SOURCES (LINUX_2_6): linux-2.6-nf-set.patch - snap 20051028 for 2....
cieciwa
cieciwa at pld-linux.org
Fri Oct 28 14:53:33 CEST 2005
Author: cieciwa Date: Fri Oct 28 12:53:33 2005 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- snap 20051028 for 2.6.14.
---- Files affected:
SOURCES:
linux-2.6-nf-set.patch (1.1.2.1 -> 1.1.2.2)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-nf-set.patch
diff -u SOURCES/linux-2.6-nf-set.patch:1.1.2.1 SOURCES/linux-2.6-nf-set.patch:1.1.2.2
--- SOURCES/linux-2.6-nf-set.patch:1.1.2.1 Thu Sep 15 10:34:33 2005
+++ SOURCES/linux-2.6-nf-set.patch Fri Oct 28 14:53:27 2005
@@ -1,31 +1,32 @@
- include/linux/netfilter_ipv4/ip_set.h | 489 ++++++
- include/linux/netfilter_ipv4/ip_set_iphash.h | 30
- include/linux/netfilter_ipv4/ip_set_ipmap.h | 56
- include/linux/netfilter_ipv4/ip_set_iptree.h | 39
- include/linux/netfilter_ipv4/ip_set_jhash.h | 148 +
- include/linux/netfilter_ipv4/ip_set_macipmap.h | 38
- include/linux/netfilter_ipv4/ip_set_malloc.h | 42
- include/linux/netfilter_ipv4/ip_set_nethash.h | 55
- include/linux/netfilter_ipv4/ip_set_portmap.h | 25
- include/linux/netfilter_ipv4/ip_set_prime.h | 34
- include/linux/netfilter_ipv4/ipt_set.h | 21
- net/ipv4/netfilter/Kconfig | 101 +
- net/ipv4/netfilter/Makefile | 11
- net/ipv4/netfilter/ip_set.c | 1989 +++++++++++++++++++++++++
- net/ipv4/netfilter/ip_set_iphash.c | 379 ++++
- net/ipv4/netfilter/ip_set_ipmap.c | 313 +++
- net/ipv4/netfilter/ip_set_iptree.c | 510 ++++++
- net/ipv4/netfilter/ip_set_macipmap.c | 338 ++++
- net/ipv4/netfilter/ip_set_nethash.c | 449 +++++
- net/ipv4/netfilter/ip_set_portmap.c | 325 ++++
- net/ipv4/netfilter/ipt_SET.c | 128 +
- net/ipv4/netfilter/ipt_set.c | 112 +
- 22 files changed, 5632 insertions(+)
+ include/linux/netfilter_ipv4/ip_set.h | 498 +++++
+ include/linux/netfilter_ipv4/ip_set_iphash.h | 29
+ include/linux/netfilter_ipv4/ip_set_ipmap.h | 56
+ include/linux/netfilter_ipv4/ip_set_ipporthash.h | 33
+ include/linux/netfilter_ipv4/ip_set_iptree.h | 39
+ include/linux/netfilter_ipv4/ip_set_jhash.h | 148 +
+ include/linux/netfilter_ipv4/ip_set_macipmap.h | 38
+ include/linux/netfilter_ipv4/ip_set_malloc.h | 116 +
+ include/linux/netfilter_ipv4/ip_set_nethash.h | 54
+ include/linux/netfilter_ipv4/ip_set_portmap.h | 25
+ include/linux/netfilter_ipv4/ipt_set.h | 21
+ net/ipv4/netfilter/Kconfig | 109 +
+ net/ipv4/netfilter/Makefile | 12
+ net/ipv4/netfilter/ip_set.c | 1995 +++++++++++++++++++++++
+ net/ipv4/netfilter/ip_set_iphash.c | 398 ++++
+ net/ipv4/netfilter/ip_set_ipmap.c | 327 +++
+ net/ipv4/netfilter/ip_set_ipporthash.c | 524 ++++++
+ net/ipv4/netfilter/ip_set_iptree.c | 536 ++++++
+ net/ipv4/netfilter/ip_set_macipmap.c | 353 ++++
+ net/ipv4/netfilter/ip_set_nethash.c | 466 +++++
+ net/ipv4/netfilter/ip_set_portmap.c | 334 +++
+ net/ipv4/netfilter/ipt_SET.c | 128 +
+ net/ipv4/netfilter/ipt_set.c | 112 +
+ 23 files changed, 6351 insertions(+)
-diff -uNr linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set.h linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set.h
---- linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set.h 2005-09-15 10:32:21.918471250 +0200
-@@ -0,0 +1,489 @@
+diff -Nur --exclude '*.orig' linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set.h linux-2.6.14/include/linux/netfilter_ipv4/ip_set.h
+--- linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/include/linux/netfilter_ipv4/ip_set.h 2005-10-28 14:36:13.000000000 +0200
+@@ -0,0 +1,498 @@
+#ifndef _IP_SET_H
+#define _IP_SET_H
+
@@ -39,6 +40,10 @@
+ * published by the Free Software Foundation.
+ */
+
++#if 0
++#define IP_SET_DEBUG
++#endif
++
+/*
+ * A sockopt of such quality has hardly ever been seen before on the open
+ * market! This little beauty, hardly ever used: above 64, so it's
@@ -105,10 +110,12 @@
+#define IPSET_MATCH_INV 0x04 /* Inverse matching */
+
+/*
-+ * Set types (flavours)
++ * Set features
+ */
-+#define IPSET_TYPE_IP 0 /* IP address type of set */
-+#define IPSET_TYPE_PORT 1 /* Port type of set */
++#define IPSET_TYPE_IP 0x01 /* IP address type of set */
++#define IPSET_TYPE_PORT 0x02 /* Port type of set */
++#define IPSET_DATA_SINGLE 0x04 /* Single data storage */
++#define IPSET_DATA_DOUBLE 0x08 /* Double data storage */
+
+/* Reserved keywords */
+#define IPSET_TOKEN_DEFAULT ":default:"
@@ -364,8 +371,9 @@
+ */
+ int (*testip_kernel) (struct ip_set *set,
+ const struct sk_buff * skb,
-+ u_int32_t flags,
-+ ip_set_ip_t *ip);
++ ip_set_ip_t *ip,
++ const u_int32_t *flags,
++ unsigned char index);
+
+ /* test for IP in set (userspace: ipset -T set IP)
+ * return 0 if not in set, 1 if in set.
@@ -396,8 +404,9 @@
+ */
+ int (*addip_kernel) (struct ip_set *set,
+ const struct sk_buff * skb,
-+ u_int32_t flags,
-+ ip_set_ip_t *ip);
++ ip_set_ip_t *ip,
++ const u_int32_t *flags,
++ unsigned char index);
+
+ /* remove IP from set (userspace: ipset -D set --entry x)
+ * Return -EEXIST if the address is NOT in the set,
@@ -415,8 +424,9 @@
+ */
+ int (*delip_kernel) (struct ip_set *set,
+ const struct sk_buff * skb,
-+ u_int32_t flags,
-+ ip_set_ip_t *ip);
++ ip_set_ip_t *ip,
++ const u_int32_t *flags,
++ unsigned char index);
+
+ /* new set creation - allocated type specific items
+ */
@@ -467,7 +477,7 @@
+ void *data);
+
+ char typename[IP_SET_MAXNAMELEN];
-+ char typecode;
++ unsigned char features;
+ int protocol_version;
+
+ /* Set this to THIS_MODULE if you are a module, otherwise NULL */
@@ -515,10 +525,10 @@
+#endif /* __KERNEL__ */
+
+#endif /*_IP_SET_H*/
-diff -uNr linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_iphash.h linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_iphash.h
---- linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_iphash.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_iphash.h 2005-09-15 10:32:21.918471250 +0200
-@@ -0,0 +1,30 @@
+diff -Nur --exclude '*.orig' linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_iphash.h linux-2.6.14/include/linux/netfilter_ipv4/ip_set_iphash.h
+--- linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_iphash.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/include/linux/netfilter_ipv4/ip_set_iphash.h 2005-10-28 14:36:13.000000000 +0200
+@@ -0,0 +1,29 @@
+#ifndef __IP_SET_IPHASH_H
+#define __IP_SET_IPHASH_H
+
@@ -529,12 +539,11 @@
+
+struct ip_set_iphash {
+ ip_set_ip_t *members; /* the iphash proper */
-+ uint32_t initval; /* initval for jhash_1word */
-+ uint32_t prime; /* prime for double hashing */
+ uint32_t hashsize; /* hash size */
+ uint16_t probes; /* max number of probes */
+ uint16_t resize; /* resize factor in percent */
+ ip_set_ip_t netmask; /* netmask */
++ void *initval[0]; /* initvals for jhash_1word */
+};
+
+struct ip_set_req_iphash_create {
@@ -549,9 +558,9 @@
+};
+
+#endif /* __IP_SET_IPHASH_H */
-diff -uNr linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_ipmap.h linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_ipmap.h
---- linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_ipmap.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_ipmap.h 2005-09-15 10:32:21.918471250 +0200
+diff -Nur --exclude '*.orig' linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_ipmap.h linux-2.6.14/include/linux/netfilter_ipv4/ip_set_ipmap.h
+--- linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_ipmap.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/include/linux/netfilter_ipv4/ip_set_ipmap.h 2005-10-28 14:36:13.000000000 +0200
@@ -0,0 +1,56 @@
+#ifndef __IP_SET_IPMAP_H
+#define __IP_SET_IPMAP_H
@@ -567,7 +576,7 @@
+ ip_set_ip_t last_ip; /* host byte order, included in range */
+ ip_set_ip_t netmask; /* subnet netmask */
+ ip_set_ip_t sizeid; /* size of set in IPs */
-+ u_int16_t hosts; /* number of hosts in a subnet */
++ ip_set_ip_t hosts; /* number of hosts in a subnet */
+};
+
+struct ip_set_req_ipmap_create {
@@ -609,9 +618,46 @@
+}
+
+#endif /* __IP_SET_IPMAP_H */
-diff -uNr linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_iptree.h linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_iptree.h
---- linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_iptree.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_iptree.h 2005-09-15 10:32:21.922471500 +0200
+diff -Nur --exclude '*.orig' linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_ipporthash.h linux-2.6.14/include/linux/netfilter_ipv4/ip_set_ipporthash.h
+--- linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_ipporthash.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/include/linux/netfilter_ipv4/ip_set_ipporthash.h 2005-10-28 14:36:13.000000000 +0200
+@@ -0,0 +1,33 @@
++#ifndef __IP_SET_IPPORTHASH_H
++#define __IP_SET_IPPORTHASH_H
++
++#include <linux/netfilter_ipv4/ip_set.h>
++
++#define SETTYPE_NAME "ipporthash"
++#define MAX_RANGE 0x0000FFFF
++#define INVALID_PORT (MAX_RANGE + 1)
++
++struct ip_set_ipporthash {
++ ip_set_ip_t *members; /* the ipporthash proper */
++ uint32_t hashsize; /* hash size */
++ uint16_t probes; /* max number of probes */
++ uint16_t resize; /* resize factor in percent */
++ ip_set_ip_t first_ip; /* host byte order, included in range */
++ ip_set_ip_t last_ip; /* host byte order, included in range */
++ void *initval[0]; /* initvals for jhash_1word */
++};
++
++struct ip_set_req_ipporthash_create {
++ uint32_t hashsize;
++ uint16_t probes;
++ uint16_t resize;
++ ip_set_ip_t from;
++ ip_set_ip_t to;
++};
++
++struct ip_set_req_ipporthash {
++ ip_set_ip_t ip;
++ ip_set_ip_t port;
++};
++
++#endif /* __IP_SET_IPPORTHASH_H */
+diff -Nur --exclude '*.orig' linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_iptree.h linux-2.6.14/include/linux/netfilter_ipv4/ip_set_iptree.h
+--- linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_iptree.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/include/linux/netfilter_ipv4/ip_set_iptree.h 2005-10-28 14:36:13.000000000 +0200
@@ -0,0 +1,39 @@
+#ifndef __IP_SET_IPTREE_H
+#define __IP_SET_IPTREE_H
@@ -652,9 +698,9 @@
+};
+
+#endif /* __IP_SET_IPTREE_H */
-diff -uNr linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_jhash.h linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_jhash.h
---- linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_jhash.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_jhash.h 2005-09-15 10:32:21.922471500 +0200
+diff -Nur --exclude '*.orig' linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_jhash.h linux-2.6.14/include/linux/netfilter_ipv4/ip_set_jhash.h
+--- linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_jhash.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/include/linux/netfilter_ipv4/ip_set_jhash.h 2005-10-28 14:36:13.000000000 +0200
@@ -0,0 +1,148 @@
+#ifndef _LINUX_IPSET_JHASH_H
+#define _LINUX_IPSET_JHASH_H
@@ -804,9 +850,9 @@
+}
+
+#endif /* _LINUX_IPSET_JHASH_H */
-diff -uNr linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_macipmap.h linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_macipmap.h
---- linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_macipmap.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_macipmap.h 2005-09-15 10:32:21.926471750 +0200
+diff -Nur --exclude '*.orig' linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_macipmap.h linux-2.6.14/include/linux/netfilter_ipv4/ip_set_macipmap.h
+--- linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_macipmap.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/include/linux/netfilter_ipv4/ip_set_macipmap.h 2005-10-28 14:36:13.000000000 +0200
@@ -0,0 +1,38 @@
+#ifndef __IP_SET_MACIPMAP_H
+#define __IP_SET_MACIPMAP_H
@@ -846,10 +892,10 @@
+};
+
+#endif /* __IP_SET_MACIPMAP_H */
-diff -uNr linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_malloc.h linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_malloc.h
---- linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_malloc.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_malloc.h 2005-09-15 10:32:21.926471750 +0200
-@@ -0,0 +1,42 @@
+diff -Nur --exclude '*.orig' linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_malloc.h linux-2.6.14/include/linux/netfilter_ipv4/ip_set_malloc.h
+--- linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_malloc.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/include/linux/netfilter_ipv4/ip_set_malloc.h 2005-10-28 14:36:13.000000000 +0200
+@@ -0,0 +1,116 @@
+#ifndef _IP_SET_MALLOC_H
+#define _IP_SET_MALLOC_H
+
@@ -865,14 +911,6 @@
+#undef CACHE
+}
+
-+static inline void * ip_set_malloc_atomic(size_t bytes)
-+{
-+ if (bytes > max_malloc_size)
-+ return __vmalloc(bytes, GFP_ATOMIC, PAGE_KERNEL);
-+ else
-+ return kmalloc(bytes, GFP_ATOMIC);
-+}
-+
+static inline void * ip_set_malloc(size_t bytes)
+{
+ if (bytes > max_malloc_size)
@@ -889,13 +927,95 @@
+ kfree(data);
+}
+
++struct harray {
++ size_t max_elements;
++ void *arrays[0];
++};
++
++static inline void *
++harray_malloc(size_t hashsize, size_t typesize, int flags)
++{
++ struct harray *harray;
++ size_t max_elements, size, i, j;
++
++ if (!max_malloc_size)
++ init_max_malloc_size();
++
++ if (typesize > max_malloc_size)
++ return NULL;
++
++ max_elements = max_malloc_size/typesize;
++ size = hashsize/max_elements;
++ if (hashsize % max_elements)
++ size++;
++
++ /* Last pointer signals end of arrays */
++ harray = kmalloc(sizeof(struct harray) + (size + 1) * sizeof(void *),
++ flags);
++
++ if (!harray)
++ return NULL;
++
++ for (i = 0; i < size - 1; i++) {
++ harray->arrays[i] = kmalloc(max_elements * typesize, flags);
++ if (!harray->arrays[i])
++ goto undo;
++ memset(harray->arrays[i], 0, max_elements * typesize);
++ }
++ harray->arrays[i] = kmalloc((hashsize - i * max_elements) * typesize,
++ flags);
++ if (!harray->arrays[i])
++ goto undo;
++ memset(harray->arrays[i], 0, (hashsize - i * max_elements) * typesize);
++
++ harray->max_elements = max_elements;
++ harray->arrays[size] = NULL;
++
++ return (void *)harray;
++
++ undo:
++ for (j = 0; j < i; j++) {
++ kfree(harray->arrays[j]);
++ }
++ kfree(harray);
++ return NULL;
++}
++
++static inline void harray_free(void *h)
++{
++ struct harray *harray = (struct harray *) h;
++ size_t i;
++
++ for (i = 0; harray->arrays[i] != NULL; i++)
++ kfree(harray->arrays[i]);
++ kfree(harray);
++}
++
++static inline void harray_flush(void *h, size_t hashsize, size_t typesize)
++{
++ struct harray *harray = (struct harray *) h;
++ size_t i;
++
++ for (i = 0; harray->arrays[i+1] != NULL; i++)
++ memset(harray->arrays[i], 0, harray->max_elements * typesize);
++ memset(harray->arrays[i], 0,
++ (hashsize - i * harray->max_elements) * typesize);
++}
++
++#define HARRAY_ELEM(h, type, which) \
++({ \
++ struct harray *__h = (struct harray *)(h); \
++ ((type)((__h)->arrays[(which)/(__h)->max_elements]) \
++ + (which)%(__h)->max_elements); \
++})
++
+#endif /* __KERNEL__ */
+
+#endif /*_IP_SET_MALLOC_H*/
-diff -uNr linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_nethash.h linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_nethash.h
---- linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_nethash.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_nethash.h 2005-09-15 10:32:21.930472000 +0200
-@@ -0,0 +1,55 @@
+diff -Nur --exclude '*.orig' linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_nethash.h linux-2.6.14/include/linux/netfilter_ipv4/ip_set_nethash.h
+--- linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_nethash.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/include/linux/netfilter_ipv4/ip_set_nethash.h 2005-10-28 14:36:13.000000000 +0200
+@@ -0,0 +1,54 @@
+#ifndef __IP_SET_NETHASH_H
+#define __IP_SET_NETHASH_H
+
@@ -906,12 +1026,11 @@
+
+struct ip_set_nethash {
+ ip_set_ip_t *members; /* the nethash proper */
-+ uint32_t initval; /* initval for jhash_1word */
-+ uint32_t prime; /* prime for double hashing */
+ uint32_t hashsize; /* hash size */
+ uint16_t probes; /* max number of probes */
+ uint16_t resize; /* resize factor in percent */
+ unsigned char cidr[30]; /* CIDR sizes */
++ void *initval[0]; /* initvals for jhash_1word */
+};
+
+struct ip_set_req_nethash_create {
@@ -951,9 +1070,9 @@
+}
+
+#endif /* __IP_SET_NETHASH_H */
-diff -uNr linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_portmap.h linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_portmap.h
---- linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_portmap.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_portmap.h 2005-09-15 10:32:21.930472000 +0200
+diff -Nur --exclude '*.orig' linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_portmap.h linux-2.6.14/include/linux/netfilter_ipv4/ip_set_portmap.h
+--- linux-2.6.14.org/include/linux/netfilter_ipv4/ip_set_portmap.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/include/linux/netfilter_ipv4/ip_set_portmap.h 2005-10-28 14:36:13.000000000 +0200
@@ -0,0 +1,25 @@
+#ifndef __IP_SET_PORTMAP_H
+#define __IP_SET_PORTMAP_H
@@ -980,47 +1099,9 @@
+};
+
+#endif /* __IP_SET_PORTMAP_H */
-diff -uNr linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_prime.h linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_prime.h
---- linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ip_set_prime.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set_prime.h 2005-09-15 10:32:21.930472000 +0200
-@@ -0,0 +1,34 @@
-+#ifndef __IP_SET_PRIME_H
-+#define __IP_SET_PRIME_H
-+
-+static inline unsigned make_prime_bound(unsigned nr)
-+{
-+ unsigned long long nr64 = nr;
-+ unsigned long long x = 1;
-+ nr = 1;
-+ while (x <= nr64) { x <<= 2; nr <<= 1; }
-+ return nr;
-+}
-+
-+static inline int make_prime_check(unsigned nr)
-+{
-+ unsigned x = 3;
-+ unsigned b = make_prime_bound(nr);
-+ while (x <= b) {
-+ if (0 == (nr % x)) return 0;
-+ x += 2;
-+ }
-+ return 1;
-+}
-+
-+static unsigned make_prime(unsigned nr)
-+{
-+ if (0 == (nr & 1)) nr--;
-+ while (nr > 1) {
-+ if (make_prime_check(nr)) return nr;
-+ nr -= 2;
-+ }
-+ return 2;
-+}
-+
-+#endif /* __IP_SET_PRIME_H */
-diff -uNr linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ipt_set.h linux-2.6.13.1/include/linux/netfilter_ipv4/ipt_set.h
---- linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ipt_set.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.13.1/include/linux/netfilter_ipv4/ipt_set.h 2005-09-15 10:32:21.934472250 +0200
+diff -Nur --exclude '*.orig' linux-2.6.14.org/include/linux/netfilter_ipv4/ipt_set.h linux-2.6.14/include/linux/netfilter_ipv4/ipt_set.h
+--- linux-2.6.14.org/include/linux/netfilter_ipv4/ipt_set.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/include/linux/netfilter_ipv4/ipt_set.h 2005-10-28 14:36:13.000000000 +0200
@@ -0,0 +1,21 @@
+#ifndef _IPT_SET_H
+#define _IPT_SET_H
@@ -1043,10 +1124,144 @@
+};
+
+#endif /*_IPT_SET_H*/
-diff -uNr linux-2.6.13.1/net.orig/ipv4/netfilter/ip_set.c linux-2.6.13.1/net/ipv4/netfilter/ip_set.c
---- linux-2.6.13.1/net.orig/ipv4/netfilter/ip_set.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.13.1/net/ipv4/netfilter/ip_set.c 2005-09-15 10:32:21.934472250 +0200
-@@ -0,0 +1,1989 @@
+diff -Nur --exclude '*.orig' linux-2.6.14.org/net/ipv4/netfilter/Kconfig linux-2.6.14/net/ipv4/netfilter/Kconfig
+--- linux-2.6.14.org/net/ipv4/netfilter/Kconfig 2005-10-28 02:02:08.000000000 +0200
++++ linux-2.6.14/net/ipv4/netfilter/Kconfig 2005-10-28 14:36:13.000000000 +0200
+@@ -821,5 +821,114 @@
+ Allows altering the ARP packet payload: source and destination
+ hardware and network addresses.
+
++config IP_NF_SET
++ tristate "IP set support"
++ depends on INET && NETFILTER
++ help
++ This option adds IP set support to the kernel.
++ In order to define and use sets, you need the userspace utility
++ ipset(8).
++
++ To compile it as a module, choose M here. If unsure, say N.
++
++config IP_NF_SET_MAX
++ int "Maximum number of IP sets"
++ default 256
++ range 2 65534
++ depends on IP_NF_SET
++ help
++ You can define here default value of the maximum number
++ of IP sets for the kernel.
++
++ The value can be overriden by the 'max_sets' module
++ parameter of the 'ip_set' module.
++
++config IP_NF_SET_HASHSIZE
++ int "Hash size for bindings of IP sets"
++ default 1024
++ depends on IP_NF_SET
++ help
++ You can define here default value of the hash size for
++ bindings of IP sets.
++
++ The value can be overriden by the 'hash_size' module
++ parameter of the 'ip_set' module.
++
++config IP_NF_SET_IPMAP
++ tristate "ipmap set support"
++ depends on IP_NF_SET
++ help
++ This option adds the ipmap set type support.
++
++ To compile it as a module, choose M here. If unsure, say N.
++
++config IP_NF_SET_MACIPMAP
++ tristate "macipmap set support"
++ depends on IP_NF_SET
++ help
++ This option adds the macipmap set type support.
++
++ To compile it as a module, choose M here. If unsure, say N.
++
++config IP_NF_SET_PORTMAP
++ tristate "portmap set support"
++ depends on IP_NF_SET
++ help
++ This option adds the portmap set type support.
++
++ To compile it as a module, choose M here. If unsure, say N.
++
++config IP_NF_SET_IPHASH
++ tristate "iphash set support"
++ depends on IP_NF_SET
++ help
++ This option adds the iphash set type support.
++
++ To compile it as a module, choose M here. If unsure, say N.
++
++config IP_NF_SET_NETHASH
++ tristate "nethash set support"
++ depends on IP_NF_SET
++ help
++ This option adds the nethash set type support.
++
++ To compile it as a module, choose M here. If unsure, say N.
++
++config IP_NF_SET_IPPORTHASH
++ tristate "ipporthash set support"
++ depends on IP_NF_SET
++ help
++ This option adds the ipporthash set type support.
++
++ To compile it as a module, choose M here. If unsure, say N.
++
++config IP_NF_SET_IPTREE
++ tristate "iptree set support"
++ depends on IP_NF_SET
++ help
++ This option adds the iptree set type support.
++
++ To compile it as a module, choose M here. If unsure, say N.
++
++config IP_NF_MATCH_SET
++ tristate "set match support"
++ depends on IP_NF_SET
++ help
++ Set matching matches against given IP sets.
++ You need the ipset utility to create and set up the sets.
++
++ To compile it as a module, choose M here. If unsure, say N.
++
++config IP_NF_TARGET_SET
++ tristate "SET target support"
++ depends on IP_NF_SET
++ help
++ The SET target makes possible to add/delete entries
++ in IP sets.
++ You need the ipset utility to create and set up the sets.
++
++ To compile it as a module, choose M here. If unsure, say N.
++
++
+ endmenu
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/linux-2.6-nf-set.patch?r1=1.1.2.1&r2=1.1.2.2&f=u
More information about the pld-cvs-commit
mailing list