summaryrefslogtreecommitdiffstats
path: root/kernel/include/uapi/linux/netfilter/ipset/ip_set.h
Commit message (Collapse)AuthorAgeFilesLines
* Prepare the kernel for create option flags when no extension is neededJozsef Kadlecsik2014-02-131-0/+6
|
* add markmask for hash:ip,mark data typeVytas Dauksa2014-01-231-0/+2
| | | | | | | | | Introduce packet mark mask for hash:ip,mark data type. This allows to set mark bit filter for the ip set. Change-Id: Id8dd9ca7e64477c4f7b022a1d9c1a5b187f1c96e Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* add hash:ip,mark data type to ipsetVytas Dauksa2014-01-081-0/+1
| | | | | | | | | | | | | | | | Introduce packet mark support with new ip,mark hash set. This includes userspace and kernelspace code, hash:ip,mark set tests and man page updates. The intended use of ip,mark set is similar to the ip:port type, but for protocols which don't use a predictable port number. Instead of port number it matches a firewall mark determined by a layer 7 filtering program like opendpi. As well as allowing or blocking traffic it will also be used for accounting packets and bytes sent for each protocol. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* ipset: Support comments in the userspace library.Oliver Smith2013-09-231-0/+3
| | | | | | | | | This adds support to the userspace portion of ipset for handling ipsets with the comment extension enabled. The library revision has been raised accordingly. Signed-off-by: Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* netfilter: ipset: Support comments for ipset entries in the core.Oliver Smith2013-09-231-0/+4
| | | | | | | | | | | | | This adds the core support for having comments on ipset entries. The comments are stored as standard null-terminated strings in dynamically allocated memory after being passed to the kernel. As a result of this, code has been added to the generic destroy function to iterate all extensions and call that extension's destroy task if the set has that extension activated, and if such a task is defined. Signed-off-by: Oliver Smith <oliver@8.c.9.b.0.7.4.0.1.0.0.2.ip6.arpa> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Introduce new operation to get both setname and familyJozsef Kadlecsik2013-09-041-0/+8
| | | | | | | | ip[6]tables set match and SET target need to know the family of the set in order to reject adding rules which refer to a set with a non-mathcing family. Currently such rules are silently accepted and then ignored instead of generating a clear error message to the user, which is not helpful.
* set match: add support to match the countersJozsef Kadlecsik2013-04-091-4/+27
| | | | | | | | | | The new revision of the set match supports to match the counters and to suppress updating the counters at matching too. At the set:list types, the updating of the subcounters can be suppressed as well. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* Introduce the counter extension in the coreJozsef Kadlecsik2013-04-091-0/+5
| | | | Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
* The uapi include split in the package itselfJozsef Kadlecsik2013-04-091-0/+231
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>