Hi,
I'm happy to announce ipset 6.14, which includes two important bugfixes
and a few new features.
If you use hash:*net* types, then consider upgrading: when the number of
different sized networks are greater than the smallest CIDR value of the
networks in such sets, the broken internal cidr book-keeping could lead
invalid matching.
If you want to use the new feature of matching elements marked with
"nomatch" in hash:*net* sets, then you need the corresponding new
revision of the "set" match in iptables 1.4.16 - which is unreleased yet -
or use the iptables git tree :-).
Userspace changes:
- Support to match elements marked with "nomatch" in hash:*net* sets
- Coding style fixes
- The set type revision number is added to the header part of listing
- Help prints list type revision and terse description
- Add /0 network support to hash:net,iface type
- Fix errors when compiling in debug mode (Krunal Patel)
- Make sure IPPROTO_UDPLITE is defined
- build: restore -version-info (Jan Engelhardt)
Kernel part changes:
- Support to match elements marked with "nomatch" in hash:*net* sets
- Coding style fixes
- Include supported revisions in module description
- Add /0 network support to hash:net,iface type
- Fix cidr book keeping for hash:*net* types
- Check and reject crazy /0 input parameters
- Backport ether_addr_equal
- Coding style fix, backport from kernel
- net: cleanup unsigned to unsigned int (Eric Dumazet)
You can download the source code of ipset from:
http://ipset.netfilter.org
ftp://ftp.netfilter.org/pub/ipset/
git://git.netfilter.org/ipset.git
Best regards,
Jozsef
-
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
