[ANNOUNCE] ipset 7.16 released

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I'm happy to announce ipset 7.16, which includes a few fixes,
compatibility patches to support recent kernels and a new "bitmask"
option for the hash:ip, hash:ipport, hash:netnet types to use
any kind of netmask, from Vishwanath Pai.

Userspace changes:
  - Add new ipset_parse_bitmask() function to the library interface
  - test: Make sure no more than 64 clashing elements can be added
    to hash:net,iface sets
  - Fix all debug mode warnings
  - netfilter: ipset: add tests for the new bitmask feature (Vishwanath 
    Pai)
  - netfilter: ipset: Update the man page to include netmask/bitmask 
    options (Vishwanath Pai)
  - netfilter: ipset: Add bitmask support to hash:netnet (Vishwanath Pai)
  - netfilter: ipset: Add bitmask support to hash:ipport (Vishwanath Pai)
  - netfilter: ipset: Add bitmask support to hash:ip (Vishwanath Pai)
  - netfilter: ipset: Add support for new bitmask parameter (Vishwanath 
    Pai)
  - ipset-translate: allow invoking with a path name (Quentin Armitage)
  - Fix IPv6 sets nftables translation (Pablo Neira Ayuso)
  - Fix typo in ipset-translate man page (Bernhard M. Wiedemann)

Kernel part changes:
  - netfilter: ipset: restore allowing 64 clashing elements in 
    hash:net,iface
  - netfilter: ipset: Add support for new bitmask parameter (Vishwanath 
    Pai)
  - netfilter: ipset: regression in ip_set_hash_ip.c (Vishwanath Pai)
  - netfilter: move from strlcpy with unused retval to strscpy
    (Wolfram Sang)
  - compatibility: handle unsafe_memcpy()
  - netlink: Bounds-check struct nlmsgerr creation (Kees Cook)
  - compatibility: move to skb_protocol in the code from tc_skb_protocol
  - Compatibility: check kvcalloc, kvfree, kvzalloc in slab.h too
  - sched: consistently handle layer3 header accesses in the presence
    of VLANs (Toke Høiland-Jørgensen)
  - treewide: Replace GPLv2 boilerplate/reference with SPDX
    - rule 500 (Thomas Gleixner)
  - headers: Remove some left-over license text in 
    include/uapi/linux/netfilter/ (Christophe JAILLET)
  - netfilter: ipset: enforce documented limit to prevent allocating
    huge memory
  - netfilter: ipset: Fix oversized kvmalloc() calls

You can download the source code of ipset from:
        https://ipset.netfilter.org
        git://git.netfilter.org/ipset.git

Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx
PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics
          H-1525 Budapest 114, POB. 49, Hungary
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux