Patchwork [v2,2/3] ipset: change 'iface' part in hash:net,iface set

login
register
mail settings
Submitter Mr Dash Four
Date July 9, 2012, 10:23 p.m.
Message ID <1341872622-5015-1-git-send-email-mr.dash.four@googlemail.com>
Download mbox | patch
Permalink /patch/169972/
State Not Applicable
Headers show

Comments

Mr Dash Four - July 9, 2012, 10:23 p.m.
Userspace changes to ipset, allowing 'in' and 'out' values to be
specified for the 'iface' part of hash:net,iface type sets only.

Man page updated accordingly. This patch also makes some minor
corrections to the contents of that man page.

Signed-off-by: Mr Dash Four <mr.dash.four@googlemail.com>
---
 include/libipset/linux_ip_set.h |    5 +++++
 src/ipset.8                     |   11 +++--------
 2 files changed, 8 insertions(+), 8 deletions(-)
Jozsef Kadlecsik - July 10, 2012, 3:35 p.m.
On Mon, 9 Jul 2012, Mr Dash Four wrote:

> Userspace changes to ipset, allowing 'in' and 'out' values to be
> specified for the 'iface' part of hash:net,iface type sets only.
> 
> Man page updated accordingly. This patch also makes some minor
> corrections to the contents of that man page.
> 
> Signed-off-by: Mr Dash Four <mr.dash.four@googlemail.com>
> ---
>  include/libipset/linux_ip_set.h |    5 +++++
>  src/ipset.8                     |   11 +++--------
>  2 files changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h
> index 008da06..8f2bd95 100644
> --- a/include/libipset/linux_ip_set.h
> +++ b/include/libipset/linux_ip_set.h
> @@ -190,6 +190,10 @@ enum ip_set_dim {
>  	 * If changed, new revision of iptables match/target is required.
>  	 */
>  	IPSET_DIM_MAX = 6,
> +	/* 
> +	 * Indicates whether the new 'iface' format (in/out) has been used.
> +	 */
> +	IPSET_DIM_IFACE = 7, 
>  };

It's not a dimension, please give it some other name,
like IPSET_IFACE_INOUT_FLAG.
  
>  /* Option flags for kernel operations */
> @@ -198,6 +202,7 @@ enum ip_set_kopt {
>  	IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
>  	IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
>  	IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
> +	IPSET_DIM_IFACE_INOUT = (1 << IPSET_DIM_IFACE),
>  };

Here too, rename it.
  
>  #endif /* __IP_SET_H */
> diff --git a/src/ipset.8 b/src/ipset.8
> index bbad680..8d5f69c 100644
> --- a/src/ipset.8
> +++ b/src/ipset.8
> @@ -798,12 +798,7 @@ addresses  to the set by the \fBSET\fR netfilter target, it  will  be
>  added/deleted by the most specific prefix which can be found in  the
>  set, or by the host prefix value if the set is empty.
>  .PP 
> -The second direction parameter of the \fBset\fR match and
> -\fBSET\fR target modules corresponds to the incoming/outgoing interface:
> -\fBsrc\fR to the incoming one (similar to the \fB\-i\fR flag of iptables), while
> -\fBdst\fR to the outgoing one (similar to the \fB\-o\fR flag of iptables). When
> -the interface is flagged with \fBphysdev:\fR, the interface is interpreted
> -as the incoming/outgoing bridge port.
> +The second direction parameter of the \fBset\fR match and \fBSET\fR target modules corresponds to the incoming/outgoing interface: \fBin\fR for the incoming, \fBout\fR for the outgoing interface, consistent with their appropriate flags in netfilter/iptables. The format used in prior versions of ipset is also supported: \fBsrc\fR indicating the incoming and \fBdst\fR the outgoing interface respectively. If the interface value is preceded with \fBphysdev:\fR, the interface is then interpreted as bridge port.

Break the long lines, in all of your manpage modifications.

>  .PP 
>  The lookup time grows linearly with the number of the different prefix
>  values added to the set.
> @@ -840,7 +835,7 @@ Optional \fBcreate\fR options:
>  \fBsize\fR \fIvalue\fR
>  The size of the list, the default is 8.
>  .PP 
> -By the \fBipset\fR commad you  can add, delete and test set names in a
> +With the \fBipset\fR command you  can add, delete and test set names in a
>  \fBlist:set\fR type of set.
>  .PP 
>  By the \fBset\fR match or \fBSET\fR target of netfilter
> @@ -861,7 +856,7 @@ and add src to the first single or src,dst to the first double data storage set
>  in \fIb\fR to which the entry can be added. You can imagine a \fBlist:set\fR
>  type of set as an ordered union of the set elements. 
>  .PP 
> -Please note: by the \fBipset\fR commad you can add, delete and \fBtest\fR
> +Please note: with the \fBipset\fR command you can add, delete and \fBtest\fR
>  the setnames in a \fBlist:set\fR type of set, and \fBnot\fR the presence of
>  a set's member (such as an IP address).
>  .SH "GENERAL RESTRICTIONS"
> -- 
> 1.7.10.4

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
          H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h
index 008da06..8f2bd95 100644
--- a/include/libipset/linux_ip_set.h
+++ b/include/libipset/linux_ip_set.h
@@ -190,6 +190,10 @@  enum ip_set_dim {
 	 * If changed, new revision of iptables match/target is required.
 	 */
 	IPSET_DIM_MAX = 6,
+	/* 
+	 * Indicates whether the new 'iface' format (in/out) has been used.
+	 */
+	IPSET_DIM_IFACE = 7, 
 };
 
 /* Option flags for kernel operations */
@@ -198,6 +202,7 @@  enum ip_set_kopt {
 	IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
 	IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
 	IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
+	IPSET_DIM_IFACE_INOUT = (1 << IPSET_DIM_IFACE),
 };
 
 #endif /* __IP_SET_H */
diff --git a/src/ipset.8 b/src/ipset.8
index bbad680..8d5f69c 100644
--- a/src/ipset.8
+++ b/src/ipset.8
@@ -798,12 +798,7 @@  addresses  to the set by the \fBSET\fR netfilter target, it  will  be
 added/deleted by the most specific prefix which can be found in  the
 set, or by the host prefix value if the set is empty.
 .PP 
-The second direction parameter of the \fBset\fR match and
-\fBSET\fR target modules corresponds to the incoming/outgoing interface:
-\fBsrc\fR to the incoming one (similar to the \fB\-i\fR flag of iptables), while
-\fBdst\fR to the outgoing one (similar to the \fB\-o\fR flag of iptables). When
-the interface is flagged with \fBphysdev:\fR, the interface is interpreted
-as the incoming/outgoing bridge port.
+The second direction parameter of the \fBset\fR match and \fBSET\fR target modules corresponds to the incoming/outgoing interface: \fBin\fR for the incoming, \fBout\fR for the outgoing interface, consistent with their appropriate flags in netfilter/iptables. The format used in prior versions of ipset is also supported: \fBsrc\fR indicating the incoming and \fBdst\fR the outgoing interface respectively. If the interface value is preceded with \fBphysdev:\fR, the interface is then interpreted as bridge port.
 .PP 
 The lookup time grows linearly with the number of the different prefix
 values added to the set.
@@ -840,7 +835,7 @@  Optional \fBcreate\fR options:
 \fBsize\fR \fIvalue\fR
 The size of the list, the default is 8.
 .PP 
-By the \fBipset\fR commad you  can add, delete and test set names in a
+With the \fBipset\fR command you  can add, delete and test set names in a
 \fBlist:set\fR type of set.
 .PP 
 By the \fBset\fR match or \fBSET\fR target of netfilter
@@ -861,7 +856,7 @@  and add src to the first single or src,dst to the first double data storage set
 in \fIb\fR to which the entry can be added. You can imagine a \fBlist:set\fR
 type of set as an ordered union of the set elements. 
 .PP 
-Please note: by the \fBipset\fR commad you can add, delete and \fBtest\fR
+Please note: with the \fBipset\fR command you can add, delete and \fBtest\fR
 the setnames in a \fBlist:set\fR type of set, and \fBnot\fR the presence of
 a set's member (such as an IP address).
 .SH "GENERAL RESTRICTIONS"