summaryrefslogtreecommitdiffstats
path: root/include/libipset
diff options
context:
space:
mode:
authorVytas Dauksa <vytas.dauksa@smoothwall.net>2013-12-17 14:01:43 +0000
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2014-01-08 21:02:54 +0100
commit14ea38fca9e40df4f172a573c222591b5f3cc241 (patch)
tree5f0e1cd46a19bbb6b54de73494971c35f4c329ae /include/libipset
parent8a88bdf50b448e221a8b0b6a5c8446ebafcefa19 (diff)
add hash:ip,mark data type to ipset
Introduce packet mark support with new ip,mark hash set. This includes userspace and kernelspace code, hash:ip,mark set tests and man page updates. The intended use of ip,mark set is similar to the ip:port type, but for protocols which don't use a predictable port number. Instead of port number it matches a firewall mark determined by a layer 7 filtering program like opendpi. As well as allowing or blocking traffic it will also be used for accounting packets and bytes sent for each protocol. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'include/libipset')
-rw-r--r--include/libipset/data.h2
-rw-r--r--include/libipset/linux_ip_set.h1
-rw-r--r--include/libipset/parse.h2
-rw-r--r--include/libipset/print.h3
4 files changed, 8 insertions, 0 deletions
diff --git a/include/libipset/data.h b/include/libipset/data.h
index cbf30cc..ce6c4c6 100644
--- a/include/libipset/data.h
+++ b/include/libipset/data.h
@@ -22,6 +22,7 @@ enum ipset_opt {
IPSET_OPT_IP_FROM = IPSET_OPT_IP,
IPSET_OPT_IP_TO,
IPSET_OPT_CIDR,
+ IPSET_OPT_MARK,
IPSET_OPT_PORT,
IPSET_OPT_PORT_FROM = IPSET_OPT_PORT,
IPSET_OPT_PORT_TO,
@@ -97,6 +98,7 @@ enum ipset_opt {
(IPSET_FLAG(IPSET_OPT_IP) \
| IPSET_FLAG(IPSET_OPT_IP_TO) \
| IPSET_FLAG(IPSET_OPT_CIDR) \
+ | IPSET_FLAG(IPSET_OPT_MARK) \
| IPSET_FLAG(IPSET_OPT_PORT) \
| IPSET_FLAG(IPSET_OPT_PORT_TO) \
| IPSET_FLAG(IPSET_OPT_TIMEOUT) \
diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h
index 847bbff..c57f81e 100644
--- a/include/libipset/linux_ip_set.h
+++ b/include/libipset/linux_ip_set.h
@@ -83,6 +83,7 @@ enum {
IPSET_ATTR_PROTO, /* 7 */
IPSET_ATTR_CADT_FLAGS, /* 8 */
IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */
+ IPSET_ATTR_MARK, /* 10 */
/* Reserve empty slots */
IPSET_ATTR_CADT_MAX = 16,
/* Create-only specific attributes */
diff --git a/include/libipset/parse.h b/include/libipset/parse.h
index 5c46a88..55981f2 100644
--- a/include/libipset/parse.h
+++ b/include/libipset/parse.h
@@ -29,6 +29,8 @@ extern int ipset_parse_ether(struct ipset_session *session,
extern int ipset_parse_port(struct ipset_session *session,
enum ipset_opt opt, const char *str,
const char *proto);
+extern int ipset_parse_mark(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
extern int ipset_parse_tcpudp_port(struct ipset_session *session,
enum ipset_opt opt, const char *str,
const char *proto);
diff --git a/include/libipset/print.h b/include/libipset/print.h
index f2a6095..b8fa709 100644
--- a/include/libipset/print.h
+++ b/include/libipset/print.h
@@ -37,6 +37,9 @@ extern int ipset_print_name(char *buf, unsigned int len,
extern int ipset_print_port(char *buf, unsigned int len,
const struct ipset_data *data,
enum ipset_opt opt, uint8_t env);
+extern int ipset_print_mark(char *buf, unsigned int len,
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
extern int ipset_print_iface(char *buf, unsigned int len,
const struct ipset_data *data,
enum ipset_opt opt, uint8_t env);