From 48d8a10a545e4ef4092550b45f6cba38e0a8c94f Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Fri, 5 Nov 2010 17:00:42 +0100 Subject: Update README file Cleaned up the netlink.patch part: there's no more multiple patches. The incompatibilities against 4.x are listed in details. --- README | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) (limited to 'README') diff --git a/README b/README index 6c7749f..27b1455 100644 --- a/README +++ b/README @@ -1,14 +1,16 @@ This is the ipset source tree. Follow the next steps to install ipset: 0. You need the source tree of your kernel (version >= 2.6.31) - and it have to be configured (with ip6tables support), modules compiled. - Please apply the netlink.patch against your kernel tree - (with kernel <= 2.6.31.1 please use the patch netlink.patch-2.6.31.1). + and it have to be configured (with ip6tables support enabled), + modules compiled. Please apply the netlink.patch against your kernel + tree, which adds the new subsystem identifier for ipset. Recompile and install the patched kernel and its modules. The ipset source code depends on the libmnl library so the library - must be installed. + must be installed. You can download the libmnl library from + + git://git.netfilter.org/libmnl.git 1. Initialize the compiling environment for ipset. The packages automake, autoconf and libtool are required. @@ -55,13 +57,28 @@ That's it! Read the ipset(8) and iptables(8), ip6tables(8) manpages on how to use ipset and its match and target from iptables. -Compatibilities: +Compatibilities and incompatibilities: - The ipset 5.x userspace utility contains a backward compatibility - interface to support the syntax of ipset 4.x. + interface to support the commandline syntax of ipset 4.x. - The ipset 5.x userspace utility can't talk to the kernel part of ipset 4.x. - The ipset 5.x kernel part can't talk to the userspace utility from ipset 4.x. - The ipset 5.x kernel part can work together with the set match and SET target from iptables 1.4.7 and below, however if you need the IPv6 support from ipset 5.x, then you have to use iptables 1.4.8 or above. + +The ipset 5.x can interpret the commandline syntax of ipset 4.x, however +some internal changes mean different behaviour: + +- The "--matchunset" flag for the macipmap type is ignored and not used + anymore. +- The "--probes" and "--resize" parameters of the hash types are ignored + and not used anymore. +- The "--from", "--to" and "--network" parameters of the ipporthash, + ipportiphash and ipportnethash types are ignored and not used anymore. +- The hash types are not resized when new entries are added by the SET + target. If you use a set together with the SET target, create it with + the proper size because it won't be resized automatically. +- The iptree, iptreemap types are not implemented in ipset 5.x. The types + are automatically substituted with the hash:ip type. -- cgit v1.2.1