1#ifndef _XT_SET_H 2#define _XT_SET_H 3 4/* The protocol version */ 5#define IPSET_PROTOCOL 5 6 7/* The max length of strings including NUL: set and type identifiers */ 8#define IPSET_MAXNAMELEN 32 9 10/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t 11 * and IPSET_INVALID_ID if you want to increase the max number of sets. 12 */ 13typedef uint16_t ip_set_id_t; 14 15#define IPSET_INVALID_ID 65535 16 17enum ip_set_dim { 18 IPSET_DIM_ZERO = 0, 19 IPSET_DIM_ONE, 20 IPSET_DIM_TWO, 21 IPSET_DIM_THREE, 22 /* Max dimension in elements. 23 * If changed, new revision of iptables match/target is required. 24 */ 25 IPSET_DIM_MAX = 6, 26}; 27 28/* Option flags for kernel operations */ 29enum ip_set_kopt { 30 IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO), 31 IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE), 32 IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO), 33 IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), 34}; 35 36/* Interface to iptables/ip6tables */ 37 38#define SO_IP_SET 83 39 40union ip_set_name_index { 41 char name[IPSET_MAXNAMELEN]; 42 ip_set_id_t index; 43}; 44 45#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */ 46struct ip_set_req_get_set { 47 unsigned op; 48 unsigned version; 49 union ip_set_name_index set; 50}; 51 52#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */ 53/* Uses ip_set_req_get_set */ 54 55#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */ 56struct ip_set_req_version { 57 unsigned op; 58 unsigned version; 59}; 60 61/* Revision 0 interface: backward compatible with netfilter/iptables */ 62 63/* 64 * Option flags for kernel operations (xt_set_info_v0) 65 */ 66#define IPSET_SRC 0x01 /* Source match/add */ 67#define IPSET_DST 0x02 /* Destination match/add */ 68#define IPSET_MATCH_INV 0x04 /* Inverse matching */ 69 70struct xt_set_info_v0 { 71 ip_set_id_t index; 72 union { 73 u_int32_t flags[IPSET_DIM_MAX + 1]; 74 struct { 75 u_int32_t __flags[IPSET_DIM_MAX]; 76 u_int8_t dim; 77 u_int8_t flags; 78 } compat; 79 } u; 80}; 81 82/* match and target infos */ 83struct xt_set_info_match_v0 { 84 struct xt_set_info_v0 match_set; 85}; 86 87struct xt_set_info_target_v0 { 88 struct xt_set_info_v0 add_set; 89 struct xt_set_info_v0 del_set; 90}; 91 92/* Revision 1 match and target */ 93 94struct xt_set_info { 95 ip_set_id_t index; 96 u_int8_t dim; 97 u_int8_t flags; 98}; 99 100/* match and target infos */ 101struct xt_set_info_match_v1 { 102 struct xt_set_info match_set; 103}; 104 105struct xt_set_info_target_v1 { 106 struct xt_set_info add_set; 107 struct xt_set_info del_set; 108}; 109 110/* Revision 2 target */ 111 112enum ipset_cmd_flags { 113 IPSET_FLAG_BIT_EXIST = 0, 114 IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST), 115}; 116 117struct xt_set_info_target_v2 { 118 struct xt_set_info add_set; 119 struct xt_set_info del_set; 120 u_int32_t flags; 121 u_int32_t timeout; 122}; 123 124#endif /*_XT_SET_H*/ 125