diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-09-04 17:43:49 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-11-18 18:47:32 +0100 |
commit | cf1f03f8f3cf2db577a9ddee254cc7f886129d18 (patch) | |
tree | 6c9c40726b8a428b217af6c7e89fc18d4040a8fc /include/linux | |
parent | 9e6928f037823773a37630dec5a764455dcea6fb (diff) |
extensions: libxt_set, libxt_SET: check the set family too
Do not accept silently sets with wrong protocol family but reject
them with an error message. It makes straightforward to catch user
errors.
[ Use afinfo instead to avoid a binary interface update --pablo ]
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/netfilter/ipset/ip_set.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h index eb9123e6..0dcf5ddf 100644 --- a/include/linux/netfilter/ipset/ip_set.h +++ b/include/linux/netfilter/ipset/ip_set.h @@ -250,6 +250,15 @@ struct ip_set_req_get_set { #define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */ /* Uses ip_set_req_get_set */ +#define IP_SET_OP_GET_FNAME 0x00000008 /* Get set index and family */ +struct ip_set_req_get_set_family { + unsigned int op; + unsigned int version; + unsigned int family; + union ip_set_name_index set; +}; + + #define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */ struct ip_set_req_version { unsigned int op; |