linux.git/include/linux/netfilter/ipset, branch v3.0 Linux kernel source tree netfilter: ipset: remove unused variable from type_pf_tdel() 2011-05-26T17:08:05+00:00 Jozsef Kadlecsik kadlec@blackhole.kfki.hu 2011-05-24T08:20:18+00:00 b141c242ff978b63cdf0f3d1a767a5152750166b Variable 'ret' is set in type_pf_tdel() but not used, remove. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 
Variable 'ret' is set in type_pf_tdel() but not used, remove.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
netfilter: ipset: Use proper timeout value to jiffies conversion 2011-05-26T17:07:32+00:00 Jozsef Kadlecsik kadlec@blackhole.kfki.hu 2011-05-24T08:20:17+00:00 249ddc79a38a8918ad53ac22606ca8af694344a5 Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2011-04-19T18:24:06+00:00 David S. Miller davem@davemloft.net 2011-04-19T18:24:06+00:00 4805347c1eb12cfe79f42a12a5442ee01590a9c0 






netfilter: ipset: SCTP, UDPLITE support added
2011-04-13T11:51:38+00:00

Jozsef Kadlecsik
kadlec@blackhole.kfki.hu

2011-04-13T11:51:38+00:00

91eb7c08c6cb3b8eeba1c61f5753c56dcb77f018

SCTP and UDPLITE port support added to the hash:*port* set types.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>





SCTP and UDPLITE port support added to the hash:*port* set types.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>







netfilter: ipset: references are protected by rwlock instead of mutex
2011-04-04T13:19:25+00:00

Jozsef Kadlecsik
kadlec@blackhole.kfki.hu

2011-04-04T13:19:25+00:00

2f9f28b212a2bd4948c8ceaaec33ce0123632129

The timeout variant of the list:set type must reference the member sets.
However, its garbage collector runs at timer interrupt so the mutex
protection of the references is a no go. Therefore the reference protection
is converted to rwlock.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>





The timeout variant of the list:set type must reference the member sets.
However, its garbage collector runs at timer interrupt so the mutex
protection of the references is a no go. Therefore the reference protection
is converted to rwlock.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>







netfilter: ipset: fix address ranges at hash:*port* types
2011-03-20T14:33:26+00:00

Jozsef Kadlecsik
kadlec@blackhole.kfki.hu

2011-03-20T14:33:26+00:00

5e0c1eb7e6b61998c7ecd39b7f69a15773d894d4

The hash:*port* types with IPv4 silently ignored when address ranges
with non TCP/UDP were added/deleted from the set and used the first
address from the range only.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>





The hash:*port* types with IPv4 silently ignored when address ranges
with non TCP/UDP were added/deleted from the set and used the first
address from the range only.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>







netfilter: ipset: fix linking with CONFIG_IPV6=n
2011-02-02T22:50:01+00:00

Patrick McHardy
kaber@trash.net

2011-02-02T22:50:01+00:00

724bab476bcac9f7d0b5204cb06e346216d42166

Add a dummy ip_set_get_ip6_port function that unconditionally
returns false for CONFIG_IPV6=n and convert the real function
to ipv6_skip_exthdr() to avoid pulling in the ip6_tables module
when loading ipset.

Signed-off-by: Patrick McHardy <kaber@trash.net>





Add a dummy ip_set_get_ip6_port function that unconditionally
returns false for CONFIG_IPV6=n and convert the real function
to ipv6_skip_exthdr() to avoid pulling in the ip6_tables module
when loading ipset.

Signed-off-by: Patrick McHardy <kaber@trash.net>







netfilter: ipset: install ipset related header files
2011-02-01T17:52:42+00:00

Patrick McHardy
kaber@trash.net

2011-02-01T17:52:42+00:00

e3e241b2769b27669d05f0a05083acd21b4faa2c

Signed-off-by: Patrick McHardy <kaber@trash.net>





Signed-off-by: Patrick McHardy <kaber@trash.net>







netfilter: ipset: list:set set type support
2011-02-01T14:54:59+00:00

Jozsef Kadlecsik
kadlec@blackhole.kfki.hu

2011-02-01T14:54:59+00:00

f830837f0eed0f9e371b8fd65169365780814bb1

The module implements the list:set type support in two flavours:
without and with timeout. The sets has two sides: for the userspace,
they store the names of other (non list:set type of) sets: one can add,
delete and test set names. For the kernel, it forms an ordered union of
the member sets: the members sets are tried in order when elements are
added, deleted and tested and the process stops at the first success.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>





The module implements the list:set type support in two flavours:
without and with timeout. The sets has two sides: for the userspace,
they store the names of other (non list:set type of) sets: one can add,
delete and test set names. For the kernel, it forms an ordered union of
the member sets: the members sets are tried in order when elements are
added, deleted and tested and the process stops at the first success.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>







netfilter: ipset: hash:ip set type support
2011-02-01T14:38:36+00:00

Jozsef Kadlecsik
kadlec@blackhole.kfki.hu

2011-02-01T14:38:36+00:00

6c027889696a7a694b0e2f6e3cabadefec7553b6

The module implements the hash:ip type support in four flavours:
for IPv4 or IPv6, both without and with timeout support.

All the hash types are based on the "array hash" or ahash structure
and functions as a good compromise between minimal memory footprint
and speed. The hashing uses arrays to resolve clashes. The hash table
is resized (doubled) when searching becomes too long. Resizing can be
triggered by userspace add commands only and those are serialized by
the nfnl mutex. During resizing the set is read-locked, so the only
possible concurrent operations are the kernel side readers. Those are
protected by RCU locking.

Because of the four flavours and the other hash types, the functions
are implemented in general forms in the ip_set_ahash.h header file
and the real functions are generated before compiling by macro expansion.
Thus the dereferencing of low-level functions and void pointer arguments
could be avoided: the low-level functions are inlined, the function
arguments are pointers of type-specific structures.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>





The module implements the hash:ip type support in four flavours:
for IPv4 or IPv6, both without and with timeout support.

All the hash types are based on the "array hash" or ahash structure
and functions as a good compromise between minimal memory footprint
and speed. The hashing uses arrays to resolve clashes. The hash table
is resized (doubled) when searching becomes too long. Resizing can be
triggered by userspace add commands only and those are serialized by
the nfnl mutex. During resizing the set is read-locked, so the only
possible concurrent operations are the kernel side readers. Those are
protected by RCU locking.

Because of the four flavours and the other hash types, the functions
are implemented in general forms in the ip_set_ahash.h header file
and the real functions are generated before compiling by macro expansion.
Thus the dereferencing of low-level functions and void pointer arguments
could be avoided: the low-level functions are inlined, the function
arguments are pointers of type-specific structures.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>