summaryrefslogtreecommitdiffstats
path: root/include/libipset
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2011-05-30 17:48:01 +0200
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2011-05-30 21:30:10 +0200
commit418a3a4f4d4e38abd1d691f81f2445590f02ecaf (patch)
treea41ed16b366c854786eea8f3da5c80fa50636dc6 /include/libipset
parent4e21d6b5ce623f7601a872b94f3b88105356e2d3 (diff)
hash:net,iface type introduced
The hash:net,iface type makes possible to store network address and interface name pairs in a set. It's mostly suitable for egress and ingress filtering. Examples: # ipset create test hash:net,iface # ipset add test 192.168.0.0/16,eth0 # ipset add test 192.168.0.0/24,eth1
Diffstat (limited to 'include/libipset')
-rw-r--r--include/libipset/data.h6
-rw-r--r--include/libipset/linux_ip_set.h3
-rw-r--r--include/libipset/parse.h6
-rw-r--r--include/libipset/print.h3
4 files changed, 15 insertions, 3 deletions
diff --git a/include/libipset/data.h b/include/libipset/data.h
index 8902ddf..7c7b5e1 100644
--- a/include/libipset/data.h
+++ b/include/libipset/data.h
@@ -46,11 +46,13 @@ enum ipset_opt {
IPSET_OPT_CIDR2,
IPSET_OPT_IP2_TO,
IPSET_OPT_PROTO,
+ IPSET_OPT_IFACE,
/* Swap/rename to */
IPSET_OPT_SETNAME2,
/* Flags */
IPSET_OPT_EXIST,
IPSET_OPT_BEFORE,
+ IPSET_OPT_PHYSDEV,
/* Internal options */
IPSET_OPT_FLAGS = 48, /* IPSET_FLAG_EXIST| */
IPSET_OPT_CADT_FLAGS, /* IPSET_FLAG_BEFORE| */
@@ -96,8 +98,10 @@ enum ipset_opt {
| IPSET_FLAG(IPSET_OPT_IP2) \
| IPSET_FLAG(IPSET_OPT_CIDR2) \
| IPSET_FLAG(IPSET_OPT_PROTO) \
+ | IPSET_FLAG(IPSET_OPT_IFACE) \
| IPSET_FLAG(IPSET_OPT_CADT_FLAGS)\
- | IPSET_FLAG(IPSET_OPT_BEFORE))
+ | IPSET_FLAG(IPSET_OPT_BEFORE) \
+ | IPSET_FLAG(IPSET_OPT_PHYSDEV))
struct ipset_data;
diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h
index e88f6d5..fb4b69e 100644
--- a/include/libipset/linux_ip_set.h
+++ b/include/libipset/linux_ip_set.h
@@ -105,6 +105,7 @@ enum {
IPSET_ATTR_IP2,
IPSET_ATTR_CIDR2,
IPSET_ATTR_IP2_TO,
+ IPSET_ATTR_IFACE,
__IPSET_ATTR_ADT_MAX,
};
#define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1)
@@ -153,6 +154,8 @@ enum ipset_cmd_flags {
enum ipset_cadt_flags {
IPSET_FLAG_BIT_BEFORE = 0,
IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE),
+ IPSET_FLAG_BIT_PHYSDEV = 1,
+ IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV),
};
/* Commands with settype-specific attributes */
diff --git a/include/libipset/parse.h b/include/libipset/parse.h
index bc96a6e..08f1089 100644
--- a/include/libipset/parse.h
+++ b/include/libipset/parse.h
@@ -80,6 +80,8 @@ extern int ipset_parse_flag(struct ipset_session *session,
enum ipset_opt opt, const char *str);
extern int ipset_parse_typename(struct ipset_session *session,
enum ipset_opt opt, const char *str);
+extern int ipset_parse_iface(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
extern int ipset_parse_output(struct ipset_session *session,
int opt, const char *str);
extern int ipset_parse_ignored(struct ipset_session *session,
@@ -87,8 +89,8 @@ extern int ipset_parse_ignored(struct ipset_session *session,
extern int ipset_parse_elem(struct ipset_session *session,
enum ipset_opt opt, const char *str);
extern int ipset_call_parser(struct ipset_session *session,
- const struct ipset_arg *arg,
- const char *str);
+ const struct ipset_arg *arg,
+ const char *str);
/* Compatibility parser functions */
extern int ipset_parse_iptimeout(struct ipset_session *session,
diff --git a/include/libipset/print.h b/include/libipset/print.h
index 963b42e..a3f5b95 100644
--- a/include/libipset/print.h
+++ b/include/libipset/print.h
@@ -37,6 +37,9 @@ extern int ipset_print_name(char *buf, unsigned int len,
extern int ipset_print_port(char *buf, unsigned int len,
const struct ipset_data *data,
enum ipset_opt opt, uint8_t env);
+extern int ipset_print_iface(char *buf, unsigned int len,
+ const struct ipset_data *data,
+ enum ipset_opt opt, uint8_t env);
extern int ipset_print_proto(char *buf, unsigned int len,
const struct ipset_data *data,
enum ipset_opt opt, uint8_t env);