[ANNOUNCE] ipset 6.2 released

[ANNOUNCE] ipset 6.2 released

[Jozsef Kadlecsik]

Hi,

I'm happy to announce ipset 6.2.

Important note: if you want to use the list:set type with timeout, you 
must upgrade, because in earlier releases the type in the timeout variant 
was completely broken. The bugs did not affect other types or the list:set 
type without timeout.

kernel part:
 - list:set timeout variant fixes
 - References are protected by rwlock instead of mutex
 - Add explicit text message to detect patched kernel (netlink.patch)
 - Timeout can be modified for already added elements

userspace part:
 - Manpage update

You can download the source code from:
        http://ipset.netfilter.org
        ftp://ftp.netfilter.org/pub/ipset/
        git://git.netfilter.org/ipset.git

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

Re: [ANNOUNCE] ipset 6.2 released

[Michael Tokarev]

27.03.2011 23:30, Jozsef Kadlecsik wrote:
> Hi,
> 
> I'm happy to announce ipset 6.2.

ipset-6.2/kernel/net/netfilter/ipset/Kconfig file
appears to be some net/netfilter/Kconfig file from
linux source tree (from one directory level up),
patched with NETFILTER_XT_SET.  It gets included
into itself recursively.

Thanks!

/mjt

Re: [ANNOUNCE] ipset 6.2 released

[Jozsef Kadlecsik]

On Tue, 29 Mar 2011, Michael Tokarev wrote:

> ipset-6.2/kernel/net/netfilter/ipset/Kconfig file
> appears to be some net/netfilter/Kconfig file from
> linux source tree (from one directory level up),
> patched with NETFILTER_XT_SET.  It gets included
> into itself recursively.

Yes, you are right, I fixed it in the ipset git tree. Thanks!

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

Re: [ANNOUNCE] ipset 6.2 released

[Michael Tokarev]

29.03.2011 23:23, Jozsef Kadlecsik wrote:
> On Tue, 29 Mar 2011, Michael Tokarev wrote:
> 
>> ipset-6.2/kernel/net/netfilter/ipset/Kconfig file
>> appears to be some net/netfilter/Kconfig file from
>> linux source tree (from one directory level up),
>> patched with NETFILTER_XT_SET.  It gets included
>> into itself recursively.
> 
> Yes, you are right, I fixed it in the ipset git tree. Thanks!

Actually I'm not sure at all this file is needed.

With current Kbuild file, it builds everything as
modules, the only CONFIG_FOO in use is IP_SET_MAX
which can be specfied in the upper-level Kconfig
(in net/netfilter/Kconfig).

Besides, what's the intention of CONFIG_IP_SET
vs CONFIG_NETFILTER_XT_SET?

Thanks!

/mjt

Re: [ANNOUNCE] ipset 6.2 released

[Michael Tokarev]

29.03.2011 23:44, Michael Tokarev пишет:
> 29.03.2011 23:23, Jozsef Kadlecsik wrote:
>> On Tue, 29 Mar 2011, Michael Tokarev wrote:
>>
>>> ipset-6.2/kernel/net/netfilter/ipset/Kconfig file
>>> appears to be some net/netfilter/Kconfig file from
>>> linux source tree (from one directory level up),
>>> patched with NETFILTER_XT_SET.  It gets included
>>> into itself recursively.
>>
>> Yes, you are right, I fixed it in the ipset git tree. Thanks!
> 
> Actually I'm not sure at all this file is needed.
> 
> With current Kbuild file, it builds everything as
> modules, the only CONFIG_FOO in use is IP_SET_MAX
> which can be specfied in the upper-level Kconfig
> (in net/netfilter/Kconfig).

Maybe something like this:

net/netfilter/ipset/Makefile:
ip_set-y := ip_set_core.o ip_set_getport.o pfxlen.o

obj-$(CONFIG_IP_SET) += ip_set.o

obj-$(CONFIG_IP_SET_BITMAP_IP) += ip_set_bitmap_ip.o
obj-$(CONFIG_IP_SET_BITMAP_IPMAC) += ip_set_bitmap_ipmac.o
obj-$(CONFIG_IP_SET_BITMAP_PORT) += ip_set_bitmap_port.o

obj-$(CONFIG_IP_SET_HASH_IP) += ip_set_hash_ip.o
obj-$(CONFIG_IP_SET_HASH_IPPORT) += ip_set_hash_ipport.o
obj-$(CONFIG_IP_SET_HASH_IPPORTIP) += ip_set_hash_ipportip.o

obj-$(CONFIG_IP_SET_HASH_NET) += ip_set_hash_net.o
obj-$(CONFIG_IP_SET_HASH_IPPORTNET) += ip_set_hash_ipportnet.o
obj-$(CONFIG_IP_SET_HASH_NETPORT) += ip_set_hash_netport.o
obj-$(CONFIG_IP_SET_LIST_SET) += ip_set_list_set.o
---- cut ----

net/netfilter/Kbuild.ipset:
obj-$(CONFIG_XT_SET) += xt_set.o
obj-$(CONFIG_IP_SET) += ipset/
--- cut ---

(this should go to net/netfilter/Makefile in the upstream
kernel sources; ditto for the Kconfig bits).


This is all, obviously, about integration into mainline
kernel.

Do you plan to include the whole thing into mainline kernel?

Thanks!

/mjt

Re: [ANNOUNCE] ipset 6.2 released

[Jozsef Kadlecsik]

On Wed, 30 Mar 2011, Michael Tokarev wrote:

> 29.03.2011 23:44, Michael Tokarev ?????:
> > 29.03.2011 23:23, Jozsef Kadlecsik wrote:
> >> On Tue, 29 Mar 2011, Michael Tokarev wrote:
> >>
> >>> ipset-6.2/kernel/net/netfilter/ipset/Kconfig file
> >>> appears to be some net/netfilter/Kconfig file from
> >>> linux source tree (from one directory level up),
> >>> patched with NETFILTER_XT_SET.  It gets included
> >>> into itself recursively.
> >>
> >> Yes, you are right, I fixed it in the ipset git tree. Thanks!
> > 
> > Actually I'm not sure at all this file is needed.
> > 
> > With current Kbuild file, it builds everything as
> > modules, the only CONFIG_FOO in use is IP_SET_MAX
> > which can be specfied in the upper-level Kconfig
> > (in net/netfilter/Kconfig).
> 
> Maybe something like this:
> 
> net/netfilter/ipset/Makefile:
> ip_set-y := ip_set_core.o ip_set_getport.o pfxlen.o
> 
> obj-$(CONFIG_IP_SET) += ip_set.o
> 
> obj-$(CONFIG_IP_SET_BITMAP_IP) += ip_set_bitmap_ip.o
> obj-$(CONFIG_IP_SET_BITMAP_IPMAC) += ip_set_bitmap_ipmac.o
> obj-$(CONFIG_IP_SET_BITMAP_PORT) += ip_set_bitmap_port.o
> 
> obj-$(CONFIG_IP_SET_HASH_IP) += ip_set_hash_ip.o
> obj-$(CONFIG_IP_SET_HASH_IPPORT) += ip_set_hash_ipport.o
> obj-$(CONFIG_IP_SET_HASH_IPPORTIP) += ip_set_hash_ipportip.o
> 
> obj-$(CONFIG_IP_SET_HASH_NET) += ip_set_hash_net.o
> obj-$(CONFIG_IP_SET_HASH_IPPORTNET) += ip_set_hash_ipportnet.o
> obj-$(CONFIG_IP_SET_HASH_NETPORT) += ip_set_hash_netport.o
> obj-$(CONFIG_IP_SET_LIST_SET) += ip_set_list_set.o
> ---- cut ----
> 
> net/netfilter/Kbuild.ipset:
> obj-$(CONFIG_XT_SET) += xt_set.o
> obj-$(CONFIG_IP_SET) += ipset/
> --- cut ---
> 
> (this should go to net/netfilter/Makefile in the upstream
> kernel sources; ditto for the Kconfig bits).
> 
> This is all, obviously, about integration into mainline
> kernel.
> 
> Do you plan to include the whole thing into mainline kernel?

Actually, it's already in net-next, so yes :-). And with the Makefiles you 
suggested above.

The Kconfig and the Makefiles are all right in net-next.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

Re: [ANNOUNCE] ipset 6.2 released

[Jozsef Kadlecsik]

On Tue, 29 Mar 2011, Jozsef Kadlecsik wrote:

> > Do you plan to include the whole thing into mainline kernel?
> 
> Actually, it's already in net-next, so yes :-). And with the Makefiles you 
> suggested above.

And 2.6.39-rc1 is out, with ipset :-).

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

Re: [ANNOUNCE] ipset 6.2 released

[Jozsef Kadlecsik]

On Tue, 29 Mar 2011, Michael Tokarev wrote:

> 29.03.2011 23:23, Jozsef Kadlecsik wrote:
> > On Tue, 29 Mar 2011, Michael Tokarev wrote:
> > 
> >> ipset-6.2/kernel/net/netfilter/ipset/Kconfig file
> >> appears to be some net/netfilter/Kconfig file from
> >> linux source tree (from one directory level up),
> >> patched with NETFILTER_XT_SET.  It gets included
> >> into itself recursively.
> > 
> > Yes, you are right, I fixed it in the ipset git tree. Thanks!
> 
> Actually I'm not sure at all this file is needed.

It is not needed at all in the ipset package. However for the 
sake of completeness it is kept.
 
> With current Kbuild file, it builds everything as
> modules, the only CONFIG_FOO in use is IP_SET_MAX
> which can be specfied in the upper-level Kconfig
> (in net/netfilter/Kconfig).
> 
> Besides, what's the intention of CONFIG_IP_SET
> vs CONFIG_NETFILTER_XT_SET?

CONFIG_IP_SET selects the ipset subsystem, while CONFIG_NETFILTER_XT_SET 
selects the set/SET match and target.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

Re: [ANNOUNCE] ipset 6.2 released

[Michael Tokarev]

29.03.2011 23:23, Jozsef Kadlecsik wrote:
> On Tue, 29 Mar 2011, Michael Tokarev wrote:
> 
>> ipset-6.2/kernel/net/netfilter/ipset/Kconfig file
>> appears to be some net/netfilter/Kconfig file from
>> linux source tree (from one directory level up),
>> patched with NETFILTER_XT_SET.  It gets included
>> into itself recursively.
> 
> Yes, you are right, I fixed it in the ipset git tree. Thanks!

You added stuff to the top of that file, but haven't deleted
the old content, starting with «menu "Core Netfilter Configuration"» ;)

/mjt
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [ANNOUNCE] ipset 6.2 released

[Michael Tokarev]

30.03.2011 00:18, Michael Tokarev wrote:
> You added stuff to the top of that file, but haven't deleted
> the old content, starting with «menu "Core Netfilter Configuration"» ;)

Please scratch that.  It was me applying new patch to the old
file and screwing stuff up.

/mjt

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html