diff options
| author | Vytas Dauksa <vytas.dauksa@smoothwall.net> | 2013-12-17 09:01:43 -0500 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2014-03-06 03:31:42 -0500 |
| commit | 3b02b56cd5988d569731f6c0c26992296e46b758 (patch) | |
| tree | fc2af4bd9de189edc2a374816d8920a897f4da4d /include/uapi | |
| parent | 9562cf28d1b48d0545d7b5dd2995d00b45e1cb53 (diff) | |
netfilter: ipset: add hash:ip,mark data type to ipset
Introduce packet mark support with new ip,mark hash set. This includes
userspace and kernelspace code, hash:ip,mark set tests and man page
updates.
The intended use of ip,mark set is similar to the ip:port type, but for
protocols which don't use a predictable port number. Instead of port
number it matches a firewall mark determined by a layer 7 filtering
program like opendpi.
As well as allowing or blocking traffic it will also be used for
accounting packets and bytes sent for each protocol.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'include/uapi')
| -rw-r--r-- | include/uapi/linux/netfilter/ipset/ip_set.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/ipset/ip_set.h b/include/uapi/linux/netfilter/ipset/ip_set.h index 25d3b2f79c02..5368f8275774 100644 --- a/include/uapi/linux/netfilter/ipset/ip_set.h +++ b/include/uapi/linux/netfilter/ipset/ip_set.h | |||
| @@ -82,6 +82,7 @@ enum { | |||
| 82 | IPSET_ATTR_PROTO, /* 7 */ | 82 | IPSET_ATTR_PROTO, /* 7 */ |
| 83 | IPSET_ATTR_CADT_FLAGS, /* 8 */ | 83 | IPSET_ATTR_CADT_FLAGS, /* 8 */ |
| 84 | IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */ | 84 | IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */ |
| 85 | IPSET_ATTR_MARK, /* 10 */ | ||
| 85 | /* Reserve empty slots */ | 86 | /* Reserve empty slots */ |
| 86 | IPSET_ATTR_CADT_MAX = 16, | 87 | IPSET_ATTR_CADT_MAX = 16, |
| 87 | /* Create-only specific attributes */ | 88 | /* Create-only specific attributes */ |