On Wed, Dec 22, 2010 at 4:45 AM, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> wrote: > On Tue, 21 Dec 2010, Reuben Martin wrote: > >> I want to be able to do: >> >> ... -j MY_TARGET --ipset foo >> >> where MY_TARGET would iterate over the members of foo, and for each >> member of foo the original packet is duplicated, the duplicate's >> destination is changed to the address value of the member, checksums >> recalculated, and sent on it's way. >> >> My intent is to be able to take RTP media stream packets, and >> transparently forward them to a dynamically changing group of >> destination addresses.in a network where multicast is not an option. >> I'm sure there might be other uses for it, but that's all I'm >> concerned about at the moment. > > I see. Sorry, it's not possible to use ipset for this purpose: there are > no iterators which'd return the members of a set (listing is not similar > or applicable). To design such an interface is not trivial. Maybe instead > of iterating, passing your function to ipset is more feasible: ipset would > call your function for every member of the given set. In that case, maybe all that ipset would have to do is duplicate the packet, and then use RAWDNAT to change the destination addresses for the duplicates. -Reuben -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html