[ANNOUNCE] ipset 7.16 released

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [ANNOUNCE] ipset 7.16 released
@ 2022-11-21 19:31 Jozsef Kadlecsik
  0 siblings, 0 replies; only message in thread
From: Jozsef Kadlecsik @ 2022-11-21 19:31 UTC (permalink / raw)
  To: netfilter, netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 2579 bytes --]

Hi,

I'm happy to announce ipset 7.16, which includes a few fixes,
compatibility patches to support recent kernels and a new "bitmask"
option for the hash:ip, hash:ipport, hash:netnet types to use
any kind of netmask, from Vishwanath Pai.

Userspace changes:
  - Add new ipset_parse_bitmask() function to the library interface
  - test: Make sure no more than 64 clashing elements can be added
    to hash:net,iface sets
  - Fix all debug mode warnings
  - netfilter: ipset: add tests for the new bitmask feature (Vishwanath 
    Pai)
  - netfilter: ipset: Update the man page to include netmask/bitmask 
    options (Vishwanath Pai)
  - netfilter: ipset: Add bitmask support to hash:netnet (Vishwanath Pai)
  - netfilter: ipset: Add bitmask support to hash:ipport (Vishwanath Pai)
  - netfilter: ipset: Add bitmask support to hash:ip (Vishwanath Pai)
  - netfilter: ipset: Add support for new bitmask parameter (Vishwanath 
    Pai)
  - ipset-translate: allow invoking with a path name (Quentin Armitage)
  - Fix IPv6 sets nftables translation (Pablo Neira Ayuso)
  - Fix typo in ipset-translate man page (Bernhard M. Wiedemann)

Kernel part changes:
  - netfilter: ipset: restore allowing 64 clashing elements in 
    hash:net,iface
  - netfilter: ipset: Add support for new bitmask parameter (Vishwanath 
    Pai)
  - netfilter: ipset: regression in ip_set_hash_ip.c (Vishwanath Pai)
  - netfilter: move from strlcpy with unused retval to strscpy
    (Wolfram Sang)
  - compatibility: handle unsafe_memcpy()
  - netlink: Bounds-check struct nlmsgerr creation (Kees Cook)
  - compatibility: move to skb_protocol in the code from tc_skb_protocol
  - Compatibility: check kvcalloc, kvfree, kvzalloc in slab.h too
  - sched: consistently handle layer3 header accesses in the presence
    of VLANs (Toke Høiland-Jørgensen)
  - treewide: Replace GPLv2 boilerplate/reference with SPDX
    - rule 500 (Thomas Gleixner)
  - headers: Remove some left-over license text in 
    include/uapi/linux/netfilter/ (Christophe JAILLET)
  - netfilter: ipset: enforce documented limit to prevent allocating
    huge memory
  - netfilter: ipset: Fix oversized kvmalloc() calls

You can download the source code of ipset from:
        https://ipset.netfilter.org
        git://git.netfilter.org/ipset.git

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.hu
PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics
          H-1525 Budapest 114, POB. 49, Hungary

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-11-21 19:40 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-11-21 19:31 [ANNOUNCE] ipset 7.16 released Jozsef Kadlecsik

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).