From 14ea38fca9e40df4f172a573c222591b5f3cc241 Mon Sep 17 00:00:00 2001 From: Vytas Dauksa Date: Tue, 17 Dec 2013 14:01:43 +0000 Subject: add hash:ip,mark data type to ipset Introduce packet mark support with new ip,mark hash set. This includes userspace and kernelspace code, hash:ip,mark set tests and man page updates. The intended use of ip,mark set is similar to the ip:port type, but for protocols which don't use a predictable port number. Instead of port number it matches a firewall mark determined by a layer 7 filtering program like opendpi. As well as allowing or blocking traffic it will also be used for accounting packets and bytes sent for each protocol. Signed-off-by: Jozsef Kadlecsik --- lib/data.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lib/data.c') diff --git a/lib/data.c b/lib/data.c index ba4ed57..1f74cd5 100644 --- a/lib/data.c +++ b/lib/data.c @@ -41,6 +41,7 @@ struct ipset_data { uint32_t timeout; union nf_inet_addr ip; union nf_inet_addr ip_to; + uint32_t mark; uint16_t port; uint16_t port_to; union { @@ -264,6 +265,9 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value) case IPSET_OPT_CIDR: data->cidr = *(const uint8_t *) value; break; + case IPSET_OPT_MARK: + data->mark = *(const uint32_t *) value; + break; case IPSET_OPT_PORT: data->port = *(const uint16_t *) value; break; @@ -448,6 +452,8 @@ ipset_data_get(const struct ipset_data *data, enum ipset_opt opt) return &data->ip_to; case IPSET_OPT_CIDR: return &data->cidr; + case IPSET_OPT_MARK: + return &data->mark; case IPSET_OPT_PORT: return &data->port; case IPSET_OPT_PORT_TO: @@ -542,6 +548,8 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family) case IPSET_OPT_IP2_TO: return family == NFPROTO_IPV4 ? sizeof(uint32_t) : sizeof(struct in6_addr); + case IPSET_OPT_MARK: + return sizeof(uint32_t); case IPSET_OPT_PORT: case IPSET_OPT_PORT_TO: return sizeof(uint16_t); -- cgit v1.2.3