2 - Fix API version number
5 - Fix parsing service names for ports (reported by Yuri D'Elia)
8 - Use 'ss' in runtest.sh but fall back to deprecated 'net-tools'
9 command (bugzilla id #1209)
10 - build: do install libipset/args.h (Jan Engelhardt)
11 - Add test to verify wraparound fix
14 - Userspace revision handling is reworked
15 - Replace the last reference to u_int8_t with uint8_t.
18 - testsuite: Make sure it can be run over ssh :-)
19 - Reset state after a command failed, when multiple ones are issued
20 (bugzilla id #1158, reported by Dimitri Grischin)
21 - Handle padding attribute properly in userspace.
22 - Test to check the fix to add an IPv4 range containing more than 2^31
24 - Fix the include guards on the include/libipset/linux_ip_set*.h
25 (bugzilla id #1139, suggested by Quentin Armitage)
26 - New function added in commit 54802b2c is missing from libipset.map
27 (bugzilla id #1182, reported by irherder@gmail.com)
30 - Report if the option is supported by a newer kernel release
31 - ipset: Fix ipset command replacement in runtest.sh (Neutron Soutmun)
32 - Correct a test: number of entries may be outdated
35 - Fix possible truncated output in ipset output buffer handling
36 (Reported by Omri Bahumi and Yoni Lavi).
37 - Missing prototype added in ipset_hash_ipmac.c (debugging)
40 - Update manpage about the size parameter of list:set types.
41 - New test to verify that only the intended entries are deleted at hash
45 - Drop extra comma from error message (Neutron Soutmun)
46 - Fix the incorrect dynamic/static modules list (Neutron Soutmun)
47 - Correct tests to check the number of entries too
48 - hash:ipmac type support added to ipset, userspace part (Tomasz Chilinski)
51 - Suppress unnecessary stderr in command loop for resize and list
52 - Correction in comment test
53 - Support chroot buildroots (reported by Jan Engelhardt)
54 - Fix "configure" breakage due to pkg-config related changes
55 (reported by Jan Engelhardt)
58 - Support older pkg-config packages
59 - Add bash completion to the install routine (Mart Frauenlob)
60 - Fix misleading error message with comment extension
61 - Test added to check 0.0.0.0/0,iface to be matched in
63 - Fix link with libtool >= 2.4.4 (Olivier Blin)
66 - Handle uint64_t alignment issue in ipset tool
69 - Out of bound access in hash:net* types fixed (reported by Dave Jones):
70 new tests added to the testsuite to verify the fix
71 - Warn about loaded in ip_set modules at module installation
72 - Use IPSET_BIN in resize-and-list.sh and suppress echoing of loop
74 - Manpage typo corrections (David Wittman)
75 - Fix grammar error in manpage (Neutron Soutmun)
78 - ipset manpage: refer to iptables-extensions
79 - Update userspace header file from the kernel tree
80 - Handle 'extern "C" {' in check_libmap.sh
83 - Add element count to all set types header
84 - Add element count to hash headers (Eric B Munson)
85 - Support linking libipset to C++ programs (reported by Pavel Odintsov)
86 - ipset: propose rewording in manpage (Neutron Soutmun)
87 - More compatibility checking and simplifications to support the
89 - Compatibility: define RCU_INIT_POINTER when __rcu is not defined
90 - Compatibility: check kernel source for list_last_entry
91 (CentOS7, reported by Ricardo Klein)
92 - Make possible to pass extra flags to sparse
95 - The "extra" subdirectory for kernel modules may have a full subtree
96 (reported by Jesper Dangaard Brouer)
97 - Add more compatibility checkings to support older kernel releases
98 - Make_global.am: Don't include host headers (Baruch Siach)
99 - Alignment problem between 64bit kernel 32bit userspace fixed
100 (reported by Sven-Haegar Koch)
101 - Add script to check libipset.map for missing symbols
102 - Update libipset.map with ipset_parse_tcp_udp_port (Thomas Backlund)
103 - libipset: Bump lib version and update map file (Neutron Soutmun)
104 - Bash utilities updated
105 - ipset: Fix hyphen used as minus sign in manpage (Neutron Soutmun)
108 - The utils are updated from their sources
109 - Order create and add options in manpage so that generic ones
111 - Centralise generic create options (family, hashsize, maxelem)
112 on top of man page in the generic options section. (Mart Frauenlob)
113 - Support glibc < 2.9 (fixes bugzilla id #891)
114 - Add description of hash:mac set type to man page. (Mart Frauenlob)
115 - Add missing space for skbinfo option synopsis. (Mart Frauenlob)
116 - The library/API versions were forgotten to bump (reported by
118 - Retry printing when sprintf fails (reported by Stig Thormodsrud)
121 - hash:mac type added to ipset
122 - Add test to check mark mapping
123 - ipset: remove extran newline on debug output (Holger Eitzenberger)
124 - ipset: avoid duplicate command flags (Holger Eitzenberger)
125 - Remove a duplicate debug print (Holger Eitzenberger)
126 - ipset: man: Add the skbinfo extension documentation. (Anton Danilov)
127 - libipset: Add userspace support of the skbinfo extension of the list
128 set type. (Anton Danilov)
129 - libipset: Add userspace support of the skbinfo extension of the hash
130 set types. (Anton Danilov)
131 - libipset: Add userspace support of the skbinfo extension of the
132 bitmap set types. (Anton Danilov)
133 - libipset: Add userspace code for the skbinfo extension support.
135 - Make possible to compile ipset with IPSET_DEBUG from the dist.
137 - libipset: print third element in debugging (Sergey Popovich)
138 - ipset: Handle missing leading zeros in ethernet address parser
140 - ipset: Pass IPSET_BIN to test scripts to change binary location
142 - ipset: Fix grammar error in manpage (Neutron Soutmun)
143 - ipset: Fix printf format warning (Neutron Soutmun)
146 - The bash utilities are updated
147 - Fix libipset library release versioning (reported by Mathieu Bridon)
150 - ipset: add userspace support for forceadd (Josh Hunt)
151 - kernel: uapi: fix MARKMASK attr ABI breakage (Florian Westphal)
152 - lib: fix ifname 'physdev:' prefix parsing (Florian Westphal)
153 - Prepare the kernel for create option flags when no extension is needed
154 - print mark & mark mask in hex rather then decimal (Vytas Dauksa)
155 - add markmask for hash:ip,mark data type (Vytas Dauksa)
156 - add hash:ip,mark data type to ipset (Vytas Dauksa)
157 - ipset: manpage: correct add action synopsis for hash:net,port,net.
159 - ipset: manpage: remove spare comma for hash:net,net test action.
161 - Fix all set output from list/save when set with counters in use.
163 - ipset: Fix malformed output from list/save for ICMP types in port field
165 - ipset: fix timeout data type size (Nikolay Martynov)
168 - build: fix incorrect library versioning (Jan Engelhardt)
169 - netfilter: ipset: Fix configure failure when --with-kmod=no
171 - Avoid clashing with configured kernel in [CONFIG_]IP_SET_MAX
174 - Missing comment support added to hash:ip,port,ip and hash:net,iface
176 - Compatibility code is modified not to rely on kernel version numbers
177 - Add userspace code to support hash:net,port,net kernel module
179 - Tests added to check comment extension
180 - Add new userspace set revisions for comment support (Oliver Smith)
181 - Support comments in the userspace library (Oliver Smith)
182 - Rework the "fake" argument parsing for ipset restore (Oliver Smith)
183 - Add userspace code to support hash:net,net kernel module
185 - Add test to verify CIDR tracking
186 - configure: uclinux is also linux (Gustavo Zacarias)
187 - Add specifying protocol for bitmap:port (Quentin Armitage)
188 - Remove artifical restriction of netmask values for hash:ip type
189 (Reported by Quentin Armitage, netfilter bugzilla id #844)
190 - Make sure called test scripts can be executed (reported by Tomas Budai)
191 - Manpage fix: not just identical, but compatible type of sets can be
192 swapped (Reported by Quentin Armitage, netfilter bugzilla id #843)
193 - Fix error message typo (Reported by Quentin Armitage, netfilter bugzilla
195 - Parse option "family" first, because other options may depend on it
196 (Bug reported by Quentin Armitage, closed netfilter bugzilla #841)
197 - Change 2nd parameter type of ipset_parse_elem (Quentin Armitage)
198 - Report broken netlink messages in debug mode
199 - Fix hyphen used as minus sign in manpage (Neutron Soutmun)
200 - libipset.pc must be installed via 'make install' (Eric Leblond)
203 - Check at modules_install whether depmod ignores the extra subdir
204 (reported by Husnu Demir and tian fang)
205 - The utils are updated from their sources
206 - Manpage typing error correction (reported by Husnu Demir)
207 - Update testsuite as the trailing space was eliminated at listings
208 - Add sparse checking support to userspace
209 - Improve XML output: add element tag and root element (suggested by Lucas
212 - Add new testsuite entries to verify counters and the new type
214 - Introduce the new set type revisions with counter support
215 - Support counters in the ipset library
216 - The uapi include split in the package itself
219 - Kernel part bugfix release
222 - Fix revision printing in XML mode (reported by Mart Frauenlob)
223 - Correct "Suspicious condition (assignment + comparison)" (Thomas Jarosch)
224 - Fix error path when protocol number is used with port range
225 - Interactive mode error after syntax error (reported by Mart Frauenlob)
226 - The ipset_bash_completion tool is added
227 - The ipset_list tool is added
230 - Remove all modules before testing resize
231 - build: support for Linux 3.7 UAPI (Jan Engelhardt)
234 - Fix interactive mode (Fredrik Eriksson)
235 - Use gethostbyname2 instead of getaddrinfo
236 - Make tests/check_cidrs.sh script executable
237 - Add tests to check completely ranges with hash types
238 - Make easier to apply the netlink.patch
239 - Support protocol numbers as well, not only protocol names
240 - Add (back) the debug flag to configure
241 - Add simple test to check cidr book-keeping
244 - Support to match elements marked with "nomatch" in hash:*net* sets
246 - The set type revision number is added to the header part of listing
247 - Help prints list type revision and terse description
248 - Add /0 network support to hash:net,iface type
249 - Fix errors when compiling in debug mode (Krunal Patel)
250 - Make sure IPPROTO_UDPLITE is defined
251 - build: restore -version-info (Jan Engelhardt)
254 - Explain in more detail src/dst for hash:net,iface
255 - ipset help lists set types multiple times, fixed
256 (reported by Mr Dash Four)
257 - The commandline parser was too permissive, make it more strict
258 - Allow saving to/restoring from a file without shell redirection
259 - Fix typo of word "unkown" to "unknown" (Neutron Soutmun)
262 - Enable silent (kernel style) compile messages
263 - Fix build failed on --disable-dependency-tracking
265 - Add tarball target to Makefile
268 - Cleanup generated files by make tidy
269 - Add more CC warning option to debug mode
270 - Report syntax error messages immediately
271 - Suppress false syntax error messages
272 - Add configure summary for the ipset userspace tool
273 - Add dynamic module support to ipset userspace tool
275 - Move ipset_port_usage() into lib (Neutron Soutmun)
276 - Fix invalid assignment to const void pointer (bug reported by Seblu)
277 - Remove unused variables (warnings fixed)
278 - Fix timeout value overflow bug at large timeout parameters
279 (bug reported by Andreas Herz)
280 - Improve ipset help text messages (Mr Dash Four)
283 - Support hostnames and service names with dash
284 - Exceptions support added to hash:*net* types
285 - Log warning when a hash type of set gets full
286 - Set types moved into libipset library
287 - Library map file added in order to support library versioning
288 - doc: Linux 2.6.39 already has the defs (Jan Engelhardt)
289 - build: install libipset in the right place (Jan Engelhardt)
290 - Provide a pkgconfig file (Jan Engelhardt)
291 - build: make distcheck work and use POSIX mode for tarball generation
293 - build: install libipset/linux_ip_set_list.h (Jan Engelhardt)
294 - build: include libipset/nfproto.h (Jan Engelhardt)
295 - build: process include/libipset/ (Jan Engelhardt)
296 - build: use AC_CONFIG_AUX_DIR and stash away tools (Jan Engelhardt)
297 - Update .gitignore (Jan Engelhardt)
300 - Tests added to check ICMP/ICMPv6 type/code parsing
301 - ICMP/ICMPv6 type/code parser bug fixed (bug reported by Sabitov)
302 - ipset: fix lookup of tcp port names (Stephen Hemminger)
303 - Optionally disable building the kernel module (Mathieu Bridon)
307 - build: move ipset_errcode into library (Jan Engelhardt)
308 - build: abort autogen on subcommand failure (Jan Engelhardt)
309 - ipset: use NFPROTO_ constants (Jan Engelhardt)
310 - Propagate "expose userspace-relevant parts in ip_set.h" to ipset source
313 - Update the manpage and document the limits in hash:net,iface.
314 - README file corrections from Richard Lucassen
317 - Whitespace and coding fixes, detected by checkpatch.pl
318 - hash:net,iface type introduced
319 - hash:* tests may seem to fail due to the too wide grep pattern, fix them
320 - Remove iptree tests and compatibility element parsing
321 - hash:net test may seem to fail due to the too wide grep pattern, fix it
322 - Fix long time uncovered bug at adding string attributes to the netlink
324 - Fix warnings reported by valgrind
325 - Remove supporting set types iptree and iptreemap
328 - Restore with bitmap:port and list:set types did not work, fixed
329 - Accept "\r\n" terminated COMMIT command in restore files
330 - Fix the message sequence number book-keeping
331 - Protocol-level debugging support added
332 - hash:net stress test in range notation added
333 - ipset_mnl_query: in debug mode print the errno returned by the cb
335 - Accept "\r\n" terminated lines in restore files
336 - Remove outdated checking of IPv6 support from configure.ac
339 - Support range for IPv4 at adding/deleting elements for hash:*net* types
340 - Disable type revisions which are not supported both by the kernel and
342 - Update ipset help text to reflect SCTP and UDPLITE support
343 - Ignore -n flag (list just setnames) when sets are to be saved
346 - Get rid of the trailing empty line at listing sets
347 - Fix XML listing, remove broken unused "elements" tag
348 - Support listing setnames and headers too
349 - Sorting is dependent on the locale settings, use LC_ALL=C
350 - Use unified diff output in tests
353 - Testsuite changes: keep temporary files
354 - bitmap:ip,mac type requires "src" for MAC: manpage is updated to reflect
356 - Testsuite checks added (SET target and dir parameter checks)
362 - Manpage was not installed (reported by Mark A. Ziesemer)
363 - SCTP, UDPLITE support to the hash:*port* types added
366 - Print protocol version together with ipset version
367 - Testsuite compatibility with debugging enabled
368 - Allow "new" as a commad alias to "create"
369 - ipset: improve command argument parsing (Holger Eitzenberger)
370 - ipset: avoid the unnecessary argv[] loop (Holger Eitzenberger)
371 - ipset: pass ipset_arg argument pointer (Holger Eitzenberger)
372 - Separate ipset errnos completely from system ones and bump protocol
374 - Fix the spelling error fix :-) (Ferenc Wagner)
375 - Resolving IP addresses did not work at listing/saving sets, fixed
376 - ipset: fix spelling error (Holger Eitzenberger)
377 - ipset: fix the Netlink sequence number (Holger Eitzenberger)
378 - ipset: turn Set name[] into a const pointer (Holger Eitzenberger)
379 - Check ICMP and ICMPv6 with the set match and target in the testsuite
380 - Avoid possible syntax clashing at saving hostnames
383 - Set the non-debug compiling the default
384 - Testsuite fix of ospf replaced with vrrp.
385 - Fix build with NDEBUG defined (Holger Eitzenberger)
386 - Do session initialization once (Holger Eitzenberger)
387 - Make IPv4 and IPv6 address handling similar (Holger Eitzenberger)
388 - Show correct line numbers in restore output for parser errors
389 (Holger Eitzenberger)
390 - Replace ospf with vrrp in the testsuite
391 - Remove autogenerated files (Jan Engelhardt)
392 - Use only AC_CANONICAL_HOST (Jan Engelhardt)
395 - Handle internal printing errors
396 - Use cast to void * instead of memcpy as Sparc workaround at sockaddr_XXX
397 (suggested by Jan Engelhardt)
398 - Listing/saving of large sets could produce broken listing, fixed.
399 - Support libtool < 2.2
402 - Test cases for IPv6 restore and more complex restore sessions added
403 - Restore mode did not work for IPv6, fixed (reported by Elie Rosenblum)
404 - libipset: static annotations (Jan Engelhardt)
405 - libipset: const annotations (Jan Engelhardt)
406 - libipset: remove redundant casts (Jan Engelhardt)
407 - libipset: remove redundant indirection via union name (Jan Engelhardt)
408 - libipset: ipset_strncpy is really a strlcpy-type operation
410 - Prevent calling Makefile directly in the kernel/ subdirectory
411 - Put back the Sparc specific workaround at getaddrinfo
412 (reported by Jan Engelhardt)
413 - Check old system kernel header files
414 - Check from `configure` that the kernel source is patched with
416 - Use configure to detect compiler warning flags
417 - Try to solve PKG_CHECK_MODULES issue (reported by Rob Sterenborg)
418 - Fix incorrect comparison in check_allowed (reported by Jan Engelhardt)
421 - New main branch - ipset completely rewritten
424 - Checking null entries when listing/saving hash types of sets
425 deleted because it's unnecessary and can mask possible errors.
428 - Manpage fixes and corrections (Jan Engelhardt)
431 - New protocol is introduced to handle aligment issues properly
432 (bug reported by Georg Chini)
433 - Binding support is removed
436 - Correct format specifiers and change %i to %d (Jan Engelhardt)
439 - New kernel-userspace protocol release
440 - Bigendian and 64/32bit fixes (Stefan Gula, bugzilla id 593)
441 - tests/runtests.sh changed to support old bash shells
444 - On parisc architecture cast increases required aligment (bugzilla
446 - Respect LDFLAGS settings at compile time (Peter Volkov).
449 - In order to disable the extra warning flags, NO_EXTRA_WARN_FLAGS
450 variable added to userspace Makefile
453 - Some compiler warning options are too aggressive and
457 - Premature checking prevents to add valid elements to hash
458 types, fixed (bug reported by JC Janos).
459 - Local variable shadows another variable, fixed (reported
461 - More compiler warning options added and warnings fixed.
464 - Include file <limits.h> was missing from userspace set type
465 modules, reported by Krzysztof Oledzki and Sven Wegener.
468 - Only kernel part changes, see kernel/ChangeLog
471 - macipmap type reported misleading deprecated separator
472 tokens and printed the old one at listing set elements
473 (bug reported by Krzysztof Oledzki)
474 - Warn only once about deprecated separator tokens in
478 - Added KBUILD_OUTPUT support (Sven Wegener)
479 - Fix memory leak in ipset_iptreemap (Sven Wegener)
480 - Fix multiple compiler warnings (Sven Wegener)
481 - ipportiphash, ipportnethash and setlist types added
482 - binding marked as deprecated functionality
483 - element separator token changed to ',' in anticipating
484 IPv6 addresses, old separator tokens are still supported
485 - unnecessary includes removed
486 - ipset does not try to resolve IP addresses when listing
487 the content of sets (default changed)
489 - ChangeLog forked for kernel part
492 - Fix to compile ipset with 2.4.26.x tree statically (bug reported by
496 - compatibility for the 2.6.x kernel tree improved and compiler warnings
497 fixed (Jan Engelhardt)
498 - compatibility fixes for the 2.4.36.x kernel tree added
501 - including limits.h for UINT_MAX is required with glibc-2.8 (pud)
502 - needless cast from and to void pointers cleanups in iptreemap (Sven Wegener)
503 - Initial ipset release with kernel modules included.
506 - segfault on --unbind :all: :all: fixed (reported by bugzilla,
507 report and patch sent by Tom Eastep)
508 - User input parameters are sanitized everywhere
509 - Initial testsuite added and 'test' target to the Makefile
510 added: few bugs discovered and fixed
511 - typo in macipmap type prevented to use max size set of this type
512 - *map types are made sure to allow and use max size of sets
515 - jiffies rollover bug in iptree type fixed (reported by Lukasz Nierycho
517 - endiannes bug in iptree type fixed (spotted by Jan Engelhardt)
518 - iptreemap type added (submitted by Sven Wegener)
519 - 2.6.22/23 compatibility fixes (Jeremy Jacque)
520 - typo fixes in ipset (Neville D)
521 - separator changed to ':' from '%' (old one still supported) in ipset
524 - use correct type (socklen_t) for getsockopt (H. Nakano)
525 - incorrect return codes fixed (Tomasz Lemiech, Alexey Bortnikov)
526 - kernel header dependency removed (asm/bitops.h)
527 - ipset now tries to load in the ip_set kernel module if the protocol
531 - 'ipset -N' did not generate proper return code
532 - 'limit' module parameter added to the kernel modules of the
533 iphash, ipporthash, nethash and iptree type of sets so that
534 the maximal number of elements can now be limited
535 - zero valued entries (port 0 or IP address 0.0.0.0) were
536 detected as members of the hash/tree kind of sets
537 (reported by Andrew Kraslavsky)
538 - list and save operations used the external identifier
539 of the sets for the bindings instead of the internal one
540 (reported by Amin Azez)
543 - Nasty off-by-one bug fixed in iptree type of sets
544 (bug reported by Pablo Sole)
547 All patches were submitted by Jones Desougi
548 - missing or confusing error message fixes for ipporthash
549 - minor correction in debugging in nethash
550 - copy-paste bug in kernel set types at memory allocation
552 - unified memory allocations in ipset
555 - memory allocation in iptree is changed to GFP_ATOMIC because
556 we hold a lock (bug reported by Radek Hladik)
557 - compatibility fix: __nocast is not defined in all 2.6 branches
558 (problem reported by Ming-Ching Tiew)
559 - manpage corrections
562 - garbage collector of iptree type of sets is fixed: flushing
563 sets/removing kernel module could corrupt the timer
564 - new ipporthash type added
565 - manpage fixes and corrections
568 - half-fixed memory allocation bug in iphash and nethash finally
569 completely fixed (bug reported by Nikolai Malykh)
570 - restrictions to enter zero-valued entries into all non-hash type sets
572 - Too strict check on the set size of ipmap type was corrected
575 - memory allocation bug in iphash and nethash in connection with the SET
576 target was fixed (bug reported by Nikolai Malykh)
577 - lockhelp.h was removed from the 2.6.13 kernel tree, ip_set.c is
578 updated accordingly (Cardoso Didier, Samir Bellabes)
579 - manpage is updated to clearly state the command order in restore mode
582 - Jiffies rollover bug in ip_set_iptree reported and fixed by Rob Nielsen
583 - Compiler warning in the non-SMP case fixed (Marcus Sundberg)
584 - slab cache names shrunk in order to be compatible with 2.4.* (Marcus
588 - Magic number in ip_set_nethash.h was mistyped (bug reported by Rob
590 - ipset can now test IP addresses in nethash type of sets (i.e. addresses
591 in netblocks added to the set)
594 - Locking bug in ip_set_nethash.c (Clifford Wolf and Rob Carlson)
595 - Makefile contained an unnecessary variable in IPSET_LIB_DIR (Clifford
597 - Safety checkings of restore in ipset was incomplete (Robin H. Johnson)
598 - More careful resizing by avoiding locking completely
599 - stdin stored internally in a temporary file, so we can feed 'ipset -R'
601 - iptree maptype added
604 - Lock debugging used with debugless lock definiton (Piotr Chytla and
606 - Bindings were not properly filled out at listing (kernel)
607 - When listing sets from kernel, id was not added to the set structure
609 - nethash maptype added
610 - ipset manpage corrections (macipmap)
613 - Missing -fPIC in Makefile (Robert Iakobashvili)
614 - Cut'n'paste bug at saving macipmap types (Vincent Bernat).
615 - Bug in printing/saving SET targets reported and fixed by Michal
619 - Chaining of sets are changed: child sets replaced by bindings
620 - Kernel-userspace communication reorganized to minimize the number
622 - Save and restore functionality implemented
623 - iphash type reworked: clashing resolved by double-hashing and by
624 dynamically growing the set
628 - Rewritten to support child pools
629 - portmap, iphash pool support added
630 - too much other mods here and there to list...
projects / ipset / blob