path: root/extensions/libxt_SET.c
Commit message (Collapse)AuthorAgeFilesLines
* xtables: SET target: Add mapping of meta informations (skbinfo ipset extension)Anton Danilov2014-09-141-5/+188
| | | | | | | | | | | | | | This feature add support of mapping metainformation to packets like nftables maps or ipfw tables. Currently we can map firewall mark, tc priority and hardware NIC queue. Usage of this functionality allowed only from mangle table. We can map tc priority only in OUTPUT/FORWARD/POSTROUTING chains because it rewrite by route decision. If entry doesn't exist in the set nothing of fields changed. Example of classify by destination address: iptables -t mangle -A POSTROUTING -o eth0 -j SET --map-set DST2CLASS dst --map-prio Signed-off-by: Anton Danilov <> Signed-off-by: Jozsef Kadlecsik <>
* libxt_set: put differing variable names in directlyJan Engelhardt2011-08-201-10/+3
| | | | Signed-off-by: Jan Engelhardt <>
* option: remove last traces of intrapositional negationJan Engelhardt2011-07-101-9/+0
| | | | | | Intrapositional negation was deprecated in 1.4.3. Signed-off-by: Jan Engelhardt <>
* SET target revision 2 addedJozsef Kadlecsik2011-04-171-35/+172
| | | | | | | | | The new revision of the SET target supports the following new operations - specifying the timeout value of the entry to be added - flag to instruct the kernel that if the entry already exists then reset the timeout value to the specified one (or to the default from the set definition)
* iptables: do not print trailing whitespacesJan Engelhardt2011-01-311-4/+2
| | | | | | | | | | | | | | | | | Due to the use of printf("foobar "), iptables emits spaces at the end-of-line, which looks odd to some users because it causes the terminal to wrap even if there is seemingly nothing to print. It may also have other points of annoyance, such as mailers interpreting a trailing space as an indicator that the paragraph continues when format=flowed is also on. And git highlights trailing spaces in red, so let's avoid :) Preexisting inconsistencies in outputting spaces in the right spot are also addressed right away. References: Signed-off-by: Jan Engelhardt <>
* Fix listing/saving the new revision of the SET targetJozsef Kadlecsik2011-01-211-1/+1
| | | | | Instead of the dimension of the set, the max dimension was used at listing/saving the src,dst parameters, which produced broken output.
* extensions: remove no longer necessary default: casesJan Engelhardt2011-01-081-6/+0
| | | | | | | Match and target parse functions now only get option characters they have defined themselves. Signed-off-by: Jan Engelhardt <>
* all: consistent syntax use in struct optionJan Engelhardt2010-07-231-3/+4
| | | | | | Try to inhibit copypasting old stuff. Signed-off-by: Jan Engelhardt <>
* libxt_set: new revision addedJozsef Kadlecsik2010-06-161-0/+286
libipt_set renamed to libxt_set and the support for the forthcoming ipset release added. I have tested backward (IPv4) and forward compatibility (IPv4/IPv6): ipset -N test iphash ipset -A test test-address iptables -N test-set iptables -A test-set -j LOG --log-prefix "match " iptables -A test-set -j DROP iptables -A OUTPUT -m set --match-set test dst -j test-set ping test-address