|
ChangeLog
|
- 4.3
- Kernel part changes
- Support of 2.6.35 kernels added
- 4.2
- Kernel part changes
- nethash and ipportnethash types counted every entry twice
which could produce bogus entries when listing/saving these types
of sets (bug reported by Husnu Demir)
- Userspace changes
- Checking null entries when listing/saving hash types of sets
deleted because it's unnecessary and can mask possible errors.
- 4.1
- Kernel part changes
- Do not use init_MUTEX either (Jan Engelhardt)
- Improve listing/saving hash type of sets by not copying empty
entries unnecessarily to userspace.
- Userspace changes
- Manpage fixes and corrections (Jan Engelhardt)
- 4.0
- Kernel part changes
- Compilation of ip_set_iptree.c fails with kernel 2.6.20 due to
missing include of linux/jiffies.h (Jan Engelhardt)
- Do not use DECLARE_MUTEX (compatibility fix on 2.6.31-rt, Jan
Engelhardt)
- Flushing iptreemap type of sets caused high ksoftirqd load due to
zeroed out gc parameter (bug reported by Georg Chini)
- New protocol is introduced to handle aligment issues properly
(bug reported by Georg Chini)
- Binding support is removed
- Userspace changes
- New protocol is introduced to handle aligment issues properly
(bug reported by Georg Chini)
- Binding support is removed
- 3.2
- Kernel part changes
- Mixed up formats in ip_set_iptree.c fixed (Rob Sterenborg)
- Don't use 'bool' for backward compatibility reasons (Rob Sterenborg)
- 3.1
- Userspace changes
- Correct format specifiers and change %i to %d (Jan Engelhardt)
- Kernel part changes
- Nonexistent sets were reported as existing sets when testing
from userspace in setlist type of sets (bug reported by Victor A.
Safronov)
- When saving sets, setlist type of sets must come last in order
to satisfy the dependency from the elements (bug reported by Marty B.)
- Sparse insists that the flags argument to kmalloc() is gfp_t
(Stephen Hemminger)
- Correct format specifiers and change %i to %d (Jan Engelhardt)
- Fix the definition of 'bool' for kernels <= 2.6.18 (Jan Engelhardt)
- 3.0
- Userspace changes
- New kernel-userspace protocol release
- Bigendian and 64/32bit fixes (Stefan Gula, bugzilla id 593)
- tests/runtests.sh changed to support old bash shells
- Kernel part changes
- New kernel-userspace protocol release
- Bigendian and 64/32bit fixes (Stefan Gula, bugzilla id 593)
- Support of 2.4.3[67].* kernels fixed
- Compiling with debugging enabled fixed
- 2.5.0
- Userspace changes
- On parisc architecture cast increases required aligment (bugzilla
id 582), fixed.
- Respect LDFLAGS settings at compile time (Peter Volkov).
- Kernel part changes
- instead of setting the locks directly
as it causes compilation errors with 2.6.29-rt (Jan Engelhardt).
- 2.4.9
- Kernel part changes
- References to the old include file replaced with new one in order to
really use the new Jenkins' hash function.
- 2.4.8
- Userspace changes
- In order to disable the extra warning flags, NO_EXTRA_WARN_FLAGS
variable added to userspace Makefile.
- Kernel part changes
- The Jenkins' hash lookup2() replaced with Jenkins' faster/better
lookup3() hash function.
- Bug fixed: after elements are added and deleted from a hash, an element
can successfully be added in spite it's already in the hash and thus
duplicates can occur (Shih-Yi Chen).
- Compatibility with old gcc without 'bool' added.
- 2.4.7
- Kernel part changes
- Typo which broke compilation with kernels < 2.6.28
fixed (reported by Richard Lucassen, Danny Rawlins)
- 2.4.6
- Kernel part changes
- Compatibility fix for kernels >= 2.6.28
- 2.4.5
- Userspace changes
- Some compiler warning options are too aggressive and
therefore disabled.
- Kernel part changes
- setlist type does not work properly together with swapping
sets, bug reported by Thomas Jacob.
- Include linux/capability.h explicitly in ip_set.c (Jan Engelhardt)
- 2.4.4
- Userspace changes
- Premature checking prevents to add valid elements to hash
types, fixed (bug reported by JC Janos).
- Local variable shadows another variable, fixed (reported
by Jan Engelhardt).
- More compiler warning options added and warnings fixed.
- Kernel part changes
- Premature checking prevents to add valid elements to hash
types, fixed (bug reported by JC Janos).
- 2.4.3
- Userspace changes
- Include file <limits.h> was missing from userspace set type
modules, reported by Krzysztof Oledzki and Sven Wegener.
- 2.4.2
- Kernel part changes
- When flushing a nethash/ipportnethash type of set, it can
lead to a kernel crash due to a wrong type declaration,
bug reported by Krzysztof Oledzki.
- iptree and iptreemap types require the header file linux/timer.h,
also reported by Krzysztof Oledzki.
- 2.4.1
- Userspace changes
- macipmap type reported misleading deprecated separator
tokens and printed the old one at listing set elements;
the warning contained misprinting as well (bugs reported
by Krzysztof Oledzki)
- Warn only once about deprecated separator tokens in
restore mode.
- Kernel part changes
- Zero-valued element are not acceptable by hash type of sets
because we cannot make a difference between a zero-valued
element and not-set element. Enforce it, as manpage says.
(fixes bugzilla id 543)
- 2.4
- Userspace changes
- Added KBUILD_OUTPUT support (Sven Wegener)
- Fix memory leak in ipset_iptreemap (Sven Wegener)
- Fix multiple compiler warnings (Sven Wegener)
- ipportiphash, ipportnethash and setlist types added
- binding marked as deprecated functionality
- element separator token changed to ',' in anticipating
IPv6 addresses, old separator tokens are still supported
- unnecessary includes removed
- ipset does not try to resolve IP addresses when listing
the content of sets (default changed)
- manpage updated
- Kernel part changes
- ipportiphash, ipportnethash and setlist types added
- set type modules reworked to avoid code duplication
as much as possible, code unification macros
- expand_macros Makefile target added to help debugging
code unification macros
- ip_set_addip_kernel and ip_set_delip_kernel
changed from void to int, __ip_set_get_byname and
__ip_set_put_byid added for the sake of setlist type
- unnecessary includes removed
- compatibility fix for kernels >= 2.6.27:
semaphore.h was moved from asm/ to linux/ (James King)
- 2.3.3a
- Fix to compile ipset with 2.4.26.x tree statically (bug reported by
G.W. Haywood)
- 2.3.3
- compatibility for the 2.6.x kernel tree improved and compiler warnings
fixed (Jan Engelhardt)
- compatibility fixes for the 2.4.36.x kernel tree added
- 2.3.2
- including limits.h for UINT_MAX is required with glibc-2.8 (pud)
- needless cast from and to void pointers cleanups in iptreemap (Sven Wegener)
- Initial ipset release with kernel modules included.
- 2.3.1
- segfault on --unbind :all: :all: fixed (reported by bugzilla,
report and patch sent by Tom Eastep)
- User input parameters are sanitized everywhere
- Initial testsuite added and 'test' target to the Makefile added:
few bugs discovered and fixed
- typo in macipmap type prevented to use max size set of this type
- *map types are made sure to allow and use max size of sets
- 2.3.0
- jiffies rollover bug in iptree type fixed (reported by Lukasz Nierycho
and others)
- endiannes bug in iptree type fixed (spotted by Jan Engelhardt)
- iptreemap type added (submitted by Sven Wegener)
- 2.6.22/23 compatibility fixes (Jeremy Jacque)
- typo fixes in ipset (Neville D)
- separator changed to ':' from '%' (old one still supported) in ipset
- 2.2.9a
- use correct type (socklen_t) for getsockopt (H. Nakano)
- incorrect return codes fixed (Tomasz Lemiech, Alexey Bortnikov)
- kernel header dependency removed (asm/bitops.h)
- ipset now tries to load in the ip_set kernel module if the protocol
is not available
- 2.2.9
ipset -N did not generate proper return code
limit module parameter added to the kernel modules of the
iphash, ipporthash, nethash and iptree type of sets so that
the maximal number of elements can now be limited
- zero valued entries (port 0 or IP address 0.0.0.0) were
detected as members of the hash/tree kind of sets
(reported by Andrew Kraslavsky)
- list and save operations used the external identifier
of the sets for the bindings instead of the internal one
(reported by Amin Azez)
- 2.2.8
- Nasty off-by-one bug fixed in iptree type of sets
(bug reported by Pablo Sole)
- 2.2.7
All patches were submitted by Jones Desougi.
- missing or confusing error message fixes for ipporthash
- minor correction in debugging in nethash
- copy-paste bug in kernel set types at memory allocation
checking fixed
- unified memory allocations in ipset
- 2.2.6
- memory allocation in iptree is changed to GFP_ATOMIC because
we hold a lock (bug reported by Radek Hladik)
- compatibility fix: __nocast is not defined in all 2.6 branches
(problem reported by Ming-Ching Tiew)
- manpage corrections
- 2.2.5
- garbage collector of iptree type of sets is fixed: flushing
sets/removing kernel module could corrupt the timer
- new ipporthash type added
- manpage fixes and corrections
- 2.2.4
- half-fixed memory allocation bug in iphash and nethash finally
completely fixed (bug reported by Nikolai Malykh)
- restrictions to enter zero-valued entries into all non-hash type
sets were removed
- Too strict check on the set size of ipmap type was corrected
- 2.2.3
- Memory allocation bug in iphash and nethash in connection with the SET
target was fixed (bug reported by Nikolai Malykh)
- lockhelp.h was removed from the 2.6.13 kernel tree, ip_set.c is
updated accordingly (Cardoso Didier, Samir Bellabes)
- manpage is updated to clearly state the command order in restore mode
- 2.2.2
- Jiffies rollover bug in ip_set_iptree reported and fixed by Rob Nielsen
- Compiler warning in the non-SMP case fixed (Marcus Sundberg)
- slab cache names shrunk in order to be compatible with 2.4.* (Marcus
Sundberg)
- 2.2.1
- Magic number in ip_set_nethash.h was mistyped (bug reported by Rob
Carlson)
- ipset can now test IP addresses in nethash type of sets (i.e. addresses
in netblocks added to the set)
- 2.2.0
- Locking bug in ip_set_nethash.c (Clifford Wolf and Rob Carlson)
- Makefile contained an unnecessary variable in IPSET_LIB_DIR (Clifford
Wolf)
- Safety checkings of restore in ipset was incomplete (Robin H.
Johnson)
- More careful resizing by avoiding locking completely
- stdin stored internally in a temporary file, so we can feed 'ipset -R'
from a pipe
- iptree set type added
- 2.1.0
- Lock debugging used with debugless lock definiton (Piotr Chytla and
others).
- Bindings were not properly filled out at listing (kernel)
- When listing sets from kernel, id was not added to the set structure
(ipset)
- nethash set type added
- ipset manpage corrections (macipmap)
- 2.0.1
- Missing -fPIC in Makefile (Robert Iakobashvili)
- Cut'n'paste bug at saving macipmap types (Vincent Bernat).
- Bug in printing/saving SET targets reported and fixed by Michal
Pokrywka
- 2.0
- Chaining of sets are changed: child sets replaced
by bindings
- Kernel-userspace communication reorganized to minimize
the number of syscalls
- Save and restore functionality implemented
- iphash type reworked: clashing resolved by double-hashing
and by dynamically growing the set
- 1.0
- ipset forked from ippool
- Chaining of sets added via child sets
- portmap and iphash types added
|
|