1d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik#ifndef _XT_SET_H 2d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik#define _XT_SET_H 3d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 4d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik/* The protocol version */ 5d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik#define IPSET_PROTOCOL 5 6d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 7d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik/* The max length of strings including NUL: set and type identifiers */ 8d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik#define IPSET_MAXNAMELEN 32 9d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 10d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t 11d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik * and IPSET_INVALID_ID if you want to increase the max number of sets. 12d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik */ 13d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsiktypedef uint16_t ip_set_id_t; 14d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 15d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik#define IPSET_INVALID_ID 65535 16d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 17d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsikenum ip_set_dim { 18d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik IPSET_DIM_ZERO = 0, 19d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik IPSET_DIM_ONE, 20d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik IPSET_DIM_TWO, 21d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik IPSET_DIM_THREE, 22d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik /* Max dimension in elements. 23d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik * If changed, new revision of iptables match/target is required. 24d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik */ 25d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik IPSET_DIM_MAX = 6, 26d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik}; 27d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 28d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik/* Option flags for kernel operations */ 29d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsikenum ip_set_kopt { 30d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO), 31d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE), 32d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO), 33d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), 34d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik}; 35d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 36d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik/* Interface to iptables/ip6tables */ 37d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 38d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik#define SO_IP_SET 83 39d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 40d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsikunion ip_set_name_index { 41d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik char name[IPSET_MAXNAMELEN]; 42d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik ip_set_id_t index; 43d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik}; 44d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 45d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */ 46d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsikstruct ip_set_req_get_set { 47d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik unsigned op; 48d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik unsigned version; 49d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik union ip_set_name_index set; 50d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik}; 51d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 52d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */ 53d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik/* Uses ip_set_req_get_set */ 54d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 55d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */ 56d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsikstruct ip_set_req_version { 57d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik unsigned op; 58d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik unsigned version; 59d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik}; 60d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 61d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik/* Revision 0 interface: backward compatible with netfilter/iptables */ 62d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 63d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik/* 64d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik * Option flags for kernel operations (xt_set_info_v0) 65d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik */ 66d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik#define IPSET_SRC 0x01 /* Source match/add */ 67d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik#define IPSET_DST 0x02 /* Destination match/add */ 68d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik#define IPSET_MATCH_INV 0x04 /* Inverse matching */ 69d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 70d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsikstruct xt_set_info_v0 { 71d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik ip_set_id_t index; 72d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik union { 73d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik u_int32_t flags[IPSET_DIM_MAX + 1]; 74d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik struct { 75d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik u_int32_t __flags[IPSET_DIM_MAX]; 76d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik u_int8_t dim; 77d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik u_int8_t flags; 78d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik } compat; 79d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik } u; 80d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik}; 81d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 82d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik/* match and target infos */ 83d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsikstruct xt_set_info_match_v0 { 84d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik struct xt_set_info_v0 match_set; 85d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik}; 86d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 87d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsikstruct xt_set_info_target_v0 { 88d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik struct xt_set_info_v0 add_set; 89d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik struct xt_set_info_v0 del_set; 90d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik}; 91d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 92e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsik/* Revision 1 match and target */ 93d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 94d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsikstruct xt_set_info { 95d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik ip_set_id_t index; 96d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik u_int8_t dim; 97d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik u_int8_t flags; 98d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik}; 99d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 100d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik/* match and target infos */ 101e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsikstruct xt_set_info_match_v1 { 102d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik struct xt_set_info match_set; 103d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik}; 104d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 105e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsikstruct xt_set_info_target_v1 { 106d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik struct xt_set_info add_set; 107d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik struct xt_set_info del_set; 108d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik}; 109d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik 110e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsik/* Revision 2 target */ 111e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsik 112e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsikenum ipset_cmd_flags { 113e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsik IPSET_FLAG_BIT_EXIST = 0, 114e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsik IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST), 115e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsik}; 116e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsik 117e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsikstruct xt_set_info_target_v2 { 118e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsik struct xt_set_info add_set; 119e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsik struct xt_set_info del_set; 120e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsik u_int32_t flags; 121e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsik u_int32_t timeout; 122e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsik}; 123e39f367d905670e39e6f08d2b73c715a6d0b4bfbJozsef Kadlecsik 124d40f1628c3717daebc437a398a285e371b5b6f7fJozsef Kadlecsik#endif /*_XT_SET_H*/ 125