Home | History | Annotate | Download | only in netfilter 
      1 #ifndef _XT_SET_H
      2 #define _XT_SET_H
      3 
      4 /* The protocol version */
      5 #define IPSET_PROTOCOL		5
      6 
      7 /* The max length of strings including NUL: set and type identifiers */
      8 #define IPSET_MAXNAMELEN	32
      9 
     10 /* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
     11  * and IPSET_INVALID_ID if you want to increase the max number of sets.
     12  */
     13 typedef uint16_t ip_set_id_t;
     14 
     15 #define IPSET_INVALID_ID	65535
     16 
     17 enum ip_set_dim {
     18 	IPSET_DIM_ZERO = 0,
     19 	IPSET_DIM_ONE,
     20 	IPSET_DIM_TWO,
     21 	IPSET_DIM_THREE,
     22 	/* Max dimension in elements.
     23 	 * If changed, new revision of iptables match/target is required.
     24 	 */
     25 	IPSET_DIM_MAX = 6,
     26 };
     27 
     28 /* Option flags for kernel operations */
     29 enum ip_set_kopt {
     30 	IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
     31 	IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
     32 	IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
     33 	IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
     34 };
     35 
     36 /* Interface to iptables/ip6tables */
     37 
     38 #define SO_IP_SET 		83
     39 
     40 union ip_set_name_index {
     41 	char name[IPSET_MAXNAMELEN];
     42 	ip_set_id_t index;
     43 };
     44 
     45 #define IP_SET_OP_GET_BYNAME	0x00000006	/* Get set index by name */
     46 struct ip_set_req_get_set {
     47 	unsigned op;
     48 	unsigned version;
     49 	union ip_set_name_index set;
     50 };
     51 
     52 #define IP_SET_OP_GET_BYINDEX	0x00000007	/* Get set name by index */
     53 /* Uses ip_set_req_get_set */
     54 
     55 #define IP_SET_OP_VERSION	0x00000100	/* Ask kernel version */
     56 struct ip_set_req_version {
     57 	unsigned op;
     58 	unsigned version;
     59 };
     60 
     61 /* Revision 0 interface: backward compatible with netfilter/iptables */
     62 
     63 /*
     64  * Option flags for kernel operations (xt_set_info_v0)
     65  */
     66 #define IPSET_SRC		0x01	/* Source match/add */
     67 #define IPSET_DST		0x02	/* Destination match/add */
     68 #define IPSET_MATCH_INV		0x04	/* Inverse matching */
     69 
     70 struct xt_set_info_v0 {
     71 	ip_set_id_t index;
     72 	union {
     73 		u_int32_t flags[IPSET_DIM_MAX + 1];
     74 		struct {
     75 			u_int32_t __flags[IPSET_DIM_MAX];
     76 			u_int8_t dim;
     77 			u_int8_t flags;
     78 		} compat;
     79 	} u;
     80 };
     81 
     82 /* match and target infos */
     83 struct xt_set_info_match_v0 {
     84 	struct xt_set_info_v0 match_set;
     85 };
     86 
     87 struct xt_set_info_target_v0 {
     88 	struct xt_set_info_v0 add_set;
     89 	struct xt_set_info_v0 del_set;
     90 };
     91 
     92 /* Revision 1 match and target */
     93 
     94 struct xt_set_info {
     95 	ip_set_id_t index;
     96 	u_int8_t dim;
     97 	u_int8_t flags;
     98 };
     99 
    100 /* match and target infos */
    101 struct xt_set_info_match_v1 {
    102 	struct xt_set_info match_set;
    103 };
    104 
    105 struct xt_set_info_target_v1 {
    106 	struct xt_set_info add_set;
    107 	struct xt_set_info del_set;
    108 };
    109 
    110 /* Revision 2 target */
    111 
    112 enum ipset_cmd_flags {
    113 	IPSET_FLAG_BIT_EXIST	= 0,
    114 	IPSET_FLAG_EXIST	= (1 << IPSET_FLAG_BIT_EXIST),
    115 };
    116 
    117 struct xt_set_info_target_v2 {
    118 	struct xt_set_info add_set;
    119 	struct xt_set_info del_set;
    120 	u_int32_t flags;
    121 	u_int32_t timeout;
    122 };
    123 
    124 #endif /*_XT_SET_H*/
    125