]> granicus.if.org Git - ipset/log
ipset
14 years agoRestore mode did not work for IPv6 (reported by Elie Rosenblum)
Jozsef Kadlecsik [Wed, 22 Dec 2010 09:43:05 +0000 (10:43 +0100)]
Restore mode did not work for IPv6 (reported by Elie Rosenblum)

The set cache stored the default family (INET) instead of the set family,
therefore restore mode for IPv6 did not work. The set cache fixed and
message aggregation reworked.

14 years agoKernel version compatibility: support from 2.6.34
Jozsef Kadlecsik [Tue, 21 Dec 2010 19:47:08 +0000 (20:47 +0100)]
Kernel version compatibility: support from 2.6.34

The basic kernel compatibility issues are verified back to 2.6.24.
The minimal supported kernel version had to be bumped from 2.6.31 to 2.6.34.

14 years agoMerge branch 'master' of git://dev.medozas.de/ipset into ipset-5
Jozsef Kadlecsik [Mon, 20 Dec 2010 10:54:26 +0000 (11:54 +0100)]
Merge branch 'master' of git://dev.medozas.de/ipset into ipset-5

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
14 years agolibipset: static annotations
Jan Engelhardt [Sun, 19 Dec 2010 04:57:52 +0000 (05:57 +0100)]
libipset: static annotations

14 years agolibipset: const annotations
Jan Engelhardt [Sun, 19 Dec 2010 04:56:19 +0000 (05:56 +0100)]
libipset: const annotations

14 years agolibipset: remove redundant casts
Jan Engelhardt [Sun, 19 Dec 2010 02:09:09 +0000 (03:09 +0100)]
libipset: remove redundant casts

14 years agolibipset: remove redundant indirection via union name
Jan Engelhardt [Sun, 19 Dec 2010 02:13:06 +0000 (03:13 +0100)]
libipset: remove redundant indirection via union name

There are no uses of C99 static initializers, so let's make the union
anonymous and reduce accessor lengths.

14 years agolibipset: ipset_strncpy is really a strlcpy-type operation
Jan Engelhardt [Sun, 19 Dec 2010 02:09:56 +0000 (03:09 +0100)]
libipset: ipset_strncpy is really a strlcpy-type operation

14 years agokernel: use EXPORT_SYMBOL_GPL
Jan Engelhardt [Sun, 19 Dec 2010 01:45:54 +0000 (02:45 +0100)]
kernel: use EXPORT_SYMBOL_GPL

14 years agokernel: const annotations
Jan Engelhardt [Sun, 19 Dec 2010 01:44:14 +0000 (02:44 +0100)]
kernel: const annotations

14 years agokernel: use __read_mostly for registration-type structures
Jan Engelhardt [Sun, 19 Dec 2010 01:48:32 +0000 (02:48 +0100)]
kernel: use __read_mostly for registration-type structures

Here is where __read_mostly goes :-)

14 years agokernel: do not mix const and __read_mostly
Jan Engelhardt [Sun, 19 Dec 2010 01:09:19 +0000 (02:09 +0100)]
kernel: do not mix const and __read_mostly

It makes no sense to mix these two. Either it is
writable-plus-read-mostly, or it is constant.

14 years agoxt_set: avoid user types in exported kernel headers
Jan Engelhardt [Sun, 19 Dec 2010 01:27:53 +0000 (02:27 +0100)]
xt_set: avoid user types in exported kernel headers

Within isolated code it would be ok, but not so in exported headers.

14 years agobuild: enable parallel building
Jan Engelhardt [Sun, 19 Dec 2010 01:39:32 +0000 (02:39 +0100)]
build: enable parallel building

$ make modules -j8
cd kernel; make -C /lib/modules/`uname -r`/build M=`pwd` V=0 \
                        IP_SET_MAX=256 \
                        NETLINK_DUMP_CONST=const \
                        NFNL_CB_CONST=const modules
make[1]: Entering directory "/usr/src/linux-2.6.36-rc8-34-obj/x86_64/default"
make[1]: warning: jobserver unavailable: using -j1.
Add '+' to parent make rule.

The "fix" here is that we have to use ${MAKE} instead of make.
(NB: The extra cd is redundant and can be appended to M=.)

14 years agoPrevent calling Makefile directly in the kernel/ subdirectory
Jozsef Kadlecsik [Sat, 18 Dec 2010 23:56:03 +0000 (00:56 +0100)]
Prevent calling Makefile directly in the kernel/ subdirectory

14 years agoPut back the Sparc specific workaround at getaddrinfo.
Jozsef Kadlecsik [Sat, 18 Dec 2010 23:42:03 +0000 (00:42 +0100)]
Put back the Sparc specific workaround at getaddrinfo.

14 years agoShould have gone to sleep: fix check_allowed. Really.
Jozsef Kadlecsik [Sat, 18 Dec 2010 23:38:32 +0000 (00:38 +0100)]
Should have gone to sleep: fix check_allowed. Really.

It's not as nice as I'd like to be: IPSET_CREATE_FLAGS and
IPSET_ADT_FLAGS are required elsewhere, but to make life
simpler, some flags (like IPSET_OPT_TYPENAME) are *not*
added to the types full[] flags. So those must be excluded here.

14 years agoCheck old system kernel header files
Jozsef Kadlecsik [Sat, 18 Dec 2010 22:32:30 +0000 (23:32 +0100)]
Check old system kernel header files

14 years agoCheck from `configure` that the kernel source is patched with netlink.patch
Jozsef Kadlecsik [Sat, 18 Dec 2010 22:02:48 +0000 (23:02 +0100)]
Check from `configure` that the kernel source is patched with netlink.patch

14 years agoUse configure to detect compiler warning flags
Jozsef Kadlecsik [Sat, 18 Dec 2010 21:54:49 +0000 (22:54 +0100)]
Use configure to detect compiler warning flags

By checking the supported compiler warning flags, different gcc releases
are supported without the crude --disable-extra-flags option.

14 years agoThe fix of incorrect comparison in check_allowed completed.
Jozsef Kadlecsik [Sat, 18 Dec 2010 11:34:16 +0000 (12:34 +0100)]
The fix of incorrect comparison in check_allowed completed.

There was still some other incorrect usage of 'enum ipset_cmd' and
'enum ipset_adt' - corrected.

14 years agoTry to solve PKG_CHECK_MODULES issue
Jozsef Kadlecsik [Sat, 18 Dec 2010 10:48:49 +0000 (11:48 +0100)]
Try to solve PKG_CHECK_MODULES issue

Rob Sterenborg reported, that on CentOs configure can fail with

./configure: line 11510: syntax error near unexpected token `[libmnl],'
./configure: line 11510: `PKG_CHECK_MODULES([libmnl], [libmnl >= 1])'

Therefore I added 'aclocal -I m4' to autogen.sh, hoping that it solves
the issue.

14 years agoFix incorrect comparison in check_allowed
Jozsef Kadlecsik [Sat, 18 Dec 2010 10:30:29 +0000 (11:30 +0100)]
Fix incorrect comparison in check_allowed

Wrong enum type was used in the comparison, reported by Jan Engelhardt.

14 years agoFix Kbuild for me to delete backup files
Jozsef Kadlecsik [Fri, 17 Dec 2010 21:45:13 +0000 (22:45 +0100)]
Fix Kbuild for me to delete backup files

14 years agoInitialize ChangeLog for the new release v5.0
Jozsef Kadlecsik [Fri, 17 Dec 2010 21:32:09 +0000 (22:32 +0100)]
Initialize ChangeLog for the new release

14 years agoAdd tests to check hash:ip,port,net type
Jozsef Kadlecsik [Fri, 17 Dec 2010 21:10:01 +0000 (22:10 +0100)]
Add tests to check hash:ip,port,net type

14 years agoMatch command prefixes
Jozsef Kadlecsik [Fri, 17 Dec 2010 20:43:18 +0000 (21:43 +0100)]
Match command prefixes

Match not only the first letter or the full command name, but
an arbitrary prefix too.

14 years agoAdd more test to check adding/deleting multiple entries.
Jozsef Kadlecsik [Fri, 17 Dec 2010 20:34:20 +0000 (21:34 +0100)]
Add more test to check adding/deleting multiple entries.

14 years agoUpdated manpage to reflect wider input possibilities in the ipset tool.
Jozsef Kadlecsik [Fri, 17 Dec 2010 20:33:07 +0000 (21:33 +0100)]
Updated manpage to reflect wider input possibilities in the ipset tool.

14 years agoUpdated help texts for the hash:ip and list:set types.
Jozsef Kadlecsik [Fri, 17 Dec 2010 20:32:29 +0000 (21:32 +0100)]
Updated help texts for the hash:ip and list:set types.

14 years agoSupport adding/deleting multiple entries, userspace part.
Jozsef Kadlecsik [Fri, 17 Dec 2010 20:31:12 +0000 (21:31 +0100)]
Support adding/deleting multiple entries, userspace part.

Support adding/deleting multiple entries in the userspace part
of the hash:ip,port, hash:ip,port,ip, hash:ip,port,net and
hash:net,port types.

14 years agoSupport adding/deleting multiple entries, kernel part.
Jozsef Kadlecsik [Fri, 17 Dec 2010 20:28:18 +0000 (21:28 +0100)]
Support adding/deleting multiple entries, kernel part.

Support adding/deleting multiple entries in the kernel side
of the hash:ip,port, hash:ip,port,ip, hash:ip,port,net and
hash:net,port types.

14 years agoAdd ipset_parse_tcpudp_port function
Jozsef Kadlecsik [Fri, 17 Dec 2010 20:26:43 +0000 (21:26 +0100)]
Add ipset_parse_tcpudp_port function

Add new parser function to parse TCP/UDP port name, number, or range of them.

14 years agoMissing spaces in error strings fixed.
Jozsef Kadlecsik [Fri, 17 Dec 2010 10:52:30 +0000 (11:52 +0100)]
Missing spaces in error strings fixed.

14 years agoUse the 'full' flags of the types and check not allowed flags.
Jozsef Kadlecsik [Fri, 17 Dec 2010 10:45:26 +0000 (11:45 +0100)]
Use the 'full' flags of the types and check not allowed flags.

14 years agoRemove unnecessary gfp_flags arguments
Jozsef Kadlecsik [Thu, 16 Dec 2010 11:34:49 +0000 (12:34 +0100)]
Remove unnecessary gfp_flags arguments

Where the argument was used, the set lock was already activated, therefore
the argument value was always GFP_ATOMIC.

14 years agoAdd test to check multi-message listing and swapping.
Jozsef Kadlecsik [Thu, 16 Dec 2010 11:19:00 +0000 (12:19 +0100)]
Add test to check multi-message listing and swapping.

14 years agoMistypeing in the hbucket() macro fixed.
Jozsef Kadlecsik [Thu, 16 Dec 2010 11:02:59 +0000 (12:02 +0100)]
Mistypeing in the hbucket() macro fixed.

14 years agoManpage cleanups, so it's more clear and straightforward.
Jozsef Kadlecsik [Wed, 15 Dec 2010 16:39:57 +0000 (17:39 +0100)]
Manpage cleanups, so it's more clear and straightforward.

14 years agoFix outdated messages in the tests
Jozsef Kadlecsik [Tue, 14 Dec 2010 20:23:41 +0000 (21:23 +0100)]
Fix outdated messages in the tests

14 years agoDocument which elements cannot be stored in the different hash types.
Jozsef Kadlecsik [Tue, 14 Dec 2010 16:45:49 +0000 (17:45 +0100)]
Document which elements cannot be stored in the different hash types.

And enforce from kernel side as well...

14 years agoSpeed up testing a little bit
Jozsef Kadlecsik [Mon, 13 Dec 2010 16:46:23 +0000 (17:46 +0100)]
Speed up testing a little bit

Lower timeout values to max 5s, so we can lower sleep values too.

14 years agoConvert last printks to pr_debug in ip_set_ahash.h
Jozsef Kadlecsik [Mon, 13 Dec 2010 12:41:21 +0000 (13:41 +0100)]
Convert last printks to pr_debug in ip_set_ahash.h

14 years agoRemove remnants of slist from ip_set_ahash.h
Jozsef Kadlecsik [Mon, 13 Dec 2010 11:40:06 +0000 (12:40 +0100)]
Remove remnants of slist from ip_set_ahash.h

14 years agoBuffered commands are just ... buffered.
Jozsef Kadlecsik [Mon, 13 Dec 2010 11:31:12 +0000 (12:31 +0100)]
Buffered commands are just ... buffered.

Calculate the free buffer size when adding the existing attributes at the buffered
commands. If the buffer is full, cancel the unfinished nested attribute and commit
the previously buffered commands. Then restart with the current buffered command.
Thus we can get rid of the ugly maxsize parameter of the set types.

14 years agoFixing dangling empty line produced backward-incompatible exit codes, fixed.
Jozsef Kadlecsik [Mon, 13 Dec 2010 11:25:21 +0000 (12:25 +0100)]
Fixing dangling empty line produced backward-incompatible exit codes, fixed.

14 years agoSupport case-insensitive ICMP and ICMPv6 type/code names.
Jozsef Kadlecsik [Fri, 10 Dec 2010 22:04:59 +0000 (23:04 +0100)]
Support case-insensitive ICMP and ICMPv6 type/code names.

14 years agoCompiler flag compatibility fix with libmnl
Jozsef Kadlecsik [Fri, 10 Dec 2010 22:02:30 +0000 (23:02 +0100)]
Compiler flag compatibility fix with libmnl

libmnl now uses void pointer arithmetic, remove -Wpointer-arith from
the compiler flags.

14 years agoFix dangling empty line at error/warning messages emitted by ipset.
Jozsef Kadlecsik [Fri, 10 Dec 2010 16:19:59 +0000 (17:19 +0100)]
Fix dangling empty line at error/warning messages emitted by ipset.

14 years agoAdd proper RCU protection to resizing
Jozsef Kadlecsik [Fri, 10 Dec 2010 16:04:38 +0000 (17:04 +0100)]
Add proper RCU protection to resizing

Resizing can be triggered by userspace command only, and those
are serialized by the nfnl mutex. During resizing the set is
read-locked, so the only possible concurrent operations are
the kernel side readers. Those must be protected by proper RCU locking.

14 years agoConvert hash types from chash to ahash.
Jozsef Kadlecsik [Fri, 10 Dec 2010 12:54:51 +0000 (13:54 +0100)]
Convert hash types from chash to ahash.

Instead of the cache friendly hashing, use the array based hashing.
According to my tests the latter uses less memory, faster at lookup and
deletion, and only slower at insertion.

14 years agoStrip off ip_set_ prefix from non-ipset specific header files.
Jozsef Kadlecsik [Wed, 8 Dec 2010 15:57:20 +0000 (16:57 +0100)]
Strip off ip_set_ prefix from non-ipset specific header files.

14 years agoUpdate ip_set_jhash.h
Jozsef Kadlecsik [Wed, 8 Dec 2010 15:52:43 +0000 (16:52 +0100)]
Update ip_set_jhash.h

Update ip_set_jhash.h with the version which was submitted for kernel
inclusion.

14 years agoCreate include/linux/netfilter/ipset/ directory
Jozsef Kadlecsik [Tue, 7 Dec 2010 16:46:40 +0000 (17:46 +0100)]
Create include/linux/netfilter/ipset/ directory

Separate the ipset header files from netfilter header files.

14 years agoComplete Kconfig.ipset with hash:net,port type.
Jozsef Kadlecsik [Tue, 7 Dec 2010 16:33:16 +0000 (17:33 +0100)]
Complete Kconfig.ipset with hash:net,port type.

14 years agoRemove include/net/pfxlen.h
Jozsef Kadlecsik [Tue, 7 Dec 2010 16:28:17 +0000 (17:28 +0100)]
Remove include/net/pfxlen.h

Spare some memory by moving the static prefixlen maps to the ipset core.
Thus we can get rid of include/net/pfxlen.h too.

14 years agoRemove command MODIFY
Jozsef Kadlecsik [Tue, 7 Dec 2010 16:08:12 +0000 (17:08 +0100)]
Remove command MODIFY

Modifying a set can be performed by save/modify/restore/swap, without
adding kernel part support.

14 years agoWhitespace, checkpatch.pl cleanups.
Jozsef Kadlecsik [Tue, 7 Dec 2010 16:01:55 +0000 (17:01 +0100)]
Whitespace, checkpatch.pl cleanups.

14 years agoThe protocol extended with the command MODIFY.
Jozsef Kadlecsik [Fri, 5 Nov 2010 16:02:21 +0000 (17:02 +0100)]
The protocol extended with the command MODIFY.

The command is not used yet, but better to reserve it already.

14 years agoUpdate README file
Jozsef Kadlecsik [Fri, 5 Nov 2010 16:00:42 +0000 (17:00 +0100)]
Update README file

Cleaned up the netlink.patch part: there's no more multiple patches.
The incompatibilities against 4.x are listed in details.

14 years agoManpage and help text fixes. v5.0-pre10
Jozsef Kadlecsik [Tue, 2 Nov 2010 13:51:17 +0000 (14:51 +0100)]
Manpage and help text fixes.

The manpage is updated to reflect the recent modifications and
the addition of the hash:net,port type. The help text of hash:ip
is updated: adding/deleting multiple entries are supported for
IPv4 only.

14 years agoEnforce handling IPv4 and IPv6 differently for hash:ip type.
Jozsef Kadlecsik [Sat, 30 Oct 2010 21:14:37 +0000 (23:14 +0200)]
Enforce handling IPv4 and IPv6 differently for hash:ip type.

Use the newly added parser function ipset_parse_ip4_single6 instead
of the generic ipset_parse_ip.

14 years agoAdd parser function to handle IPv4 and IPv6 differently.
Jozsef Kadlecsik [Sat, 30 Oct 2010 21:11:47 +0000 (23:11 +0200)]
Add parser function to handle IPv4 and IPv6 differently.

At present IPv6 does not support adding/deleting multiple IPv6 addresses
specified as an ip-ip range or ip/prefix block. A parser function is
added by which can enforce it at parsing the address pattern.

14 years agoResizing converted to run under read-locking of the set
Jozsef Kadlecsik [Sat, 30 Oct 2010 16:52:53 +0000 (18:52 +0200)]
Resizing converted to run under read-locking of the set

With restricting resizing so that it can be triggered by an add
from userspace only, we can modify it so that it uses read-locking
instead of write-locking. Thus the matching in the set can run parallel
with resizing.

14 years agoRemove to support resizing from kernel context.
Jozsef Kadlecsik [Fri, 29 Oct 2010 20:50:12 +0000 (22:50 +0200)]
Remove to support resizing from kernel context.

Resizing in kernel context is simply too expensive. Drop the feature:
if a set is used as a dynamic container by a SET target, then the set
must be created with a proper size from now on.

14 years agoFix gfp_flags at resizing
Jozsef Kadlecsik [Fri, 29 Oct 2010 20:35:14 +0000 (22:35 +0200)]
Fix gfp_flags at resizing

Resizing functions are called without holding any lock. So we can
allocate using the flag GFP_KERNEL.

14 years agoTest to list large hash sets added.
Jozsef Kadlecsik [Fri, 29 Oct 2010 20:24:18 +0000 (22:24 +0200)]
Test to list large hash sets added.

14 years agoListing for hash types fixed
Jozsef Kadlecsik [Fri, 29 Oct 2010 20:21:01 +0000 (22:21 +0200)]
Listing for hash types fixed

The listing was incorrect for large sets, when multiple messages were
required. I assume that one full hash bucket fills into one message,
but that is true for all current hash types.

14 years agoKernel compile-time files are added to .gitignore
Jozsef Kadlecsik [Fri, 29 Oct 2010 20:19:58 +0000 (22:19 +0200)]
Kernel compile-time files are added to .gitignore

14 years agoBuild and source kernel directories v5.0-pre9
Jozsef Kadlecsik [Mon, 25 Oct 2010 20:44:31 +0000 (22:44 +0200)]
Build and source kernel directories

Fall back to the build directory if the source directory is not specified.
Check that it looks like as a source directory.

14 years agoMerge branch 'ipset-5' of git://dev.medozas.de/ipset into ipset-5
Jozsef Kadlecsik [Mon, 25 Oct 2010 12:53:04 +0000 (14:53 +0200)]
Merge branch 'ipset-5' of git://dev.medozas.de/ipset into ipset-5

14 years agoRollback to fix commit history
Jozsef Kadlecsik [Mon, 25 Oct 2010 10:03:27 +0000 (12:03 +0200)]
Rollback to fix commit history

14 years agoFixes, cleanups, comments v5.0-pre8
Jozsef Kadlecsik [Sun, 24 Oct 2010 19:42:48 +0000 (21:42 +0200)]
Fixes, cleanups, comments

- More comments added to the code
- ICMP and ICMPv6 support added to the hash:ip,port, hash:ip,port,ip
  and hash:ip,port,net types
- hash:net and hash:ip,port,net types are reworked
- hash:net,port type added
- Wrong direction parameters fixed in hash:ip,port
- Helps and manpage are updated
- More tests added
- Ugly macros are rewritten to functions in parse.c
  (Holger Eitzenberger)
- resize related bug in hash types fixed (Holger Eitzenberger)
- autoreconf patches by Jan Engelhardt applied
- netlink patch minimalized: dumping can be initialized by a second
  parsing of the message (thanks to David and Patrick for the suggestion)
- IPv4/IPv6 address attributes are introduced in order to fix the context
  (suggested by David)

14 years agoAdd .gitignore files
Jan Engelhardt [Tue, 19 Oct 2010 16:05:29 +0000 (18:05 +0200)]
Add .gitignore files

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agobuild: run autoupdate
Jan Engelhardt [Tue, 19 Oct 2010 16:03:03 +0000 (18:03 +0200)]
build: run autoupdate

AC_CANONICAL_SYSTEM is deprecated in favor of calling one or more of
AC_CANONICAL_{BUILD,HOST,TARGET}. Since configure.ac only uses $target,
only AC_CANONICAL_TARGET is needed.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agobuild: use subdir-objects and CC_C_O
Jan Engelhardt [Tue, 19 Oct 2010 16:01:19 +0000 (18:01 +0200)]
build: use subdir-objects and CC_C_O

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agobuild: remove manual -fPIC flag
Jan Engelhardt [Tue, 19 Oct 2010 15:54:33 +0000 (17:54 +0200)]
build: remove manual -fPIC flag

libtool will take care of adding -fPIC as needed. In fact, static
libraries are often not desired to be compiled with -fPIC.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agobuild: use libmnl's pkgconfig files
Jan Engelhardt [Tue, 19 Oct 2010 14:02:04 +0000 (16:02 +0200)]
build: use libmnl's pkgconfig files

libmnl installs .pc files that we can directly use and which are
preferable over AC_CHECK_LIB.

Also make sure that libipset.so is linked with libmnl, otherwise
linking errors can ensue when a program tries to link to libipset.

Furthermore, remove the now-unused LIBS variable.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agobuild: add separate option for kernel source directory
Jan Engelhardt [Tue, 19 Oct 2010 10:51:38 +0000 (12:51 +0200)]
build: add separate option for kernel source directory

The build directory is not necessarily the same as the source directory.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agobuild: resolve autoreconf/libtoolize suggestions
Jan Engelhardt [Tue, 19 Oct 2010 09:02:26 +0000 (11:02 +0200)]
build: resolve autoreconf/libtoolize suggestions

libtoolize: Consider adding "AC_CONFIG_MACRO_DIR([m4])" to configure.ac and
libtoolize: rerunning libtoolize, to keep the correct libtool macros in-tree.
libtoolize: Consider adding "-I m4" to ACLOCAL_AMFLAGS in Makefile.am.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agobuild: just use autoreconf
Jan Engelhardt [Tue, 19 Oct 2010 09:00:49 +0000 (11:00 +0200)]
build: just use autoreconf

This is the recommended way to regenerate the GNU build system files
these days.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
14 years agoCleanup, compatibility v5.0-pre7
Jozsef Kadlecsik [Mon, 23 Aug 2010 14:48:14 +0000 (16:48 +0200)]
Cleanup, compatibility

- Use is_vmalloc_addr when freeing vmalloc or kmalloc-ed areas. Thus
  we can get rid of a flag and simplify some functions.
- When checking "same" sets, ignore hash size, because resizing
  changes it.
- 2.6.35 compatibility added.
- Discuss backward/forward compatibilities in the README file.

14 years agoCompatibility and documentation fixes v5.0-pre6
Jozsef Kadlecsik [Tue, 13 Jul 2010 12:18:22 +0000 (14:18 +0200)]
Compatibility and documentation fixes

Makefile fixes: compiler flags
README and manpage fixes
Compatibility with newer gcc releases (4.4.x)
Compatibility with the 2.6.35 kernel tree

14 years agoipset 5: Sparc related and compatibility fixes v5.0-pre5
Jozsef Kadlecsik [Tue, 29 Jun 2010 19:14:40 +0000 (21:14 +0200)]
ipset 5: Sparc related and compatibility fixes

ipset 5 is tested on Sparc, which revealed some compatibility issues
and those are fixed. Kernels from 2.6.31 onward are supported.
The testsuite checkings are completed to run match/target checks.
The README file is updated to reflect the requirements to install
and run ipset 5.

14 years agoipset 5: IPv6 port related and manpage fixes, more tests v5.0-pre4
Jozsef Kadlecsik [Fri, 25 Jun 2010 14:30:52 +0000 (16:30 +0200)]
ipset 5: IPv6 port related and manpage fixes, more tests

- getting ports for family INET6 fixed
- more manpage polishing
- tests to check the iptables/ip6tables match and target added

14 years agoipset 5: last new feature added v5.0-pre3
Jozsef Kadlecsik [Tue, 22 Jun 2010 08:49:41 +0000 (10:49 +0200)]
ipset 5: last new feature added

- the hash types can now store protocol together port, not only port
- lots of fixes everywhere: parser, error reporting, manpage

The last bits on the todo list before announcing ipset 5:

- recheck all the error messages
- add possibly more tests
- polish manpage

14 years agoconfigure/Makefile and debug fixes
Jozsef Kadlecsik [Wed, 16 Jun 2010 20:49:16 +0000 (22:49 +0200)]
configure/Makefile and debug fixes

14 years agoIPv6 match/target module aliases added v5.0-pre2
Jozsef Kadlecsik [Wed, 16 Jun 2010 10:55:04 +0000 (12:55 +0200)]
IPv6 match/target module aliases added

The missing IPv6 match/target aliases added.

14 years agoUse libmnl nest functions and fix size differences in iptree*.t
Jozsef Kadlecsik [Tue, 15 Jun 2010 13:08:55 +0000 (15:08 +0200)]
Use libmnl nest functions and fix size differences in iptree*.t

Use the libmnl mnl_attr_nest_star/mnl_attr_nest_end functions instead of
the private ones. Ignore possible size differences in iptree*.t compatibility
tests.

14 years agoipset 5 in an almost ready state - milestone v5.0-pre1
Jozsef Kadlecsik [Tue, 15 Jun 2010 11:30:55 +0000 (13:30 +0200)]
ipset 5 in an almost ready state - milestone

Reworked protocol and internal interfaces, missing set types added,
backward compatibility verified, lots of tests added (and thanks to the tests,
bugs fixed), even the manpage is rewritten ;-). Countless changes everywhere...
The missing bits before announcing ipset 5:

- net namespace support
- new iptables/ip6tables extension library
- iptables/ip6tables match and target tests (backward/forward compatibility)
- tests on catching syntax errors

14 years agoFix Makefile.am v5.0-pre0
Jozsef Kadlecsik [Thu, 22 Apr 2010 15:22:46 +0000 (17:22 +0200)]
Fix Makefile.am

"tidy" must cleanup the kernel/ directory - and should not delete
kernel/Makefile.

14 years agoTenth stage to ipset-5
Jozsef Kadlecsik [Thu, 22 Apr 2010 15:14:21 +0000 (17:14 +0200)]
Tenth stage to ipset-5

Add new test files and toplevel files.

14 years agoNineth stage to ipset-5
Jozsef Kadlecsik [Thu, 22 Apr 2010 15:11:01 +0000 (17:11 +0200)]
Nineth stage to ipset-5

Update tests.

14 years agoEight stage to ipset-5
Jozsef Kadlecsik [Thu, 22 Apr 2010 15:09:18 +0000 (17:09 +0200)]
Eight stage to ipset-5

Commit changed files in kernel/...

14 years agoSeventh stage to ipset-5
Jozsef Kadlecsik [Thu, 22 Apr 2010 15:07:48 +0000 (17:07 +0200)]
Seventh stage to ipset-5

Refresh existing files in kernel/ with new content and add some
new include/source files.

14 years agoSixth stage to ipset-5
Jozsef Kadlecsik [Thu, 22 Apr 2010 15:04:04 +0000 (17:04 +0200)]
Sixth stage to ipset-5

Remove unnecessary include files and rename some.

14 years agoFifth stage to ipset-5
Jozsef Kadlecsik [Thu, 22 Apr 2010 15:00:42 +0000 (17:00 +0200)]
Fifth stage to ipset-5

Rename files in kernel/ and get rid of old ones (2.4.x kernel tree support).

14 years agoFourth stage to ipset-5
Jozsef Kadlecsik [Thu, 22 Apr 2010 14:52:29 +0000 (16:52 +0200)]
Fourth stage to ipset-5

Add new userspace files: include/, lib/ and plus new files in src/.

14 years agoThird stage to ipset-5
Jozsef Kadlecsik [Thu, 22 Apr 2010 14:50:57 +0000 (16:50 +0200)]
Third stage to ipset-5

Refresh existing files in src/ with the new content.

14 years agoSecond stage to ipset-5
Jozsef Kadlecsik [Thu, 22 Apr 2010 14:48:33 +0000 (16:48 +0200)]
Second stage to ipset-5

Rename files in src/ according to the new naming convention.