UAPI: (Scripted) Disintegrate include/linux/netfilter/ipset

Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Michael Kerrisk <mtk.manpages@gmail.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Dave Jones <davej@redhat.com>
author: David Howells <dhowells@redhat.com> 2012-10-09 04:48:55 -0400
committer: David Howells <dhowells@redhat.com> 2012-10-09 04:48:55 -0400
commit: a82014149becc68695e7f1d62a8cc1e4ae062318 (patch)
tree: a6ec2c9bda149912c70abc19fc3d8a9baa35fbc0
parent: 94d0ec58e63159ce5bcdfe612ee220eaeefa3b2a (diff)
10 files changed, 296 insertions, 272 deletions
diff --git a/include/linux/netfilter/ipset/Kbuild b/include/linux/netfilter/ipset/Kbuild
index 601fe71d34d5..e69de29bb2d1 100644
--- a/include/linux/netfilter/ipset/Kbuild
+++ b/include/linux/netfilter/ipset/Kbuild
@@ -1,4 +0,0 @@
-header-y += ip_set.h
-header-y += ip_set_bitmap.h
-header-y += ip_set_hash.h
-header-y += ip_set_list.h
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
index 528697b3c152..7958e84a65af 100644
--- a/include/linux/netfilter/ipset/ip_set.h
+++ b/include/linux/netfilter/ipset/ip_set.h
@@ -1,6 +1,3 @@
-#ifndef _IP_SET_H
-#define _IP_SET_H
 /* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
 *                         Patrick Schaaf <bof@bof.de>
 *                         Martin Josefsson <gandalf@wlug.westbo.se>
@@ -10,199 +7,9 @@
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */
+#ifndef _IP_SET_H
+#define _IP_SET_H
-#include <linux/types.h>
-/* The protocol version */
-#define IPSET_PROTOCOL          6
-/* The max length of strings including NUL: set and type identifiers */
-#define IPSET_MAXNAMELEN        32
-/* Message types and commands */
-enum ipset_cmd {
-        IPSET_CMD_NONE,
-        IPSET_CMD_PROTOCOL,     /* 1: Return protocol version */
-        IPSET_CMD_CREATE,       /* 2: Create a new (empty) set */
-        IPSET_CMD_DESTROY,      /* 3: Destroy a (empty) set */
-        IPSET_CMD_FLUSH,        /* 4: Remove all elements from a set */
-        IPSET_CMD_RENAME,       /* 5: Rename a set */
-        IPSET_CMD_SWAP,         /* 6: Swap two sets */
-        IPSET_CMD_LIST,         /* 7: List sets */
-        IPSET_CMD_SAVE,         /* 8: Save sets */
-        IPSET_CMD_ADD,          /* 9: Add an element to a set */
-        IPSET_CMD_DEL,          /* 10: Delete an element from a set */
-        IPSET_CMD_TEST,         /* 11: Test an element in a set */
-        IPSET_CMD_HEADER,       /* 12: Get set header data only */
-        IPSET_CMD_TYPE,         /* 13: Get set type */
-        IPSET_MSG_MAX,          /* Netlink message commands */
-        /* Commands in userspace: */
-        IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */
-        IPSET_CMD_HELP,         /* 15: Get help */
-        IPSET_CMD_VERSION,      /* 16: Get program version */
-        IPSET_CMD_QUIT,         /* 17: Quit from interactive mode */
-        IPSET_CMD_MAX,
-        IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */
-};
-/* Attributes at command level */
-enum {
-        IPSET_ATTR_UNSPEC,
-        IPSET_ATTR_PROTOCOL,    /* 1: Protocol version */
-        IPSET_ATTR_SETNAME,     /* 2: Name of the set */
-        IPSET_ATTR_TYPENAME,    /* 3: Typename */
-        IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */
-        IPSET_ATTR_REVISION,    /* 4: Settype revision */
-        IPSET_ATTR_FAMILY,      /* 5: Settype family */
-        IPSET_ATTR_FLAGS,       /* 6: Flags at command level */
-        IPSET_ATTR_DATA,        /* 7: Nested attributes */
-        IPSET_ATTR_ADT,         /* 8: Multiple data containers */
-        IPSET_ATTR_LINENO,      /* 9: Restore lineno */
-        IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */
-        IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */
-        __IPSET_ATTR_CMD_MAX,
-};
-#define IPSET_ATTR_CMD_MAX      (__IPSET_ATTR_CMD_MAX - 1)
-/* CADT specific attributes */
-enum {
-        IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1,
-        IPSET_ATTR_IP_FROM = IPSET_ATTR_IP,
-        IPSET_ATTR_IP_TO,       /* 2 */
-        IPSET_ATTR_CIDR,        /* 3 */
-        IPSET_ATTR_PORT,        /* 4 */
-        IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT,
-        IPSET_ATTR_PORT_TO,     /* 5 */
-        IPSET_ATTR_TIMEOUT,     /* 6 */
-        IPSET_ATTR_PROTO,       /* 7 */
-        IPSET_ATTR_CADT_FLAGS,  /* 8 */
-        IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO,     /* 9 */
-        /* Reserve empty slots */
-        IPSET_ATTR_CADT_MAX = 16,
-        /* Create-only specific attributes */
-        IPSET_ATTR_GC,
-        IPSET_ATTR_HASHSIZE,
-        IPSET_ATTR_MAXELEM,
-        IPSET_ATTR_NETMASK,
-        IPSET_ATTR_PROBES,
-        IPSET_ATTR_RESIZE,
-        IPSET_ATTR_SIZE,
-        /* Kernel-only */
-        IPSET_ATTR_ELEMENTS,
-        IPSET_ATTR_REFERENCES,
-        IPSET_ATTR_MEMSIZE,
-        __IPSET_ATTR_CREATE_MAX,
-};
-#define IPSET_ATTR_CREATE_MAX   (__IPSET_ATTR_CREATE_MAX - 1)
-/* ADT specific attributes */
-enum {
-        IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1,
-        IPSET_ATTR_NAME,
-        IPSET_ATTR_NAMEREF,
-        IPSET_ATTR_IP2,
-        IPSET_ATTR_CIDR2,
-        IPSET_ATTR_IP2_TO,
-        IPSET_ATTR_IFACE,
-        __IPSET_ATTR_ADT_MAX,
-};
-#define IPSET_ATTR_ADT_MAX      (__IPSET_ATTR_ADT_MAX - 1)
-/* IP specific attributes */
-enum {
-        IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1,
-        IPSET_ATTR_IPADDR_IPV6,
-        __IPSET_ATTR_IPADDR_MAX,
-};
-#define IPSET_ATTR_IPADDR_MAX   (__IPSET_ATTR_IPADDR_MAX - 1)
-/* Error codes */
-enum ipset_errno {
-        IPSET_ERR_PRIVATE = 4096,
-        IPSET_ERR_PROTOCOL,
-        IPSET_ERR_FIND_TYPE,
-        IPSET_ERR_MAX_SETS,
-        IPSET_ERR_BUSY,
-        IPSET_ERR_EXIST_SETNAME2,
-        IPSET_ERR_TYPE_MISMATCH,
-        IPSET_ERR_EXIST,
-        IPSET_ERR_INVALID_CIDR,
-        IPSET_ERR_INVALID_NETMASK,
-        IPSET_ERR_INVALID_FAMILY,
-        IPSET_ERR_TIMEOUT,
-        IPSET_ERR_REFERENCED,
-        IPSET_ERR_IPADDR_IPV4,
-        IPSET_ERR_IPADDR_IPV6,
-        /* Type specific error codes */
-        IPSET_ERR_TYPE_SPECIFIC = 4352,
-};
-/* Flags at command level */
-enum ipset_cmd_flags {
-        IPSET_FLAG_BIT_EXIST    = 0,
-        IPSET_FLAG_EXIST        = (1 << IPSET_FLAG_BIT_EXIST),
-        IPSET_FLAG_BIT_LIST_SETNAME = 1,
-        IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME),
-        IPSET_FLAG_BIT_LIST_HEADER = 2,
-        IPSET_FLAG_LIST_HEADER  = (1 << IPSET_FLAG_BIT_LIST_HEADER),
-        IPSET_FLAG_CMD_MAX = 15,        /* Lower half */
-};
-/* Flags at CADT attribute level */
-enum ipset_cadt_flags {
-        IPSET_FLAG_BIT_BEFORE   = 0,
-        IPSET_FLAG_BEFORE       = (1 << IPSET_FLAG_BIT_BEFORE),
-        IPSET_FLAG_BIT_PHYSDEV  = 1,
-        IPSET_FLAG_PHYSDEV      = (1 << IPSET_FLAG_BIT_PHYSDEV),
-        IPSET_FLAG_BIT_NOMATCH  = 2,
-        IPSET_FLAG_NOMATCH      = (1 << IPSET_FLAG_BIT_NOMATCH),
-        IPSET_FLAG_CADT_MAX     = 15,   /* Upper half */
-};
-/* Commands with settype-specific attributes */
-enum ipset_adt {
-        IPSET_ADD,
-        IPSET_DEL,
-        IPSET_TEST,
-        IPSET_ADT_MAX,
-        IPSET_CREATE = IPSET_ADT_MAX,
-        IPSET_CADT_MAX,
-};
-/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
- * and IPSET_INVALID_ID if you want to increase the max number of sets.
- */
-typedef __u16 ip_set_id_t;
-#define IPSET_INVALID_ID                65535
-enum ip_set_dim {
-        IPSET_DIM_ZERO = 0,
-        IPSET_DIM_ONE,
-        IPSET_DIM_TWO,
-        IPSET_DIM_THREE,
-        /* Max dimension in elements.
-         * If changed, new revision of iptables match/target is required.
-         */
-        IPSET_DIM_MAX = 6,
-        IPSET_BIT_RETURN_NOMATCH = 7,
-};
-/* Option flags for kernel operations */
-enum ip_set_kopt {
-        IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
-        IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
-        IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
-        IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
-        IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH),
-};
-#ifdef __KERNEL__
 #include <linux/ip.h>
 #include <linux/ipv6.h>
 #include <linux/netlink.h>
@@ -211,6 +18,7 @@ enum ip_set_kopt {
 #include <linux/stringify.h>
 #include <linux/vmalloc.h>
 #include <net/netlink.h>
+#include <uapi/linux/netfilter/ipset/ip_set.h>
 #define _IP_SET_MODULE_DESC(a, b, c)            \
        MODULE_DESCRIPTION(a " type of IP sets, revisions " b "-" c)
@@ -476,31 +284,4 @@ bitmap_bytes(u32 a, u32 b)
        return 4 * ((((b - a + 8) / 8) + 3) / 4);
 }
-#endif /* __KERNEL__ */
-/* Interface to iptables/ip6tables */
-#define SO_IP_SET               83
-union ip_set_name_index {
-        char name[IPSET_MAXNAMELEN];
-        ip_set_id_t index;
-};
-#define IP_SET_OP_GET_BYNAME    0x00000006      /* Get set index by name */
-struct ip_set_req_get_set {
-        unsigned int op;
-        unsigned int version;
-        union ip_set_name_index set;
-};
-#define IP_SET_OP_GET_BYINDEX   0x00000007      /* Get set name by index */
-/* Uses ip_set_req_get_set */
-#define IP_SET_OP_VERSION       0x00000100      /* Ask kernel version */
-struct ip_set_req_version {
-        unsigned int op;
-        unsigned int version;
-};
 #endif /*_IP_SET_H */
diff --git a/include/linux/netfilter/ipset/ip_set_bitmap.h b/include/linux/netfilter/ipset/ip_set_bitmap.h
index 61a9e8746c83..1a30646d5be8 100644
--- a/include/linux/netfilter/ipset/ip_set_bitmap.h
+++ b/include/linux/netfilter/ipset/ip_set_bitmap.h
@@ -1,15 +1,8 @@
 #ifndef __IP_SET_BITMAP_H
 #define __IP_SET_BITMAP_H
-/* Bitmap type specific error codes */
+#include <uapi/linux/netfilter/ipset/ip_set_bitmap.h>
-enum {
-        /* The element is out of the range of the set */
-        IPSET_ERR_BITMAP_RANGE = IPSET_ERR_TYPE_SPECIFIC,
-        /* The range exceeds the size limit of the set type */
-        IPSET_ERR_BITMAP_RANGE_SIZE,
-};
-#ifdef __KERNEL__
 #define IPSET_BITMAP_MAX_RANGE  0x0000FFFF
 /* Common functions */
@@ -26,6 +19,4 @@ range_to_mask(u32 from, u32 to, u8 *bits)
        return mask;
 }
-#endif /* __KERNEL__ */
 #endif /* __IP_SET_BITMAP_H */
diff --git a/include/linux/netfilter/ipset/ip_set_hash.h b/include/linux/netfilter/ipset/ip_set_hash.h
index e2a9fae767f6..f98ddfb094cb 100644
--- a/include/linux/netfilter/ipset/ip_set_hash.h
+++ b/include/linux/netfilter/ipset/ip_set_hash.h
@@ -1,23 +1,8 @@
 #ifndef __IP_SET_HASH_H
 #define __IP_SET_HASH_H
-/* Hash type specific error codes */
+#include <uapi/linux/netfilter/ipset/ip_set_hash.h>
-enum {
-        /* Hash is full */
-        IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC,
-        /* Null-valued element */
-        IPSET_ERR_HASH_ELEM,
-        /* Invalid protocol */
-        IPSET_ERR_INVALID_PROTO,
-        /* Protocol missing but must be specified */
-        IPSET_ERR_MISSING_PROTO,
-        /* Range not supported */
-        IPSET_ERR_HASH_RANGE_UNSUPPORTED,
-        /* Invalid range */
-        IPSET_ERR_HASH_RANGE,
-};
-#ifdef __KERNEL__
 #define IPSET_DEFAULT_HASHSIZE          1024
 #define IPSET_MIMINAL_HASHSIZE          64
@@ -25,6 +10,4 @@ enum {
 #define IPSET_DEFAULT_PROBES            4
 #define IPSET_DEFAULT_RESIZE            100
-#endif /* __KERNEL__ */
 #endif /* __IP_SET_HASH_H */
diff --git a/include/linux/netfilter/ipset/ip_set_list.h b/include/linux/netfilter/ipset/ip_set_list.h
index 40a63f302613..68c2aea897f5 100644
--- a/include/linux/netfilter/ipset/ip_set_list.h
+++ b/include/linux/netfilter/ipset/ip_set_list.h
@@ -1,27 +1,10 @@
 #ifndef __IP_SET_LIST_H
 #define __IP_SET_LIST_H
-/* List type specific error codes */
+#include <uapi/linux/netfilter/ipset/ip_set_list.h>
-enum {
-        /* Set name to be added/deleted/tested does not exist. */
-        IPSET_ERR_NAME = IPSET_ERR_TYPE_SPECIFIC,
-        /* list:set type is not permitted to add */
-        IPSET_ERR_LOOP,
-        /* Missing reference set */
-        IPSET_ERR_BEFORE,
-        /* Reference set does not exist */
-        IPSET_ERR_NAMEREF,
-        /* Set is full */
-        IPSET_ERR_LIST_FULL,
-        /* Reference set is not added to the set */
-        IPSET_ERR_REF_EXIST,
-};
-#ifdef __KERNEL__
 #define IP_SET_LIST_DEFAULT_SIZE        8
 #define IP_SET_LIST_MIN_SIZE            4
-#endif /* __KERNEL__ */
 #endif /* __IP_SET_LIST_H */
diff --git a/include/uapi/linux/netfilter/ipset/Kbuild b/include/uapi/linux/netfilter/ipset/Kbuild
index aafaa5aa54d4..d2680423d9ab 100644
--- a/include/uapi/linux/netfilter/ipset/Kbuild
+++ b/include/uapi/linux/netfilter/ipset/Kbuild
@@ -1 +1,5 @@
 # UAPI Header export list
+header-y += ip_set.h
+header-y += ip_set_bitmap.h
+header-y += ip_set_hash.h
+header-y += ip_set_list.h
diff --git a/include/uapi/linux/netfilter/ipset/ip_set.h b/include/uapi/linux/netfilter/ipset/ip_set.h
new file mode 100644
index 000000000000..fbee42807a11
--- /dev/null
+++ b/include/uapi/linux/netfilter/ipset/ip_set.h
@@ -0,0 +1,231 @@
+/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
+ *                         Patrick Schaaf <bof@bof.de>
+ *                         Martin Josefsson <gandalf@wlug.westbo.se>
+ * Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef _UAPI_IP_SET_H
+#define _UAPI_IP_SET_H
+#include <linux/types.h>
+/* The protocol version */
+#define IPSET_PROTOCOL          6
+/* The max length of strings including NUL: set and type identifiers */
+#define IPSET_MAXNAMELEN        32
+/* Message types and commands */
+enum ipset_cmd {
+        IPSET_CMD_NONE,
+        IPSET_CMD_PROTOCOL,     /* 1: Return protocol version */
+        IPSET_CMD_CREATE,       /* 2: Create a new (empty) set */
+        IPSET_CMD_DESTROY,      /* 3: Destroy a (empty) set */
+        IPSET_CMD_FLUSH,        /* 4: Remove all elements from a set */
+        IPSET_CMD_RENAME,       /* 5: Rename a set */
+        IPSET_CMD_SWAP,         /* 6: Swap two sets */
+        IPSET_CMD_LIST,         /* 7: List sets */
+        IPSET_CMD_SAVE,         /* 8: Save sets */
+        IPSET_CMD_ADD,          /* 9: Add an element to a set */
+        IPSET_CMD_DEL,          /* 10: Delete an element from a set */
+        IPSET_CMD_TEST,         /* 11: Test an element in a set */
+        IPSET_CMD_HEADER,       /* 12: Get set header data only */
+        IPSET_CMD_TYPE,         /* 13: Get set type */
+        IPSET_MSG_MAX,          /* Netlink message commands */
+        /* Commands in userspace: */
+        IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */
+        IPSET_CMD_HELP,         /* 15: Get help */
+        IPSET_CMD_VERSION,      /* 16: Get program version */
+        IPSET_CMD_QUIT,         /* 17: Quit from interactive mode */
+        IPSET_CMD_MAX,
+        IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */
+};
+/* Attributes at command level */
+enum {
+        IPSET_ATTR_UNSPEC,
+        IPSET_ATTR_PROTOCOL,    /* 1: Protocol version */
+        IPSET_ATTR_SETNAME,     /* 2: Name of the set */
+        IPSET_ATTR_TYPENAME,    /* 3: Typename */
+        IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */
+        IPSET_ATTR_REVISION,    /* 4: Settype revision */
+        IPSET_ATTR_FAMILY,      /* 5: Settype family */
+        IPSET_ATTR_FLAGS,       /* 6: Flags at command level */
+        IPSET_ATTR_DATA,        /* 7: Nested attributes */
+        IPSET_ATTR_ADT,         /* 8: Multiple data containers */
+        IPSET_ATTR_LINENO,      /* 9: Restore lineno */
+        IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */
+        IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */
+        __IPSET_ATTR_CMD_MAX,
+};
+#define IPSET_ATTR_CMD_MAX      (__IPSET_ATTR_CMD_MAX - 1)
+/* CADT specific attributes */
+enum {
+        IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1,
+        IPSET_ATTR_IP_FROM = IPSET_ATTR_IP,
+        IPSET_ATTR_IP_TO,       /* 2 */
+        IPSET_ATTR_CIDR,        /* 3 */
+        IPSET_ATTR_PORT,        /* 4 */
+        IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT,
+        IPSET_ATTR_PORT_TO,     /* 5 */
+        IPSET_ATTR_TIMEOUT,     /* 6 */
+        IPSET_ATTR_PROTO,       /* 7 */
+        IPSET_ATTR_CADT_FLAGS,  /* 8 */
+        IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO,     /* 9 */
+        /* Reserve empty slots */
+        IPSET_ATTR_CADT_MAX = 16,
+        /* Create-only specific attributes */
+        IPSET_ATTR_GC,
+        IPSET_ATTR_HASHSIZE,
+        IPSET_ATTR_MAXELEM,
+        IPSET_ATTR_NETMASK,
+        IPSET_ATTR_PROBES,
+        IPSET_ATTR_RESIZE,
+        IPSET_ATTR_SIZE,
+        /* Kernel-only */
+        IPSET_ATTR_ELEMENTS,
+        IPSET_ATTR_REFERENCES,
+        IPSET_ATTR_MEMSIZE,
+        __IPSET_ATTR_CREATE_MAX,
+};
+#define IPSET_ATTR_CREATE_MAX   (__IPSET_ATTR_CREATE_MAX - 1)
+/* ADT specific attributes */
+enum {
+        IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1,
+        IPSET_ATTR_NAME,
+        IPSET_ATTR_NAMEREF,
+        IPSET_ATTR_IP2,
+        IPSET_ATTR_CIDR2,
+        IPSET_ATTR_IP2_TO,
+        IPSET_ATTR_IFACE,
+        __IPSET_ATTR_ADT_MAX,
+};
+#define IPSET_ATTR_ADT_MAX      (__IPSET_ATTR_ADT_MAX - 1)
+/* IP specific attributes */
+enum {
+        IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1,
+        IPSET_ATTR_IPADDR_IPV6,
+        __IPSET_ATTR_IPADDR_MAX,
+};
+#define IPSET_ATTR_IPADDR_MAX   (__IPSET_ATTR_IPADDR_MAX - 1)
+/* Error codes */
+enum ipset_errno {
+        IPSET_ERR_PRIVATE = 4096,
+        IPSET_ERR_PROTOCOL,
+        IPSET_ERR_FIND_TYPE,
+        IPSET_ERR_MAX_SETS,
+        IPSET_ERR_BUSY,
+        IPSET_ERR_EXIST_SETNAME2,
+        IPSET_ERR_TYPE_MISMATCH,
+        IPSET_ERR_EXIST,
+        IPSET_ERR_INVALID_CIDR,
+        IPSET_ERR_INVALID_NETMASK,
+        IPSET_ERR_INVALID_FAMILY,
+        IPSET_ERR_TIMEOUT,
+        IPSET_ERR_REFERENCED,
+        IPSET_ERR_IPADDR_IPV4,
+        IPSET_ERR_IPADDR_IPV6,
+        /* Type specific error codes */
+        IPSET_ERR_TYPE_SPECIFIC = 4352,
+};
+/* Flags at command level */
+enum ipset_cmd_flags {
+        IPSET_FLAG_BIT_EXIST    = 0,
+        IPSET_FLAG_EXIST        = (1 << IPSET_FLAG_BIT_EXIST),
+        IPSET_FLAG_BIT_LIST_SETNAME = 1,
+        IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME),
+        IPSET_FLAG_BIT_LIST_HEADER = 2,
+        IPSET_FLAG_LIST_HEADER  = (1 << IPSET_FLAG_BIT_LIST_HEADER),
+        IPSET_FLAG_CMD_MAX = 15,        /* Lower half */
+};
+/* Flags at CADT attribute level */
+enum ipset_cadt_flags {
+        IPSET_FLAG_BIT_BEFORE   = 0,
+        IPSET_FLAG_BEFORE       = (1 << IPSET_FLAG_BIT_BEFORE),
+        IPSET_FLAG_BIT_PHYSDEV  = 1,
+        IPSET_FLAG_PHYSDEV      = (1 << IPSET_FLAG_BIT_PHYSDEV),
+        IPSET_FLAG_BIT_NOMATCH  = 2,
+        IPSET_FLAG_NOMATCH      = (1 << IPSET_FLAG_BIT_NOMATCH),
+        IPSET_FLAG_CADT_MAX     = 15,   /* Upper half */
+};
+/* Commands with settype-specific attributes */
+enum ipset_adt {
+        IPSET_ADD,
+        IPSET_DEL,
+        IPSET_TEST,
+        IPSET_ADT_MAX,
+        IPSET_CREATE = IPSET_ADT_MAX,
+        IPSET_CADT_MAX,
+};
+/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
+ * and IPSET_INVALID_ID if you want to increase the max number of sets.
+ */
+typedef __u16 ip_set_id_t;
+#define IPSET_INVALID_ID                65535
+enum ip_set_dim {
+        IPSET_DIM_ZERO = 0,
+        IPSET_DIM_ONE,
+        IPSET_DIM_TWO,
+        IPSET_DIM_THREE,
+        /* Max dimension in elements.
+         * If changed, new revision of iptables match/target is required.
+         */
+        IPSET_DIM_MAX = 6,
+        IPSET_BIT_RETURN_NOMATCH = 7,
+};
+/* Option flags for kernel operations */
+enum ip_set_kopt {
+        IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
+        IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
+        IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
+        IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
+        IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH),
+};
+/* Interface to iptables/ip6tables */
+#define SO_IP_SET               83
+union ip_set_name_index {
+        char name[IPSET_MAXNAMELEN];
+        ip_set_id_t index;
+};
+#define IP_SET_OP_GET_BYNAME    0x00000006      /* Get set index by name */
+struct ip_set_req_get_set {
+        unsigned int op;
+        unsigned int version;
+        union ip_set_name_index set;
+};
+#define IP_SET_OP_GET_BYINDEX   0x00000007      /* Get set name by index */
+/* Uses ip_set_req_get_set */
+#define IP_SET_OP_VERSION       0x00000100      /* Ask kernel version */
+struct ip_set_req_version {
+        unsigned int op;
+        unsigned int version;
+};
+#endif /* _UAPI_IP_SET_H */
diff --git a/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h b/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h
new file mode 100644
index 000000000000..6a2c038d1888
--- /dev/null
+++ b/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h
@@ -0,0 +1,13 @@
+#ifndef _UAPI__IP_SET_BITMAP_H
+#define _UAPI__IP_SET_BITMAP_H
+/* Bitmap type specific error codes */
+enum {
+        /* The element is out of the range of the set */
+        IPSET_ERR_BITMAP_RANGE = IPSET_ERR_TYPE_SPECIFIC,
+        /* The range exceeds the size limit of the set type */
+        IPSET_ERR_BITMAP_RANGE_SIZE,
+};
+#endif /* _UAPI__IP_SET_BITMAP_H */
diff --git a/include/uapi/linux/netfilter/ipset/ip_set_hash.h b/include/uapi/linux/netfilter/ipset/ip_set_hash.h
new file mode 100644
index 000000000000..352eeccdc7f2
--- /dev/null
+++ b/include/uapi/linux/netfilter/ipset/ip_set_hash.h
@@ -0,0 +1,21 @@
+#ifndef _UAPI__IP_SET_HASH_H
+#define _UAPI__IP_SET_HASH_H
+/* Hash type specific error codes */
+enum {
+        /* Hash is full */
+        IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC,
+        /* Null-valued element */
+        IPSET_ERR_HASH_ELEM,
+        /* Invalid protocol */
+        IPSET_ERR_INVALID_PROTO,
+        /* Protocol missing but must be specified */
+        IPSET_ERR_MISSING_PROTO,
+        /* Range not supported */
+        IPSET_ERR_HASH_RANGE_UNSUPPORTED,
+        /* Invalid range */
+        IPSET_ERR_HASH_RANGE,
+};
+#endif /* _UAPI__IP_SET_HASH_H */
diff --git a/include/uapi/linux/netfilter/ipset/ip_set_list.h b/include/uapi/linux/netfilter/ipset/ip_set_list.h
new file mode 100644
index 000000000000..a44efaa98213
--- /dev/null
+++ b/include/uapi/linux/netfilter/ipset/ip_set_list.h
@@ -0,0 +1,21 @@
+#ifndef _UAPI__IP_SET_LIST_H
+#define _UAPI__IP_SET_LIST_H
+/* List type specific error codes */
+enum {
+        /* Set name to be added/deleted/tested does not exist. */
+        IPSET_ERR_NAME = IPSET_ERR_TYPE_SPECIFIC,
+        /* list:set type is not permitted to add */
+        IPSET_ERR_LOOP,
+        /* Missing reference set */
+        IPSET_ERR_BEFORE,
+        /* Reference set does not exist */
+        IPSET_ERR_NAMEREF,
+        /* Set is full */
+        IPSET_ERR_LIST_FULL,
+        /* Reference set is not added to the set */
+        IPSET_ERR_REF_EXIST,
+};
+#endif /* _UAPI__IP_SET_LIST_H */
author	David Howells <dhowells@redhat.com>	2012-10-09 04:48:55 -0400
committer	David Howells <dhowells@redhat.com>	2012-10-09 04:48:55 -0400
commit	a82014149becc68695e7f1d62a8cc1e4ae062318 (patch)
tree	a6ec2c9bda149912c70abc19fc3d8a9baa35fbc0
parent	94d0ec58e63159ce5bcdfe612ee220eaeefa3b2a (diff)