On Thu, 6 Jan 2011, Pablo Neira Ayuso wrote: > On 04/01/11 05:14, Jan Engelhardt wrote: > > So a few people had been asking on whether ipset 5.x will be bundled > > along with Xtables-addons. Naturally this is a difficult question > > because ipset-5 wants a kernel patch. But yes, it is included as of Xt-a > > 1.32 (just out). > > > > It has been augmented to not require the patch anymore, by moving it > > over from nfnetlink (booo) to genetlink which does not depend on static > > numbers, though you will need at least Linux 2.6.35 for this GENL > > variant in both compilation and at runtime. > > Not depending of static numbers is a good thing to me because it makes > the whole user-space simpler since: a) you don't have to send a message > to perform the initial family ID lookup and b) you don't have to > subscribe to genl control events (which is required since the the > floating family number may change if the module is unloaded). You mean "Depending on static numbers...", don't you? > > (As such, ipset-5 is deactivated by default in Xt-a 1.32 and needs to be > > turned on in mconfig.) > > > > Xt-a files at the usual place. > > > > The plain genl patch to ipset-5 can be found as a commit at > > git://dev.medozas.de/ipset in the "genl" branch. It has received a run > > through the testsuite (as far as it went until ospf), and I take that as > > an indication that proxying the protocol onto genl was successful. > > This is going to confuse everyone. Since ipset-5 will be submitted into > mainline soon, some distributors may start packaging the user-space genl > binaries. Then, once we have it into the kernel, the distributed version > will not work with the one running upon nfnetlink. Yes, that worries me too. > I think it's way easier to submit a patch to reserve the subsystem ID > for ipset than adding this genl compatibility layer. That was rejected some time ago. :-) > BTW, Jozsef, do you plan to submit ipset for the next linux kernel > release cycle? Yes: ipset-5 depends on the jhash.h patch so as soon as it's in Patrick's tree, I can submit the patches. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
