From 418a3a4f4d4e38abd1d691f81f2445590f02ecaf Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Mon, 30 May 2011 17:48:01 +0200 Subject: hash:net,iface type introduced The hash:net,iface type makes possible to store network address and interface name pairs in a set. It's mostly suitable for egress and ingress filtering. Examples: # ipset create test hash:net,iface # ipset add test 192.168.0.0/16,eth0 # ipset add test 192.168.0.0/24,eth1 --- include/libipset/data.h | 6 +++++- include/libipset/linux_ip_set.h | 3 +++ include/libipset/parse.h | 6 ++++-- include/libipset/print.h | 3 +++ 4 files changed, 15 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/libipset/data.h b/include/libipset/data.h index 8902ddf..7c7b5e1 100644 --- a/include/libipset/data.h +++ b/include/libipset/data.h @@ -46,11 +46,13 @@ enum ipset_opt { IPSET_OPT_CIDR2, IPSET_OPT_IP2_TO, IPSET_OPT_PROTO, + IPSET_OPT_IFACE, /* Swap/rename to */ IPSET_OPT_SETNAME2, /* Flags */ IPSET_OPT_EXIST, IPSET_OPT_BEFORE, + IPSET_OPT_PHYSDEV, /* Internal options */ IPSET_OPT_FLAGS = 48, /* IPSET_FLAG_EXIST| */ IPSET_OPT_CADT_FLAGS, /* IPSET_FLAG_BEFORE| */ @@ -96,8 +98,10 @@ enum ipset_opt { | IPSET_FLAG(IPSET_OPT_IP2) \ | IPSET_FLAG(IPSET_OPT_CIDR2) \ | IPSET_FLAG(IPSET_OPT_PROTO) \ + | IPSET_FLAG(IPSET_OPT_IFACE) \ | IPSET_FLAG(IPSET_OPT_CADT_FLAGS)\ - | IPSET_FLAG(IPSET_OPT_BEFORE)) + | IPSET_FLAG(IPSET_OPT_BEFORE) \ + | IPSET_FLAG(IPSET_OPT_PHYSDEV)) struct ipset_data; diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h index e88f6d5..fb4b69e 100644 --- a/include/libipset/linux_ip_set.h +++ b/include/libipset/linux_ip_set.h @@ -105,6 +105,7 @@ enum { IPSET_ATTR_IP2, IPSET_ATTR_CIDR2, IPSET_ATTR_IP2_TO, + IPSET_ATTR_IFACE, __IPSET_ATTR_ADT_MAX, }; #define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1) @@ -153,6 +154,8 @@ enum ipset_cmd_flags { enum ipset_cadt_flags { IPSET_FLAG_BIT_BEFORE = 0, IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE), + IPSET_FLAG_BIT_PHYSDEV = 1, + IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV), }; /* Commands with settype-specific attributes */ diff --git a/include/libipset/parse.h b/include/libipset/parse.h index bc96a6e..08f1089 100644 --- a/include/libipset/parse.h +++ b/include/libipset/parse.h @@ -80,6 +80,8 @@ extern int ipset_parse_flag(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_parse_typename(struct ipset_session *session, enum ipset_opt opt, const char *str); +extern int ipset_parse_iface(struct ipset_session *session, + enum ipset_opt opt, const char *str); extern int ipset_parse_output(struct ipset_session *session, int opt, const char *str); extern int ipset_parse_ignored(struct ipset_session *session, @@ -87,8 +89,8 @@ extern int ipset_parse_ignored(struct ipset_session *session, extern int ipset_parse_elem(struct ipset_session *session, enum ipset_opt opt, const char *str); extern int ipset_call_parser(struct ipset_session *session, - const struct ipset_arg *arg, - const char *str); + const struct ipset_arg *arg, + const char *str); /* Compatibility parser functions */ extern int ipset_parse_iptimeout(struct ipset_session *session, diff --git a/include/libipset/print.h b/include/libipset/print.h index 963b42e..a3f5b95 100644 --- a/include/libipset/print.h +++ b/include/libipset/print.h @@ -37,6 +37,9 @@ extern int ipset_print_name(char *buf, unsigned int len, extern int ipset_print_port(char *buf, unsigned int len, const struct ipset_data *data, enum ipset_opt opt, uint8_t env); +extern int ipset_print_iface(char *buf, unsigned int len, + const struct ipset_data *data, + enum ipset_opt opt, uint8_t env); extern int ipset_print_proto(char *buf, unsigned int len, const struct ipset_data *data, enum ipset_opt opt, uint8_t env); -- cgit v1.2.3