Hi Ian, On Tue, 8 Mar 2022, Ian Pilcher wrote: > I am working on a C program that uses libmnl to do some basic ipset > manipulation - namely create a set of type hash:ip,port and then add > entries. > > The best technique I've found to figure out the exact messages required > is to use strace with the ipset command. strace does a pretty good job > of decoding the netlink messages, and I can generally figure out the > significance and meaning of other constants by looking at the various > header files. > > The one thing that I haven't yet been able to figure out is set type > revisions. When I use ipset to create a hash:ip,port set, I see that > it is passing 6 as the IPSET_ATTR_REVISION. I can also that 6 is the > latest revision in lib/ipset_hash_ipportip.c, which is fine when using > the ipset command or calling libipset. > > What about programs that don't use libipset? How can an application > determine the latest/correct revision of a particular set type? You can query the kernel about the highest revision number it supports for a given set type by sending an IPSET_CMD_TYPE message. There's a tiny documentation about the messages and their format in lib/PROTOCOL. However, not relying on libipset then you have to know which features are available in the given revision. > I haven't been able to find anything in any of the header files that > seems relevant, nor do I see any way for an application to discover this > information at runtime. > > Should I just hardcode 6? You can hardcode the highest revision number for a given set type from libipset. I don't plan new revisions to introduce and even if that would happen, the only downside of hardcoding the number is that you won't be able to use new features introduced in higher revisions. The kernel part always provides backward compatibility. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics H-1525 Budapest 114, POB. 49, Hungary
