[ANNOUNCE] ipset 6.15 released

[ANNOUNCE] ipset 6.15 released

[Jozsef Kadlecsik]

Hi,

I'm happy to announce ipset 6.15, which brings a few bugfixes and 
corrections. The most important is that there was a range input bug in 
hash:ip,port,net type: if a single element was to be added/deleted, due to 
a missing initialization, a range of elements were added/deleted.

>From now on the "ipset" tool uses gethostbyname2 instead of getaddrinfo: 
in newer glibc, getaddrinfo issues an extra system call to kernel, which 
slows down ipset.

Userspace changes:
 - Fix interactive mode (Fredrik Eriksson)
 - Use gethostbyname2 instead of getaddrinfo
 - Make tests/check_cidrs.sh script executable
 - Add tests to check completely ranges with hash types
 - Make easier to apply the netlink.patch
 - Support protocol numbers as well, not only protocol names
 - Add (back) the debug flag to configure
 - Add simple test to check cidr book-keeping

Kernel part changes:
 - Increase the number of maximal sets automatically as needed
 - Restore the support of kernel versions between 2.6.32 and 2.6.35
 - Fix range bug in hash:ip,port,net
 - Revert, then reapply cidr book keeping patch to handle /0

You can download the source code of ipset from:
        http://ipset.netfilter.org
        ftp://ftp.netfilter.org/pub/ipset/
        git://git.netfilter.org/ipset.git

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary

Re: [ANNOUNCE] ipset 6.15 released

[Ricardo Klein]

It fails on ./configure on CentOS 6.3 x84_64 with the message:
./configure: line 14702: syntax error near unexpected token `libmnl,'
./configure: line 14702: `PKG_CHECK_MODULES(libmnl, libmnl >= 1)'

But I have libmnl:
[root@host]# rpm -qa | grep libmnl
libmnl-1.0.2-3.el6.x86_64
libmnl-devel-1.0.2-3.el6.x86_64
--
Att...

Ricardo Felipe Klein
klein.rfk@gmail.com


On Mon, Nov 19, 2012 at 11:03 AM, Jozsef Kadlecsik
<kadlec@blackhole.kfki.hu> wrote:
> Hi,
>
> I'm happy to announce ipset 6.15, which brings a few bugfixes and
> corrections. The most important is that there was a range input bug in
> hash:ip,port,net type: if a single element was to be added/deleted, due to
> a missing initialization, a range of elements were added/deleted.
>
> From now on the "ipset" tool uses gethostbyname2 instead of getaddrinfo:
> in newer glibc, getaddrinfo issues an extra system call to kernel, which
> slows down ipset.
>
> Userspace changes:
>  - Fix interactive mode (Fredrik Eriksson)
>  - Use gethostbyname2 instead of getaddrinfo
>  - Make tests/check_cidrs.sh script executable
>  - Add tests to check completely ranges with hash types
>  - Make easier to apply the netlink.patch
>  - Support protocol numbers as well, not only protocol names
>  - Add (back) the debug flag to configure
>  - Add simple test to check cidr book-keeping
>
> Kernel part changes:
>  - Increase the number of maximal sets automatically as needed
>  - Restore the support of kernel versions between 2.6.32 and 2.6.35
>  - Fix range bug in hash:ip,port,net
>  - Revert, then reapply cidr book keeping patch to handle /0
>
> You can download the source code of ipset from:
>         http://ipset.netfilter.org
>         ftp://ftp.netfilter.org/pub/ipset/
>         git://git.netfilter.org/ipset.git
>
> Best regards,
> Jozsef
> -
> E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
>           H-1525 Budapest 114, POB. 49, Hungary
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [ANNOUNCE] ipset 6.15 released

[Jozsef Kadlecsik]

On Mon, 19 Nov 2012, Ricardo Klein wrote:

> It fails on ./configure on CentOS 6.3 x84_64 with the message:./configure: line
> 14702: syntax error near unexpected token `libmnl,'
> ./configure: line 14702: `PKG_CHECK_MODULES(libmnl, libmnl >= 1)'

It's funny, because that part was not touched at all. Can you successfully 
run "./configure" in ipset 6.14??

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary

Re: [ANNOUNCE] ipset 6.15 released

[Ricardo Klein]

Jozsef,

I have deleted "configure" and run autogen again... I think the
problem was created by my first test, because I tried to run autogen
without having autogen, pkg-tool etc.. on this box...
Now it has built succefull....
--
Att...

Ricardo Felipe Klein
klein.rfk@gmail.com


On Mon, Nov 19, 2012 at 3:50 PM, Jozsef Kadlecsik
<kadlec@blackhole.kfki.hu> wrote:
> On Mon, 19 Nov 2012, Ricardo Klein wrote:
>
>> It fails on ./configure on CentOS 6.3 x84_64 with the message:./configure: line
>> 14702: syntax error near unexpected token `libmnl,'
>> ./configure: line 14702: `PKG_CHECK_MODULES(libmnl, libmnl >= 1)'
>
> It's funny, because that part was not touched at all. Can you successfully
> run "./configure" in ipset 6.14??
>
> Best regards,
> Jozsef
> -
> E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
>           H-1525 Budapest 114, POB. 49, Hungary

Re: [ANNOUNCE] ipset 6.15 released

[Jan Engelhardt]

On Monday 2012-11-19 18:39, Ricardo Klein wrote:

>It fails on ./configure on CentOS 6.3 x84_64 with the message:
>./configure: line 14702: syntax error near unexpected token `libmnl,'
>./configure: line 14702: `PKG_CHECK_MODULES(libmnl, libmnl >= 1)'

This means you ran autoreconf (which you normally don't need to, because 
there already is a configure script), while at the same time did not 
have pkg-config installed.

Re: [ANNOUNCE] ipset 6.15 released

[Ricardo Klein]

if  you need, I can deploy a clean CentOS 6.3 64bits and test it again
running autogen with pkg-config installed....
--
Att...

Ricardo Felipe Klein
klein.rfk@gmail.com


On Mon, Nov 19, 2012 at 4:28 PM, Jan Engelhardt <jengelh@inai.de> wrote:
> On Monday 2012-11-19 18:39, Ricardo Klein wrote:
>
>>It fails on ./configure on CentOS 6.3 x84_64 with the message:
>>./configure: line 14702: syntax error near unexpected token `libmnl,'
>>./configure: line 14702: `PKG_CHECK_MODULES(libmnl, libmnl >= 1)'
>
> This means you ran autoreconf (which you normally don't need to, because
> there already is a configure script), while at the same time did not
> have pkg-config installed.

Re: [ANNOUNCE] ipset 6.15 released

[Jozsef Kadlecsik]

On Mon, 19 Nov 2012, Ricardo Klein wrote:

> if  you need, I can deploy a clean CentOS 6.3 64bits and test it again
> running autogen with pkg-config installed....

Yes, please. A double check does not hurt.

Best regards,
Jozsef
 
> On Mon, Nov 19, 2012 at 4:28 PM, Jan Engelhardt <jengelh@inai.de> wrote:
> > On Monday 2012-11-19 18:39, Ricardo Klein wrote:
> >
> >>It fails on ./configure on CentOS 6.3 x84_64 with the message:
> >>./configure: line 14702: syntax error near unexpected token `libmnl,'
> >>./configure: line 14702: `PKG_CHECK_MODULES(libmnl, libmnl >= 1)'
> >
> > This means you ran autoreconf (which you normally don't need to, because
> > there already is a configure script), while at the same time did not
> > have pkg-config installed.
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

-
E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary

Re: [ANNOUNCE] ipset 6.15 released

[Ricardo Klein]

It works.

Now I will implement a new firewall configuration script using ipset
instead of txt lists that need to be reloaded every time....
--
Att...

Ricardo Felipe Klein
klein.rfk@gmail.com


On Mon, Nov 19, 2012 at 5:57 PM, Jozsef Kadlecsik
<kadlec@blackhole.kfki.hu> wrote:
> On Mon, 19 Nov 2012, Ricardo Klein wrote:
>
>> if  you need, I can deploy a clean CentOS 6.3 64bits and test it again
>> running autogen with pkg-config installed....
>
> Yes, please. A double check does not hurt.
>
> Best regards,
> Jozsef
>
>> On Mon, Nov 19, 2012 at 4:28 PM, Jan Engelhardt <jengelh@inai.de> wrote:
>> > On Monday 2012-11-19 18:39, Ricardo Klein wrote:
>> >
>> >>It fails on ./configure on CentOS 6.3 x84_64 with the message:
>> >>./configure: line 14702: syntax error near unexpected token `libmnl,'
>> >>./configure: line 14702: `PKG_CHECK_MODULES(libmnl, libmnl >= 1)'
>> >
>> > This means you ran autoreconf (which you normally don't need to, because
>> > there already is a configure script), while at the same time did not
>> > have pkg-config installed.
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>
>
> -
> E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
>           H-1525 Budapest 114, POB. 49, Hungary