diff options
| author |   Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2018-10-27 15:07:40 +0200 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2018-10-27 15:49:09 +0200 |
| commit | 23c42a403a9cfdbad6004a556c927be7dd61a8ee (patch) | |
| tree | 493496f1ee72d720eb942252809444752fd8649c /include/linux/netfilter | |
| parent | netfilter: ipset: Make invalid MAC address checks consistent (diff) | |
| download | linux-dev-23c42a403a9cfdbad6004a556c927be7dd61a8ee.tar.xz linux-dev-23c42a403a9cfdbad6004a556c927be7dd61a8ee.zip | |
netfilter: ipset: Introduction of new commands and protocol version 7
Two new commands (IPSET_CMD_GET_BYNAME, IPSET_CMD_GET_BYINDEX) are
introduced. The new commands makes possible to eliminate the getsockopt
operation (in iptables set/SET match/target) and thus use only netlink
communication between userspace and kernel for ipset. With the new
protocol version, userspace can exactly know which functionality is
supported by the running kernel.
Both the kernel and userspace is fully backward compatible.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'include/linux/netfilter')
| -rw-r--r-- | include/linux/netfilter/ipset/ip_set.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h index 34fc80f3eb90..c4ce07402c24 100644 --- a/include/linux/netfilter/ipset/ip_set.h +++ b/include/linux/netfilter/ipset/ip_set.h @@ -303,11 +303,11 @@ ip_set_put_flags(struct sk_buff *skb, struct ip_set *set) /* Netlink CB args */ enum { IPSET_CB_NET = 0, /* net namespace */ + IPSET_CB_PROTO, /* ipset protocol */ IPSET_CB_DUMP, /* dump single set/all sets */ IPSET_CB_INDEX, /* set index */ IPSET_CB_PRIVATE, /* set private data */ IPSET_CB_ARG0, /* type specific */ - IPSET_CB_ARG1, }; /* register and unregister set references */ |