From 14ea38fca9e40df4f172a573c222591b5f3cc241 Mon Sep 17 00:00:00 2001
From: Vytas Dauksa <vytas.dauksa@smoothwall.net>
Date: Tue, 17 Dec 2013 14:01:43 +0000
Subject: add hash:ip,mark data type to ipset

Introduce packet mark support with new ip,mark hash set. This includes
userspace and kernelspace code, hash:ip,mark set tests and man page
updates.

The intended use of ip,mark set is similar to the ip:port type, but for
protocols which don't use a predictable port number. Instead of port
number it matches a firewall mark determined by a layer 7 filtering
program like opendpi.

As well as allowing or blocking traffic it will also be used for
accounting packets and bytes sent for each protocol.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
 lib/session.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'lib/session.c')

diff --git a/lib/session.c b/lib/session.c
index 6f89281..cf65960 100644
--- a/lib/session.c
+++ b/lib/session.c
@@ -424,6 +424,10 @@ static const struct ipset_attr_policy adt_attrs[] = {
 		.type = MNL_TYPE_U8,
 		.opt = IPSET_OPT_CIDR,
 	},
+	[IPSET_ATTR_MARK] = {
+		.type = MNL_TYPE_U32,
+		.opt = IPSET_OPT_MARK,
+	},
 	[IPSET_ATTR_PORT] = {
 		.type = MNL_TYPE_U16,
 		.opt = IPSET_OPT_PORT,
-- 
cgit v1.2.3