From 14ea38fca9e40df4f172a573c222591b5f3cc241 Mon Sep 17 00:00:00 2001
From: Vytas Dauksa <vytas.dauksa@smoothwall.net>
Date: Tue, 17 Dec 2013 14:01:43 +0000
Subject: add hash:ip,mark data type to ipset

Introduce packet mark support with new ip,mark hash set. This includes
userspace and kernelspace code, hash:ip,mark set tests and man page
updates.

The intended use of ip,mark set is similar to the ip:port type, but for
protocols which don't use a predictable port number. Instead of port
number it matches a firewall mark determined by a layer 7 filtering
program like opendpi.

As well as allowing or blocking traffic it will also be used for
accounting packets and bytes sent for each protocol.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
 lib/parse.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'lib/parse.c')

diff --git a/lib/parse.c b/lib/parse.c
index 440ef8f..f1c1f0e 100644
--- a/lib/parse.c
+++ b/lib/parse.c
@@ -327,6 +327,36 @@ ipset_parse_port(struct ipset_session *session,
 	return err;
 }
 
+/**
+ * ipset_parse_mark - parse a mark
+ * @session: session structure
+ * @opt: option kind of the data
+ * @str: string to parse
+ *
+ * Parse string as a mark. The parsed mark number is
+ * stored in the data blob of the session.
+ *
+ * Returns 0 on success or a negative error code.
+ */
+int
+ipset_parse_mark(struct ipset_session *session,
+		 enum ipset_opt opt, const char *str)
+{
+	uint32_t mark;
+	int err;
+
+	assert(session);
+	assert(str);
+
+	if ((err = string_to_u32(session, str, &mark)) == 0)
+		err = ipset_session_data_set(session, opt, &mark);
+
+	if (!err)
+		/* No error, so reset false error messages! */
+		ipset_session_report_reset(session);
+	return err;
+}
+
 /**
  * ipset_parse_tcpudp_port - parse TCP/UDP port name, number, or range of them
  * @session: session structure
-- 
cgit v1.2.3