| 6.29 |
| - Fix race condition in ipset save, swap and delete (Vishwanath Pai) |
| |
| 6.28 |
| - Check IPSET_ATTR_ETHER netlink attribute length |
| - Fix __aligned_u64 compatibility support for older kernel releases |
| - Add compatibility to support EXPORT_SYMBOL_GPL in module.h |
| - Fix set:list type crash when flush/dump set in parallel |
| - pass down netns pointer to call() and call_rcu() (backport) |
| - allow a 0 netmask with hash_netiface type (Florian Westphal) |
| |
| 6.27 |
| - Fix reported memory size for hash:* types |
| - Fix hash type expire: release empty hash bucket block |
| - Fix hash type expiration: incorrect index fixed |
| - Collapse same condition body to a single one |
| - Fix extension alignment |
| - Compatibility: include linux/export.h when needed |
| - Compatibility: make sure vmalloc.h is included for kvfree() |
| - Compatibility: Fix detecting 'struct net' in 'struct tcf_ematch' |
| - Compatibility: Protect definition of RCU_INIT_POINTER in compatibility |
| header file |
| - netfilter: ipset: Fix sleeping memory allocation in atomic context |
| (Nikolay Borisov) |
| |
| 6.26 |
| - Out of bound access in hash:net* types fixed (reported by Dave Jones) |
| - Make struct htype per ipset family (originally from Sergey Popovich) |
| - Optimize hash creation routine (originally from Sergey Popovich) |
| - Make sure element data size is a multiple of u32 (originally from Sergey |
| Popovich) |
| - Make NLEN compile time constant for hash types (originally from Sergey |
| Popovich) |
| - Simplify mtype_expire() for hash types (originally from Sergey Popovich) |
| - Count non-static extension memory into the set memory size for userspace |
| - net: sched: Simplify em_ipset_match (Eric W. Biederman) |
| |
| 6.25.1 |
| - net/netfilter/ipset: work around gcc-4.4.4 initializer bug |
| (Andrew Morton) |
| |
| 6.25 |
| - Add element count to all set types header |
| - Add element count to hash headers (Eric B Munson) |
| - implement nla_put_in_addr and nla_put_in6_addr (Jiri Benc) |
| - deinline ip_set_put_extensions() (Denys Vlasenko) |
| - Fix error path in mtype_resize() when new hash bucket cannot be |
| allocated |
| - There is no need to call synchronize_rcu() after list_add_rcu() |
| - Fix typo in function name get_phyoutdev_name() |
| - Separate memsize calculation code into dedicated functions (originally |
| from Sergey Popovich) |
| - Split extensions into separate files (originally from Sergey Popovich) |
| - Improve comment extension helpers (originally from Sergey Popovich) |
| - Improve skbinfo get/init helpers (originally from Sergey Popovich) |
| - Headers file cleanup (originally from Sergey Popovich) |
| - Correct rcu_dereference_bh_nfnl() usage (originally from Sergey |
| Popovich) |
| - add helpers for fetching physin/outdev (Florian Westphal) |
| - When a single set is destroyed, make sure it can't be grabbed by dump |
| - In comment extension ip_set_comment_free() is always called in a safe |
| path |
| - Add rcu_barrier() to module removal in the bitmap types too |
| - Fix coding styles reported by the most recent checkpatch.pl |
| - Make sure bitmap:ip,mac detects the proper MAC even when it's |
| overwritten |
| - RCU safe comment extension handling |
| - Make sure the proper is_destroyed value is checked at dumping |
| - Fix broken commit "Check extensions attributes before getting |
| extensions." |
| - Improve preprocessor macros checks (Sergey Popovich) |
| - Fix hashing for ipv6 sets (Sergey Popovich) |
| - Fix ext_*() macros so pointers returned by these macros could be |
| referenced directly (Sergey Popovich) |
| - Check for comment netlink attribute length (Sergey Popovich) |
| - Return bool values instead of int (Sergey Popovich) |
| - Check CIDR value only when attribute is given (Sergey Popovich) |
| - Make sure we always return line number on batch (Sergey Popovich) |
| - Permit CIDR equal to the host address CIDR in IPv6 (Sergey Popovich) |
| - Use HOST_MASK literal to represent host address CIDR len (Sergey |
| Popovich) |
| - Check IPSET_ATTR_PORT only once (Sergey Popovich) |
| - Check extensions attributes before getting extensions (Sergey Popovich) |
| - Use SET_WITH_*() helpers to test set extensions (Sergey Popovich) |
| - Return ipset error instead of bool (Sergey Popovich) |
| - Preprocessor directices cleanup (Sergey Popovich) |
| - No need to make nomatch bitfield (Sergey Popovich) |
| - Make sure bit operations are not reordered |
| - Properly calculate extensions offsets and total length (Sergey Popovich) |
| - Fix cidr handling for hash:*net* types, reported by Jonathan Johnson |
| - fix boolreturn.cocci warnings (Fengguang Wu) |
| - make ip_set_get_ip*_port to use skb_network_offset (Alexander Drozdov) |
| - Make sure listing doesn't grab a set which is just being destroyed. |
| - Missing rcu_read_lock() and _unlock() in mtype_list() fixed |
| - Fix coding styles reported by checkpatch.pl |
| - Use nlmsg_total_size instead of NLMSG_SPACE in ip_set_core.c |
| - There's no need to call synchronize_rcu() with kfree_rcu() |
| - Call rcu_barrier() in module removal path |
| - Call synchronize_rcu() in set type (un)register functions only when |
| needed |
| - Remove an unused macro |
| - Give a better name to a macro in ip_set_core.c |
| - Resolve the STREQ macro to make the code more readable, and use |
| nla_strlcpy where possible |
| - Use MSEC_PER_SEC consistently |
| - Remove unnecessary integer RCU handling and fix other sparse warnings |
| - Fix sparse warning "cast to restricted __be32" |
| |
| 6.24 |
| - netfilter: ipset: small potential read beyond the end of buffer |
| (Dan Carpenter) |
| - Fix parallel resizing and listing of the same set |
| - styles warned by checkpatch.pl fixed |
| - Introduce RCU in all set types instead of rwlock per set |
| (performance tested by Jesper Dangaard Brouer) |
| - Remove rbtree from hash:net,iface in order to run under RCU |
| - Explicitly add padding elements to hash:net,net and hash:net,port,net |
| - Allocate the proper size of memory when /0 networks are supported |
| - Simplify cidr handling for hash:*net* types |
| - Indicate when /0 networks are supported |
| - Kernel API changes in em_ipset.c, support both old and new ones |
| - netfilter: Convert uses of __constant_<foo> to <foo> (Joe Perches) |
| - net: use the new API kvfree() (WANG Cong) |
| - treewide: fix errors in print (Masanari Iida) |
| - netfilter: use IS_ENABLED(CONFIG_BRIDGE_NETFILTER) (Pablo Neira Ayuso) |
| - Use IS_ENABLED macro and define it if required |
| - Alignment problem between 64bit kernel 32bit userspace fixed |
| (reported by Sven-Haegar Koch) |
| - netfilter: ipset: off by one in ip_set_nfnl_get_byindex() |
| (Dan Carpenter) |
| |
| 6.23 |
| - Support updating extensions when the set is full |
| (fixes bugzilla id #880) |
| |
| 6.22 |
| - hash:mac type added to ipset |
| - skbinfo extension: send nonzero extension elements only to userspace |
| - netfilter: Convert pr_warning to pr_warn (Joe Perches) |
| - netfilter: ipset: Add skbinfo extension support to SET target. |
| (Anton Danilov) |
| - netfilter: ipset: Add skbinfo extension kernel support for the list |
| set type. (Anton Danilov) |
| - netfilter: ipset: Add skbinfo extension kernel support for the hash |
| set types. (Anton Danilov) |
| - netfilter: ipset: Add skbinfo extension kernel support for the |
| bitmap set types. (Anton Danilov) |
| - netfilter: ipset: Add skbinfo extension kernel support in the ipset |
| core. (Anton Danilov) |
| - Fix static checker warning in ip_set_core.c (reported by Dan Carpenter) |
| - Fix warn: integer overflows 'sizeof(*map) + size * set->dsize' |
| (reported by Dan Carpenter) |
| - net/netfilter/ipset: Resolve missing-field-initializer warnings |
| (Mark Rustad) |
| - netnet,netportnet: Fix value range support for IPv4 (Sergey Popovich) |
| - Removed invalid IPSET_ATTR_MARKMASK validation (Vytas Dauksa) |
| |
| 6.21.1 |
| - netfilter: ip_set: rename nfnl_dereference()/nfnl_set() |
| (Patrick McHardy) |
| |
| 6.21 |
| - ipset: add forceadd kernel support for hash set types (Josh Hunt) |
| - netfilter: ipset: move registration message to init from net_init |
| (Ilia Mirkin) |
| - kernel: uapi: fix MARKMASK attr ABI breakage (Florian Westphal) |
| - Prepare the kernel for create option flags when no extension is needed |
| - add markmask for hash:ip,mark data type (Vytas Dauksa) |
| - add hash:ip,mark data type to ipset (Vytas Dauksa) |
| - ipset: remove unused code (Stephen Hemminger) |
| - netfilter: ipset: Add hash: fix coccinelle warnings (Fengguang Wu) |
| - Typo in ip_set_hash_netnet.c fixed (David Binderman) |
| - net ipset: use rbtree postorder iteration instead of opencoding |
| (Cody P Schafer) |
| - ipset: Follow manual page behavior for SET target on list:set |
| (Sergey Popovich) |
| |
| 6.20.1 |
| - netfilter: ipset: remove duplicate define (Michael Opdenacker) |
| - net->user_ns is available starting from 3.8, add compatibility |
| checking (reported by Jan Engelhardt) |
| - Fix memory allocation for bitmap:port (reported by Quentin Armitage) |
| - Avoid clashing with configured kernel in [CONFIG_]IP_SET_MAX |
| - The unnamed union initialization may lead to compilation error |
| (reported by Husnu Demir) |
| - Use dev_net() instead of the direct access to ->nd_net (reported by |
| the kbuild test robot) |
| |
| 6.20 |
| - Compatibility code is modified not to rely on kernel version numbers |
| - Use netlink callback dump args only |
| - Add hash:net,port,net module to kernel (Oliver Smith) |
| - Add net namespace for ipset (Vitaly Lavrov) |
| - Use a common function at listing the extensions of the elements |
| - For set:list types, replaced elements must be zeroed out |
| - Fix hash resizing with comments |
| - Support comments in the list-type ipset (Oliver Smith) |
| - Support comments in bitmap-type ipsets (Oliver Smith) |
| - Support comments in hash-type ipsets (Oliver Smith) |
| - Support comments for ipset entries in the core (Oliver Smith) |
| - Add hash:net,net module to kernel (Oliver Smith) |
| - Fix serious failure in CIDR tracking (Oliver Smith) |
| - list:set: make sure all elements are checked by the gc |
| - Support extensions which need a per data destroy function |
| - Generalize extensions support |
| - Move extension data to set structure |
| - Rename extension offset ids to extension ids |
| - Prepare ipset to support multiple networks for hash types |
| - Introduce new operation to get both setname and family |
| - Validate the set family and not the set type family at swapping |
| (Bug reported by Quentin Armitage, netfilter bugzilla id #843) |
| - Consistent userspace testing with nomatch flag |
| - Skip really non-first fragments for IPv6 when getting port/protocol |
| - ipset standalone package needs to ship em_ipset.c (reported by Jan |
| Engelhardt) |
| |
| 6.19 |
| - Compatibility fixes to keep the support of kernels back to 2.6.32 |
| - Backport nla_put_net64 |
| - Support package fragments for IPv4 protos without ports |
| (Anders K. Pedersen) |
| - Use fix sized type for timeout in the extension part |
| - Make sure kernel configured properly for sparse checkings |
| - Fix "may be used uninitialized" warnings (reported by Pablo Neira |
| Ayuso) |
| - Rename simple macro names to avoid namespace issues. (reported by |
| David Laight) |
| - Fix sparse warnings due to missing rcu annotations (reported by |
| Pablo Neira Ayuso) |
| - Sparse warning about shadowed variable fixed |
| - Don't call ip_nest_end needlessly in the error path (suggested by |
| Pablo Neira Ayuso) |
| - set match: add support to match the counters |
| - The list:set type with counter support |
| - The hash types with counter support |
| - The bitmap types with counter support |
| - Introduce the counter extension in the core |
| - list:set type using the extension interface |
| - Hash types using the unified code base |
| - Unified hash type generation |
| - Bitmap types using the unified code base |
| - Unified bitmap type generation |
| - Introduce extensions to elements in the core |
| - Move often used IPv6 address masking function to header file |
| - Make possible to test elements marked with nomatch, from userspace |
| - netfilter ipset: Use ipv6_addr_equal() where appropriate. |
| (YOSHIFUJI Hideaki) |
| - Add a compatibility header file for easier maintenance |
| - The uapi include split in the package itself |
| - Reorder modules a little bit in Kbuild |
| |
| 6.18 |
| - list:set: update reference counter when last element pushed off |
| - hash:*net*: nomatch flag not excluded on set resize |
| |
| 6.17 |
| - Make sure ip_set_max isn't set to IPSET_INVALID_ID |
| - netfilter: ipset: timeout values corrupted on set resize (Josh Hunt) |
| - "Directory not empty" error message (reported by John Brendler) |
| |
| 6.16.1 |
| - Add ipset package version to external module description |
| - Backport RCU handling up to 2.6.32.x |
| |
| 6.16 |
| - Netlink pid is renamed to portid in kernel 3.7.0 |
| - Fix RCU handling when the number of maximal sets are increased |
| - netfilter: ipset: fix netiface set name overflow (Florian Westphal) |
| |
| 6.15 |
| - Increase the number of maximal sets automatically as needed |
| - Restore the support of kernel versions between 2.6.32 and 2.6.35 |
| - Fix range bug in hash:ip,port,net |
| - Revert, then reapply cidr book keeping patch to handle /0 |
| |
| 6.14 |
| - Support to match elements marked with "nomatch" in hash:*net* sets |
| - Coding style fixes |
| - Include supported revisions in module description |
| - Add /0 network support to hash:net,iface type |
| - Fix cidr book keeping for hash:*net* types |
| - Check and reject crazy /0 input parameters |
| - Backport ether_addr_equal |
| - Coding style fix, backport from kernel |
| - net: cleanup unsigned to unsigned int (Eric Dumazet) |
| |
| 6.13 |
| - ipset: Handle properly an IPSET_CMD_NONE (Tomasz Bursztyka) |
| - netfilter: ipset: hash:net,iface: fix interface comparison (Florian |
| Westphal) |
| - Timeout fixing bug broke SET target special timeout value, fixed |
| - Use MSEC_PER_SEC instead of harcoded value |
| |
| 6.12 |
| - Backport nla_put_net* functions as NLA_PUT* were removed |
| - netlink: add netlink_dump_control structure for netlink_dump_start() |
| - ipset: Stop using NLA_PUT*(). |
| - Fix hash size checking in kernel (bug reported by Seblu) |
| - Correct README file about minimal required iptables version |
| (Oskar Berggren) |
| - Sparse warnings "incorrect type in assignment" fixed |
| - Fix timeout value overflow bug at large timeout parameters |
| (bug reported by Andreas Herz) |
| - ipv6: Add fragment reporting to ipv6_skip_exthdr(). |
| - net: remove ipv6_addr_copy() |
| - Fix the inclusion of linux/export.h (Henry Culver) |
| |
| 6.11 |
| - hash:net,iface timeout bug fixed |
| - Exceptions support added to hash:*net* types |
| - net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules |
| - Log warning when a hash type of set gets ful |
| |
| 6.10 |
| - Invert the logic to include version.h in ip_set_core.c |
| - Suppress false compile-time warnings about uninitialized variable ip_to |
| |
| 6.9.1 |
| - Fix compiling ipset as external kernel modules |
| |
| 6.9 |
| - Complete Kconfig with hash:net,iface type (standalone package) |
| - rtnetlink: Compute and store minimum ifinfo dump size (Greg Rose) |
| - Remove redundant linux/version.h includes from net/ (Jesper Juhl) |
| - ipset: use NFPROTO_ constants (Jan Engelhardt) |
| - netfilter: ipset: expose userspace-relevant parts in ip_set.h |
| (Jan Engelhardt) |
| - netfilter: ipset: avoid use of kernel-only types (Jan Engelhardt) |
| - netfilter: Remove unnecessary OOM logging messages (Joe Perches) |
| - Dumping error triggered removing references twice and lead to kernel BUG |
| - Autoload set type modules safely |
| |
| 6.8 |
| - Fix compiler warnings "'hash_ip4_data_next' declared inline after being |
| called" (Chris Friesen) |
| - hash:net,iface fixed to handle overlapping nets behind different |
| interfaces |
| - Make possible to hash some part of the data element only. |
| |
| 6.7 |
| - Whitespace and coding fixes, detected by checkpatch.pl |
| - hash:net,iface type introduced |
| - Use the stored first cidr value instead of '1' |
| - Fix return code for destroy when sets are in use |
| - Add xt_action_param to the variant level kadt functions, ipset API change |
| - Drop supporting kernel versions below 2.6.35 |
| |
| 6.6 |
| - Use unified from/to address masking and check the usage |
| - ip_set_flush returned -EPROTO instead of -IPSET_ERR_PROTOCOL, fixed |
| - Take into account cidr value for the from address when creating the set |
| - Adding ranges to hash types with timeout could still fail, fixed |
| - Removed old, not used hashing method ip_set_chash |
| - Remove variable 'ret' in type_pf_tdel(), which is set but not used |
| - Use proper timeout parameter to jiffies conversion |
| |
| 6.5 |
| - Support range for IPv4 at adding/deleting elements for hash:*net* types |
| - Set type support with multiple revisions added |
| - Fix adding ranges to hash types |
| |
| 6.4 |
| - Support listing setnames and headers too |
| - Fix the order of listing of sets |
| - Options and flags support added to the kernel API |
| |
| 6.3 |
| - ipset/Kconfig was a mixed up kernel config file, fixed (Michael Tokarev) |
| - bitmap:ip,mac type requires "src" for MAC, enforce it |
| - whitespace fixes: some space before tab slipped in |
| - set match and SET target fixes (bugs reported by Lennert Buytenhek) |
| |
| 6.2 |
| - list:set timeout variant fixes |
| - References are protected by rwlock instead of mutex |
| - Add explicit text message to detect patched kernel (netlink.patch) |
| - Timeout can be modified for already added elements |
| |
| 6.1 |
| - The hash:*port* types ignored the address range with non TCP/UDP, fixed |
| - Fix checking the revision number of the set type at create command |
| - SCTP, UDPLITE support to hash:*port* types added |
| - Fix revision reporting got broken by the revision checking patch |
| |
| 6.0 |
| - Reorganized kernel/ subdir |
| - netfilter: ipset: fix linking with CONFIG_IPV6=n (Patrick McHardy) |
| - netfilter: ipset: send error message manually |
| - netfilter: ipset: add missing break statemtns in |
| ip_set_get_ip_port() (Patrick McHardy) |
| - netfilter: ipset: add missing include to xt_set.h (Patrick McHardy) |
| - netfilter: ipset: remove unnecessary includes (Patrick McHardy) |
| - netfilter: ipset: use nla_parse_nested() (Patrick McHardy) |
| - Separate ipset errnos completely from system ones and bump protocol |
| version |
| - Use better error codes in xt_set.c |
| - Fix sparse warning about shadowed definition |
| - bitmap:ip type: flavour specific adt functions (Patrick McHardy's review) |
| - bitmap:port type: flavour specific adt functions (Patrick McHardy's |
| review) |
| - Move the type specifici attribute validation to the core |
| (suggested by Patrick McHardy) |
| - Use vzalloc() instead of __vmalloc() (Eric Dumazet, Patrick McHardy) |
| - Use meaningful error messages in xt_set.c (Patrick McHardy's review) |
| - Constified attribute cannot be written (Patrick McHardy's review) |
| - Send (N)ACK at dumping only when NLM_F_ACK is set |
| (Patrick McHardy's review) |
| - Correct the error codes: use ENOENT and EMSGSIZE (Patrick McHardy's |
| review) |
| |
| 5.4 |
| - Fixed broken ICMP and ICMPv6 handling |
| - Fix trailing whitespaces and pr_* messages |
| - Un-inline functions which are not small enough (suggested by Patrick McHardy) |
| - Fix module loading at create/header command (reported by Patrick McHardy) |
| - Fix wrong kzalloc flag in type_pf_expire |
| - The get_ip*_port functions are too large to be inlined, move into the core |
| - Add missing __GFP_HIGHMEM flag to __vmalloc (suggested by Eric Dumazet) |
| - Enforce network-order data in the netlink protocol |
| - Use annotated types and fix sparse warnings (suggested by Patrick McHardy) |
| - Move ip_set_alloc, ip_set_free and ip_set_get_ipaddr* into core |
| (suggested by Patrick McHardy) |
| - NETMASK*, HOSTMASK* macros are too generic, use small inline functions |
| (suggested by Patrick McHardy) |
| - Use static LIST_HEAD() for ip_set_type_list (suggested by Patrick McHardy) |
| - Move NLA_PUT_NET* macros to include/net/netlink.h (suggested by Patrick |
| McHardy) |
| - The module parameter max_sets should be unsigned int (reported by Patrick |
| McHardy) |
| - Get rid of ip_set_kernel.h (suggested by Patrick McHardy) |
| - Fix the placement style of boolean operators at continued lines |
| (suggested by Patrick McHardy) |
| |
| 5.3 |
| - There is no need to call synchronize_net() at swapping |
| - Replace strncpy with strlcpy at creating a set |
| - Update copyright date and some style changes |
| - Use jhash.h accepted in kernel, with backward compatibility |
| - Separate prefixlens from ip_set core |
| - Remove unused ctnl parameter from call_ad (Jan Engelhardt) |
| - Comment the possible return values of the add/del/test type-functions |
| |
| 5.2 |
| - Kernel version check at minimal supported version was mistyped, now fixed. |
| |
| 5.1 |
| - Kernel version compatibility: support bumped starting from 2.6.34 |
| (Supporting older kernel releases would mean too much burden for me, |
| sorry.) |
| - kernel: use EXPORT_SYMBOL_GPL (Jan Engelhardt) |
| - kernel: const annotations (Jan Engelhardt) |
| - kernel: use __read_mostly for registration-type structures |
| (Jan Engelhardt) |
| - kernel: do not mix const and __read_mostly (Jan Engelhardt) |
| - xt_set: avoid user types in exported kernel headers (Jan Engelhardt) |
| - build: enable parallel building (Jan Engelhardt) |
| - Fix Kbuild for me to delete backup files |
| |
| 5.0 |
| - New main branch - ipset completely rewritten |
| |
| 4.2 |
| - nethash and ipportnethash types counted every entry twice |
| which could produce bogus entries when listing/saving these types |
| of sets (bug reported by Husnu Demir) |
| |
| 4.1 |
| - Do not use init_MUTEX either (Jan Engelhardt) |
| - Improve listing/saving hash type of sets by not copying empty |
| entries unnecessarily to userspace. |
| |
| 4.0 |
| - Compilation of ip_set_iptree.c fails with kernel 2.6.20 due to |
| missing include of linux/jiffies.h (Jan Engelhardt) |
| - Do not use DECLARE_MUTEX (compatibility fix on 2.6.31-rt, Jan |
| Engelhardt) |
| - Flushing iptreemap type of sets caused high ksoftirqd load due to |
| zeroed out gc parameter (bug reported by Georg Chini) |
| - New protocol is introduced to handle aligment issues properly |
| (bug reported by Georg Chini) |
| - Binding support is removed |
| |
| 3.2 |
| - Mixed up formats in ip_set_iptree.c (Rob Sterenborg) |
| - Don't use 'bool' for backward compatibility reasons (Rob Sterenborg) |
| |
| 3.1 |
| - Nonexistent sets were reported as existing sets when testing |
| from userspace in setlist type of sets (bug reported by Victor A. |
| Safronov) |
| - When saving sets, setlist type of sets must come last in order |
| to satisfy the dependency from the elements (bug reported by Marty B.) |
| - Sparse insists that the flags argument to kmalloc() is gfp_t |
| (Stephen Hemminger) |
| - Correct format specifiers and change %i to %d (Jan Engelhardt) |
| - Fix the definition of 'bool' for kernels <= 2.6.18 (Jan Engelhardt) |
| |
| 3.0 |
| - New kernel-userspace protocol release |
| - Bigendian and 64/32bit fixes (Stefan Gula, bugzilla id 593) |
| - Support of 2.4.3[67].* kernels fixed |
| - Compiling with debugging enabled fixed |
| |
| 2.5.0 |
| - Use the spinlock initiator instead of setting the locks directly |
| as it causes compilation errors with 2.6.29-rt (Jan Engelhardt). |
| 2.4.9 |
| - References to the old include file replaced with new one in order to |
| really use the new Jenkins' hash function. |
| |
| 2.4.8 |
| - The Jenkins' hash lookup2() replaced with Jenkins' faster/better lookup3() |
| hash function. |
| - Bug fixed: after elements are added and deleted from a hash, an element |
| can successfully be added in spite it's already in the hash and thus |
| duplicates can occur (Shih-Yi Chen). |
| - Compatibility with old gcc without 'bool' added. |
| |
| 2.4.7 |
| - Typo which broke compilation with kernels < 2.6.28 |
| fixed (reported by Richard Lucassen, Danny Rawlins) |
| |
| 2.4.6 |
| - Compatibility fix for kernels >= 2.6.28 |
| |
| 2.4.5 |
| - setlist type does not work properly together with swapping |
| sets, bug reported by Thomas Jacob. |
| - Include linux/capability.h explicitly in ip_set.c (Jan Engelhardt) |
| |
| 2.4.4 |
| - Premature checking prevents to add valid elements to hash |
| types, fixed (bug reported by JC Janos). |
| |
| 2.4.2 |
| - When flushing a nethash/ipportnethash type of set, it can |
| lead to a kernel crash due to a wrong type declaration, |
| bug reported by Krzysztof Oledzki. |
| - iptree and iptreemap types require the header file linux/timer.h, |
| also reported by Krzysztof Oledzki. |
| |
| 2.4.1 |
| - Zero-valued element are not accepted by hash type of sets |
| because we cannot make a difference between a zero-valued |
| element and not-set element. |
| 2.4 |
| - ipportiphash, ipportnethash and setlist types added |
| - set type modules reworked to avoid code duplication |
| as much as possible, code unification macros |
| - expand_macros Makefile target added to help debugging |
| code unification macros |
| - ip_set_addip_kernel and ip_set_delip_kernel |
| changed from void to int, __ip_set_get_byname and |
| __ip_set_put_byid added for the sake of setlist type |
| - unnecessary includes removed |
| - compatibility fix for kernels >= 2.6.27: |
| semaphore.h was moved from asm/ to linux/ (James King) |
| - ChangeLog forked for kernel part |
