From 418a3a4f4d4e38abd1d691f81f2445590f02ecaf Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Mon, 30 May 2011 17:48:01 +0200
Subject: hash:net,iface type introduced

The hash:net,iface type makes possible to store network address and
interface name pairs in a set. It's mostly suitable for egress
and ingress filtering. Examples:

	# ipset create test hash:net,iface
	# ipset add test 192.168.0.0/16,eth0
	# ipset add test 192.168.0.0/24,eth1
---
 lib/data.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'lib/data.c')

diff --git a/lib/data.c b/lib/data.c
index 1541728..9663efb 100644
--- a/lib/data.c
+++ b/lib/data.c
@@ -7,6 +7,7 @@
 #include <assert.h>				/* assert */
 #include <arpa/inet.h>				/* ntoh* */
 #include <net/ethernet.h>			/* ETH_ALEN */
+#include <net/if.h>				/* IFNAMSIZ */
 #include <sys/socket.h>				/* AF_ */
 #include <stdlib.h>				/* malloc, free */
 #include <string.h>				/* memset */
@@ -72,6 +73,7 @@ struct ipset_data {
 			char ether[ETH_ALEN];
 			char name[IPSET_MAXNAMELEN];
 			char nameref[IPSET_MAXNAMELEN];
+			char iface[IFNAMSIZ];
 		} adt;
 	};
 };
@@ -301,6 +303,9 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value)
 	case IPSET_OPT_PROTO:
 		data->adt.proto = *(const uint8_t *) value;
 		break;
+	case IPSET_OPT_IFACE:
+		ipset_strlcpy(data->adt.iface, value, IFNAMSIZ);
+		break;
 	/* Swap/rename */
 	case IPSET_OPT_SETNAME2:
 		ipset_strlcpy(data->setname2, value, IPSET_MAXNAMELEN);
@@ -312,6 +317,9 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value)
 	case IPSET_OPT_BEFORE:
 		cadt_flag_type_attr(data, opt, IPSET_FLAG_BEFORE);
 		break;
+	case IPSET_OPT_PHYSDEV:
+		cadt_flag_type_attr(data, opt, IPSET_FLAG_PHYSDEV);
+		break;
 	case IPSET_OPT_FLAGS:
 		data->flags = *(const uint32_t *)value;
 		break;
@@ -413,6 +421,8 @@ ipset_data_get(const struct ipset_data *data, enum ipset_opt opt)
 		return &data->adt.cidr2;
 	case IPSET_OPT_PROTO:
 		return &data->adt.proto;
+	case IPSET_OPT_IFACE:
+		return &data->adt.iface;
 	/* Swap/rename */
 	case IPSET_OPT_SETNAME2:
 		return data->setname2;
@@ -422,6 +432,7 @@ ipset_data_get(const struct ipset_data *data, enum ipset_opt opt)
 		return &data->flags;
 	case IPSET_OPT_CADT_FLAGS:
 	case IPSET_OPT_BEFORE:
+	case IPSET_OPT_PHYSDEV:
 		return &data->cadt_flags;
 	default:
 		return NULL;
@@ -472,8 +483,9 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family)
 		return sizeof(uint8_t);
 	case IPSET_OPT_ETHER:
 		return ETH_ALEN;
-	/* Flags counted once */
+	/* Flags doesn't counted once :-( */
 	case IPSET_OPT_BEFORE:
+	case IPSET_OPT_PHYSDEV:
 		return sizeof(uint32_t);
 	default:
 		return 0;
-- 
cgit v1.2.3