diff options
| author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2018-10-22 22:25:09 +0200 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2018-10-27 14:58:55 +0200 |
| commit | 4a1797e2b8eb055c6016e1092ac5dfb8f1e49914 (patch) | |
| tree | 6d76c0ee9ab8d1e09afe2b078c8ff62ac5683c99 /include | |
| parent | 18f0b2c43994f4a626b449a4d771c7002f4e42e2 (diff) | |
Introduction of new commands and protocol version 7
Two new commands (IPSET_CMD_GET_BYNAME, IPSET_CMD_GET_BYINDEX) are
introduced. The new commands makes possible to eliminate the getsockopt
operation (in iptables set/SET match/target) and thus use only netlink
communication between userspace and kernel for ipset. With the new
protocol version, userspace can exactly know which functionality is
supported by the running kernel.
Both the kernel and userspace is fully backward compatible.
Diffstat (limited to 'include')
| -rw-r--r-- | include/libipset/args.h | 2 | ||||
| -rw-r--r-- | include/libipset/data.h | 1 | ||||
| -rw-r--r-- | include/libipset/linux_ip_set.h | 18 | ||||
| -rw-r--r-- | include/libipset/linux_ip_set_bitmap.h | 1 | ||||
| -rw-r--r-- | include/libipset/linux_ip_set_hash.h | 1 | ||||
| -rw-r--r-- | include/libipset/linux_ip_set_list.h | 1 |
6 files changed, 16 insertions, 8 deletions
diff --git a/include/libipset/args.h b/include/libipset/args.h index dce4190..3a9929f 100644 --- a/include/libipset/args.h +++ b/include/libipset/args.h @@ -63,7 +63,7 @@ extern "C" { #endif extern const struct ipset_arg * ipset_keyword(enum ipset_keywords i); -extern const char * ipset_ignored_optname(int opt); +extern const char * ipset_ignored_optname(unsigned int opt); #ifdef __cplusplus } #endif diff --git a/include/libipset/data.h b/include/libipset/data.h index ca21890..744b010 100644 --- a/include/libipset/data.h +++ b/include/libipset/data.h @@ -74,6 +74,7 @@ enum ipset_opt { IPSET_OPT_LINENO, IPSET_OPT_REVISION, IPSET_OPT_REVISION_MIN, + IPSET_OPT_INDEX, IPSET_OPT_MAX, }; diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h index 2096611..68a2087 100644 --- a/include/libipset/linux_ip_set.h +++ b/include/libipset/linux_ip_set.h @@ -12,9 +12,9 @@ #include <linux/types.h> -/* The supported protocol versions */ -#define IPSET_PROTOCOL_MIN 6 +/* The protocol versions */ #define IPSET_PROTOCOL 7 +#define IPSET_PROTOCOL_MIN 6 /* The max length of strings including NUL: set and type identifiers */ #define IPSET_MAXNAMELEN 32 @@ -38,17 +38,19 @@ enum ipset_cmd { IPSET_CMD_TEST, /* 11: Test an element in a set */ IPSET_CMD_HEADER, /* 12: Get set header data only */ IPSET_CMD_TYPE, /* 13: Get set type */ + IPSET_CMD_GET_BYNAME, /* 14: Get set index by name */ + IPSET_CMD_GET_BYINDEX, /* 15: Get set name by index */ IPSET_MSG_MAX, /* Netlink message commands */ /* Commands in userspace: */ - IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */ - IPSET_CMD_HELP, /* 15: Get help */ - IPSET_CMD_VERSION, /* 16: Get program version */ - IPSET_CMD_QUIT, /* 17: Quit from interactive mode */ + IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 16: Enter restore mode */ + IPSET_CMD_HELP, /* 17: Get help */ + IPSET_CMD_VERSION, /* 18: Get program version */ + IPSET_CMD_QUIT, /* 19: Quit from interactive mode */ IPSET_CMD_MAX, - IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */ + IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 20: Commit buffered commands */ }; /* Attributes at command level */ @@ -66,6 +68,7 @@ enum { IPSET_ATTR_LINENO, /* 9: Restore lineno */ IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */ IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */ + IPSET_ATTR_INDEX, /* 11: Kernel index of set */ __IPSET_ATTR_CMD_MAX, }; #define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1) @@ -223,6 +226,7 @@ enum ipset_adt { /* Sets are identified by an index in kernel space. Tweak with ip_set_id_t * and IPSET_INVALID_ID if you want to increase the max number of sets. + * Also, IPSET_ATTR_INDEX must be changed. */ typedef __u16 ip_set_id_t; diff --git a/include/libipset/linux_ip_set_bitmap.h b/include/libipset/linux_ip_set_bitmap.h index c4b63d6..a3652c2 100644 --- a/include/libipset/linux_ip_set_bitmap.h +++ b/include/libipset/linux_ip_set_bitmap.h @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ #ifndef __IP_SET_BITMAP_H #define __IP_SET_BITMAP_H diff --git a/include/libipset/linux_ip_set_hash.h b/include/libipset/linux_ip_set_hash.h index 73d40d7..3753952 100644 --- a/include/libipset/linux_ip_set_hash.h +++ b/include/libipset/linux_ip_set_hash.h @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ #ifndef __IP_SET_HASH_H #define __IP_SET_HASH_H diff --git a/include/libipset/linux_ip_set_list.h b/include/libipset/linux_ip_set_list.h index f8cb89e..650e308 100644 --- a/include/libipset/linux_ip_set_list.h +++ b/include/libipset/linux_ip_set_list.h @@ -1,3 +1,4 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ #ifndef __IP_SET_LIST_H #define __IP_SET_LIST_H |