• Vytas Dauksa's avatar
    netfilter: ipset: add hash:ip,mark data type to ipset · 3b02b56c
    Vytas Dauksa authored
    Introduce packet mark support with new ip,mark hash set. This includes
    userspace and kernelspace code, hash:ip,mark set tests and man page
    The intended use of ip,mark set is similar to the ip:port type, but for
    protocols which don't use a predictable port number. Instead of port
    number it matches a firewall mark determined by a layer 7 filtering
    program like opendpi.
    As well as allowing or blocking traffic it will also be used for
    accounting packets and bytes sent for each protocol.
    Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>