diff options
author | David Howells <dhowells@redhat.com> | 2012-10-09 04:48:55 -0400 |
---|---|---|
committer | David Howells <dhowells@redhat.com> | 2012-10-09 04:48:55 -0400 |
commit | a82014149becc68695e7f1d62a8cc1e4ae062318 (patch) | |
tree | a6ec2c9bda149912c70abc19fc3d8a9baa35fbc0 | |
parent | 94d0ec58e63159ce5bcdfe612ee220eaeefa3b2a (diff) |
UAPI: (Scripted) Disintegrate include/linux/netfilter/ipset
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Michael Kerrisk <mtk.manpages@gmail.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Acked-by: Dave Jones <davej@redhat.com>
-rw-r--r-- | include/linux/netfilter/ipset/Kbuild | 4 | ||||
-rw-r--r-- | include/linux/netfilter/ipset/ip_set.h | 225 | ||||
-rw-r--r-- | include/linux/netfilter/ipset/ip_set_bitmap.h | 11 | ||||
-rw-r--r-- | include/linux/netfilter/ipset/ip_set_hash.h | 19 | ||||
-rw-r--r-- | include/linux/netfilter/ipset/ip_set_list.h | 19 | ||||
-rw-r--r-- | include/uapi/linux/netfilter/ipset/Kbuild | 4 | ||||
-rw-r--r-- | include/uapi/linux/netfilter/ipset/ip_set.h | 231 | ||||
-rw-r--r-- | include/uapi/linux/netfilter/ipset/ip_set_bitmap.h | 13 | ||||
-rw-r--r-- | include/uapi/linux/netfilter/ipset/ip_set_hash.h | 21 | ||||
-rw-r--r-- | include/uapi/linux/netfilter/ipset/ip_set_list.h | 21 |
10 files changed, 296 insertions, 272 deletions
diff --git a/include/linux/netfilter/ipset/Kbuild b/include/linux/netfilter/ipset/Kbuild index 601fe71d34d5..e69de29bb2d1 100644 --- a/include/linux/netfilter/ipset/Kbuild +++ b/include/linux/netfilter/ipset/Kbuild | |||
@@ -1,4 +0,0 @@ | |||
1 | header-y += ip_set.h | ||
2 | header-y += ip_set_bitmap.h | ||
3 | header-y += ip_set_hash.h | ||
4 | header-y += ip_set_list.h | ||
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h index 528697b3c152..7958e84a65af 100644 --- a/include/linux/netfilter/ipset/ip_set.h +++ b/include/linux/netfilter/ipset/ip_set.h | |||
@@ -1,6 +1,3 @@ | |||
1 | #ifndef _IP_SET_H | ||
2 | #define _IP_SET_H | ||
3 | |||
4 | /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> | 1 | /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> |
5 | * Patrick Schaaf <bof@bof.de> | 2 | * Patrick Schaaf <bof@bof.de> |
6 | * Martin Josefsson <gandalf@wlug.westbo.se> | 3 | * Martin Josefsson <gandalf@wlug.westbo.se> |
@@ -10,199 +7,9 @@ | |||
10 | * it under the terms of the GNU General Public License version 2 as | 7 | * it under the terms of the GNU General Public License version 2 as |
11 | * published by the Free Software Foundation. | 8 | * published by the Free Software Foundation. |
12 | */ | 9 | */ |
10 | #ifndef _IP_SET_H | ||
11 | #define _IP_SET_H | ||
13 | 12 | ||
14 | #include <linux/types.h> | ||
15 | |||
16 | /* The protocol version */ | ||
17 | #define IPSET_PROTOCOL 6 | ||
18 | |||
19 | /* The max length of strings including NUL: set and type identifiers */ | ||
20 | #define IPSET_MAXNAMELEN 32 | ||
21 | |||
22 | /* Message types and commands */ | ||
23 | enum ipset_cmd { | ||
24 | IPSET_CMD_NONE, | ||
25 | IPSET_CMD_PROTOCOL, /* 1: Return protocol version */ | ||
26 | IPSET_CMD_CREATE, /* 2: Create a new (empty) set */ | ||
27 | IPSET_CMD_DESTROY, /* 3: Destroy a (empty) set */ | ||
28 | IPSET_CMD_FLUSH, /* 4: Remove all elements from a set */ | ||
29 | IPSET_CMD_RENAME, /* 5: Rename a set */ | ||
30 | IPSET_CMD_SWAP, /* 6: Swap two sets */ | ||
31 | IPSET_CMD_LIST, /* 7: List sets */ | ||
32 | IPSET_CMD_SAVE, /* 8: Save sets */ | ||
33 | IPSET_CMD_ADD, /* 9: Add an element to a set */ | ||
34 | IPSET_CMD_DEL, /* 10: Delete an element from a set */ | ||
35 | IPSET_CMD_TEST, /* 11: Test an element in a set */ | ||
36 | IPSET_CMD_HEADER, /* 12: Get set header data only */ | ||
37 | IPSET_CMD_TYPE, /* 13: Get set type */ | ||
38 | IPSET_MSG_MAX, /* Netlink message commands */ | ||
39 | |||
40 | /* Commands in userspace: */ | ||
41 | IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */ | ||
42 | IPSET_CMD_HELP, /* 15: Get help */ | ||
43 | IPSET_CMD_VERSION, /* 16: Get program version */ | ||
44 | IPSET_CMD_QUIT, /* 17: Quit from interactive mode */ | ||
45 | |||
46 | IPSET_CMD_MAX, | ||
47 | |||
48 | IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */ | ||
49 | }; | ||
50 | |||
51 | /* Attributes at command level */ | ||
52 | enum { | ||
53 | IPSET_ATTR_UNSPEC, | ||
54 | IPSET_ATTR_PROTOCOL, /* 1: Protocol version */ | ||
55 | IPSET_ATTR_SETNAME, /* 2: Name of the set */ | ||
56 | IPSET_ATTR_TYPENAME, /* 3: Typename */ | ||
57 | IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */ | ||
58 | IPSET_ATTR_REVISION, /* 4: Settype revision */ | ||
59 | IPSET_ATTR_FAMILY, /* 5: Settype family */ | ||
60 | IPSET_ATTR_FLAGS, /* 6: Flags at command level */ | ||
61 | IPSET_ATTR_DATA, /* 7: Nested attributes */ | ||
62 | IPSET_ATTR_ADT, /* 8: Multiple data containers */ | ||
63 | IPSET_ATTR_LINENO, /* 9: Restore lineno */ | ||
64 | IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */ | ||
65 | IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */ | ||
66 | __IPSET_ATTR_CMD_MAX, | ||
67 | }; | ||
68 | #define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1) | ||
69 | |||
70 | /* CADT specific attributes */ | ||
71 | enum { | ||
72 | IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1, | ||
73 | IPSET_ATTR_IP_FROM = IPSET_ATTR_IP, | ||
74 | IPSET_ATTR_IP_TO, /* 2 */ | ||
75 | IPSET_ATTR_CIDR, /* 3 */ | ||
76 | IPSET_ATTR_PORT, /* 4 */ | ||
77 | IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT, | ||
78 | IPSET_ATTR_PORT_TO, /* 5 */ | ||
79 | IPSET_ATTR_TIMEOUT, /* 6 */ | ||
80 | IPSET_ATTR_PROTO, /* 7 */ | ||
81 | IPSET_ATTR_CADT_FLAGS, /* 8 */ | ||
82 | IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */ | ||
83 | /* Reserve empty slots */ | ||
84 | IPSET_ATTR_CADT_MAX = 16, | ||
85 | /* Create-only specific attributes */ | ||
86 | IPSET_ATTR_GC, | ||
87 | IPSET_ATTR_HASHSIZE, | ||
88 | IPSET_ATTR_MAXELEM, | ||
89 | IPSET_ATTR_NETMASK, | ||
90 | IPSET_ATTR_PROBES, | ||
91 | IPSET_ATTR_RESIZE, | ||
92 | IPSET_ATTR_SIZE, | ||
93 | /* Kernel-only */ | ||
94 | IPSET_ATTR_ELEMENTS, | ||
95 | IPSET_ATTR_REFERENCES, | ||
96 | IPSET_ATTR_MEMSIZE, | ||
97 | |||
98 | __IPSET_ATTR_CREATE_MAX, | ||
99 | }; | ||
100 | #define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1) | ||
101 | |||
102 | /* ADT specific attributes */ | ||
103 | enum { | ||
104 | IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1, | ||
105 | IPSET_ATTR_NAME, | ||
106 | IPSET_ATTR_NAMEREF, | ||
107 | IPSET_ATTR_IP2, | ||
108 | IPSET_ATTR_CIDR2, | ||
109 | IPSET_ATTR_IP2_TO, | ||
110 | IPSET_ATTR_IFACE, | ||
111 | __IPSET_ATTR_ADT_MAX, | ||
112 | }; | ||
113 | #define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1) | ||
114 | |||
115 | /* IP specific attributes */ | ||
116 | enum { | ||
117 | IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1, | ||
118 | IPSET_ATTR_IPADDR_IPV6, | ||
119 | __IPSET_ATTR_IPADDR_MAX, | ||
120 | }; | ||
121 | #define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1) | ||
122 | |||
123 | /* Error codes */ | ||
124 | enum ipset_errno { | ||
125 | IPSET_ERR_PRIVATE = 4096, | ||
126 | IPSET_ERR_PROTOCOL, | ||
127 | IPSET_ERR_FIND_TYPE, | ||
128 | IPSET_ERR_MAX_SETS, | ||
129 | IPSET_ERR_BUSY, | ||
130 | IPSET_ERR_EXIST_SETNAME2, | ||
131 | IPSET_ERR_TYPE_MISMATCH, | ||
132 | IPSET_ERR_EXIST, | ||
133 | IPSET_ERR_INVALID_CIDR, | ||
134 | IPSET_ERR_INVALID_NETMASK, | ||
135 | IPSET_ERR_INVALID_FAMILY, | ||
136 | IPSET_ERR_TIMEOUT, | ||
137 | IPSET_ERR_REFERENCED, | ||
138 | IPSET_ERR_IPADDR_IPV4, | ||
139 | IPSET_ERR_IPADDR_IPV6, | ||
140 | |||
141 | /* Type specific error codes */ | ||
142 | IPSET_ERR_TYPE_SPECIFIC = 4352, | ||
143 | }; | ||
144 | |||
145 | /* Flags at command level */ | ||
146 | enum ipset_cmd_flags { | ||
147 | IPSET_FLAG_BIT_EXIST = 0, | ||
148 | IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST), | ||
149 | IPSET_FLAG_BIT_LIST_SETNAME = 1, | ||
150 | IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME), | ||
151 | IPSET_FLAG_BIT_LIST_HEADER = 2, | ||
152 | IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER), | ||
153 | IPSET_FLAG_CMD_MAX = 15, /* Lower half */ | ||
154 | }; | ||
155 | |||
156 | /* Flags at CADT attribute level */ | ||
157 | enum ipset_cadt_flags { | ||
158 | IPSET_FLAG_BIT_BEFORE = 0, | ||
159 | IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE), | ||
160 | IPSET_FLAG_BIT_PHYSDEV = 1, | ||
161 | IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV), | ||
162 | IPSET_FLAG_BIT_NOMATCH = 2, | ||
163 | IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH), | ||
164 | IPSET_FLAG_CADT_MAX = 15, /* Upper half */ | ||
165 | }; | ||
166 | |||
167 | /* Commands with settype-specific attributes */ | ||
168 | enum ipset_adt { | ||
169 | IPSET_ADD, | ||
170 | IPSET_DEL, | ||
171 | IPSET_TEST, | ||
172 | IPSET_ADT_MAX, | ||
173 | IPSET_CREATE = IPSET_ADT_MAX, | ||
174 | IPSET_CADT_MAX, | ||
175 | }; | ||
176 | |||
177 | /* Sets are identified by an index in kernel space. Tweak with ip_set_id_t | ||
178 | * and IPSET_INVALID_ID if you want to increase the max number of sets. | ||
179 | */ | ||
180 | typedef __u16 ip_set_id_t; | ||
181 | |||
182 | #define IPSET_INVALID_ID 65535 | ||
183 | |||
184 | enum ip_set_dim { | ||
185 | IPSET_DIM_ZERO = 0, | ||
186 | IPSET_DIM_ONE, | ||
187 | IPSET_DIM_TWO, | ||
188 | IPSET_DIM_THREE, | ||
189 | /* Max dimension in elements. | ||
190 | * If changed, new revision of iptables match/target is required. | ||
191 | */ | ||
192 | IPSET_DIM_MAX = 6, | ||
193 | IPSET_BIT_RETURN_NOMATCH = 7, | ||
194 | }; | ||
195 | |||
196 | /* Option flags for kernel operations */ | ||
197 | enum ip_set_kopt { | ||
198 | IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO), | ||
199 | IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE), | ||
200 | IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO), | ||
201 | IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), | ||
202 | IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH), | ||
203 | }; | ||
204 | |||
205 | #ifdef __KERNEL__ | ||
206 | #include <linux/ip.h> | 13 | #include <linux/ip.h> |
207 | #include <linux/ipv6.h> | 14 | #include <linux/ipv6.h> |
208 | #include <linux/netlink.h> | 15 | #include <linux/netlink.h> |
@@ -211,6 +18,7 @@ enum ip_set_kopt { | |||
211 | #include <linux/stringify.h> | 18 | #include <linux/stringify.h> |
212 | #include <linux/vmalloc.h> | 19 | #include <linux/vmalloc.h> |
213 | #include <net/netlink.h> | 20 | #include <net/netlink.h> |
21 | #include <uapi/linux/netfilter/ipset/ip_set.h> | ||
214 | 22 | ||
215 | #define _IP_SET_MODULE_DESC(a, b, c) \ | 23 | #define _IP_SET_MODULE_DESC(a, b, c) \ |
216 | MODULE_DESCRIPTION(a " type of IP sets, revisions " b "-" c) | 24 | MODULE_DESCRIPTION(a " type of IP sets, revisions " b "-" c) |
@@ -476,31 +284,4 @@ bitmap_bytes(u32 a, u32 b) | |||
476 | return 4 * ((((b - a + 8) / 8) + 3) / 4); | 284 | return 4 * ((((b - a + 8) / 8) + 3) / 4); |
477 | } | 285 | } |
478 | 286 | ||
479 | #endif /* __KERNEL__ */ | ||
480 | |||
481 | /* Interface to iptables/ip6tables */ | ||
482 | |||
483 | #define SO_IP_SET 83 | ||
484 | |||
485 | union ip_set_name_index { | ||
486 | char name[IPSET_MAXNAMELEN]; | ||
487 | ip_set_id_t index; | ||
488 | }; | ||
489 | |||
490 | #define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */ | ||
491 | struct ip_set_req_get_set { | ||
492 | unsigned int op; | ||
493 | unsigned int version; | ||
494 | union ip_set_name_index set; | ||
495 | }; | ||
496 | |||
497 | #define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */ | ||
498 | /* Uses ip_set_req_get_set */ | ||
499 | |||
500 | #define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */ | ||
501 | struct ip_set_req_version { | ||
502 | unsigned int op; | ||
503 | unsigned int version; | ||
504 | }; | ||
505 | |||
506 | #endif /*_IP_SET_H */ | 287 | #endif /*_IP_SET_H */ |
diff --git a/include/linux/netfilter/ipset/ip_set_bitmap.h b/include/linux/netfilter/ipset/ip_set_bitmap.h index 61a9e8746c83..1a30646d5be8 100644 --- a/include/linux/netfilter/ipset/ip_set_bitmap.h +++ b/include/linux/netfilter/ipset/ip_set_bitmap.h | |||
@@ -1,15 +1,8 @@ | |||
1 | #ifndef __IP_SET_BITMAP_H | 1 | #ifndef __IP_SET_BITMAP_H |
2 | #define __IP_SET_BITMAP_H | 2 | #define __IP_SET_BITMAP_H |
3 | 3 | ||
4 | /* Bitmap type specific error codes */ | 4 | #include <uapi/linux/netfilter/ipset/ip_set_bitmap.h> |
5 | enum { | ||
6 | /* The element is out of the range of the set */ | ||
7 | IPSET_ERR_BITMAP_RANGE = IPSET_ERR_TYPE_SPECIFIC, | ||
8 | /* The range exceeds the size limit of the set type */ | ||
9 | IPSET_ERR_BITMAP_RANGE_SIZE, | ||
10 | }; | ||
11 | 5 | ||
12 | #ifdef __KERNEL__ | ||
13 | #define IPSET_BITMAP_MAX_RANGE 0x0000FFFF | 6 | #define IPSET_BITMAP_MAX_RANGE 0x0000FFFF |
14 | 7 | ||
15 | /* Common functions */ | 8 | /* Common functions */ |
@@ -26,6 +19,4 @@ range_to_mask(u32 from, u32 to, u8 *bits) | |||
26 | return mask; | 19 | return mask; |
27 | } | 20 | } |
28 | 21 | ||
29 | #endif /* __KERNEL__ */ | ||
30 | |||
31 | #endif /* __IP_SET_BITMAP_H */ | 22 | #endif /* __IP_SET_BITMAP_H */ |
diff --git a/include/linux/netfilter/ipset/ip_set_hash.h b/include/linux/netfilter/ipset/ip_set_hash.h index e2a9fae767f6..f98ddfb094cb 100644 --- a/include/linux/netfilter/ipset/ip_set_hash.h +++ b/include/linux/netfilter/ipset/ip_set_hash.h | |||
@@ -1,23 +1,8 @@ | |||
1 | #ifndef __IP_SET_HASH_H | 1 | #ifndef __IP_SET_HASH_H |
2 | #define __IP_SET_HASH_H | 2 | #define __IP_SET_HASH_H |
3 | 3 | ||
4 | /* Hash type specific error codes */ | 4 | #include <uapi/linux/netfilter/ipset/ip_set_hash.h> |
5 | enum { | ||
6 | /* Hash is full */ | ||
7 | IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC, | ||
8 | /* Null-valued element */ | ||
9 | IPSET_ERR_HASH_ELEM, | ||
10 | /* Invalid protocol */ | ||
11 | IPSET_ERR_INVALID_PROTO, | ||
12 | /* Protocol missing but must be specified */ | ||
13 | IPSET_ERR_MISSING_PROTO, | ||
14 | /* Range not supported */ | ||
15 | IPSET_ERR_HASH_RANGE_UNSUPPORTED, | ||
16 | /* Invalid range */ | ||
17 | IPSET_ERR_HASH_RANGE, | ||
18 | }; | ||
19 | 5 | ||
20 | #ifdef __KERNEL__ | ||
21 | 6 | ||
22 | #define IPSET_DEFAULT_HASHSIZE 1024 | 7 | #define IPSET_DEFAULT_HASHSIZE 1024 |
23 | #define IPSET_MIMINAL_HASHSIZE 64 | 8 | #define IPSET_MIMINAL_HASHSIZE 64 |
@@ -25,6 +10,4 @@ enum { | |||
25 | #define IPSET_DEFAULT_PROBES 4 | 10 | #define IPSET_DEFAULT_PROBES 4 |
26 | #define IPSET_DEFAULT_RESIZE 100 | 11 | #define IPSET_DEFAULT_RESIZE 100 |
27 | 12 | ||
28 | #endif /* __KERNEL__ */ | ||
29 | |||
30 | #endif /* __IP_SET_HASH_H */ | 13 | #endif /* __IP_SET_HASH_H */ |
diff --git a/include/linux/netfilter/ipset/ip_set_list.h b/include/linux/netfilter/ipset/ip_set_list.h index 40a63f302613..68c2aea897f5 100644 --- a/include/linux/netfilter/ipset/ip_set_list.h +++ b/include/linux/netfilter/ipset/ip_set_list.h | |||
@@ -1,27 +1,10 @@ | |||
1 | #ifndef __IP_SET_LIST_H | 1 | #ifndef __IP_SET_LIST_H |
2 | #define __IP_SET_LIST_H | 2 | #define __IP_SET_LIST_H |
3 | 3 | ||
4 | /* List type specific error codes */ | 4 | #include <uapi/linux/netfilter/ipset/ip_set_list.h> |
5 | enum { | ||
6 | /* Set name to be added/deleted/tested does not exist. */ | ||
7 | IPSET_ERR_NAME = IPSET_ERR_TYPE_SPECIFIC, | ||
8 | /* list:set type is not permitted to add */ | ||
9 | IPSET_ERR_LOOP, | ||
10 | /* Missing reference set */ | ||
11 | IPSET_ERR_BEFORE, | ||
12 | /* Reference set does not exist */ | ||
13 | IPSET_ERR_NAMEREF, | ||
14 | /* Set is full */ | ||
15 | IPSET_ERR_LIST_FULL, | ||
16 | /* Reference set is not added to the set */ | ||
17 | IPSET_ERR_REF_EXIST, | ||
18 | }; | ||
19 | 5 | ||
20 | #ifdef __KERNEL__ | ||
21 | 6 | ||
22 | #define IP_SET_LIST_DEFAULT_SIZE 8 | 7 | #define IP_SET_LIST_DEFAULT_SIZE 8 |
23 | #define IP_SET_LIST_MIN_SIZE 4 | 8 | #define IP_SET_LIST_MIN_SIZE 4 |
24 | 9 | ||
25 | #endif /* __KERNEL__ */ | ||
26 | |||
27 | #endif /* __IP_SET_LIST_H */ | 10 | #endif /* __IP_SET_LIST_H */ |
diff --git a/include/uapi/linux/netfilter/ipset/Kbuild b/include/uapi/linux/netfilter/ipset/Kbuild index aafaa5aa54d4..d2680423d9ab 100644 --- a/include/uapi/linux/netfilter/ipset/Kbuild +++ b/include/uapi/linux/netfilter/ipset/Kbuild | |||
@@ -1 +1,5 @@ | |||
1 | # UAPI Header export list | 1 | # UAPI Header export list |
2 | header-y += ip_set.h | ||
3 | header-y += ip_set_bitmap.h | ||
4 | header-y += ip_set_hash.h | ||
5 | header-y += ip_set_list.h | ||
diff --git a/include/uapi/linux/netfilter/ipset/ip_set.h b/include/uapi/linux/netfilter/ipset/ip_set.h new file mode 100644 index 000000000000..fbee42807a11 --- /dev/null +++ b/include/uapi/linux/netfilter/ipset/ip_set.h | |||
@@ -0,0 +1,231 @@ | |||
1 | /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu> | ||
2 | * Patrick Schaaf <bof@bof.de> | ||
3 | * Martin Josefsson <gandalf@wlug.westbo.se> | ||
4 | * Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or modify | ||
7 | * it under the terms of the GNU General Public License version 2 as | ||
8 | * published by the Free Software Foundation. | ||
9 | */ | ||
10 | #ifndef _UAPI_IP_SET_H | ||
11 | #define _UAPI_IP_SET_H | ||
12 | |||
13 | |||
14 | #include <linux/types.h> | ||
15 | |||
16 | /* The protocol version */ | ||
17 | #define IPSET_PROTOCOL 6 | ||
18 | |||
19 | /* The max length of strings including NUL: set and type identifiers */ | ||
20 | #define IPSET_MAXNAMELEN 32 | ||
21 | |||
22 | /* Message types and commands */ | ||
23 | enum ipset_cmd { | ||
24 | IPSET_CMD_NONE, | ||
25 | IPSET_CMD_PROTOCOL, /* 1: Return protocol version */ | ||
26 | IPSET_CMD_CREATE, /* 2: Create a new (empty) set */ | ||
27 | IPSET_CMD_DESTROY, /* 3: Destroy a (empty) set */ | ||
28 | IPSET_CMD_FLUSH, /* 4: Remove all elements from a set */ | ||
29 | IPSET_CMD_RENAME, /* 5: Rename a set */ | ||
30 | IPSET_CMD_SWAP, /* 6: Swap two sets */ | ||
31 | IPSET_CMD_LIST, /* 7: List sets */ | ||
32 | IPSET_CMD_SAVE, /* 8: Save sets */ | ||
33 | IPSET_CMD_ADD, /* 9: Add an element to a set */ | ||
34 | IPSET_CMD_DEL, /* 10: Delete an element from a set */ | ||
35 | IPSET_CMD_TEST, /* 11: Test an element in a set */ | ||
36 | IPSET_CMD_HEADER, /* 12: Get set header data only */ | ||
37 | IPSET_CMD_TYPE, /* 13: Get set type */ | ||
38 | IPSET_MSG_MAX, /* Netlink message commands */ | ||
39 | |||
40 | /* Commands in userspace: */ | ||
41 | IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */ | ||
42 | IPSET_CMD_HELP, /* 15: Get help */ | ||
43 | IPSET_CMD_VERSION, /* 16: Get program version */ | ||
44 | IPSET_CMD_QUIT, /* 17: Quit from interactive mode */ | ||
45 | |||
46 | IPSET_CMD_MAX, | ||
47 | |||
48 | IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */ | ||
49 | }; | ||
50 | |||
51 | /* Attributes at command level */ | ||
52 | enum { | ||
53 | IPSET_ATTR_UNSPEC, | ||
54 | IPSET_ATTR_PROTOCOL, /* 1: Protocol version */ | ||
55 | IPSET_ATTR_SETNAME, /* 2: Name of the set */ | ||
56 | IPSET_ATTR_TYPENAME, /* 3: Typename */ | ||
57 | IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */ | ||
58 | IPSET_ATTR_REVISION, /* 4: Settype revision */ | ||
59 | IPSET_ATTR_FAMILY, /* 5: Settype family */ | ||
60 | IPSET_ATTR_FLAGS, /* 6: Flags at command level */ | ||
61 | IPSET_ATTR_DATA, /* 7: Nested attributes */ | ||
62 | IPSET_ATTR_ADT, /* 8: Multiple data containers */ | ||
63 | IPSET_ATTR_LINENO, /* 9: Restore lineno */ | ||
64 | IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */ | ||
65 | IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */ | ||
66 | __IPSET_ATTR_CMD_MAX, | ||
67 | }; | ||
68 | #define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1) | ||
69 | |||
70 | /* CADT specific attributes */ | ||
71 | enum { | ||
72 | IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1, | ||
73 | IPSET_ATTR_IP_FROM = IPSET_ATTR_IP, | ||
74 | IPSET_ATTR_IP_TO, /* 2 */ | ||
75 | IPSET_ATTR_CIDR, /* 3 */ | ||
76 | IPSET_ATTR_PORT, /* 4 */ | ||
77 | IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT, | ||
78 | IPSET_ATTR_PORT_TO, /* 5 */ | ||
79 | IPSET_ATTR_TIMEOUT, /* 6 */ | ||
80 | IPSET_ATTR_PROTO, /* 7 */ | ||
81 | IPSET_ATTR_CADT_FLAGS, /* 8 */ | ||
82 | IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */ | ||
83 | /* Reserve empty slots */ | ||
84 | IPSET_ATTR_CADT_MAX = 16, | ||
85 | /* Create-only specific attributes */ | ||
86 | IPSET_ATTR_GC, | ||
87 | IPSET_ATTR_HASHSIZE, | ||
88 | IPSET_ATTR_MAXELEM, | ||
89 | IPSET_ATTR_NETMASK, | ||
90 | IPSET_ATTR_PROBES, | ||
91 | IPSET_ATTR_RESIZE, | ||
92 | IPSET_ATTR_SIZE, | ||
93 | /* Kernel-only */ | ||
94 | IPSET_ATTR_ELEMENTS, | ||
95 | IPSET_ATTR_REFERENCES, | ||
96 | IPSET_ATTR_MEMSIZE, | ||
97 | |||
98 | __IPSET_ATTR_CREATE_MAX, | ||
99 | }; | ||
100 | #define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1) | ||
101 | |||
102 | /* ADT specific attributes */ | ||
103 | enum { | ||
104 | IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1, | ||
105 | IPSET_ATTR_NAME, | ||
106 | IPSET_ATTR_NAMEREF, | ||
107 | IPSET_ATTR_IP2, | ||
108 | IPSET_ATTR_CIDR2, | ||
109 | IPSET_ATTR_IP2_TO, | ||
110 | IPSET_ATTR_IFACE, | ||
111 | __IPSET_ATTR_ADT_MAX, | ||
112 | }; | ||
113 | #define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1) | ||
114 | |||
115 | /* IP specific attributes */ | ||
116 | enum { | ||
117 | IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1, | ||
118 | IPSET_ATTR_IPADDR_IPV6, | ||
119 | __IPSET_ATTR_IPADDR_MAX, | ||
120 | }; | ||
121 | #define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1) | ||
122 | |||
123 | /* Error codes */ | ||
124 | enum ipset_errno { | ||
125 | IPSET_ERR_PRIVATE = 4096, | ||
126 | IPSET_ERR_PROTOCOL, | ||
127 | IPSET_ERR_FIND_TYPE, | ||
128 | IPSET_ERR_MAX_SETS, | ||
129 | IPSET_ERR_BUSY, | ||
130 | IPSET_ERR_EXIST_SETNAME2, | ||
131 | IPSET_ERR_TYPE_MISMATCH, | ||
132 | IPSET_ERR_EXIST, | ||
133 | IPSET_ERR_INVALID_CIDR, | ||
134 | IPSET_ERR_INVALID_NETMASK, | ||
135 | IPSET_ERR_INVALID_FAMILY, | ||
136 | IPSET_ERR_TIMEOUT, | ||
137 | IPSET_ERR_REFERENCED, | ||
138 | IPSET_ERR_IPADDR_IPV4, | ||
139 | IPSET_ERR_IPADDR_IPV6, | ||
140 | |||
141 | /* Type specific error codes */ | ||
142 | IPSET_ERR_TYPE_SPECIFIC = 4352, | ||
143 | }; | ||
144 | |||
145 | /* Flags at command level */ | ||
146 | enum ipset_cmd_flags { | ||
147 | IPSET_FLAG_BIT_EXIST = 0, | ||
148 | IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST), | ||
149 | IPSET_FLAG_BIT_LIST_SETNAME = 1, | ||
150 | IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME), | ||
151 | IPSET_FLAG_BIT_LIST_HEADER = 2, | ||
152 | IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER), | ||
153 | IPSET_FLAG_CMD_MAX = 15, /* Lower half */ | ||
154 | }; | ||
155 | |||
156 | /* Flags at CADT attribute level */ | ||
157 | enum ipset_cadt_flags { | ||
158 | IPSET_FLAG_BIT_BEFORE = 0, | ||
159 | IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE), | ||
160 | IPSET_FLAG_BIT_PHYSDEV = 1, | ||
161 | IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV), | ||
162 | IPSET_FLAG_BIT_NOMATCH = 2, | ||
163 | IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH), | ||
164 | IPSET_FLAG_CADT_MAX = 15, /* Upper half */ | ||
165 | }; | ||
166 | |||
167 | /* Commands with settype-specific attributes */ | ||
168 | enum ipset_adt { | ||
169 | IPSET_ADD, | ||
170 | IPSET_DEL, | ||
171 | IPSET_TEST, | ||
172 | IPSET_ADT_MAX, | ||
173 | IPSET_CREATE = IPSET_ADT_MAX, | ||
174 | IPSET_CADT_MAX, | ||
175 | }; | ||
176 | |||
177 | /* Sets are identified by an index in kernel space. Tweak with ip_set_id_t | ||
178 | * and IPSET_INVALID_ID if you want to increase the max number of sets. | ||
179 | */ | ||
180 | typedef __u16 ip_set_id_t; | ||
181 | |||
182 | #define IPSET_INVALID_ID 65535 | ||
183 | |||
184 | enum ip_set_dim { | ||
185 | IPSET_DIM_ZERO = 0, | ||
186 | IPSET_DIM_ONE, | ||
187 | IPSET_DIM_TWO, | ||
188 | IPSET_DIM_THREE, | ||
189 | /* Max dimension in elements. | ||
190 | * If changed, new revision of iptables match/target is required. | ||
191 | */ | ||
192 | IPSET_DIM_MAX = 6, | ||
193 | IPSET_BIT_RETURN_NOMATCH = 7, | ||
194 | }; | ||
195 | |||
196 | /* Option flags for kernel operations */ | ||
197 | enum ip_set_kopt { | ||
198 | IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO), | ||
199 | IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE), | ||
200 | IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO), | ||
201 | IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), | ||
202 | IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH), | ||
203 | }; | ||
204 | |||
205 | |||
206 | /* Interface to iptables/ip6tables */ | ||
207 | |||
208 | #define SO_IP_SET 83 | ||
209 | |||
210 | union ip_set_name_index { | ||
211 | char name[IPSET_MAXNAMELEN]; | ||
212 | ip_set_id_t index; | ||
213 | }; | ||
214 | |||
215 | #define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */ | ||
216 | struct ip_set_req_get_set { | ||
217 | unsigned int op; | ||
218 | unsigned int version; | ||
219 | union ip_set_name_index set; | ||
220 | }; | ||
221 | |||
222 | #define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */ | ||
223 | /* Uses ip_set_req_get_set */ | ||
224 | |||
225 | #define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */ | ||
226 | struct ip_set_req_version { | ||
227 | unsigned int op; | ||
228 | unsigned int version; | ||
229 | }; | ||
230 | |||
231 | #endif /* _UAPI_IP_SET_H */ | ||
diff --git a/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h b/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h new file mode 100644 index 000000000000..6a2c038d1888 --- /dev/null +++ b/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h | |||
@@ -0,0 +1,13 @@ | |||
1 | #ifndef _UAPI__IP_SET_BITMAP_H | ||
2 | #define _UAPI__IP_SET_BITMAP_H | ||
3 | |||
4 | /* Bitmap type specific error codes */ | ||
5 | enum { | ||
6 | /* The element is out of the range of the set */ | ||
7 | IPSET_ERR_BITMAP_RANGE = IPSET_ERR_TYPE_SPECIFIC, | ||
8 | /* The range exceeds the size limit of the set type */ | ||
9 | IPSET_ERR_BITMAP_RANGE_SIZE, | ||
10 | }; | ||
11 | |||
12 | |||
13 | #endif /* _UAPI__IP_SET_BITMAP_H */ | ||
diff --git a/include/uapi/linux/netfilter/ipset/ip_set_hash.h b/include/uapi/linux/netfilter/ipset/ip_set_hash.h new file mode 100644 index 000000000000..352eeccdc7f2 --- /dev/null +++ b/include/uapi/linux/netfilter/ipset/ip_set_hash.h | |||
@@ -0,0 +1,21 @@ | |||
1 | #ifndef _UAPI__IP_SET_HASH_H | ||
2 | #define _UAPI__IP_SET_HASH_H | ||
3 | |||
4 | /* Hash type specific error codes */ | ||
5 | enum { | ||
6 | /* Hash is full */ | ||
7 | IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC, | ||
8 | /* Null-valued element */ | ||
9 | IPSET_ERR_HASH_ELEM, | ||
10 | /* Invalid protocol */ | ||
11 | IPSET_ERR_INVALID_PROTO, | ||
12 | /* Protocol missing but must be specified */ | ||
13 | IPSET_ERR_MISSING_PROTO, | ||
14 | /* Range not supported */ | ||
15 | IPSET_ERR_HASH_RANGE_UNSUPPORTED, | ||
16 | /* Invalid range */ | ||
17 | IPSET_ERR_HASH_RANGE, | ||
18 | }; | ||
19 | |||
20 | |||
21 | #endif /* _UAPI__IP_SET_HASH_H */ | ||
diff --git a/include/uapi/linux/netfilter/ipset/ip_set_list.h b/include/uapi/linux/netfilter/ipset/ip_set_list.h new file mode 100644 index 000000000000..a44efaa98213 --- /dev/null +++ b/include/uapi/linux/netfilter/ipset/ip_set_list.h | |||
@@ -0,0 +1,21 @@ | |||
1 | #ifndef _UAPI__IP_SET_LIST_H | ||
2 | #define _UAPI__IP_SET_LIST_H | ||
3 | |||
4 | /* List type specific error codes */ | ||
5 | enum { | ||
6 | /* Set name to be added/deleted/tested does not exist. */ | ||
7 | IPSET_ERR_NAME = IPSET_ERR_TYPE_SPECIFIC, | ||
8 | /* list:set type is not permitted to add */ | ||
9 | IPSET_ERR_LOOP, | ||
10 | /* Missing reference set */ | ||
11 | IPSET_ERR_BEFORE, | ||
12 | /* Reference set does not exist */ | ||
13 | IPSET_ERR_NAMEREF, | ||
14 | /* Set is full */ | ||
15 | IPSET_ERR_LIST_FULL, | ||
16 | /* Reference set is not added to the set */ | ||
17 | IPSET_ERR_REF_EXIST, | ||
18 | }; | ||
19 | |||
20 | |||
21 | #endif /* _UAPI__IP_SET_LIST_H */ | ||