From 14ea38fca9e40df4f172a573c222591b5f3cc241 Mon Sep 17 00:00:00 2001 From: Vytas Dauksa Date: Tue, 17 Dec 2013 14:01:43 +0000 Subject: add hash:ip,mark data type to ipset Introduce packet mark support with new ip,mark hash set. This includes userspace and kernelspace code, hash:ip,mark set tests and man page updates. The intended use of ip,mark set is similar to the ip:port type, but for protocols which don't use a predictable port number. Instead of port number it matches a firewall mark determined by a layer 7 filtering program like opendpi. As well as allowing or blocking traffic it will also be used for accounting packets and bytes sent for each protocol. Signed-off-by: Jozsef Kadlecsik --- include/libipset/data.h | 2 ++ include/libipset/linux_ip_set.h | 1 + include/libipset/parse.h | 2 ++ include/libipset/print.h | 3 +++ 4 files changed, 8 insertions(+) (limited to 'include') diff --git a/include/libipset/data.h b/include/libipset/data.h index cbf30cc..ce6c4c6 100644 --- a/include/libipset/data.h +++ b/include/libipset/data.h @@ -22,6 +22,7 @@ enum ipset_opt { IPSET_OPT_IP_FROM = IPSET_OPT_IP, IPSET_OPT_IP_TO, IPSET_OPT_CIDR, + IPSET_OPT_MARK, IPSET_OPT_PORT, IPSET_OPT_PORT_FROM = IPSET_OPT_PORT, IPSET_OPT_PORT_TO, @@ -97,6 +98,7 @@ enum ipset_opt { (IPSET_FLAG(IPSET_OPT_IP) \ | IPSET_FLAG(IPSET_OPT_IP_TO) \ | IPSET_FLAG(IPSET_OPT_CIDR) \ + | IPSET_FLAG(IPSET_OPT_MARK) \ | IPSET_FLAG(IPSET_OPT_PORT) \ | IPSET_FLAG(IPSET_OPT_PORT_TO) \ | IPSET_FLAG(IPSET_OPT_TIMEOUT) \ diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h index 847bbff..c57f81e 100644 --- a/include/libipset/linux_ip_set.h +++ b/include/libipset/linux_ip_set.h @@ -83,6 +83,7 @@ enum { IPSET_ATTR_PROTO, /* 7 */ IPSET_ATTR_CADT_FLAGS, /* 8 */ IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */ + IPSET_ATTR_MARK, /* 10 */ /* Reserve empty slots */ IPSET_ATTR_CADT_MAX = 16, /* Create-only specific attributes */ diff --git a/include/libipset/parse.h b/include/libipset/parse.h index 5c46a88..55981f2 100644 --- a/include/libipset/parse.h +++ b/include/libipset/parse.h @@ -29,6 +29,8 @@ extern int ipset_parse_ether(struct ipset_session *session, extern int ipset_parse_port(struct ipset_session *session, enum ipset_opt opt, const char *str, const char *proto); +extern int ipset_parse_mark(struct ipset_session *session, + enum ipset_opt opt, const char *str); extern int ipset_parse_tcpudp_port(struct ipset_session *session, enum ipset_opt opt, const char *str, const char *proto); diff --git a/include/libipset/print.h b/include/libipset/print.h index f2a6095..b8fa709 100644 --- a/include/libipset/print.h +++ b/include/libipset/print.h @@ -37,6 +37,9 @@ extern int ipset_print_name(char *buf, unsigned int len, extern int ipset_print_port(char *buf, unsigned int len, const struct ipset_data *data, enum ipset_opt opt, uint8_t env); +extern int ipset_print_mark(char *buf, unsigned int len, + const struct ipset_data *data, + enum ipset_opt opt, uint8_t env); extern int ipset_print_iface(char *buf, unsigned int len, const struct ipset_data *data, enum ipset_opt opt, uint8_t env); -- cgit v1.2.3