IP set home >
 Features >
 Download & Install >
 Tips & Examples >
 ipset(8) >
 iptables(8) >
 ChangeLog >

 

ChangeLog

  • 4.3
    • Kernel part changes
      • Support of 2.6.35 kernels added
  • 4.2
    • Kernel part changes
      • nethash and ipportnethash types counted every entry twice which could produce bogus entries when listing/saving these types of sets (bug reported by Husnu Demir)
    • Userspace changes
      • Checking null entries when listing/saving hash types of sets deleted because it's unnecessary and can mask possible errors.
  • 4.1
    • Kernel part changes
      • Do not use init_MUTEX either (Jan Engelhardt)
      • Improve listing/saving hash type of sets by not copying empty entries unnecessarily to userspace.
    • Userspace changes
      • Manpage fixes and corrections (Jan Engelhardt)
  • 4.0
    • Kernel part changes
      • Compilation of ip_set_iptree.c fails with kernel 2.6.20 due to missing include of linux/jiffies.h (Jan Engelhardt)
      • Do not use DECLARE_MUTEX (compatibility fix on 2.6.31-rt, Jan Engelhardt)
      • Flushing iptreemap type of sets caused high ksoftirqd load due to zeroed out gc parameter (bug reported by Georg Chini)
      • New protocol is introduced to handle aligment issues properly (bug reported by Georg Chini)
      • Binding support is removed
    • Userspace changes
      • New protocol is introduced to handle aligment issues properly (bug reported by Georg Chini)
      • Binding support is removed
  • 3.2
    • Kernel part changes
      • Mixed up formats in ip_set_iptree.c fixed (Rob Sterenborg)
      • Don't use 'bool' for backward compatibility reasons (Rob Sterenborg)
  • 3.1
    • Userspace changes
      • Correct format specifiers and change %i to %d (Jan Engelhardt)
    • Kernel part changes
      • Nonexistent sets were reported as existing sets when testing from userspace in setlist type of sets (bug reported by Victor A. Safronov)
      • When saving sets, setlist type of sets must come last in order to satisfy the dependency from the elements (bug reported by Marty B.)
      • Sparse insists that the flags argument to kmalloc() is gfp_t (Stephen Hemminger)
      • Correct format specifiers and change %i to %d (Jan Engelhardt)
      • Fix the definition of 'bool' for kernels <= 2.6.18 (Jan Engelhardt)
  • 3.0
    • Userspace changes
      • New kernel-userspace protocol release
      • Bigendian and 64/32bit fixes (Stefan Gula, bugzilla id 593)
      • tests/runtests.sh changed to support old bash shells
    • Kernel part changes
      • New kernel-userspace protocol release
      • Bigendian and 64/32bit fixes (Stefan Gula, bugzilla id 593)
      • Support of 2.4.3[67].* kernels fixed
      • Compiling with debugging enabled fixed
  • 2.5.0
    • Userspace changes
      • On parisc architecture cast increases required aligment (bugzilla id 582), fixed.
      • Respect LDFLAGS settings at compile time (Peter Volkov).
    • Kernel part changes
      • instead of setting the locks directly as it causes compilation errors with 2.6.29-rt (Jan Engelhardt).
  • 2.4.9
    • Kernel part changes
      • References to the old include file replaced with new one in order to really use the new Jenkins' hash function.
  • 2.4.8
    • Userspace changes
      • In order to disable the extra warning flags, NO_EXTRA_WARN_FLAGS variable added to userspace Makefile.
    • Kernel part changes
      • The Jenkins' hash lookup2() replaced with Jenkins' faster/better lookup3() hash function.
      • Bug fixed: after elements are added and deleted from a hash, an element can successfully be added in spite it's already in the hash and thus duplicates can occur (Shih-Yi Chen).
      • Compatibility with old gcc without 'bool' added.
  • 2.4.7
    • Kernel part changes
      • Typo which broke compilation with kernels < 2.6.28 fixed (reported by Richard Lucassen, Danny Rawlins)
  • 2.4.6
    • Kernel part changes
      • Compatibility fix for kernels >= 2.6.28
  • 2.4.5
    • Userspace changes
      • Some compiler warning options are too aggressive and therefore disabled.
    • Kernel part changes
      • setlist type does not work properly together with swapping sets, bug reported by Thomas Jacob.
      • Include linux/capability.h explicitly in ip_set.c (Jan Engelhardt)
  • 2.4.4
    • Userspace changes
      • Premature checking prevents to add valid elements to hash types, fixed (bug reported by JC Janos).
      • Local variable shadows another variable, fixed (reported by Jan Engelhardt).
      • More compiler warning options added and warnings fixed.
    • Kernel part changes
      • Premature checking prevents to add valid elements to hash types, fixed (bug reported by JC Janos).
  • 2.4.3
    • Userspace changes
      • Include file <limits.h> was missing from userspace set type modules, reported by Krzysztof Oledzki and Sven Wegener.
  • 2.4.2
    • Kernel part changes
      • When flushing a nethash/ipportnethash type of set, it can lead to a kernel crash due to a wrong type declaration, bug reported by Krzysztof Oledzki.
      • iptree and iptreemap types require the header file linux/timer.h, also reported by Krzysztof Oledzki.
  • 2.4.1
    • Userspace changes
      • macipmap type reported misleading deprecated separator tokens and printed the old one at listing set elements; the warning contained misprinting as well (bugs reported by Krzysztof Oledzki)
      • Warn only once about deprecated separator tokens in restore mode.
    • Kernel part changes
      • Zero-valued element are not acceptable by hash type of sets because we cannot make a difference between a zero-valued element and not-set element. Enforce it, as manpage says. (fixes bugzilla id 543)
  • 2.4
    • Userspace changes
      • Added KBUILD_OUTPUT support (Sven Wegener)
      • Fix memory leak in ipset_iptreemap (Sven Wegener)
      • Fix multiple compiler warnings (Sven Wegener)
      • ipportiphash, ipportnethash and setlist types added
      • binding marked as deprecated functionality
      • element separator token changed to ',' in anticipating IPv6 addresses, old separator tokens are still supported
      • unnecessary includes removed
      • ipset does not try to resolve IP addresses when listing the content of sets (default changed)
      • manpage updated
    • Kernel part changes
      • ipportiphash, ipportnethash and setlist types added
      • set type modules reworked to avoid code duplication as much as possible, code unification macros
      • expand_macros Makefile target added to help debugging code unification macros
      • ip_set_addip_kernel and ip_set_delip_kernel changed from void to int, __ip_set_get_byname and __ip_set_put_byid added for the sake of setlist type
      • unnecessary includes removed
      • compatibility fix for kernels >= 2.6.27: semaphore.h was moved from asm/ to linux/ (James King)
  • 2.3.3a
    • Fix to compile ipset with 2.4.26.x tree statically (bug reported by G.W. Haywood)
  • 2.3.3
    • compatibility for the 2.6.x kernel tree improved and compiler warnings fixed (Jan Engelhardt)
    • compatibility fixes for the 2.4.36.x kernel tree added
  • 2.3.2
    • including limits.h for UINT_MAX is required with glibc-2.8 (pud)
    • needless cast from and to void pointers cleanups in iptreemap (Sven Wegener)
    • Initial ipset release with kernel modules included.
  • 2.3.1
    • segfault on --unbind :all: :all: fixed (reported by bugzilla, report and patch sent by Tom Eastep)
    • User input parameters are sanitized everywhere
    • Initial testsuite added and 'test' target to the Makefile added: few bugs discovered and fixed
      • typo in macipmap type prevented to use max size set of this type
      • *map types are made sure to allow and use max size of sets
  • 2.3.0
    • jiffies rollover bug in iptree type fixed (reported by Lukasz Nierycho and others)
    • endiannes bug in iptree type fixed (spotted by Jan Engelhardt)
    • iptreemap type added (submitted by Sven Wegener)
    • 2.6.22/23 compatibility fixes (Jeremy Jacque)
    • typo fixes in ipset (Neville D)
    • separator changed to ':' from '%' (old one still supported) in ipset
  • 2.2.9a
    • use correct type (socklen_t) for getsockopt (H. Nakano)
    • incorrect return codes fixed (Tomasz Lemiech, Alexey Bortnikov)
    • kernel header dependency removed (asm/bitops.h)
    • ipset now tries to load in the ip_set kernel module if the protocol is not available
  • 2.2.9
    • ipset -N did not generate proper return code
    • limit module parameter added to the kernel modules of the iphash, ipporthash, nethash and iptree type of sets so that the maximal number of elements can now be limited
    • zero valued entries (port 0 or IP address 0.0.0.0) were detected as members of the hash/tree kind of sets (reported by Andrew Kraslavsky)
    • list and save operations used the external identifier of the sets for the bindings instead of the internal one (reported by Amin Azez)
  • 2.2.8
    • Nasty off-by-one bug fixed in iptree type of sets (bug reported by Pablo Sole)
  • 2.2.7
    All patches were submitted by Jones Desougi.
    • missing or confusing error message fixes for ipporthash
    • minor correction in debugging in nethash
    • copy-paste bug in kernel set types at memory allocation checking fixed
    • unified memory allocations in ipset
  • 2.2.6
    • memory allocation in iptree is changed to GFP_ATOMIC because we hold a lock (bug reported by Radek Hladik)
    • compatibility fix: __nocast is not defined in all 2.6 branches (problem reported by Ming-Ching Tiew)
    • manpage corrections
  • 2.2.5
    • garbage collector of iptree type of sets is fixed: flushing sets/removing kernel module could corrupt the timer
    • new ipporthash type added
    • manpage fixes and corrections
  • 2.2.4
    • half-fixed memory allocation bug in iphash and nethash finally completely fixed (bug reported by Nikolai Malykh)
    • restrictions to enter zero-valued entries into all non-hash type sets were removed
    • Too strict check on the set size of ipmap type was corrected
  • 2.2.3
    • Memory allocation bug in iphash and nethash in connection with the SET target was fixed (bug reported by Nikolai Malykh)
    • lockhelp.h was removed from the 2.6.13 kernel tree, ip_set.c is updated accordingly (Cardoso Didier, Samir Bellabes)
    • manpage is updated to clearly state the command order in restore mode
  • 2.2.2
    • Jiffies rollover bug in ip_set_iptree reported and fixed by Rob Nielsen
    • Compiler warning in the non-SMP case fixed (Marcus Sundberg)
    • slab cache names shrunk in order to be compatible with 2.4.* (Marcus Sundberg)
  • 2.2.1
    • Magic number in ip_set_nethash.h was mistyped (bug reported by Rob Carlson)
    • ipset can now test IP addresses in nethash type of sets (i.e. addresses in netblocks added to the set)
  • 2.2.0
    • Locking bug in ip_set_nethash.c (Clifford Wolf and Rob Carlson)
    • Makefile contained an unnecessary variable in IPSET_LIB_DIR (Clifford Wolf)
    • Safety checkings of restore in ipset was incomplete (Robin H. Johnson)
    • More careful resizing by avoiding locking completely
    • stdin stored internally in a temporary file, so we can feed 'ipset -R' from a pipe
    • iptree set type added
  • 2.1.0
    • Lock debugging used with debugless lock definiton (Piotr Chytla and others).
    • Bindings were not properly filled out at listing (kernel)
    • When listing sets from kernel, id was not added to the set structure (ipset)
    • nethash set type added
    • ipset manpage corrections (macipmap)
  • 2.0.1
    • Missing -fPIC in Makefile (Robert Iakobashvili)
    • Cut'n'paste bug at saving macipmap types (Vincent Bernat).
    • Bug in printing/saving SET targets reported and fixed by Michal Pokrywka
  • 2.0
    • Chaining of sets are changed: child sets replaced by bindings
    • Kernel-userspace communication reorganized to minimize the number of syscalls
    • Save and restore functionality implemented
    • iphash type reworked: clashing resolved by double-hashing and by dynamically growing the set
  • 1.0
    • ipset forked from ippool
    • Chaining of sets added via child sets
    • portmap and iphash types added

All the documentation on this site is released under the GNU/GPL license terms.