[ANNOUNCE] ipset 6.22 released

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I'm happy to announce ipset 6.22, which, besides bugfixes and corrections, 
includes the new set type hash:mac and the skbinfo extension from Anton 
Danilov. The skbinfo extension makes possible to store fw mark, tc class 
and/or hardware queue parameters together with the set elements and then 
attach them to the matchig packets by the SET target. Example

ipset create mark_values hash:net skbinfo
ipset add mark_values 8.8.8.8/32 skbmark 0x1/0xffff
...
iptables -t mangle -A OUTPUT -p tcp -o iface \
	-j SET --map-set mark_values dst --map-mark

(At the moment the support of the --map-set options of
the SET target is available in the ipset branch of the iptables
git tree.)

Userspace changes:
  - hash:mac type added to ipset
  - Add test to check mark mapping
  - ipset: remove extran newline on debug output (Holger Eitzenberger)
  - ipset: avoid duplicate command flags (Holger Eitzenberger)
  - Remove a duplicate debug print (Holger Eitzenberger)
  - ipset: man: Add the skbinfo extension documentation. (Anton Danilov)
  - libipset: Add userspace support of the skbinfo extension of the list
    set type. (Anton Danilov)
  - libipset: Add userspace support of the skbinfo extension of the hash
    set types. (Anton Danilov)
  - libipset: Add userspace support of the skbinfo extension of the
    bitmap set types. (Anton Danilov)
  - libipset: Add userspace code for the skbinfo extension support.
    (Anton Danilov)
  - Make possible to compile ipset with IPSET_DEBUG from the dist.
    (Clinton Roy)
  - libipset: print third element in debugging (Sergey Popovich)
  - ipset: Handle missing leading zeros in ethernet address parser
    (Janeks Jaunups)
  - ipset: Pass IPSET_BIN to test scripts to change binary location
    (Neutron Soutmun)
  - ipset: Fix grammar error in manpage (Neutron Soutmun)
  - ipset: Fix printf format warning (Neutron Soutmun)

Kernel part changes:
  - hash:mac type added to ipset
  - skbinfo extension: send nonzero extension elements only to userspace
  - netfilter: Convert pr_warning to pr_warn (Joe Perches)
  - netfilter: ipset: Add skbinfo extension support to SET target.
    (Anton Danilov)
  - netfilter: ipset: Add skbinfo extension kernel support for the list
    set type. (Anton Danilov)
  - netfilter: ipset: Add skbinfo extension kernel support for the hash
    set types. (Anton Danilov)
  - netfilter: ipset: Add skbinfo extension kernel support for the
    bitmap set types. (Anton Danilov)
  - netfilter: ipset: Add skbinfo extension kernel support in the ipset
    core. (Anton Danilov)
  - Fix static checker warning in ip_set_core.c (reported by Dan 
    Carpenter)
  - Fix warn: integer overflows 'sizeof(*map) + size * set->dsize'
    (reported by Dan Carpenter)
  - net/netfilter/ipset: Resolve missing-field-initializer warnings
    (Mark Rustad)
  - netnet,netportnet: Fix value range support for IPv4 (Sergey Popovich)
  - Removed invalid IPSET_ATTR_MARKMASK validation (Vytas Dauksa) 

You can download the source code of ipset from:
        http://ipset.netfilter.org
        ftp://ftp.netfilter.org/pub/ipset/
        git://git.netfilter.org/ipset.git

Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux