+3.1
+ - Correct format specifiers and change %i to %d (Jan Engelhardt)
+
3.0
- New kernel-userspace protocol release
- Bigendian and 64/32bit fixes (Stefan Gula, bugzilla id 593)
V=0
endif
-IPSET_VERSION:=3.0
+IPSET_VERSION:=3.1
PREFIX:=/usr/local
LIBDIR:=$(PREFIX)/lib
referring to sets creates references, which protects the given sets in
the kernel. A set cannot be removed (destroyed) while there is a single
reference pointing to it.
+.P
+.B
+Please note, binding sets is a deprecated feature and will be removed in a later release. Switch to the multidata type of sets from using bindings.
.SH OPTIONS
The options that are recognized by
.B ipset
/* Alloc memory for the data to send */
size = sizeof(struct ip_set_req_adt) + set->settype->adt_size ;
- DP("alloc size %i", size);
+ DP("alloc size %d", size);
data = ipset_malloc(size);
/* Fill out the request */
size += IP_SET_MAXNAMELEN;
else if (!(op == IP_SET_OP_UNBIND_SET && set == NULL))
size += set->settype->adt_size;
- DP("alloc size %i", size);
+ DP("alloc size %d", size);
data = ipset_malloc(size);
/* Fill out the request */
mask = range_to_mask(header->from, header->to, &mask_bits);
netmask_bits = mask_to_bits(header->netmask);
- DP("bits: %i %i", mask_bits, netmask_bits);
+ DP("bits: %d %d", mask_bits, netmask_bits);
map->hosts = 2 << (32 - netmask_bits - 1);
map->sizeid = 2 << (netmask_bits - mask_bits - 1);
}
- DP("%i %i", map->hosts, map->sizeid );
+ DP("%d %d", map->hosts, map->sizeid );
}
static void
+3.1
+ - Nonexistent sets were reported as existing sets when testing
+ from userspace in setlist type of sets (bug reported by Victor A.
+ Safronov)
+ - When saving sets, setlist type of sets must come last in order
+ to satisfy the dependency from the elements (bug reported by Marty B.)
+ - Sparse insists that the flags argument to kmalloc() is gfp_t
+ (Stephen Hemminger)
+ - Correct format specifiers and change %i to %d (Jan Engelhardt)
+ - Fix the definition of 'bool' for kernels <= 2.6.18 (Jan Engelhardt)
+
3.0
- New kernel-userspace protocol release
- Bigendian and 64/32bit fixes (Stefan Gula, bugzilla id 593)
\
map = kmalloc(sizeof(struct ip_set_##type), GFP_KERNEL); \
if (!map) { \
- DP("out of memory for %lu bytes", \
+ DP("out of memory for %zu bytes", \
sizeof(struct ip_set_##type)); \
return -ENOMEM; \
} \
tmp = kmalloc(sizeof(struct ip_set_##type) \
+ map->probes * sizeof(initval_t), GFP_ATOMIC); \
if (!tmp) { \
- DP("out of memory for %lu bytes", \
+ DP("out of memory for %zu bytes", \
sizeof(struct ip_set_##type) \
+ map->probes * sizeof(initval_t)); \
return -ENOMEM; \
} \
tmp->members = harray_malloc(hashsize, sizeof(dtype), GFP_ATOMIC);\
if (!tmp->members) { \
- DP("out of memory for %lu bytes", hashsize * sizeof(dtype));\
+ DP("out of memory for %zu bytes", hashsize * sizeof(dtype));\
kfree(tmp); \
return -ENOMEM; \
} \
map = kmalloc(sizeof(struct ip_set_##type) \
+ req->probes * sizeof(initval_t), GFP_KERNEL); \
if (!map) { \
- DP("out of memory for %lu bytes", \
+ DP("out of memory for %zu bytes", \
sizeof(struct ip_set_##type) \
+ req->probes * sizeof(initval_t)); \
return -ENOMEM; \
} \
map->members = harray_malloc(map->hashsize, sizeof(dtype), GFP_KERNEL);\
if (!map->members) { \
- DP("out of memory for %lu bytes", map->hashsize * sizeof(dtype));\
+ DP("out of memory for %zu bytes", map->hashsize * sizeof(dtype));\
kfree(map); \
return -ENOMEM; \
} \
};
static inline void *
-__harray_malloc(size_t hashsize, size_t typesize, int flags)
+__harray_malloc(size_t hashsize, size_t typesize, gfp_t flags)
{
struct harray *harray;
size_t max_elements, size, i, j;
}
static inline void *
-harray_malloc(size_t hashsize, size_t typesize, int flags)
+harray_malloc(size_t hashsize, size_t typesize, gfp_t flags)
{
void *harray;
IP_SET_ASSERT(set);
if (size - sizeof(struct ip_set_req_adt) != set->type->reqsize) {
- ip_set_printk("data length wrong (want %lu, have %lu)",
+ ip_set_printk("data length wrong (want %lu, have %zu)",
(long unsigned)set->type->reqsize,
size - sizeof(struct ip_set_req_adt));
return -EINVAL;
IP_SET_ASSERT(set);
if (size - sizeof(struct ip_set_req_adt) != set->type->reqsize) {
- ip_set_printk("data length wrong (want %lu, have %lu)",
+ ip_set_printk("data length wrong (want %lu, have %zu)",
(long unsigned)set->type->reqsize,
size - sizeof(struct ip_set_req_adt));
return -EINVAL;
IP_SET_ASSERT(set);
if (size - sizeof(struct ip_set_req_adt) != set->type->reqsize) {
- ip_set_printk("data length wrong (want %lu, have %lu)",
+ ip_set_printk("data length wrong (want %lu, have %zu)",
(long unsigned)set->type->reqsize,
size - sizeof(struct ip_set_req_adt));
return -EINVAL;
*used += sizeof(struct ip_set_save);
set = ip_set_list[index];
- DP("set: %s, used: %i(%i) %p %p", set->name, *used, len,
+ DP("set: %s, used: %d(%d) %p %p", set->name, *used, len,
data, data + *used);
read_lock_bh(&set->lock);
set->type->list_header(set, data + *used);
*used += set_save->header_size;
- DP("set header filled: %s, used: %i(%lu) %p %p", set->name, *used,
+ DP("set header filled: %s, used: %d(%lu) %p %p", set->name, *used,
(unsigned long)set_save->header_size, data, data + *used);
/* Get and ensure set specific members size */
set_save->members_size = set->type->list_members_size(set);
set->type->list_members(set, data + *used);
*used += set_save->members_size;
read_unlock_bh(&set->lock);
- DP("set members filled: %s, used: %i(%lu) %p %p", set->name, *used,
+ DP("set members filled: %s, used: %d(%lu) %p %p", set->name, *used,
(unsigned long)set_save->members_size, data, data + *used);
return 0;
while (1) {
line++;
- DP("%i %lu %i", used, sizeof(struct ip_set_restore), len);
+ DP("%d %zu %d", used, sizeof(struct ip_set_restore), len);
/* Get and ensure header size */
if (used + sizeof(struct ip_set_restore) > len)
return line;
while (members_size + set->type->reqsize <=
set_restore->members_size) {
line++;
- DP("members: %i, line %i", members_size, line);
+ DP("members: %d, line %d", members_size, line);
res = __ip_set_addip(index,
data + used + members_size,
set->type->reqsize);
members_size += set->type->reqsize;
}
- DP("members_size %lu %i",
+ DP("members_size %lu %d",
(unsigned long)set_restore->members_size, members_size);
if (members_size != set_restore->members_size)
return line++;
res = -ENOENT;
goto done;
}
+
+#define SETLIST(set) (strcmp(set->type->typename, "setlist") == 0)
+
used = 0;
if (index == IP_SET_INVALID_ID) {
- /* Save all sets */
+ /* Save all sets: ugly setlist type dependency */
+ int setlist = 0;
+ setlists:
for (i = 0; i < ip_set_max && res == 0; i++) {
- if (ip_set_list[i] != NULL)
+ if (ip_set_list[i] != NULL
+ && !(setlist ^ SETLIST(ip_set_list[i])))
res = ip_set_save_set(i, data, &used, *len);
}
+ if (!setlist) {
+ setlist = 1;
+ goto setlists;
+ }
} else {
/* Save an individual set */
res = ip_set_save_set(index, data, &used, *len);
if (*len < sizeof(struct ip_set_req_setnames)
|| *len != req_restore->size) {
- ip_set_printk("invalid RESTORE (want =%lu, got %u)",
+ ip_set_printk("invalid RESTORE (want =%lu, got %d)",
(long unsigned)req_restore->size, *len);
res = -EINVAL;
goto done;
}
line = ip_set_restore(data + sizeof(struct ip_set_req_setnames),
req_restore->size - sizeof(struct ip_set_req_setnames));
- DP("ip_set_restore: %u", line);
+ DP("ip_set_restore: %d", line);
if (line != 0) {
res = -EAGAIN;
req_restore->size = line;
} /* end of switch(op) */
copy:
- DP("set %s, copylen %u", index != IP_SET_INVALID_ID
+ DP("set %s, copylen %d", index != IP_SET_INVALID_ID
&& ip_set_list[index]
? ip_set_list[index]->name
: ":all:", copylen);
struct ip_set_iptree *map;
if (size != sizeof(struct ip_set_req_iptree_create)) {
- ip_set_printk("data length wrong (want %lu, have %lu)",
+ ip_set_printk("data length wrong (want %lu, have %zu)",
sizeof(struct ip_set_req_iptree_create),
(unsigned long)size);
return -EINVAL;
map = kmalloc(sizeof(struct ip_set_iptree), GFP_KERNEL);
if (!map) {
- DP("out of memory for %lu bytes",
+ DP("out of memory for %zu bytes",
sizeof(struct ip_set_iptree));
return -ENOMEM;
}
static inline int
__delip_single(struct ip_set *set, ip_set_ip_t *hash_ip,
- ip_set_ip_t ip, unsigned int __nocast flags)
+ ip_set_ip_t ip, gfp_t flags)
{
struct ip_set_iptreemap *map = set->data;
struct ip_set_iptreemap_b *btree;
static inline int
iptreemap_del(struct ip_set *set, ip_set_ip_t *hash_ip,
- ip_set_ip_t start, ip_set_ip_t end, unsigned int __nocast flags)
+ ip_set_ip_t start, ip_set_ip_t end, gfp_t flags)
{
struct ip_set_iptreemap *map = set->data;
struct ip_set_iptreemap_b *btree;
#include <linux/netfilter_ipv4/ip_set_bitmaps.h>
#include <linux/netfilter_ipv4/ip_set_setlist.h>
-#ifndef bool
-#define bool int
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 18)
+typedef _Bool bool;
+enum { false = 0, true = 1, };
#endif
/*
struct ip_set *s;
if (req->before && req->ref[0] == '\0')
- return -EINVAL;
+ return 0;
index = __ip_set_get_byname(req->name, &s);
if (index == IP_SET_INVALID_ID)
- return -EEXIST;
+ return 0;
if (req->ref[0] != '\0') {
ref = __ip_set_get_byname(req->ref, &s);
- if (ref == IP_SET_INVALID_ID) {
- res = -EEXIST;
+ if (ref == IP_SET_INVALID_ID)
goto finish;
- }
}
for (i = 0; i < map->size
&& map->index[i] != IP_SET_INVALID_ID; i++) {
if (tmp)
exit_error(PARAMETER_PROBLEM,
- "Can't follow bindings deeper than %i.",
+ "Can't follow bindings deeper than %d.",
IP_SET_MAX_BINDINGS);
free(saved);
0 ipset -A test foo
# Setlist: Test foo set in setlist
0 ipset -T test foo
+# Setlist: Test nonexistent set in setlist
+1 ipset -T test nonexistent
# Setlist: Try to delete foo set
1 ipset -X foo
# Setlist: Add bar set to setlist, after foo
1 ipset -T test bar,before,foo
# Setlist: Test foo,after,bar
1 ipset -T test foo,after,bar
+# Setlist: Save sets
+0 ipset -S > setlist.t.restore
# Setlist: Delete bar,before,foo
1 ipset -D test bar,before,foo
# Setlist: Delete foo,after,bar
0 ipset -F test
# Setlist: Delete test set
0 ipset -X test
+# Setlist: Delete all sets
+0 ipset -X
+# Setlist: Restore saved sets
+0 ipset -R < setlist.t.restore
+# Setlist: Flush all sets
+0 ipset -F
+# Setlist: Delete all sets
+0 ipset -X && rm setlist.t.restore
# eof
projects / thirdparty / ipset.git / commitdiff
