remove the now-unused LIBS variable.
Signed-off-by: Jan Engelhardt <[email protected]>
commit d6484ee2f3b256ec2a011bad383175388fd4ee05
Author: Jan Engelhardt <[email protected]>
Date: Tue Oct 19 12:51:38 2010 +0200
build: add separate option for kernel source directory
The build directory is not necessarily the same as the source directory.
Signed-off-by: Jan Engelhardt <[email protected]>
commit 9bff2f93cbea33842229b6c2f150cb76ff53d8e0
Author: Jan Engelhardt <[email protected]>
Date: Tue Oct 19 11:02:26 2010 +0200
build: resolve autoreconf/libtoolize suggestions
libtoolize: Consider adding "AC_CONFIG_MACRO_DIR([m4])" to configure.ac and
libtoolize: rerunning libtoolize, to keep the correct libtool macros
in-tree.
libtoolize: Consider adding "-I m4" to ACLOCAL_AMFLAGS in Makefile.am.
Signed-off-by: Jan Engelhardt <[email protected]>
commit 1d125e316b35a214559dd9877ebccc60b0e0f7f8
Author: Jan Engelhardt <[email protected]>
Date: Tue Oct 19 11:00:49 2010 +0200
build: just use autoreconf
This is the recommended way to regenerate the GNU build system files
these days.
Signed-off-by: Jan Engelhardt <[email protected]>
commit 62a3d29539aa109fed1c8a20d63ef95948b13842
Author: Jozsef Kadlecsik <[email protected]>
Date: Mon Aug 23 16:48:14 2010 +0200
Cleanup, compatibility
- Use is_vmalloc_addr when freeing vmalloc or kmalloc-ed areas. Thus
we can get rid of a flag and simplify some functions.
- When checking "same" sets, ignore hash size, because resizing
changes it.
- 2.6.35 compatibility added.
- Discuss backward/forward compatibilities in the README file.
commit 1b8c69e14d97bf5d0e973740c5802fdbf96f756d
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Jul 13 14:18:22 2010 +0200
Compatibility and documentation fixes
Makefile fixes: compiler flags
README and manpage fixes
Compatibility with newer gcc releases (4.4.x)
Compatibility with the 2.6.35 kernel tree
commit 8dd10256cb24ceade8b40bd1604f03ddac8589e2
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Jun 29 21:14:40 2010 +0200
ipset 5: Sparc related and compatibility fixes
ipset 5 is tested on Sparc, which revealed some compatibility issues
and those are fixed. Kernels from 2.6.31 onward are supported.
The testsuite checkings are completed to run match/target checks.
The README file is updated to reflect the requirements to install
and run ipset 5.
commit 780f6384c5c6639da3f5a6ac8d30653e8a26d6c0
Author: Jozsef Kadlecsik <[email protected]>
Date: Fri Jun 25 16:30:52 2010 +0200
ipset 5: IPv6 port related and manpage fixes, more tests
- getting ports for family INET6 fixed
- more manpage polishing
- tests to check the iptables/ip6tables match and target added
commit 020936c8c3375e1efe44a3087c891a4b2cbfe044
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Jun 22 10:49:41 2010 +0200
ipset 5: last new feature added
- the hash types can now store protocol together port, not only port
- lots of fixes everywhere: parser, error reporting, manpage
The last bits on the todo list before announcing ipset 5:
- recheck all the error messages
- add possibly more tests
- polish manpage
commit 97a12ba3f184a76c406eb5622ec21a4d4d6fc8bf
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Jun 16 22:49:16 2010 +0200
configure/Makefile and debug fixes
commit 17116e637e9fd32d67ebdfbd10b465b3dec50c03
Author: Jozsef Kadlecsik <[email protected]>
Date: Wed Jun 16 12:55:04 2010 +0200
IPv6 match/target module aliases added
The missing IPv6 match/target aliases added.
commit 3566189cb6f01c4f2340734f432e20cb6ed1a999
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Jun 15 15:08:55 2010 +0200
Use libmnl nest functions and fix size differences in iptree*.t
Use the libmnl mnl_attr_nest_star/mnl_attr_nest_end functions instead of
the private ones. Ignore possible size differences in iptree*.t
compatibility
tests.
commit 3fd6b24ace319b139ec3c4e3031a5f05d21e304e
Author: Jozsef Kadlecsik <[email protected]>
Date: Tue Jun 15 13:30:55 2010 +0200
ipset 5 in an almost ready state - milestone
Reworked protocol and internal interfaces, missing set types added,
backward compatibility verified, lots of tests added (and thanks to the
tests,
bugs fixed), even the manpage is rewritten ;-). Countless changes
everywhere...
The missing bits before announcing ipset 5:
- net namespace support
- new iptables/ip6tables extension library
- iptables/ip6tables match and target tests (backward/forward compatibility)
- tests on catching syntax errors
commit 00bcb2b40450eca4c7ad785bf85b12692e8d29af
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Apr 22 17:22:46 2010 +0200
Fix Makefile.am
"tidy" must cleanup the kernel/ directory - and should not delete
kernel/Makefile.
commit 62f71e22a1db90eee62ea9688f0c77cb6cf5ccae
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Apr 22 17:14:21 2010 +0200
Tenth stage to ipset-5
Add new test files and toplevel files.
commit 9638135a8ea91a157a68148fb1d84edec52c313b
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Apr 22 17:11:01 2010 +0200
Nineth stage to ipset-5
Update tests.
commit 456b1d993711eb4297012ad4a881c459c0511358
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Apr 22 17:09:18 2010 +0200
Eight stage to ipset-5
Commit changed files in kernel/...
commit ac0e5da3166da201ea00fd7f3cd927b0a49d8fef
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Apr 22 17:07:48 2010 +0200
Seventh stage to ipset-5
Refresh existing files in kernel/ with new content and add some
new include/source files.
commit cfd1ae75a43ef1aa7734defa1754b1c94c0b3756
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Apr 22 17:04:04 2010 +0200
Sixth stage to ipset-5
Remove unnecessary include files and rename some.
commit 5b20d409ef3062b24bbe7667f0daec34523446a6
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Apr 22 17:00:42 2010 +0200
Fifth stage to ipset-5
Rename files in kernel/ and get rid of old ones (2.4.x kernel tree support).
commit 8e0608d31d988333ff04f3faaa6e851c0ecdbc6e
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Apr 22 16:52:29 2010 +0200
Fourth stage to ipset-5
Add new userspace files: include/, lib/ and plus new files in src/.
commit 1e6e8bd9a62aa7cd72e13db9355badc96df18ee8
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Apr 22 16:50:57 2010 +0200
Third stage to ipset-5
Refresh existing files in src/ with the new content.
commit f713cb1e105740c29c0a0906f4eb0ba375f64491
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Apr 22 16:48:33 2010 +0200
Second stage to ipset-5
Rename files in src/ according to the new naming convention.
commit 0278351a9b9208272449ce4d875e265f6a54aee5
Author: Jozsef Kadlecsik <[email protected]>
Date: Thu Apr 22 16:42:58 2010 +0200
First staget to ipset-5
Create src/ and move ipset source there. Get rid of unnecessary and
outdated files.
_______________________________________________
svn mailing list
[email protected]
http://mailman.vyatta.com/mailman/listinfo/svn
