Introduction of new commands and protocol version 7

Two new commands (IPSET_CMD_GET_BYNAME, IPSET_CMD_GET_BYINDEX) are
introduced. The new commands makes possible to eliminate the getsockopt
operation (in iptables set/SET match/target) and thus use only netlink
communication between userspace and kernel for ipset. With the new
protocol version, userspace can exactly know which functionality is
supported by the running kernel.

Both the kernel and userspace is fully backward compatible.

4 files changed, 29 insertions, 1 deletions

diff --git a/lib/PROTOCOL b/lib/PROTOCOL
index aa8fc64..97a6b7c 100644
--- a/lib/PROTOCOL
+++ b/lib/PROTOCOL
@@ -1,3 +1,5 @@
+PROTOCOL 6:
+
 req:	msg:	IPSET_CMD_PROTOCOL
 	attr:	IPSET_ATTR_PROTOCOL
 
@@ -88,3 +90,18 @@ resp:	attr:	IPSET_ATTR_TYPENAME
 		IPSET_ATTR_FAMILY
 		IPSET_ATTR_REVISION	(version max)
 		IPSET_ATTR_REVISION_MIN	(version min, optional)
+
+PROTOCOL 7: PROTOCOL 6 +
+
+req:	msg:	IPSET_CMD_GET_BYNAME
+	attr:	IPSET_ATTR_PROTOCOL
+		IPSET_ATTR_SETNAME
+
+resp:	attr:	IPSET_ATTR_INDEX
+		IPSET_ATTR_FAMILY
+
+req:	msg:	IPSET_CMD_GET_BYINDEX
+	attr:	IPSET_ATTR_PROTOCOL
+		IPSET_ATTR_INDEX
+
+resp:	attr:	IPSET_ATTR_SETNAME
diff --git a/lib/args.c b/lib/args.c
index f932719..a0cea4f 100644
--- a/lib/args.c
+++ b/lib/args.c
@@ -286,7 +286,7 @@ ipset_keyword(enum ipset_keywords i)
 }
 
 const char *
-ipset_ignored_optname(int opt)
+ipset_ignored_optname(unsigned int opt)
 {
 	enum ipset_keywords i;
 
diff --git a/lib/data.c b/lib/data.c
index 8372a2f..9a7c861 100644
--- a/lib/data.c
+++ b/lib/data.c
@@ -44,6 +44,7 @@ struct ipset_data {
 	uint32_t mark;
 	uint16_t port;
 	uint16_t port_to;
+	uint16_t index;
 	union {
 		/* RENAME/SWAP */
 		char setname2[IPSET_MAXNAMELEN];
@@ -281,6 +282,9 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value)
 	case IPSET_OPT_TIMEOUT:
 		data->timeout = *(const uint32_t *) value;
 		break;
+	case IPSET_OPT_INDEX:
+		data->index = *(const uint16_t *) value;
+		break;
 	/* Create-specific options */
 	case IPSET_OPT_GC:
 		data->create.gc = *(const uint32_t *) value;
@@ -485,6 +489,8 @@ ipset_data_get(const struct ipset_data *data, enum ipset_opt opt)
 		return &data->port_to;
 	case IPSET_OPT_TIMEOUT:
 		return &data->timeout;
+	case IPSET_OPT_INDEX:
+		return &data->index;
 	/* Create-specific options */
 	case IPSET_OPT_GC:
 		return &data->create.gc;
@@ -588,6 +594,7 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family)
 	case IPSET_OPT_PORT:
 	case IPSET_OPT_PORT_TO:
 	case IPSET_OPT_SKBQUEUE:
+	case IPSET_OPT_INDEX:
 		return sizeof(uint16_t);
 	case IPSET_SETNAME:
 	case IPSET_OPT_NAME:
diff --git a/lib/session.c b/lib/session.c
index c19191a..768cc05 100644
--- a/lib/session.c
+++ b/lib/session.c
@@ -365,6 +365,10 @@ static const struct ipset_attr_policy cmd_attrs[] = {
 		.type = MNL_TYPE_U32,
 		.opt = IPSET_OPT_LINENO,
 	},
+	[IPSET_ATTR_INDEX] = {
+		.type = MNL_TYPE_U16,
+		.opt = IPSET_OPT_INDEX,
+	},
 };
 
 static const struct ipset_attr_policy create_attrs[] = {