Re: ipsets: examples?

[Reuben Martin <reuben.m@gmail.com>]

On Monday, December 20, 2010, Jozsef Kadlecsik wrote:
> Hi,
> 
> On Sun, 19 Dec 2010, Reuben Martin wrote:
> 
> > I'm trying to put together an extension to forward udp packets to an 
> > arbritary set of destinations using ipsets. Specifically I want the 
> > extension to be able to take either an ipmap or iphash as a set of 
> > destinations for the forwarded udp packets. (I'm starting with the 
> > rawdnat, stripping out the tcp code, and changing it so that it 
> > duplicates the packet as needed for destinations instead of changing the 
> > dest address in the origional packet.
> 
> I don't really see why you need to embed ipset. Why don't you call it as a 
> normal match and use your extension as a target?
> 

I think I have misunderstood what can be done with ipsets. I knew you could use it as a match, but for some reason I though it had an API to allow other extensions to use sets as targets. (i.e. my intention is, as you suggested, to use the extension as a target)

Is there any way via the standard API to request the contents of a named set? That's really what I want to do. Basically for each packet I would request I want to be able to check what addresses are in the set named in the parameters of my extension, and then copy the packets to each of those addresses, and hence have a dynamic list of destination addresses.

If there is no such API would it be too hard to create one? It would be great to be able to access the sets as linked lists, while having ipset internally managing the locking so that something is not accessing the list while an element in the list is being added or removed.

-Reuben