path: root/kernel/include/uapi
diff options
authorJozsef Kadlecsik <>2013-09-04 16:49:08 +0200
committerJozsef Kadlecsik <>2013-09-04 16:49:08 +0200
commite883bb17de2b69e7f3ae9b414915aebef477f383 (patch)
tree5d0899a9aa7498c44e89e5764c00641407b9729b /kernel/include/uapi
parent480761a3bdaa55bf8c966e4dab950ebf84775863 (diff)
Introduce new operation to get both setname and family
ip[6]tables set match and SET target need to know the family of the set in order to reject adding rules which refer to a set with a non-mathcing family. Currently such rules are silently accepted and then ignored instead of generating a clear error message to the user, which is not helpful.
Diffstat (limited to 'kernel/include/uapi')
1 files changed, 8 insertions, 0 deletions
diff --git a/kernel/include/uapi/linux/netfilter/ipset/ip_set.h b/kernel/include/uapi/linux/netfilter/ipset/ip_set.h
index 8024cdf..2b61ac4 100644
--- a/kernel/include/uapi/linux/netfilter/ipset/ip_set.h
+++ b/kernel/include/uapi/linux/netfilter/ipset/ip_set.h
@@ -250,6 +250,14 @@ struct ip_set_req_get_set {
#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */
/* Uses ip_set_req_get_set */
+#define IP_SET_OP_GET_FNAME 0x00000008 /* Get set index and family */
+struct ip_set_req_get_set_family {
+ unsigned int op;
+ unsigned int version;
+ unsigned int family;
+ union ip_set_name_index set;
#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */
struct ip_set_req_version {
unsigned int op;