diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2018-10-22 22:25:09 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2018-10-27 14:58:55 +0200 |
commit | 4a1797e2b8eb055c6016e1092ac5dfb8f1e49914 (patch) | |
tree | 6d76c0ee9ab8d1e09afe2b078c8ff62ac5683c99 /lib/data.c | |
parent | 18f0b2c43994f4a626b449a4d771c7002f4e42e2 (diff) |
Introduction of new commands and protocol version 7
Two new commands (IPSET_CMD_GET_BYNAME, IPSET_CMD_GET_BYINDEX) are
introduced. The new commands makes possible to eliminate the getsockopt
operation (in iptables set/SET match/target) and thus use only netlink
communication between userspace and kernel for ipset. With the new
protocol version, userspace can exactly know which functionality is
supported by the running kernel.
Both the kernel and userspace is fully backward compatible.
Diffstat (limited to 'lib/data.c')
-rw-r--r-- | lib/data.c | 7 |
1 files changed, 7 insertions, 0 deletions
@@ -44,6 +44,7 @@ struct ipset_data { uint32_t mark; uint16_t port; uint16_t port_to; + uint16_t index; union { /* RENAME/SWAP */ char setname2[IPSET_MAXNAMELEN]; @@ -281,6 +282,9 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) case IPSET_OPT_TIMEOUT: data->timeout = *(const uint32_t *) value; break; + case IPSET_OPT_INDEX: + data->index = *(const uint16_t *) value; + break; /* Create-specific options */ case IPSET_OPT_GC: data->create.gc = *(const uint32_t *) value; @@ -485,6 +489,8 @@ ipset_data_get(const struct ipset_data *data, enum ipset_opt opt) return &data->port_to; case IPSET_OPT_TIMEOUT: return &data->timeout; + case IPSET_OPT_INDEX: + return &data->index; /* Create-specific options */ case IPSET_OPT_GC: return &data->create.gc; @@ -588,6 +594,7 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family) case IPSET_OPT_PORT: case IPSET_OPT_PORT_TO: case IPSET_OPT_SKBQUEUE: + case IPSET_OPT_INDEX: return sizeof(uint16_t); case IPSET_SETNAME: case IPSET_OPT_NAME: |