Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Jozsef Kadlecsik <kadlec <at> blackhole.kfki.hu>
Subject: [PATCH 00/26] ipset patches for nf-next
Newsgroups: gmane.comp.security.firewalls.netfilter.devel
Date: Monday 30th September 2013 19:50:11 UTC (over 3 years ago)
Hi Pablo,

Here follows a huge batch of ipset patches for nf-next. Besides a lot of
small
fixes and corrections, it contains two new set types, a reworked extensions
support with a new extension (per element comments) and netns support.
Please consider applying them.

Best regards,
Jozsef

The following changes since commit
7722e0d1c076d9610f00d79bde8af977157aa23b:
  Gao feng (1):
        netfilter: xt_TCPMSS: lookup route from proper net namespace

are available in the git repository at:

  git://blackhole.kfki.hu/nf-next
master

Anders K. Pedersen (1):
      netfilter: ipset: Support package fragments for IPv4 protos without
ports

Jozsef Kadlecsik (18):
      netfilter: ipset: Don't call ip_nest_end needlessly in the error path
      netfilter: ipset: Sparse warning about shadowed variable fixed
      netfilter: ipset: Fix sparse warnings due to missing rcu annotations
      netfilter: ipset: Rename simple macro names to avoid namespace
issues.
      netfilter: ipset: Fix "may be used uninitialized" warnings
      netfilter: ipset: Use fix sized type for timeout in the extension
part
      netfilter: ipset: order matches and targets separatedly in xt_set.c
      netfilter: ipset: Introduce new operation to get both setname and
family
      netfilter: ipset: Prepare ipset to support multiple networks for hash
types
      netfilter: ipset: Rename extension offset ids to extension ids
      netfilter: ipset: Move extension data to set structure
      netfilter: ipset: Generalize extensions support
      netfilter: ipset: Support extensions which need a per data destroy
function
      netfilter: ipset: list:set: make sure all elements are checked by the
gc
      netfilter: ipset: Kconfig: ipset needs NETFILTER_NETLINK
      netfilter: ipset: Fix hash resizing with comments
      netfilter: ipset: For set:list types, replaced elements must be
zeroed out
      netfilter: ipset: Use a common function at listing the extensions

Oliver Smith (6):
      netfilter: ipset: Add hash:net,net module to kernel.
      netfilter: ipset: Support comments for ipset entries in the core.
      netfilter: ipset: Support comments in bitmap-type ipsets.
      netfilter: ipset: Support comments in the list-type ipset.
      netfilter: ipset: Support comments in hash-type ipsets.
      netfilter: ipset: Add hash:net,port,net module to kernel.

Vitaly Lavrov (1):
      netfiler: ipset: Add net namespace for ipset

 include/linux/netfilter/ipset/ip_set.h         |  151 +++++-
 include/linux/netfilter/ipset/ip_set_comment.h |   57 +++
 include/linux/netfilter/ipset/ip_set_timeout.h |    4 +-
 include/uapi/linux/netfilter/ipset/ip_set.h    |   16 +-
 net/netfilter/ipset/Kconfig                    |   20 +-
 net/netfilter/ipset/Makefile                   |    2 +
 net/netfilter/ipset/ip_set_bitmap_gen.h        |  163 ++++---
 net/netfilter/ipset/ip_set_bitmap_ip.c         |  125 ++----
 net/netfilter/ipset/ip_set_bitmap_ipmac.c      |  156 ++-----
 net/netfilter/ipset/ip_set_bitmap_port.c       |  112 ++----
 net/netfilter/ipset/ip_set_core.c              |  361 +++++++++++----
 net/netfilter/ipset/ip_set_getport.c           |   18 +-
 net/netfilter/ipset/ip_set_hash_gen.h          |  526
+++++++++++-----------
 net/netfilter/ipset/ip_set_hash_ip.c           |   58 +--
 net/netfilter/ipset/ip_set_hash_ipport.c       |   80 +---
 net/netfilter/ipset/ip_set_hash_ipportip.c     |   86 +---
 net/netfilter/ipset/ip_set_hash_ipportnet.c    |  108 +----
 net/netfilter/ipset/ip_set_hash_net.c          |   85 +---
 net/netfilter/ipset/ip_set_hash_netiface.c     |   98 +----
 net/netfilter/ipset/ip_set_hash_netnet.c       |  483 +++++++++++++++++++
 net/netfilter/ipset/ip_set_hash_netport.c      |   92 +---
 net/netfilter/ipset/ip_set_hash_netportnet.c   |  588
++++++++++++++++++++++++
 net/netfilter/ipset/ip_set_list_set.c          |  263 ++++-------
 net/netfilter/xt_set.c                         |  222 +++++-----
 net/sched/em_ipset.c                           |    7 +-
 25 files changed, 2364 insertions(+), 1517 deletions(-)
 create mode 100644 include/linux/netfilter/ipset/ip_set_comment.h
 create mode 100644 net/netfilter/ipset/ip_set_hash_netnet.c
 create mode 100644 net/netfilter/ipset/ip_set_hash_netportnet.c
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel"
in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
 
CD: 3ms