ip_set.h revision d637ead63658d741501974c381889b3857073308
1#ifndef _IP_SET_H 2#define _IP_SET_H 3 4/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> 5 * Patrick Schaaf <bof@bof.de> 6 * Martin Josefsson <gandalf@wlug.westbo.se> 7 * Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 */ 13 14#include <linux/types.h> 15 16/* The protocol version */ 17#define IPSET_PROTOCOL 6 18 19/* The max length of strings including NUL: set and type identifiers */ 20#define IPSET_MAXNAMELEN 32 21 22/* Message types and commands */ 23enum ipset_cmd { 24 IPSET_CMD_NONE, 25 IPSET_CMD_PROTOCOL, /* 1: Return protocol version */ 26 IPSET_CMD_CREATE, /* 2: Create a new (empty) set */ 27 IPSET_CMD_DESTROY, /* 3: Destroy a (empty) set */ 28 IPSET_CMD_FLUSH, /* 4: Remove all elements from a set */ 29 IPSET_CMD_RENAME, /* 5: Rename a set */ 30 IPSET_CMD_SWAP, /* 6: Swap two sets */ 31 IPSET_CMD_LIST, /* 7: List sets */ 32 IPSET_CMD_SAVE, /* 8: Save sets */ 33 IPSET_CMD_ADD, /* 9: Add an element to a set */ 34 IPSET_CMD_DEL, /* 10: Delete an element from a set */ 35 IPSET_CMD_TEST, /* 11: Test an element in a set */ 36 IPSET_CMD_HEADER, /* 12: Get set header data only */ 37 IPSET_CMD_TYPE, /* 13: Get set type */ 38 IPSET_MSG_MAX, /* Netlink message commands */ 39 40 /* Commands in userspace: */ 41 IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */ 42 IPSET_CMD_HELP, /* 15: Get help */ 43 IPSET_CMD_VERSION, /* 16: Get program version */ 44 IPSET_CMD_QUIT, /* 17: Quit from interactive mode */ 45 46 IPSET_CMD_MAX, 47 48 IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */ 49}; 50 51/* Attributes at command level */ 52enum { 53 IPSET_ATTR_UNSPEC, 54 IPSET_ATTR_PROTOCOL, /* 1: Protocol version */ 55 IPSET_ATTR_SETNAME, /* 2: Name of the set */ 56 IPSET_ATTR_TYPENAME, /* 3: Typename */ 57 IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */ 58 IPSET_ATTR_REVISION, /* 4: Settype revision */ 59 IPSET_ATTR_FAMILY, /* 5: Settype family */ 60 IPSET_ATTR_FLAGS, /* 6: Flags at command level */ 61 IPSET_ATTR_DATA, /* 7: Nested attributes */ 62 IPSET_ATTR_ADT, /* 8: Multiple data containers */ 63 IPSET_ATTR_LINENO, /* 9: Restore lineno */ 64 IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */ 65 IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */ 66 __IPSET_ATTR_CMD_MAX, 67}; 68#define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1) 69 70/* CADT specific attributes */ 71enum { 72 IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1, 73 IPSET_ATTR_IP_FROM = IPSET_ATTR_IP, 74 IPSET_ATTR_IP_TO, /* 2 */ 75 IPSET_ATTR_CIDR, /* 3 */ 76 IPSET_ATTR_PORT, /* 4 */ 77 IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT, 78 IPSET_ATTR_PORT_TO, /* 5 */ 79 IPSET_ATTR_TIMEOUT, /* 6 */ 80 IPSET_ATTR_PROTO, /* 7 */ 81 IPSET_ATTR_CADT_FLAGS, /* 8 */ 82 IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */ 83 /* Reserve empty slots */ 84 IPSET_ATTR_CADT_MAX = 16, 85 /* Create-only specific attributes */ 86 IPSET_ATTR_GC, 87 IPSET_ATTR_HASHSIZE, 88 IPSET_ATTR_MAXELEM, 89 IPSET_ATTR_NETMASK, 90 IPSET_ATTR_PROBES, 91 IPSET_ATTR_RESIZE, 92 IPSET_ATTR_SIZE, 93 /* Kernel-only */ 94 IPSET_ATTR_ELEMENTS, 95 IPSET_ATTR_REFERENCES, 96 IPSET_ATTR_MEMSIZE, 97 98 __IPSET_ATTR_CREATE_MAX, 99}; 100#define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1) 101 102/* ADT specific attributes */ 103enum { 104 IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1, 105 IPSET_ATTR_NAME, 106 IPSET_ATTR_NAMEREF, 107 IPSET_ATTR_IP2, 108 IPSET_ATTR_CIDR2, 109 IPSET_ATTR_IP2_TO, 110 IPSET_ATTR_IFACE, 111 __IPSET_ATTR_ADT_MAX, 112}; 113#define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1) 114 115/* IP specific attributes */ 116enum { 117 IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1, 118 IPSET_ATTR_IPADDR_IPV6, 119 __IPSET_ATTR_IPADDR_MAX, 120}; 121#define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1) 122 123/* Error codes */ 124enum ipset_errno { 125 IPSET_ERR_PRIVATE = 4096, 126 IPSET_ERR_PROTOCOL, 127 IPSET_ERR_FIND_TYPE, 128 IPSET_ERR_MAX_SETS, 129 IPSET_ERR_BUSY, 130 IPSET_ERR_EXIST_SETNAME2, 131 IPSET_ERR_TYPE_MISMATCH, 132 IPSET_ERR_EXIST, 133 IPSET_ERR_INVALID_CIDR, 134 IPSET_ERR_INVALID_NETMASK, 135 IPSET_ERR_INVALID_FAMILY, 136 IPSET_ERR_TIMEOUT, 137 IPSET_ERR_REFERENCED, 138 IPSET_ERR_IPADDR_IPV4, 139 IPSET_ERR_IPADDR_IPV6, 140 141 /* Type specific error codes */ 142 IPSET_ERR_TYPE_SPECIFIC = 4352, 143}; 144 145/* Flags at command level */ 146enum ipset_cmd_flags { 147 IPSET_FLAG_BIT_EXIST = 0, 148 IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST), 149 IPSET_FLAG_BIT_LIST_SETNAME = 1, 150 IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME), 151 IPSET_FLAG_BIT_LIST_HEADER = 2, 152 IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER), 153}; 154 155/* Flags at CADT attribute level */ 156enum ipset_cadt_flags { 157 IPSET_FLAG_BIT_BEFORE = 0, 158 IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE), 159 IPSET_FLAG_BIT_PHYSDEV = 1, 160 IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV), 161}; 162 163/* Commands with settype-specific attributes */ 164enum ipset_adt { 165 IPSET_ADD, 166 IPSET_DEL, 167 IPSET_TEST, 168 IPSET_ADT_MAX, 169 IPSET_CREATE = IPSET_ADT_MAX, 170 IPSET_CADT_MAX, 171}; 172 173/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t 174 * and IPSET_INVALID_ID if you want to increase the max number of sets. 175 */ 176typedef __u16 ip_set_id_t; 177 178#define IPSET_INVALID_ID 65535 179 180enum ip_set_dim { 181 IPSET_DIM_ZERO = 0, 182 IPSET_DIM_ONE, 183 IPSET_DIM_TWO, 184 IPSET_DIM_THREE, 185 /* Max dimension in elements. 186 * If changed, new revision of iptables match/target is required. 187 */ 188 IPSET_DIM_MAX = 6, 189 IPSET_BIT_RETURN_NOMATCH = 7, 190}; 191 192/* Option flags for kernel operations */ 193enum ip_set_kopt { 194 IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO), 195 IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE), 196 IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO), 197 IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), 198 IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH), 199}; 200 201 202/* Interface to iptables/ip6tables */ 203 204#define SO_IP_SET 83 205 206union ip_set_name_index { 207 char name[IPSET_MAXNAMELEN]; 208 ip_set_id_t index; 209}; 210 211#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */ 212struct ip_set_req_get_set { 213 unsigned op; 214 unsigned version; 215 union ip_set_name_index set; 216}; 217 218#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */ 219/* Uses ip_set_req_get_set */ 220 221#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */ 222struct ip_set_req_version { 223 unsigned op; 224 unsigned version; 225}; 226 227#endif /*_IP_SET_H */ 228