[PATCH 0/3] ipset: change 'iface' part in hash:net,iface set

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mr Dash Four <mr.dash.four@googlemail.com>
To: Netfilter Core Team <netfilter-devel@vger.kernel.org>
Cc: Mr Dash Four <mr.dash.four@googlemail.com>,
	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
	Pablo Neira Ayuso <pablo@netfilter.org>,
	Patrick McHardy <kaber@trash.net>
Subject: [PATCH 0/3] ipset: change 'iface' part in hash:net,iface set
Date: Thu,  5 Jul 2012 23:34:29 +0100	[thread overview]
Message-ID: <cover.1341525006.git.mr.dash.four@googlemail.com> (raw)

The following series of 3 patches included in this set allow 'in' or 'out' values to be specified for the 'iface' part of hash:net,iface set, corresponding to the  incoming and outgoing interface accordingly, thus eliminating the discrepancy which, up until now, existed with the 'old' format and also reinforcing much-needed consistency with the rest of the netfilter/iptables terminology.

For backwards compatibility, the 'old' format, comprising of 'src' (incoming) and 'dst' (outgoing) direction parameter for the 'iface' part of hash:net,iface is also supported.

The first patch updates iptables (userspace), the second - ipset (userspace), while the last one deals with the rest of the updates to ipset in kernel space, enabling the above functionality.

Example of use:

iptables -A INPUT -m set --match-set test src,in
iptables -A OUTPUT -m set --match-set test dst,out

The first example above produces a packet match, based on source IP address/subnet and the incoming interfice (i.e. the 'src' interface in old speak), while the second one does the same, but for the destination IP address/subnet and the outgoing interface ('dst' using the old format). 

The above two examples also assume that the 'test' set exists and is of type hash:net,iface, otherwise NO match is ever produced.

-- 
1.7.10.4

next             reply	other threads:[~2012-07-05 22:35 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-07-05 22:34 Mr Dash Four [this message]
2012-07-05 22:34 ` [PATCH 1/3] iptables: change 'iface' part in hash:net,iface set Mr Dash Four
2012-07-05 22:34 ` [PATCH 2/3] ipset: " Mr Dash Four
2012-07-05 22:34 ` [PATCH 3/3] " Mr Dash Four
2012-07-06  8:35 ` [PATCH 0/3] " Jozsef Kadlecsik
2012-07-06 19:05   ` Mr Dash Four
2012-07-06 19:11     ` Jan Engelhardt
2012-07-06 19:21       ` Mr Dash Four
2012-07-06 19:44       ` Mr Dash Four
2012-07-06 19:47     ` Jozsef Kadlecsik
2012-07-06 20:19       ` Mr Dash Four
2012-07-06 20:39         ` Jozsef Kadlecsik
2012-07-06 21:04           ` Mr Dash Four
     [not found]         ` <CAHo-OowHXH9f526QQc4Ln5_P_Osdm1Q_RrBkw83hSGj=oES5ww@mail.gmail.com>
2012-07-06 20:41           ` Mr Dash Four
2012-07-06 20:49             ` Jozsef Kadlecsik
2012-07-06 21:04               ` Mr Dash Four
2012-07-06 21:39                 ` Jozsef Kadlecsik
2012-07-06 22:25                   ` Mr Dash Four
2012-07-07 14:53                     ` Jozsef Kadlecsik
2012-07-07 16:23                       ` Jozsef Kadlecsik
2012-07-08 13:03                         ` Mr Dash Four
2012-07-08 18:55                           ` Jozsef Kadlecsik
2012-07-08 19:03                             ` Mr Dash Four
2012-07-08 19:07                               ` Jozsef Kadlecsik
2012-07-08 19:11                                 ` Mr Dash Four
2012-07-08 20:30                                   ` Jozsef Kadlecsik
2012-07-08 22:10                                     ` Mr Dash Four
2012-07-08 22:20                                       ` Jozsef Kadlecsik
2012-07-08 22:25                                         ` Mr Dash Four
2012-07-08 22:55                                           ` Jozsef Kadlecsik
2012-07-09 20:19                                             ` Mr Dash Four
2012-07-09 22:05                                             ` Mr Dash Four
2012-07-08 13:03                       ` Mr Dash Four
     [not found]                         ` <CAHo-Ooya+1H939TqppUcY+pwprOH34zi-jHtnsN+g522aJ3ctw@mail.gmail.com>
2012-07-08 19:43                           ` Mr Dash Four

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=cover.1341525006.git.mr.dash.four@googlemail.com \
    --to=mr.dash.four@googlemail.com \
    --cc=kaber@trash.net \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.