UAPI: (Scripted) Disintegrate include/linux/netfilter/ipset

Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Michael Kerrisk <mtk.manpages@gmail.com> Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Acked-by: Dave Jones <davej@redhat.com>
author: David Howells <dhowells@redhat.com> 2012-10-09 04:48:55 -0400
committer: David Howells <dhowells@redhat.com> 2012-10-09 04:48:55 -0400
commit: a82014149becc68695e7f1d62a8cc1e4ae062318 (patch)
tree: a6ec2c9bda149912c70abc19fc3d8a9baa35fbc0 /include/uapi
parent: 94d0ec58e63159ce5bcdfe612ee220eaeefa3b2a (diff)
5 files changed, 290 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/ipset/Kbuild b/include/uapi/linux/netfilter/ipset/Kbuild
index aafaa5aa54d4..d2680423d9ab 100644
--- a/include/uapi/linux/netfilter/ipset/Kbuild
+++ b/include/uapi/linux/netfilter/ipset/Kbuild
@@ -1 +1,5 @@
 # UAPI Header export list
+header-y += ip_set.h
+header-y += ip_set_bitmap.h
+header-y += ip_set_hash.h
+header-y += ip_set_list.h
diff --git a/include/uapi/linux/netfilter/ipset/ip_set.h b/include/uapi/linux/netfilter/ipset/ip_set.h
new file mode 100644
index 000000000000..fbee42807a11
--- /dev/null
+++ b/include/uapi/linux/netfilter/ipset/ip_set.h
@@ -0,0 +1,231 @@
+/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
+ *                         Patrick Schaaf <bof@bof.de>
+ *                         Martin Josefsson <gandalf@wlug.westbo.se>
+ * Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef _UAPI_IP_SET_H
+#define _UAPI_IP_SET_H
+#include <linux/types.h>
+/* The protocol version */
+#define IPSET_PROTOCOL          6
+/* The max length of strings including NUL: set and type identifiers */
+#define IPSET_MAXNAMELEN        32
+/* Message types and commands */
+enum ipset_cmd {
+        IPSET_CMD_NONE,
+        IPSET_CMD_PROTOCOL,     /* 1: Return protocol version */
+        IPSET_CMD_CREATE,       /* 2: Create a new (empty) set */
+        IPSET_CMD_DESTROY,      /* 3: Destroy a (empty) set */
+        IPSET_CMD_FLUSH,        /* 4: Remove all elements from a set */
+        IPSET_CMD_RENAME,       /* 5: Rename a set */
+        IPSET_CMD_SWAP,         /* 6: Swap two sets */
+        IPSET_CMD_LIST,         /* 7: List sets */
+        IPSET_CMD_SAVE,         /* 8: Save sets */
+        IPSET_CMD_ADD,          /* 9: Add an element to a set */
+        IPSET_CMD_DEL,          /* 10: Delete an element from a set */
+        IPSET_CMD_TEST,         /* 11: Test an element in a set */
+        IPSET_CMD_HEADER,       /* 12: Get set header data only */
+        IPSET_CMD_TYPE,         /* 13: Get set type */
+        IPSET_MSG_MAX,          /* Netlink message commands */
+        /* Commands in userspace: */
+        IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */
+        IPSET_CMD_HELP,         /* 15: Get help */
+        IPSET_CMD_VERSION,      /* 16: Get program version */
+        IPSET_CMD_QUIT,         /* 17: Quit from interactive mode */
+        IPSET_CMD_MAX,
+        IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */
+};
+/* Attributes at command level */
+enum {
+        IPSET_ATTR_UNSPEC,
+        IPSET_ATTR_PROTOCOL,    /* 1: Protocol version */
+        IPSET_ATTR_SETNAME,     /* 2: Name of the set */
+        IPSET_ATTR_TYPENAME,    /* 3: Typename */
+        IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */
+        IPSET_ATTR_REVISION,    /* 4: Settype revision */
+        IPSET_ATTR_FAMILY,      /* 5: Settype family */
+        IPSET_ATTR_FLAGS,       /* 6: Flags at command level */
+        IPSET_ATTR_DATA,        /* 7: Nested attributes */
+        IPSET_ATTR_ADT,         /* 8: Multiple data containers */
+        IPSET_ATTR_LINENO,      /* 9: Restore lineno */
+        IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */
+        IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */
+        __IPSET_ATTR_CMD_MAX,
+};
+#define IPSET_ATTR_CMD_MAX      (__IPSET_ATTR_CMD_MAX - 1)
+/* CADT specific attributes */
+enum {
+        IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1,
+        IPSET_ATTR_IP_FROM = IPSET_ATTR_IP,
+        IPSET_ATTR_IP_TO,       /* 2 */
+        IPSET_ATTR_CIDR,        /* 3 */
+        IPSET_ATTR_PORT,        /* 4 */
+        IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT,
+        IPSET_ATTR_PORT_TO,     /* 5 */
+        IPSET_ATTR_TIMEOUT,     /* 6 */
+        IPSET_ATTR_PROTO,       /* 7 */
+        IPSET_ATTR_CADT_FLAGS,  /* 8 */
+        IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO,     /* 9 */
+        /* Reserve empty slots */
+        IPSET_ATTR_CADT_MAX = 16,
+        /* Create-only specific attributes */
+        IPSET_ATTR_GC,
+        IPSET_ATTR_HASHSIZE,
+        IPSET_ATTR_MAXELEM,
+        IPSET_ATTR_NETMASK,
+        IPSET_ATTR_PROBES,
+        IPSET_ATTR_RESIZE,
+        IPSET_ATTR_SIZE,
+        /* Kernel-only */
+        IPSET_ATTR_ELEMENTS,
+        IPSET_ATTR_REFERENCES,
+        IPSET_ATTR_MEMSIZE,
+        __IPSET_ATTR_CREATE_MAX,
+};
+#define IPSET_ATTR_CREATE_MAX   (__IPSET_ATTR_CREATE_MAX - 1)
+/* ADT specific attributes */
+enum {
+        IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1,
+        IPSET_ATTR_NAME,
+        IPSET_ATTR_NAMEREF,
+        IPSET_ATTR_IP2,
+        IPSET_ATTR_CIDR2,
+        IPSET_ATTR_IP2_TO,
+        IPSET_ATTR_IFACE,
+        __IPSET_ATTR_ADT_MAX,
+};
+#define IPSET_ATTR_ADT_MAX      (__IPSET_ATTR_ADT_MAX - 1)
+/* IP specific attributes */
+enum {
+        IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1,
+        IPSET_ATTR_IPADDR_IPV6,
+        __IPSET_ATTR_IPADDR_MAX,
+};
+#define IPSET_ATTR_IPADDR_MAX   (__IPSET_ATTR_IPADDR_MAX - 1)
+/* Error codes */
+enum ipset_errno {
+        IPSET_ERR_PRIVATE = 4096,
+        IPSET_ERR_PROTOCOL,
+        IPSET_ERR_FIND_TYPE,
+        IPSET_ERR_MAX_SETS,
+        IPSET_ERR_BUSY,
+        IPSET_ERR_EXIST_SETNAME2,
+        IPSET_ERR_TYPE_MISMATCH,
+        IPSET_ERR_EXIST,
+        IPSET_ERR_INVALID_CIDR,
+        IPSET_ERR_INVALID_NETMASK,
+        IPSET_ERR_INVALID_FAMILY,
+        IPSET_ERR_TIMEOUT,
+        IPSET_ERR_REFERENCED,
+        IPSET_ERR_IPADDR_IPV4,
+        IPSET_ERR_IPADDR_IPV6,
+        /* Type specific error codes */
+        IPSET_ERR_TYPE_SPECIFIC = 4352,
+};
+/* Flags at command level */
+enum ipset_cmd_flags {
+        IPSET_FLAG_BIT_EXIST    = 0,
+        IPSET_FLAG_EXIST        = (1 << IPSET_FLAG_BIT_EXIST),
+        IPSET_FLAG_BIT_LIST_SETNAME = 1,
+        IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME),
+        IPSET_FLAG_BIT_LIST_HEADER = 2,
+        IPSET_FLAG_LIST_HEADER  = (1 << IPSET_FLAG_BIT_LIST_HEADER),
+        IPSET_FLAG_CMD_MAX = 15,        /* Lower half */
+};
+/* Flags at CADT attribute level */
+enum ipset_cadt_flags {
+        IPSET_FLAG_BIT_BEFORE   = 0,
+        IPSET_FLAG_BEFORE       = (1 << IPSET_FLAG_BIT_BEFORE),
+        IPSET_FLAG_BIT_PHYSDEV  = 1,
+        IPSET_FLAG_PHYSDEV      = (1 << IPSET_FLAG_BIT_PHYSDEV),
+        IPSET_FLAG_BIT_NOMATCH  = 2,
+        IPSET_FLAG_NOMATCH      = (1 << IPSET_FLAG_BIT_NOMATCH),
+        IPSET_FLAG_CADT_MAX     = 15,   /* Upper half */
+};
+/* Commands with settype-specific attributes */
+enum ipset_adt {
+        IPSET_ADD,
+        IPSET_DEL,
+        IPSET_TEST,
+        IPSET_ADT_MAX,
+        IPSET_CREATE = IPSET_ADT_MAX,
+        IPSET_CADT_MAX,
+};
+/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
+ * and IPSET_INVALID_ID if you want to increase the max number of sets.
+ */
+typedef __u16 ip_set_id_t;
+#define IPSET_INVALID_ID                65535
+enum ip_set_dim {
+        IPSET_DIM_ZERO = 0,
+        IPSET_DIM_ONE,
+        IPSET_DIM_TWO,
+        IPSET_DIM_THREE,
+        /* Max dimension in elements.
+         * If changed, new revision of iptables match/target is required.
+         */
+        IPSET_DIM_MAX = 6,
+        IPSET_BIT_RETURN_NOMATCH = 7,
+};
+/* Option flags for kernel operations */
+enum ip_set_kopt {
+        IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
+        IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
+        IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
+        IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
+        IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH),
+};
+/* Interface to iptables/ip6tables */
+#define SO_IP_SET               83
+union ip_set_name_index {
+        char name[IPSET_MAXNAMELEN];
+        ip_set_id_t index;
+};
+#define IP_SET_OP_GET_BYNAME    0x00000006      /* Get set index by name */
+struct ip_set_req_get_set {
+        unsigned int op;
+        unsigned int version;
+        union ip_set_name_index set;
+};
+#define IP_SET_OP_GET_BYINDEX   0x00000007      /* Get set name by index */
+/* Uses ip_set_req_get_set */
+#define IP_SET_OP_VERSION       0x00000100      /* Ask kernel version */
+struct ip_set_req_version {
+        unsigned int op;
+        unsigned int version;
+};
+#endif /* _UAPI_IP_SET_H */
diff --git a/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h b/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h
new file mode 100644
index 000000000000..6a2c038d1888
--- /dev/null
+++ b/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h
@@ -0,0 +1,13 @@
+#ifndef _UAPI__IP_SET_BITMAP_H
+#define _UAPI__IP_SET_BITMAP_H
+/* Bitmap type specific error codes */
+enum {
+        /* The element is out of the range of the set */
+        IPSET_ERR_BITMAP_RANGE = IPSET_ERR_TYPE_SPECIFIC,
+        /* The range exceeds the size limit of the set type */
+        IPSET_ERR_BITMAP_RANGE_SIZE,
+};
+#endif /* _UAPI__IP_SET_BITMAP_H */
diff --git a/include/uapi/linux/netfilter/ipset/ip_set_hash.h b/include/uapi/linux/netfilter/ipset/ip_set_hash.h
new file mode 100644
index 000000000000..352eeccdc7f2
--- /dev/null
+++ b/include/uapi/linux/netfilter/ipset/ip_set_hash.h
@@ -0,0 +1,21 @@
+#ifndef _UAPI__IP_SET_HASH_H
+#define _UAPI__IP_SET_HASH_H
+/* Hash type specific error codes */
+enum {
+        /* Hash is full */
+        IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC,
+        /* Null-valued element */
+        IPSET_ERR_HASH_ELEM,
+        /* Invalid protocol */
+        IPSET_ERR_INVALID_PROTO,
+        /* Protocol missing but must be specified */
+        IPSET_ERR_MISSING_PROTO,
+        /* Range not supported */
+        IPSET_ERR_HASH_RANGE_UNSUPPORTED,
+        /* Invalid range */
+        IPSET_ERR_HASH_RANGE,
+};
+#endif /* _UAPI__IP_SET_HASH_H */
diff --git a/include/uapi/linux/netfilter/ipset/ip_set_list.h b/include/uapi/linux/netfilter/ipset/ip_set_list.h
new file mode 100644
index 000000000000..a44efaa98213
--- /dev/null
+++ b/include/uapi/linux/netfilter/ipset/ip_set_list.h
@@ -0,0 +1,21 @@
+#ifndef _UAPI__IP_SET_LIST_H
+#define _UAPI__IP_SET_LIST_H
+/* List type specific error codes */
+enum {
+        /* Set name to be added/deleted/tested does not exist. */
+        IPSET_ERR_NAME = IPSET_ERR_TYPE_SPECIFIC,
+        /* list:set type is not permitted to add */
+        IPSET_ERR_LOOP,
+        /* Missing reference set */
+        IPSET_ERR_BEFORE,
+        /* Reference set does not exist */
+        IPSET_ERR_NAMEREF,
+        /* Set is full */
+        IPSET_ERR_LIST_FULL,
+        /* Reference set is not added to the set */
+        IPSET_ERR_REF_EXIST,
+};
+#endif /* _UAPI__IP_SET_LIST_H */
author	David Howells <dhowells@redhat.com>	2012-10-09 04:48:55 -0400
committer	David Howells <dhowells@redhat.com>	2012-10-09 04:48:55 -0400
commit	a82014149becc68695e7f1d62a8cc1e4ae062318 (patch)
tree	a6ec2c9bda149912c70abc19fc3d8a9baa35fbc0 /include/uapi
parent	94d0ec58e63159ce5bcdfe612ee220eaeefa3b2a (diff)

diff --git a/include/uapi/linux/netfilter/ipset/Kbuild b/include/uapi/linux/netfilter/ipset/Kbuild index aafaa5aa54d4..d2680423d9ab 100644 --- a/include/uapi/linux/netfilter/ipset/Kbuild +++ b/include/uapi/linux/netfilter/ipset/Kbuild
@@ -1 +1,5 @@
1	# UAPI Header export list	1	# UAPI Header export list
		2	header-y += ip_set.h
		3	header-y += ip_set_bitmap.h
		4	header-y += ip_set_hash.h
		5	header-y += ip_set_list.h


diff --git a/include/uapi/linux/netfilter/ipset/ip_set.h b/include/uapi/linux/netfilter/ipset/ip_set.h new file mode 100644 index 000000000000..fbee42807a11 --- /dev/null +++ b/include/uapi/linux/netfilter/ipset/ip_set.h
@@ -0,0 +1,231 @@
		1	/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
		2	* Patrick Schaaf <bof@bof.de>
		3	* Martin Josefsson <gandalf@wlug.westbo.se>
		4	* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
		5	*
		6	* This program is free software; you can redistribute it and/or modify
		7	* it under the terms of the GNU General Public License version 2 as
		8	* published by the Free Software Foundation.
		9	*/
		10	#ifndef _UAPI_IP_SET_H
		11	#define _UAPI_IP_SET_H
		12
		13
		14	#include <linux/types.h>
		15
		16	/* The protocol version */
		17	#define IPSET_PROTOCOL 6
		18
		19	/* The max length of strings including NUL: set and type identifiers */
		20	#define IPSET_MAXNAMELEN 32
		21
		22	/* Message types and commands */
		23	enum ipset_cmd {
		24	IPSET_CMD_NONE,
		25	IPSET_CMD_PROTOCOL, /* 1: Return protocol version */
		26	IPSET_CMD_CREATE, /* 2: Create a new (empty) set */
		27	IPSET_CMD_DESTROY, /* 3: Destroy a (empty) set */
		28	IPSET_CMD_FLUSH, /* 4: Remove all elements from a set */
		29	IPSET_CMD_RENAME, /* 5: Rename a set */
		30	IPSET_CMD_SWAP, /* 6: Swap two sets */
		31	IPSET_CMD_LIST, /* 7: List sets */
		32	IPSET_CMD_SAVE, /* 8: Save sets */
		33	IPSET_CMD_ADD, /* 9: Add an element to a set */
		34	IPSET_CMD_DEL, /* 10: Delete an element from a set */
		35	IPSET_CMD_TEST, /* 11: Test an element in a set */
		36	IPSET_CMD_HEADER, /* 12: Get set header data only */
		37	IPSET_CMD_TYPE, /* 13: Get set type */
		38	IPSET_MSG_MAX, /* Netlink message commands */
		39
		40	/* Commands in userspace: */
		41	IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */
		42	IPSET_CMD_HELP, /* 15: Get help */
		43	IPSET_CMD_VERSION, /* 16: Get program version */
		44	IPSET_CMD_QUIT, /* 17: Quit from interactive mode */
		45
		46	IPSET_CMD_MAX,
		47
		48	IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */
		49	};
		50
		51	/* Attributes at command level */
		52	enum {
		53	IPSET_ATTR_UNSPEC,
		54	IPSET_ATTR_PROTOCOL, /* 1: Protocol version */
		55	IPSET_ATTR_SETNAME, /* 2: Name of the set */
		56	IPSET_ATTR_TYPENAME, /* 3: Typename */
		57	IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */
		58	IPSET_ATTR_REVISION, /* 4: Settype revision */
		59	IPSET_ATTR_FAMILY, /* 5: Settype family */
		60	IPSET_ATTR_FLAGS, /* 6: Flags at command level */
		61	IPSET_ATTR_DATA, /* 7: Nested attributes */
		62	IPSET_ATTR_ADT, /* 8: Multiple data containers */
		63	IPSET_ATTR_LINENO, /* 9: Restore lineno */
		64	IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */
		65	IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */
		66	__IPSET_ATTR_CMD_MAX,
		67	};
		68	#define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1)
		69
		70	/* CADT specific attributes */
		71	enum {
		72	IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1,
		73	IPSET_ATTR_IP_FROM = IPSET_ATTR_IP,
		74	IPSET_ATTR_IP_TO, /* 2 */
		75	IPSET_ATTR_CIDR, /* 3 */
		76	IPSET_ATTR_PORT, /* 4 */
		77	IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT,
		78	IPSET_ATTR_PORT_TO, /* 5 */
		79	IPSET_ATTR_TIMEOUT, /* 6 */
		80	IPSET_ATTR_PROTO, /* 7 */
		81	IPSET_ATTR_CADT_FLAGS, /* 8 */
		82	IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */
		83	/* Reserve empty slots */
		84	IPSET_ATTR_CADT_MAX = 16,
		85	/* Create-only specific attributes */
		86	IPSET_ATTR_GC,
		87	IPSET_ATTR_HASHSIZE,
		88	IPSET_ATTR_MAXELEM,
		89	IPSET_ATTR_NETMASK,
		90	IPSET_ATTR_PROBES,
		91	IPSET_ATTR_RESIZE,
		92	IPSET_ATTR_SIZE,
		93	/* Kernel-only */
		94	IPSET_ATTR_ELEMENTS,
		95	IPSET_ATTR_REFERENCES,
		96	IPSET_ATTR_MEMSIZE,
		97
		98	__IPSET_ATTR_CREATE_MAX,
		99	};
		100	#define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1)
		101
		102	/* ADT specific attributes */
		103	enum {
		104	IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1,
		105	IPSET_ATTR_NAME,
		106	IPSET_ATTR_NAMEREF,
		107	IPSET_ATTR_IP2,
		108	IPSET_ATTR_CIDR2,
		109	IPSET_ATTR_IP2_TO,
		110	IPSET_ATTR_IFACE,
		111	__IPSET_ATTR_ADT_MAX,
		112	};
		113	#define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1)
		114
		115	/* IP specific attributes */
		116	enum {
		117	IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1,
		118	IPSET_ATTR_IPADDR_IPV6,
		119	__IPSET_ATTR_IPADDR_MAX,
		120	};
		121	#define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1)
		122
		123	/* Error codes */
		124	enum ipset_errno {
		125	IPSET_ERR_PRIVATE = 4096,
		126	IPSET_ERR_PROTOCOL,
		127	IPSET_ERR_FIND_TYPE,
		128	IPSET_ERR_MAX_SETS,
		129	IPSET_ERR_BUSY,
		130	IPSET_ERR_EXIST_SETNAME2,
		131	IPSET_ERR_TYPE_MISMATCH,
		132	IPSET_ERR_EXIST,
		133	IPSET_ERR_INVALID_CIDR,
		134	IPSET_ERR_INVALID_NETMASK,
		135	IPSET_ERR_INVALID_FAMILY,
		136	IPSET_ERR_TIMEOUT,
		137	IPSET_ERR_REFERENCED,
		138	IPSET_ERR_IPADDR_IPV4,
		139	IPSET_ERR_IPADDR_IPV6,
		140
		141	/* Type specific error codes */
		142	IPSET_ERR_TYPE_SPECIFIC = 4352,
		143	};
		144
		145	/* Flags at command level */
		146	enum ipset_cmd_flags {
		147	IPSET_FLAG_BIT_EXIST = 0,
		148	IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST),
		149	IPSET_FLAG_BIT_LIST_SETNAME = 1,
		150	IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME),
		151	IPSET_FLAG_BIT_LIST_HEADER = 2,
		152	IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER),
		153	IPSET_FLAG_CMD_MAX = 15, /* Lower half */
		154	};
		155
		156	/* Flags at CADT attribute level */
		157	enum ipset_cadt_flags {
		158	IPSET_FLAG_BIT_BEFORE = 0,
		159	IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE),
		160	IPSET_FLAG_BIT_PHYSDEV = 1,
		161	IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV),
		162	IPSET_FLAG_BIT_NOMATCH = 2,
		163	IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH),
		164	IPSET_FLAG_CADT_MAX = 15, /* Upper half */
		165	};
		166
		167	/* Commands with settype-specific attributes */
		168	enum ipset_adt {
		169	IPSET_ADD,
		170	IPSET_DEL,
		171	IPSET_TEST,
		172	IPSET_ADT_MAX,
		173	IPSET_CREATE = IPSET_ADT_MAX,
		174	IPSET_CADT_MAX,
		175	};
		176
		177	/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
		178	* and IPSET_INVALID_ID if you want to increase the max number of sets.
		179	*/
		180	typedef __u16 ip_set_id_t;
		181
		182	#define IPSET_INVALID_ID 65535
		183
		184	enum ip_set_dim {
		185	IPSET_DIM_ZERO = 0,
		186	IPSET_DIM_ONE,
		187	IPSET_DIM_TWO,
		188	IPSET_DIM_THREE,
		189	/* Max dimension in elements.
		190	* If changed, new revision of iptables match/target is required.
		191	*/
		192	IPSET_DIM_MAX = 6,
		193	IPSET_BIT_RETURN_NOMATCH = 7,
		194	};
		195
		196	/* Option flags for kernel operations */
		197	enum ip_set_kopt {
		198	IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
		199	IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
		200	IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
		201	IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
		202	IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH),
		203	};
		204
		205
		206	/* Interface to iptables/ip6tables */
		207
		208	#define SO_IP_SET 83
		209
		210	union ip_set_name_index {
		211	char name[IPSET_MAXNAMELEN];
		212	ip_set_id_t index;
		213	};
		214
		215	#define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */
		216	struct ip_set_req_get_set {
		217	unsigned int op;
		218	unsigned int version;
		219	union ip_set_name_index set;
		220	};
		221
		222	#define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */
		223	/* Uses ip_set_req_get_set */
		224
		225	#define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */
		226	struct ip_set_req_version {
		227	unsigned int op;
		228	unsigned int version;
		229	};
		230
		231	#endif /* _UAPI_IP_SET_H */


diff --git a/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h b/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h new file mode 100644 index 000000000000..6a2c038d1888 --- /dev/null +++ b/include/uapi/linux/netfilter/ipset/ip_set_bitmap.h
@@ -0,0 +1,13 @@
		1	#ifndef _UAPI__IP_SET_BITMAP_H
		2	#define _UAPI__IP_SET_BITMAP_H
		3
		4	/* Bitmap type specific error codes */
		5	enum {
		6	/* The element is out of the range of the set */
		7	IPSET_ERR_BITMAP_RANGE = IPSET_ERR_TYPE_SPECIFIC,
		8	/* The range exceeds the size limit of the set type */
		9	IPSET_ERR_BITMAP_RANGE_SIZE,
		10	};
		11
		12
		13	#endif /* _UAPI__IP_SET_BITMAP_H */


diff --git a/include/uapi/linux/netfilter/ipset/ip_set_hash.h b/include/uapi/linux/netfilter/ipset/ip_set_hash.h new file mode 100644 index 000000000000..352eeccdc7f2 --- /dev/null +++ b/include/uapi/linux/netfilter/ipset/ip_set_hash.h
@@ -0,0 +1,21 @@
		1	#ifndef _UAPI__IP_SET_HASH_H
		2	#define _UAPI__IP_SET_HASH_H
		3
		4	/* Hash type specific error codes */
		5	enum {
		6	/* Hash is full */
		7	IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC,
		8	/* Null-valued element */
		9	IPSET_ERR_HASH_ELEM,
		10	/* Invalid protocol */
		11	IPSET_ERR_INVALID_PROTO,
		12	/* Protocol missing but must be specified */
		13	IPSET_ERR_MISSING_PROTO,
		14	/* Range not supported */
		15	IPSET_ERR_HASH_RANGE_UNSUPPORTED,
		16	/* Invalid range */
		17	IPSET_ERR_HASH_RANGE,
		18	};
		19
		20
		21	#endif /* _UAPI__IP_SET_HASH_H */


diff --git a/include/uapi/linux/netfilter/ipset/ip_set_list.h b/include/uapi/linux/netfilter/ipset/ip_set_list.h new file mode 100644 index 000000000000..a44efaa98213 --- /dev/null +++ b/include/uapi/linux/netfilter/ipset/ip_set_list.h
@@ -0,0 +1,21 @@
		1	#ifndef _UAPI__IP_SET_LIST_H
		2	#define _UAPI__IP_SET_LIST_H
		3
		4	/* List type specific error codes */
		5	enum {
		6	/* Set name to be added/deleted/tested does not exist. */
		7	IPSET_ERR_NAME = IPSET_ERR_TYPE_SPECIFIC,
		8	/* list:set type is not permitted to add */
		9	IPSET_ERR_LOOP,
		10	/* Missing reference set */
		11	IPSET_ERR_BEFORE,
		12	/* Reference set does not exist */
		13	IPSET_ERR_NAMEREF,
		14	/* Set is full */
		15	IPSET_ERR_LIST_FULL,
		16	/* Reference set is not added to the set */
		17	IPSET_ERR_REF_EXIST,
		18	};
		19
		20
		21	#endif /* _UAPI__IP_SET_LIST_H */