diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-05-30 17:48:01 +0200 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2011-05-30 21:30:10 +0200 |
| commit | 418a3a4f4d4e38abd1d691f81f2445590f02ecaf (patch) | |
| tree | a41ed16b366c854786eea8f3da5c80fa50636dc6 /include/libipset | |
| parent | 4e21d6b5ce623f7601a872b94f3b88105356e2d3 (diff) | |
hash:net,iface type introduced
The hash:net,iface type makes possible to store network address and
interface name pairs in a set. It's mostly suitable for egress
and ingress filtering. Examples:
# ipset create test hash:net,iface
# ipset add test 192.168.0.0/16,eth0
# ipset add test 192.168.0.0/24,eth1
Diffstat (limited to 'include/libipset')
| -rw-r--r-- | include/libipset/data.h | 6 | ||||
| -rw-r--r-- | include/libipset/linux_ip_set.h | 3 | ||||
| -rw-r--r-- | include/libipset/parse.h | 6 | ||||
| -rw-r--r-- | include/libipset/print.h | 3 |
4 files changed, 15 insertions, 3 deletions
diff --git a/include/libipset/data.h b/include/libipset/data.h index 8902ddf..7c7b5e1 100644 --- a/include/libipset/data.h +++ b/include/libipset/data.h @@ -46,11 +46,13 @@ enum ipset_opt { IPSET_OPT_CIDR2, IPSET_OPT_IP2_TO, IPSET_OPT_PROTO, + IPSET_OPT_IFACE, /* Swap/rename to */ IPSET_OPT_SETNAME2, /* Flags */ IPSET_OPT_EXIST, IPSET_OPT_BEFORE, + IPSET_OPT_PHYSDEV, /* Internal options */ IPSET_OPT_FLAGS = 48, /* IPSET_FLAG_EXIST| */ IPSET_OPT_CADT_FLAGS, /* IPSET_FLAG_BEFORE| */ @@ -96,8 +98,10 @@ enum ipset_opt { | IPSET_FLAG(IPSET_OPT_IP2) \ | IPSET_FLAG(IPSET_OPT_CIDR2) \ | IPSET_FLAG(IPSET_OPT_PROTO) \ + | IPSET_FLAG(IPSET_OPT_IFACE) \ | IPSET_FLAG(IPSET_OPT_CADT_FLAGS)\ - | IPSET_FLAG(IPSET_OPT_BEFORE)) + | IPSET_FLAG(IPSET_OPT_BEFORE) \ + | IPSET_FLAG(IPSET_OPT_PHYSDEV)) struct ipset_data; diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h index e88f6d5..fb4b69e 100644 --- a/include/libipset/linux_ip_set.h +++ b/include/libipset/linux_ip_set.h @@ -105,6 +105,7 @@ enum { IPSET_ATTR_IP2, IPSET_ATTR_CIDR2, IPSET_ATTR_IP2_TO, + IPSET_ATTR_IFACE, __IPSET_ATTR_ADT_MAX, }; #define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1) @@ -153,6 +154,8 @@ enum ipset_cmd_flags { enum ipset_cadt_flags { IPSET_FLAG_BIT_BEFORE = 0, IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE), + IPSET_FLAG_BIT_PHYSDEV = 1, + IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV), }; /* Commands with settype-specific attributes */ diff --git a/include/libipset/parse.h b/include/libipset/parse.h index bc96a6e..08f1089 100644 --- a/include/libipset/parse.h +++ b/include/libipset/parse.h @@ -80,6 +80,8 @@ extern int ipset_parse_flag(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_typename(struct ipset_session *session, enum ipset_opt opt, const char *str); +extern int ipset_parse_iface(struct ipset_session *session, + enum ipset_opt opt, const char *str); extern int ipset_parse_output(struct ipset_session *session, int opt, const char *str); extern int ipset_parse_ignored(struct ipset_session *session, @@ -87,8 +89,8 @@ extern int ipset_parse_ignored(struct ipset_session *session, extern int ipset_parse_elem(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_call_parser(struct ipset_session *session, - const struct ipset_arg *arg, - const char *str); + const struct ipset_arg *arg, + const char *str); /* Compatibility parser functions */ extern int ipset_parse_iptimeout(struct ipset_session *session, diff --git a/include/libipset/print.h b/include/libipset/print.h index 963b42e..a3f5b95 100644 --- a/include/libipset/print.h +++ b/include/libipset/print.h @@ -37,6 +37,9 @@ extern int ipset_print_name(char *buf, unsigned int len, extern int ipset_print_port(char *buf, unsigned int len, const struct ipset_data *data, enum ipset_opt opt, uint8_t env); +extern int ipset_print_iface(char *buf, unsigned int len, + const struct ipset_data *data, + enum ipset_opt opt, uint8_t env); extern int ipset_print_proto(char *buf, unsigned int len, const struct ipset_data *data, enum ipset_opt opt, uint8_t env); |