diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-09-10 21:22:23 +0200 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2012-09-10 21:22:23 +0200 |
commit | b60b8e0e3a1dfbe664d693512d978e2cd1880704 (patch) | |
tree | 604298698f667ef0ed2ea01f8cb5c513b6f27b62 /lib | |
parent | 042c9bfdea212750a86601007a589f4df9fa3a5e (diff) |
Add /0 network support to hash:net,iface type
Now it is possible to setup a single hash:net,iface type of set and
a single ip6?tables match which covers all egress/ingress filtering.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ipset_hash_netiface.c | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/lib/ipset_hash_netiface.c b/lib/ipset_hash_netiface.c index bc6aa3d..298ce2a 100644 --- a/lib/ipset_hash_netiface.c +++ b/lib/ipset_hash_netiface.c @@ -200,9 +200,67 @@ static struct ipset_type ipset_hash_netiface1 = { .usage = hash_netiface1_usage, }; +static struct ipset_type ipset_hash_netiface2 = { + .name = "hash:net,iface", + .alias = { "netifacehash", NULL }, + .revision = 2, + .family = NFPROTO_IPSET_IPV46, + .dimension = IPSET_DIM_TWO, + .elem = { + [IPSET_DIM_ONE - 1] = { + .parse = ipset_parse_ip4_net6, + .print = ipset_print_ip, + .opt = IPSET_OPT_IP + }, + [IPSET_DIM_TWO - 1] = { + .parse = ipset_parse_iface, + .print = ipset_print_iface, + .opt = IPSET_OPT_IFACE + }, + }, + .args = { + [IPSET_CREATE] = hash_netiface_create_args, + [IPSET_ADD] = hash_netiface1_add_args, + }, + .mandatory = { + [IPSET_CREATE] = 0, + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IFACE), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IFACE), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_IFACE), + }, + .full = { + [IPSET_CREATE] = IPSET_FLAG(IPSET_OPT_HASHSIZE) + | IPSET_FLAG(IPSET_OPT_MAXELEM) + | IPSET_FLAG(IPSET_OPT_TIMEOUT), + [IPSET_ADD] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_IFACE) + | IPSET_FLAG(IPSET_OPT_PHYSDEV) + | IPSET_FLAG(IPSET_OPT_TIMEOUT) + | IPSET_FLAG(IPSET_OPT_NOMATCH), + [IPSET_DEL] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_IFACE) + | IPSET_FLAG(IPSET_OPT_PHYSDEV), + [IPSET_TEST] = IPSET_FLAG(IPSET_OPT_IP) + | IPSET_FLAG(IPSET_OPT_CIDR) + | IPSET_FLAG(IPSET_OPT_IP_TO) + | IPSET_FLAG(IPSET_OPT_IFACE) + | IPSET_FLAG(IPSET_OPT_PHYSDEV), + }, + + .usage = hash_netiface1_usage, +}; + void _init(void); void _init(void) { ipset_type_add(&ipset_hash_netiface0); ipset_type_add(&ipset_hash_netiface1); + ipset_type_add(&ipset_hash_netiface2); } |