netfilter: ipset: hash:ip,port,net set type support
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Tue, 1 Feb 2011 14:51:00 +0000 (15:51 +0100)
committerPatrick McHardy <kaber@trash.net>
Tue, 1 Feb 2011 14:51:00 +0000 (15:51 +0100)
commit41d22f7b2e48c77175b62cec3797d7d7173a626e
treeb6760c287a3cc864fc16ed45b611bead7dc7523f
parent5663bc30e6114b6ba88cc428619ede46a3246a7b
netfilter: ipset: hash:ip,port,net set type support

The module implements the hash:ip,port,net type support in four flavours:
for IPv4 and IPv6, both without and with timeout support. The elements
are three dimensional: IPv4/IPv6 address, protocol/port and IPv4/IPv6
network address/prefix triples. The different prefixes are searched/matched
from the longest prefix to the shortes one (most specific to least).
In other words the processing time linearly grows with the number of
different prefixes in the set.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
net/netfilter/ipset/Kconfig
net/netfilter/ipset/Makefile
net/netfilter/ipset/ip_set_hash_ipportnet.c [new file with mode: 0644]