Re: ipsets: examples?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 20 Dec 2010, Reuben Martin wrote:

> On Monday, December 20, 2010, Jozsef Kadlecsik wrote:
> > 
> > On Sun, 19 Dec 2010, Reuben Martin wrote:
> > 
> > > I'm trying to put together an extension to forward udp packets to an 
> > > arbritary set of destinations using ipsets. Specifically I want the 
> > > extension to be able to take either an ipmap or iphash as a set of 
> > > destinations for the forwarded udp packets. (I'm starting with the 
> > > rawdnat, stripping out the tcp code, and changing it so that it 
> > > duplicates the packet as needed for destinations instead of changing the 
> > > dest address in the origional packet.
> > 
> > I don't really see why you need to embed ipset. Why don't you call it as a 
> > normal match and use your extension as a target?
> 
> I think I have misunderstood what can be done with ipsets. I knew you 
> could use it as a match, but for some reason I though it had an API to 
> allow other extensions to use sets as targets. (i.e. my intention is, as 
> you suggested, to use the extension as a target)

But what is the difference between

... -m set --match-set foo src -j YOUR_TARGET

and

... -j YOUR_TARGET

where your target calls internally the same or hardcoded ipset match?
 
> Is there any way via the standard API to request the contents of a named 
> set? That's really what I want to do. Basically for each packet I would 
> request I want to be able to check what addresses are in the set named 
> in the parameters of my extension, and then copy the packets to each of 
> those addresses, and hence have a dynamic list of destination addresses.

In my previous mail I wrote about the current API and possibilities.

Best regards,
Jozsef
-
E-mail  : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux