Commit a69afaff authored by Florent Fourcot's avatar Florent Fourcot

ipset: use last revision available by default

Each ipset module as a revision list. This revision number is very
important since:
 * it changes the feature list supported by the kernel for this type
 * kernel returns one error if someone set a bad revision

For example, on a kernel 3.16, last revision for hash:netiface type is
6, when last revision of hash:ip is 4. We don't really can use a good
number for both.

With this patch, we will read the last revision available on the kernel
and use it by default. For compatibility, we keep the attr_revision
variable in __init__, even if it does not really make sense in my
opinion (since this value depends on ipset type, that should probably be
a parameter of create() method)
parent 1b5d8c0a
......@@ -51,7 +51,7 @@ class IPSet(NetlinkSocket):
IPSET_CMD_LIST: ipset_msg,
IPSET_CMD_TYPE: ipset_msg}
def __init__(self, version=6, attr_revision=3, nfgen_family=2):
def __init__(self, version=6, attr_revision=None, nfgen_family=2):
super(IPSet, self).__init__(family=NETLINK_NETFILTER)
policy = dict([(x | (NFNL_SUBSYS_IPSET << 8), y)
for (x, y) in self.policy.items()])
......@@ -124,11 +124,16 @@ class IPSet(NetlinkSocket):
if timeout is not None:
data['attrs'] += [["IPSET_ATTR_TIMEOUT", timeout]]
if self._attr_revision is None:
# Get the last revision supported by kernel
revision = self.get_supported_revisions(stype)[1]
revision = self._attr_revision
msg['attrs'] = [['IPSET_ATTR_PROTOCOL', self._proto_version],
['IPSET_ATTR_FAMILY', family],
['IPSET_ATTR_REVISION', self._attr_revision],
['IPSET_ATTR_REVISION', revision],
["IPSET_ATTR_DATA", data]]
return self.request(msg, IPSET_CMD_CREATE,
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment