1 #ifndef _XT_SET_H 2 #define _XT_SET_H 3 4 /* The protocol version */ 5 #define IPSET_PROTOCOL 5 6 7 /* The max length of strings including NUL: set and type identifiers */ 8 #define IPSET_MAXNAMELEN 32 9 10 /* Sets are identified by an index in kernel space. Tweak with ip_set_id_t 11 * and IPSET_INVALID_ID if you want to increase the max number of sets. 12 */ 13 typedef uint16_t ip_set_id_t; 14 15 #define IPSET_INVALID_ID 65535 16 17 enum ip_set_dim { 18 IPSET_DIM_ZERO = 0, 19 IPSET_DIM_ONE, 20 IPSET_DIM_TWO, 21 IPSET_DIM_THREE, 22 /* Max dimension in elements. 23 * If changed, new revision of iptables match/target is required. 24 */ 25 IPSET_DIM_MAX = 6, 26 }; 27 28 /* Option flags for kernel operations */ 29 enum ip_set_kopt { 30 IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO), 31 IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE), 32 IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO), 33 IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), 34 }; 35 36 /* Interface to iptables/ip6tables */ 37 38 #define SO_IP_SET 83 39 40 union ip_set_name_index { 41 char name[IPSET_MAXNAMELEN]; 42 ip_set_id_t index; 43 }; 44 45 #define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */ 46 struct ip_set_req_get_set { 47 unsigned op; 48 unsigned version; 49 union ip_set_name_index set; 50 }; 51 52 #define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */ 53 /* Uses ip_set_req_get_set */ 54 55 #define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */ 56 struct ip_set_req_version { 57 unsigned op; 58 unsigned version; 59 }; 60 61 /* Revision 0 interface: backward compatible with netfilter/iptables */ 62 63 /* 64 * Option flags for kernel operations (xt_set_info_v0) 65 */ 66 #define IPSET_SRC 0x01 /* Source match/add */ 67 #define IPSET_DST 0x02 /* Destination match/add */ 68 #define IPSET_MATCH_INV 0x04 /* Inverse matching */ 69 70 struct xt_set_info_v0 { 71 ip_set_id_t index; 72 union { 73 u_int32_t flags[IPSET_DIM_MAX + 1]; 74 struct { 75 u_int32_t __flags[IPSET_DIM_MAX]; 76 u_int8_t dim; 77 u_int8_t flags; 78 } compat; 79 } u; 80 }; 81 82 /* match and target infos */ 83 struct xt_set_info_match_v0 { 84 struct xt_set_info_v0 match_set; 85 }; 86 87 struct xt_set_info_target_v0 { 88 struct xt_set_info_v0 add_set; 89 struct xt_set_info_v0 del_set; 90 }; 91 92 /* Revision 1 match and target */ 93 94 struct xt_set_info { 95 ip_set_id_t index; 96 u_int8_t dim; 97 u_int8_t flags; 98 }; 99 100 /* match and target infos */ 101 struct xt_set_info_match_v1 { 102 struct xt_set_info match_set; 103 }; 104 105 struct xt_set_info_target_v1 { 106 struct xt_set_info add_set; 107 struct xt_set_info del_set; 108 }; 109 110 /* Revision 2 target */ 111 112 enum ipset_cmd_flags { 113 IPSET_FLAG_BIT_EXIST = 0, 114 IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST), 115 }; 116 117 struct xt_set_info_target_v2 { 118 struct xt_set_info add_set; 119 struct xt_set_info del_set; 120 u_int32_t flags; 121 u_int32_t timeout; 122 }; 123 124 #endif /*_XT_SET_H*/ 125