diff options
author | Vytas Dauksa <vytas.dauksa@smoothwall.net> | 2013-12-17 14:01:43 +0000 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2014-01-08 21:02:54 +0100 |
commit | 14ea38fca9e40df4f172a573c222591b5f3cc241 (patch) | |
tree | 5f0e1cd46a19bbb6b54de73494971c35f4c329ae /tests/hash:ip6,mark.t.list0 | |
parent | 8a88bdf50b448e221a8b0b6a5c8446ebafcefa19 (diff) |
add hash:ip,mark data type to ipset
Introduce packet mark support with new ip,mark hash set. This includes
userspace and kernelspace code, hash:ip,mark set tests and man page
updates.
The intended use of ip,mark set is similar to the ip:port type, but for
protocols which don't use a predictable port number. Instead of port
number it matches a firewall mark determined by a layer 7 filtering
program like opendpi.
As well as allowing or blocking traffic it will also be used for
accounting packets and bytes sent for each protocol.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'tests/hash:ip6,mark.t.list0')
-rw-r--r-- | tests/hash:ip6,mark.t.list0 | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/tests/hash:ip6,mark.t.list0 b/tests/hash:ip6,mark.t.list0 new file mode 100644 index 0000000..3ddc56a --- /dev/null +++ b/tests/hash:ip6,mark.t.list0 @@ -0,0 +1,10 @@ +Name: test +Type: hash:ip,mark +Header: family inet6 hashsize 1024 maxelem 65536 timeout x +Size in memory: 9316 +References: 0 +Members: +2:1::,128 timeout x +2:1::1,128 timeout x +2::,5 timeout x +2::1,5 timeout x |