Hi all, The proceeding patch-set adds three new sets for usage: * ip,port,ip,port * ip,port,net,port * net,port,net,port I would like to solicit some feedback as I am fairly certain that there are bugs or possibly backwards-incompatiblity in the implementation as it stands. Most notably, I ran into loss of elements when resizing and had to significantly rework how the insertion is done. For a good example of this, see the IPv6 uadt function for ip,port,net,port. I suspect there is an underlying issue that should be resolved and that the current behaviour is essentially a sub-optimal workaround. I also have patches that apply to the mainline kernel which are identical to the code that is part of the main ipset package. Cheers, Oliver. Oliver Smith (5): ipset: Support sets with 4 individual elements and an extra port ipset: Implement ip,port,ip,port hash set. ipset: Implement ip,port,net,port hash set. ipset: Implement net,port,net,port hash set. lib/ipset.c: Fix a compilation failure when using --enable-debug include/libipset/data.h | 6 + include/libipset/linux_ip_set.h | 5 + include/libipset/types.h | 2 +- kernel/include/linux/netfilter/ipset/ip_set.h | 4 +- .../uapi/linux/netfilter/ipset/ip_set.h | 5 + kernel/net/netfilter/ipset/Kbuild | 2 + kernel/net/netfilter/ipset/Kconfig | 31 +- .../ipset/ip_set_hash_ipportipport.c | 436 ++++++++++++ .../ipset/ip_set_hash_ipportnetport.c | 612 ++++++++++++++++ .../ipset/ip_set_hash_netportnetport.c | 662 ++++++++++++++++++ lib/Makefile.am | 3 + lib/data.c | 14 + lib/debug.c | 2 + lib/ipset.c | 1 + lib/ipset_hash_ipportipport.c | 144 ++++ lib/ipset_hash_ipportnetport.c | 152 ++++ lib/ipset_hash_netportnetport.c | 149 ++++ lib/parse.c | 40 +- lib/print.c | 28 +- lib/session.c | 8 + tests/hash:ip,port,ip,port.t | 159 +++++ tests/hash:ip,port,ip,port.t.list0 | 11 + tests/hash:ip,port,ip,port.t.list1 | 7 + tests/hash:ip,port,net,port.t | 183 +++++ tests/hash:ip,port,net,port.t.list0 | 11 + tests/hash:ip6,port,ip6,port.t | 115 +++ tests/hash:ip6,port,ip6,port.t.list0 | 12 + tests/hash:ip6,port,ip6,port.t.list1 | 7 + tests/hash:ip6,port,net6,port.t | 143 ++++ tests/hash:ip6,port,net6,port.t.list0 | 11 + tests/hash:net,port,net,port.t | 191 +++++ tests/hash:net,port,net,port.t.list0 | 11 + tests/hash:net6,port,net6,port.t | 157 +++++ tests/hash:net6,port,net6,port.t.list0 | 11 + tests/resizet.sh | 24 + tests/runtest.sh | 3 + 36 files changed, 3344 insertions(+), 18 deletions(-) create mode 100644 kernel/net/netfilter/ipset/ip_set_hash_ipportipport.c create mode 100644 kernel/net/netfilter/ipset/ip_set_hash_ipportnetport.c create mode 100644 kernel/net/netfilter/ipset/ip_set_hash_netportnetport.c create mode 100644 lib/ipset_hash_ipportipport.c create mode 100644 lib/ipset_hash_ipportnetport.c create mode 100644 lib/ipset_hash_netportnetport.c create mode 100644 tests/hash:ip,port,ip,port.t create mode 100644 tests/hash:ip,port,ip,port.t.list0 create mode 100644 tests/hash:ip,port,ip,port.t.list1 create mode 100644 tests/hash:ip,port,net,port.t create mode 100644 tests/hash:ip,port,net,port.t.list0 create mode 100644 tests/hash:ip6,port,ip6,port.t create mode 100644 tests/hash:ip6,port,ip6,port.t.list0 create mode 100644 tests/hash:ip6,port,ip6,port.t.list1 create mode 100644 tests/hash:ip6,port,net6,port.t create mode 100644 tests/hash:ip6,port,net6,port.t.list0 create mode 100644 tests/hash:net,port,net,port.t create mode 100644 tests/hash:net,port,net,port.t.list0 create mode 100644 tests/hash:net6,port,net6,port.t create mode 100644 tests/hash:net6,port,net6,port.t.list0 -- 2.19.2
