<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta charset="utf-8" />
    <title>IPSet module &#8212; pyroute2 0.5.14 documentation</title>
    <link rel="stylesheet" href="_static/classic.css" type="text/css" />
    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
    <link rel="stylesheet" type="text/css" href="_static/graphviz.css" />
    <link rel="stylesheet" type="text/css" href="_static/custom.css" />
    
    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
    <script type="text/javascript" src="_static/jquery.js"></script>
    <script type="text/javascript" src="_static/underscore.js"></script>
    <script type="text/javascript" src="_static/doctools.js"></script>
    <script type="text/javascript" src="_static/language_data.js"></script>
    
    <link rel="index" title="Index" href="genindex.html" />
    <link rel="search" title="Search" href="search.html" />
    <link rel="next" title="NetNS module" href="netns.html" />
    <link rel="prev" title="WiSet module" href="wiset.html" />
  </head><body>

    <div class="related" role="navigation" aria-label="related navigation">
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="genindex.html" title="General Index"
             accesskey="I">index</a></li>
        <li class="right" >
          <a href="py-modindex.html" title="Python Module Index"
             >modules</a> |</li>
        <li class="right" >
          <a href="netns.html" title="NetNS module"
             accesskey="N">next</a> |</li>
        <li class="right" >
          <a href="wiset.html" title="WiSet module"
             accesskey="P">previous</a> |</li>
        <li class="nav-item"><a href="http://pyroute2.org">Project home</a> &#187;</li>
        <li class="nav-item nav-item-0"><a href="index.html">pyroute2 0.5.14 documentation</a> &#187;</li> 
      </ul>
        </div>
  

    <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body" role="main">
            
  <div class="section" id="module-pyroute2.ipset">
<span id="ipset-module"></span><h1>IPSet module<a class="headerlink" href="#module-pyroute2.ipset" title="Permalink to this headline">¶</a></h1>
<p>ipset support.</p>
<p>This module is tested with hash:ip, hash:net, list:set and several
other ipset structures (like hash:net,iface). There is no guarantee
that this module is working with all available ipset modules.</p>
<p>It supports almost all kernel commands (create, destroy, flush,
rename, swap, test…)</p>
<dl class="class">
<dt id="pyroute2.ipset.PortRange">
<em class="property">class </em><code class="sig-prename descclassname">pyroute2.ipset.</code><code class="sig-name descname">PortRange</code><span class="sig-paren">(</span><em class="sig-param">begin</em>, <em class="sig-param">end</em>, <em class="sig-param">protocol=None</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.PortRange" title="Permalink to this definition">¶</a></dt>
<dd><p>A simple container for port range with optional protocol</p>
<p>Note that optional protocol parameter is not supported by all
kernel ipset modules using ports. On the other hand, it’s sometimes
mandatory to set it (like for hash:net,port ipsets)</p>
<p>Example:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">udp_proto</span> <span class="o">=</span> <span class="n">socket</span><span class="o">.</span><span class="n">getprotobyname</span><span class="p">(</span><span class="s2">&quot;udp&quot;</span><span class="p">)</span>
<span class="n">port_range</span> <span class="o">=</span> <span class="n">PortRange</span><span class="p">(</span><span class="mi">1000</span><span class="p">,</span> <span class="mi">2000</span><span class="p">,</span> <span class="n">protocol</span><span class="o">=</span><span class="n">udp_proto</span><span class="p">)</span>
<span class="n">ipset</span><span class="o">.</span><span class="n">create</span><span class="p">(</span><span class="s2">&quot;foo&quot;</span><span class="p">,</span> <span class="n">stype</span><span class="o">=</span><span class="s2">&quot;hash:net,port&quot;</span><span class="p">)</span>
<span class="n">ipset</span><span class="o">.</span><span class="n">add</span><span class="p">(</span><span class="s2">&quot;foo&quot;</span><span class="p">,</span> <span class="p">(</span><span class="s2">&quot;192.0.2.0/24&quot;</span><span class="p">,</span> <span class="n">port_range</span><span class="p">),</span> <span class="n">etype</span><span class="o">=</span><span class="s2">&quot;net,port&quot;</span><span class="p">)</span>
<span class="n">ipset</span><span class="o">.</span><span class="n">test</span><span class="p">(</span><span class="s2">&quot;foo&quot;</span><span class="p">,</span> <span class="p">(</span><span class="s2">&quot;192.0.2.0/24&quot;</span><span class="p">,</span> <span class="n">port_range</span><span class="p">),</span> <span class="n">etype</span><span class="o">=</span><span class="s2">&quot;net,port&quot;</span><span class="p">)</span>
</pre></div>
</div>
</dd></dl>

<dl class="class">
<dt id="pyroute2.ipset.PortEntry">
<em class="property">class </em><code class="sig-prename descclassname">pyroute2.ipset.</code><code class="sig-name descname">PortEntry</code><span class="sig-paren">(</span><em class="sig-param">port</em>, <em class="sig-param">protocol=None</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.PortEntry" title="Permalink to this definition">¶</a></dt>
<dd><p>A simple container for port entry with optional protocol</p>
</dd></dl>

<dl class="class">
<dt id="pyroute2.ipset.IPSet">
<em class="property">class </em><code class="sig-prename descclassname">pyroute2.ipset.</code><code class="sig-name descname">IPSet</code><span class="sig-paren">(</span><em class="sig-param">version=None</em>, <em class="sig-param">attr_revision=None</em>, <em class="sig-param">nfgen_family=2</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.IPSet" title="Permalink to this definition">¶</a></dt>
<dd><p>NFNetlink socket (family=NETLINK_NETFILTER).</p>
<p>Implements API to the ipset functionality.</p>
<dl class="method">
<dt id="pyroute2.ipset.IPSet.headers">
<code class="sig-name descname">headers</code><span class="sig-paren">(</span><em class="sig-param">name</em>, <em class="sig-param">**kwargs</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.IPSet.headers" title="Permalink to this definition">¶</a></dt>
<dd><p>Get headers of the named ipset. It can be used to test if one ipset
exists, since it returns a no such file or directory.</p>
</dd></dl>

<dl class="method">
<dt id="pyroute2.ipset.IPSet.get_proto_version">
<code class="sig-name descname">get_proto_version</code><span class="sig-paren">(</span><em class="sig-param">version=6</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.IPSet.get_proto_version" title="Permalink to this definition">¶</a></dt>
<dd><p>Get supported protocol version by kernel.</p>
<p>version parameter allow to set mandatory (but unused?)
IPSET_ATTR_PROTOCOL netlink attribute in the request.</p>
</dd></dl>

<dl class="method">
<dt id="pyroute2.ipset.IPSet.list">
<code class="sig-name descname">list</code><span class="sig-paren">(</span><em class="sig-param">*argv</em>, <em class="sig-param">**kwargs</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.IPSet.list" title="Permalink to this definition">¶</a></dt>
<dd><p>List installed ipsets. If <cite>name</cite> is provided, list
the named ipset or return an empty list.</p>
<p>Be warned: netlink does not return an error if given name does not
exit, you will receive an empty list.</p>
</dd></dl>

<dl class="method">
<dt id="pyroute2.ipset.IPSet.destroy">
<code class="sig-name descname">destroy</code><span class="sig-paren">(</span><em class="sig-param">name=None</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.IPSet.destroy" title="Permalink to this definition">¶</a></dt>
<dd><p>Destroy one (when name is set) or all ipset (when name is None)</p>
</dd></dl>

<dl class="method">
<dt id="pyroute2.ipset.IPSet.create">
<code class="sig-name descname">create</code><span class="sig-paren">(</span><em class="sig-param">name</em>, <em class="sig-param">stype='hash:ip'</em>, <em class="sig-param">family=&lt;AddressFamily.AF_INET: 2&gt;</em>, <em class="sig-param">exclusive=True</em>, <em class="sig-param">counters=False</em>, <em class="sig-param">comment=False</em>, <em class="sig-param">maxelem=None</em>, <em class="sig-param">forceadd=False</em>, <em class="sig-param">hashsize=None</em>, <em class="sig-param">timeout=None</em>, <em class="sig-param">bitmap_ports_range=None</em>, <em class="sig-param">size=None</em>, <em class="sig-param">skbinfo=False</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.IPSet.create" title="Permalink to this definition">¶</a></dt>
<dd><p>Create an ipset <cite>name</cite> of type <cite>stype</cite>, by default
<cite>hash:ip</cite>.</p>
<p>Common ipset options are supported:</p>
<ul class="simple">
<li><p>exclusive – if set, raise an error if the ipset exists</p></li>
<li><p>counters – enable data/packets counters</p></li>
<li><p>comment – enable comments capability</p></li>
<li><p>maxelem – max size of the ipset</p></li>
<li><p>forceadd – you should refer to the ipset manpage</p></li>
<li><p>hashsize – size of the hashtable (if any)</p></li>
<li><p>timeout – enable and set a default value for entries (if not None)</p></li>
<li><dl class="simple">
<dt>bitmap_ports_range – set the specified inclusive portrange for</dt><dd><p>the bitmap ipset structure (0, 65536)</p>
</dd>
</dl>
</li>
<li><p>size – Size of the list:set, the default is 8</p></li>
<li><p>skbinfo – enable skbinfo capability</p></li>
</ul>
</dd></dl>

<dl class="method">
<dt id="pyroute2.ipset.IPSet.add">
<code class="sig-name descname">add</code><span class="sig-paren">(</span><em class="sig-param">name</em>, <em class="sig-param">entry</em>, <em class="sig-param">family=&lt;AddressFamily.AF_INET: 2&gt;</em>, <em class="sig-param">exclusive=True</em>, <em class="sig-param">comment=None</em>, <em class="sig-param">timeout=None</em>, <em class="sig-param">etype='ip'</em>, <em class="sig-param">skbmark=None</em>, <em class="sig-param">skbprio=None</em>, <em class="sig-param">skbqueue=None</em>, <em class="sig-param">wildcard=False</em>, <em class="sig-param">**kwargs</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.IPSet.add" title="Permalink to this definition">¶</a></dt>
<dd><p>Add a member to the ipset.</p>
<p>etype is the entry type that you add to the ipset. It’s related to
the ipset type. For example, use “ip” for one hash:ip or bitmap:ip
ipset.</p>
<p>When your ipset store a tuple, like “hash:net,iface”, you must use a
comma a separator (etype=”net,iface”)</p>
<p>entry is a string for “ip” and “net” objects. For ipset with several
dimensions, you must use a tuple (or a list) of objects.</p>
<p>“port” type is specific, since you can use integer of specialized
containers like <a class="reference internal" href="#pyroute2.ipset.PortEntry" title="pyroute2.ipset.PortEntry"><code class="xref py py-class docutils literal notranslate"><span class="pre">PortEntry</span></code></a> and <a class="reference internal" href="#pyroute2.ipset.PortRange" title="pyroute2.ipset.PortRange"><code class="xref py py-class docutils literal notranslate"><span class="pre">PortRange</span></code></a></p>
<p>Examples:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">ipset</span> <span class="o">=</span> <span class="n">IPSet</span><span class="p">()</span>
<span class="n">ipset</span><span class="o">.</span><span class="n">create</span><span class="p">(</span><span class="s2">&quot;foo&quot;</span><span class="p">,</span> <span class="n">stype</span><span class="o">=</span><span class="s2">&quot;hash:ip&quot;</span><span class="p">)</span>
<span class="n">ipset</span><span class="o">.</span><span class="n">add</span><span class="p">(</span><span class="s2">&quot;foo&quot;</span><span class="p">,</span> <span class="s2">&quot;198.51.100.1&quot;</span><span class="p">,</span> <span class="n">etype</span><span class="o">=</span><span class="s2">&quot;ip&quot;</span><span class="p">)</span>

<span class="n">ipset</span> <span class="o">=</span> <span class="n">IPSet</span><span class="p">()</span>
<span class="n">ipset</span><span class="o">.</span><span class="n">create</span><span class="p">(</span><span class="s2">&quot;bar&quot;</span><span class="p">,</span> <span class="n">stype</span><span class="o">=</span><span class="s2">&quot;bitmap:port&quot;</span><span class="p">,</span>
             <span class="n">bitmap_ports_range</span><span class="o">=</span><span class="p">(</span><span class="mi">1000</span><span class="p">,</span> <span class="mi">2000</span><span class="p">))</span>
<span class="n">ipset</span><span class="o">.</span><span class="n">add</span><span class="p">(</span><span class="s2">&quot;bar&quot;</span><span class="p">,</span> <span class="mi">1001</span><span class="p">,</span> <span class="n">etype</span><span class="o">=</span><span class="s2">&quot;port&quot;</span><span class="p">)</span>
<span class="n">ipset</span><span class="o">.</span><span class="n">add</span><span class="p">(</span><span class="s2">&quot;bar&quot;</span><span class="p">,</span> <span class="n">PortRange</span><span class="p">(</span><span class="mi">1500</span><span class="p">,</span> <span class="mi">2000</span><span class="p">),</span> <span class="n">etype</span><span class="o">=</span><span class="s2">&quot;port&quot;</span><span class="p">)</span>

<span class="n">ipset</span> <span class="o">=</span> <span class="n">IPSet</span><span class="p">()</span>
<span class="kn">import</span> <span class="nn">socket</span>
<span class="n">protocol</span> <span class="o">=</span> <span class="n">socket</span><span class="o">.</span><span class="n">getprotobyname</span><span class="p">(</span><span class="s2">&quot;tcp&quot;</span><span class="p">)</span>
<span class="n">ipset</span><span class="o">.</span><span class="n">create</span><span class="p">(</span><span class="s2">&quot;foobar&quot;</span><span class="p">,</span> <span class="n">stype</span><span class="o">=</span><span class="s2">&quot;hash:net,port&quot;</span><span class="p">)</span>
<span class="n">port_entry</span> <span class="o">=</span> <span class="n">PortEntry</span><span class="p">(</span><span class="mi">80</span><span class="p">,</span> <span class="n">protocol</span><span class="o">=</span><span class="n">protocol</span><span class="p">)</span>
<span class="n">ipset</span><span class="o">.</span><span class="n">add</span><span class="p">(</span><span class="s2">&quot;foobar&quot;</span><span class="p">,</span> <span class="p">(</span><span class="s2">&quot;198.51.100.0/24&quot;</span><span class="p">,</span> <span class="n">port_entry</span><span class="p">),</span>
          <span class="n">etype</span><span class="o">=</span><span class="s2">&quot;net,port&quot;</span><span class="p">)</span>
</pre></div>
</div>
<p>wildcard option enable kernel wildcard matching on interface
name for net,iface entries.</p>
</dd></dl>

<dl class="method">
<dt id="pyroute2.ipset.IPSet.delete">
<code class="sig-name descname">delete</code><span class="sig-paren">(</span><em class="sig-param">name</em>, <em class="sig-param">entry</em>, <em class="sig-param">family=&lt;AddressFamily.AF_INET: 2&gt;</em>, <em class="sig-param">exclusive=True</em>, <em class="sig-param">etype='ip'</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.IPSet.delete" title="Permalink to this definition">¶</a></dt>
<dd><p>Delete a member from the ipset.</p>
<p>See <a class="reference internal" href="#pyroute2.ipset.IPSet.add" title="pyroute2.ipset.IPSet.add"><code class="xref py py-func docutils literal notranslate"><span class="pre">add()</span></code></a> method for more information on etype.</p>
</dd></dl>

<dl class="method">
<dt id="pyroute2.ipset.IPSet.test">
<code class="sig-name descname">test</code><span class="sig-paren">(</span><em class="sig-param">name</em>, <em class="sig-param">entry</em>, <em class="sig-param">family=&lt;AddressFamily.AF_INET: 2&gt;</em>, <em class="sig-param">etype='ip'</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.IPSet.test" title="Permalink to this definition">¶</a></dt>
<dd><p>Test if entry is part of an ipset</p>
<p>See <a class="reference internal" href="#pyroute2.ipset.IPSet.add" title="pyroute2.ipset.IPSet.add"><code class="xref py py-func docutils literal notranslate"><span class="pre">add()</span></code></a> method for more information on etype.</p>
</dd></dl>

<dl class="method">
<dt id="pyroute2.ipset.IPSet.swap">
<code class="sig-name descname">swap</code><span class="sig-paren">(</span><em class="sig-param">set_a</em>, <em class="sig-param">set_b</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.IPSet.swap" title="Permalink to this definition">¶</a></dt>
<dd><p>Swap two ipsets. They must have compatible content type.</p>
</dd></dl>

<dl class="method">
<dt id="pyroute2.ipset.IPSet.flush">
<code class="sig-name descname">flush</code><span class="sig-paren">(</span><em class="sig-param">name=None</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.IPSet.flush" title="Permalink to this definition">¶</a></dt>
<dd><p>Flush all ipsets. When name is set, flush only this ipset.</p>
</dd></dl>

<dl class="method">
<dt id="pyroute2.ipset.IPSet.rename">
<code class="sig-name descname">rename</code><span class="sig-paren">(</span><em class="sig-param">name_src</em>, <em class="sig-param">name_dst</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.IPSet.rename" title="Permalink to this definition">¶</a></dt>
<dd><p>Rename the ipset.</p>
</dd></dl>

<dl class="method">
<dt id="pyroute2.ipset.IPSet.get_set_byname">
<code class="sig-name descname">get_set_byname</code><span class="sig-paren">(</span><em class="sig-param">name</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.IPSet.get_set_byname" title="Permalink to this definition">¶</a></dt>
<dd><p>Get a set by its name</p>
</dd></dl>

<dl class="method">
<dt id="pyroute2.ipset.IPSet.get_set_byindex">
<code class="sig-name descname">get_set_byindex</code><span class="sig-paren">(</span><em class="sig-param">index</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.IPSet.get_set_byindex" title="Permalink to this definition">¶</a></dt>
<dd><p>Get a set by its index</p>
</dd></dl>

<dl class="method">
<dt id="pyroute2.ipset.IPSet.get_supported_revisions">
<code class="sig-name descname">get_supported_revisions</code><span class="sig-paren">(</span><em class="sig-param">stype</em>, <em class="sig-param">family=&lt;AddressFamily.AF_INET: 2&gt;</em><span class="sig-paren">)</span><a class="headerlink" href="#pyroute2.ipset.IPSet.get_supported_revisions" title="Permalink to this definition">¶</a></dt>
<dd><p>Return minimum and maximum of revisions supported by the kernel.</p>
<p>Each ipset module (like hash:net, hash:ip, etc) has several
revisions. Newer revisions often have more features or more
performances. Thanks to this call, you can ask the kernel
the list of supported revisions.</p>
<p>You can manually set/force revisions used in IPSet constructor.</p>
<p>Example:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">ipset</span> <span class="o">=</span> <span class="n">IPSet</span><span class="p">()</span>
<span class="n">ipset</span><span class="o">.</span><span class="n">get_supported_revisions</span><span class="p">(</span><span class="s2">&quot;hash:net&quot;</span><span class="p">)</span>

<span class="n">ipset</span><span class="o">.</span><span class="n">get_supported_revisions</span><span class="p">(</span><span class="s2">&quot;hash:net,port,net&quot;</span><span class="p">)</span>
</pre></div>
</div>
</dd></dl>

</dd></dl>

</div>


          </div>
        </div>
      </div>
      <div class="sphinxsidebar" role="navigation" aria-label="main navigation">
        <div class="sphinxsidebarwrapper">
  <h4>Previous topic</h4>
  <p class="topless"><a href="wiset.html"
                        title="previous chapter">WiSet module</a></p>
  <h4>Next topic</h4>
  <p class="topless"><a href="netns.html"
                        title="next chapter">NetNS module</a></p>
  <div role="note" aria-label="source link">
    <h3>This Page</h3>
    <ul class="this-page-menu">
      <li><a href="_sources/ipset.rst.txt"
            rel="nofollow">Show Source</a></li>
    </ul>
   </div>
<div id="searchbox" style="display: none" role="search">
  <h3 id="searchlabel">Quick search</h3>
    <div class="searchformwrapper">
    <form class="search" action="search.html" method="get">
      <input type="text" name="q" aria-labelledby="searchlabel" />
      <input type="submit" value="Go" />
    </form>
    </div>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
        </div>
      </div>
      <div class="clearer"></div>
    </div>
    <div class="related" role="navigation" aria-label="related navigation">
      <h3>Navigation</h3>
      <ul>
        <li class="right" style="margin-right: 10px">
          <a href="genindex.html" title="General Index"
             >index</a></li>
        <li class="right" >
          <a href="py-modindex.html" title="Python Module Index"
             >modules</a> |</li>
        <li class="right" >
          <a href="netns.html" title="NetNS module"
             >next</a> |</li>
        <li class="right" >
          <a href="wiset.html" title="WiSet module"
             >previous</a> |</li>
        <li class="nav-item"><a href="http://pyroute2.org">Project home</a> &#187;</li>
        <li class="nav-item nav-item-0"><a href="index.html">pyroute2 0.5.14 documentation</a> &#187;</li> 
      </ul>
    </div>
    <div class="footer" role="contentinfo">
        &#169; Copyright 2013, Peter V. Saveliev.
      Created using <a href="http://sphinx-doc.org/">Sphinx</a> 2.1.2.
    </div>
  </body>
</html>