diff mbox

new ipset set type - hash:ip,mac

Message ID 78dcb7edbf2bf1016069cd5dfe88f862@chilan.com
State Accepted
Delegated to: Jozsef Kadlecsik
Headers show

Commit Message

Tomasz Chiliński April 25, 2016, 2:10 p.m. UTC 
W dniu 25.04.2016 11:18, Jozsef Kadlecsik napisał(a):
> On Sun, 24 Apr 2016, Tomasz Chiliński wrote:
> 
>> First - thanks a lot for excellent ipset toolkit!
>> Second - Sorry for posting directly to you, but didn't get reply from
>> netfilter-devel
>> mailing list after trying to subscribe there.
>> 
>> I've created lately my own very missed set type hash:ip,mac
>> which stored any ipv4/ipv6 - mac pairs using hashing structures.
>> It allows to create only single set with all addresses and macs
>> used in quite large lans without bothering with separated sets
>> for different ip segments.
>> 
>> I've attached patches for kernel 4.1 and ipset 6.29.
>> I could also prepare for newer kernel versions if one would be
>> interested in it ;-)
>> 
>> Any feedback or small review would be very appreciated!
> 
> Thanks your patch, I'll review and report back.

Missed man entry in attachment.

> Best regards,
> Jozsef
> -
> E-mail  : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : Wigner Research Centre for Physics, Hungarian Academy of 
> Sciences
>           H-1525 Budapest 114, POB. 49, Hungary
diff mbox

Patch

--- a/src/ipset.8	2016-03-16 09:07:18.000000000 +0100
+++ b/src/ipset.8	2016-04-25 16:01:55.090994631 +0200
@@ -551,6 +551,28 @@ 
 .IP
 ipset test foo 01:02:03:04:05:06
 
+.SS hash:ip,mac
+The \fBhash:ip,mac\fR set type uses a hash to store IPv4 and a MAC address pairs. Zero valued MAC addresses cannot be stored in a \fBhash:ip,mac\fR
+type of set.
+.PP
+\fICREATE\-OPTIONS\fR := [ \fBhashsize\fR \fIvalue\fR ] [ \fBmaxelem\fR \fIvalue\fR ] [ \fBtimeout\fR \fIvalue\fR ] [ \fBcounters\fP ] [ \fBcomment\fP ] [ \fBskbinfo\fP ]
+.PP
+\fIADD\-ENTRY\fR := \fIip\fR,\fImacaddr\fR
+.PP
+\fIADD\-OPTIONS\fR := [ \fBtimeout\fR \fIvalue\fR ] [ \fBpackets\fR \fIvalue\fR ] [ \fBbytes\fR \fIvalue\fR ] [ \fBcomment\fR \fIstring\fR ] [ \fBskbmark\fR \fIvalue\fR ] [ \fBskbprio\fR \fIvalue\fR ] [ \fBskbqueue\fR \fIvalue\fR ]
+.PP
+\fIDEL\-ENTRY\fR := \fIip\fR,\fImacaddr\fR
+.PP
+\fITEST\-ENTRY\fR := \fIip\fR,\fImacaddr\fR
+.PP
+Examples:
+.IP
+ipset create foo hash:ip,mac
+.IP
+ipset add foo 1.1.1.1,01:02:03:04:05:06
+.IP
+ipset test foo 1.1.1.1,01:02:03:04:05:06
+
 .SS hash:net
 The \fBhash:net\fR set type uses a hash to store different sized IP network addresses.
 Network address with zero prefix size cannot be stored in this type of sets.