diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-09-04 16:49:08 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-09-04 16:49:08 +0200 |
commit | e883bb17de2b69e7f3ae9b414915aebef477f383 (patch) | |
tree | 5d0899a9aa7498c44e89e5764c00641407b9729b /kernel/include/uapi | |
parent | 480761a3bdaa55bf8c966e4dab950ebf84775863 (diff) |
Introduce new operation to get both setname and family
ip[6]tables set match and SET target need to know the family of the set
in order to reject adding rules which refer to a set with a non-mathcing
family. Currently such rules are silently accepted and then ignored
instead of generating a clear error message to the user, which is not
helpful.
Diffstat (limited to 'kernel/include/uapi')
-rw-r--r-- | kernel/include/uapi/linux/netfilter/ipset/ip_set.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/kernel/include/uapi/linux/netfilter/ipset/ip_set.h b/kernel/include/uapi/linux/netfilter/ipset/ip_set.h index 8024cdf..2b61ac4 100644 --- a/kernel/include/uapi/linux/netfilter/ipset/ip_set.h +++ b/kernel/include/uapi/linux/netfilter/ipset/ip_set.h @@ -250,6 +250,14 @@ struct ip_set_req_get_set { #define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */ /* Uses ip_set_req_get_set */ +#define IP_SET_OP_GET_FNAME 0x00000008 /* Get set index and family */ +struct ip_set_req_get_set_family { + unsigned int op; + unsigned int version; + unsigned int family; + union ip_set_name_index set; +}; + #define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */ struct ip_set_req_version { unsigned int op; |