On Tue, 21 Dec 2010, Reuben Martin wrote: > I want to be able to do: > > ... -j MY_TARGET --ipset foo > > where MY_TARGET would iterate over the members of foo, and for each > member of foo the original packet is duplicated, the duplicate's > destination is changed to the address value of the member, checksums > recalculated, and sent on it's way. > > My intent is to be able to take RTP media stream packets, and > transparently forward them to a dynamically changing group of > destination addresses.in a network where multicast is not an option. > I'm sure there might be other uses for it, but that's all I'm > concerned about at the moment. I see. Sorry, it's not possible to use ipset for this purpose: there are no iterators which'd return the members of a set (listing is not similar or applicable). To design such an interface is not trivial. Maybe instead of iterating, passing your function to ipset is more feasible: ipset would call your function for every member of the given set. (I Cc-ed netfilter-devel, because that's more appropriate list for such a discussion.) Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html