diff options
| author |   Vytas Dauksa <vytas.dauksa@smoothwall.net> | 2013-12-17 14:01:43 +0000 |
|---|---|---|
| committer |   Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2014-03-06 09:31:42 +0100 |
| commit | 3b02b56cd5988d569731f6c0c26992296e46b758 (patch) | |
| tree | fc2af4bd9de189edc2a374816d8920a897f4da4d /include/uapi/linux/netfilter/ipset | |
| parent | netfilter: ipset: Add hash: fix coccinelle warnings (diff) | |
| download | wireguard-linux-3b02b56cd5988d569731f6c0c26992296e46b758.tar.xz wireguard-linux-3b02b56cd5988d569731f6c0c26992296e46b758.zip | |
netfilter: ipset: add hash:ip,mark data type to ipset
Introduce packet mark support with new ip,mark hash set. This includes
userspace and kernelspace code, hash:ip,mark set tests and man page
updates.
The intended use of ip,mark set is similar to the ip:port type, but for
protocols which don't use a predictable port number. Instead of port
number it matches a firewall mark determined by a layer 7 filtering
program like opendpi.
As well as allowing or blocking traffic it will also be used for
accounting packets and bytes sent for each protocol.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'include/uapi/linux/netfilter/ipset')
| -rw-r--r-- | include/uapi/linux/netfilter/ipset/ip_set.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/ipset/ip_set.h b/include/uapi/linux/netfilter/ipset/ip_set.h index 25d3b2f79c02..5368f8275774 100644 --- a/include/uapi/linux/netfilter/ipset/ip_set.h +++ b/include/uapi/linux/netfilter/ipset/ip_set.h @@ -82,6 +82,7 @@ enum { IPSET_ATTR_PROTO, /* 7 */ IPSET_ATTR_CADT_FLAGS, /* 8 */ IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */ + IPSET_ATTR_MARK, /* 10 */ /* Reserve empty slots */ IPSET_ATTR_CADT_MAX = 16, /* Create-only specific attributes */ |