diff options
| author |   Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-09-30 07:57:18 +0200 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2013-09-30 21:33:26 +0200 |
| commit | 5e04c0c38c90f1f11a0e87800e4c22d4aba1d733 (patch) | |
| tree | 8b8f3229e3934a0c0ff49ba12ea59899d944fe55 /include/uapi/linux/netfilter/ipset | |
| parent | netfilter: ipset: order matches and targets separatedly in xt_set.c (diff) | |
| download | wireguard-linux-5e04c0c38c90f1f11a0e87800e4c22d4aba1d733.tar.xz wireguard-linux-5e04c0c38c90f1f11a0e87800e4c22d4aba1d733.zip | |
netfilter: ipset: Introduce new operation to get both setname and family
ip[6]tables set match and SET target need to know the family of the set
in order to reject adding rules which refer to a set with a non-mathcing
family. Currently such rules are silently accepted and then ignored
instead of generating a clear error message to the user, which is not
helpful.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'include/uapi/linux/netfilter/ipset')
| -rw-r--r-- | include/uapi/linux/netfilter/ipset/ip_set.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/ipset/ip_set.h b/include/uapi/linux/netfilter/ipset/ip_set.h index 8024cdf13b70..2b61ac44dcc1 100644 --- a/include/uapi/linux/netfilter/ipset/ip_set.h +++ b/include/uapi/linux/netfilter/ipset/ip_set.h @@ -250,6 +250,14 @@ struct ip_set_req_get_set { #define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */ /* Uses ip_set_req_get_set */ +#define IP_SET_OP_GET_FNAME 0x00000008 /* Get set index and family */ +struct ip_set_req_get_set_family { + unsigned int op; + unsigned int version; + unsigned int family; + union ip_set_name_index set; +}; + #define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */ struct ip_set_req_version { unsigned int op; |