2 files changed, 17 insertions, 1 deletions

diff --git a/include/uapi/linux/netfilter/ipset/ip_set.h b/include/uapi/linux/netfilter/ipset/ip_set.h
index 25d3b2f79c02..78c2f2e79920 100644
--- a/include/uapi/linux/netfilter/ipset/ip_set.h
+++ b/include/uapi/linux/netfilter/ipset/ip_set.h
@@ -82,6 +82,8 @@ enum {
         IPSET_ATTR_PROTO,       /* 7 */
         IPSET_ATTR_CADT_FLAGS,  /* 8 */
         IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO,     /* 9 */
+        IPSET_ATTR_MARK,        /* 10 */
+        IPSET_ATTR_MARKMASK,    /* 11 */
         /* Reserve empty slots */
         IPSET_ATTR_CADT_MAX = 16,
         /* Create-only specific attributes */
@@ -144,6 +146,7 @@ enum ipset_errno {
         IPSET_ERR_IPADDR_IPV6,
         IPSET_ERR_COUNTER,
         IPSET_ERR_COMMENT,
+        IPSET_ERR_INVALID_MARKMASK,
 
         /* Type specific error codes */
         IPSET_ERR_TYPE_SPECIFIC = 4352,
@@ -182,9 +185,18 @@ enum ipset_cadt_flags {
         IPSET_FLAG_WITH_COUNTERS = (1 << IPSET_FLAG_BIT_WITH_COUNTERS),
         IPSET_FLAG_BIT_WITH_COMMENT = 4,
         IPSET_FLAG_WITH_COMMENT = (1 << IPSET_FLAG_BIT_WITH_COMMENT),
+        IPSET_FLAG_BIT_WITH_FORCEADD = 5,
+        IPSET_FLAG_WITH_FORCEADD = (1 << IPSET_FLAG_BIT_WITH_FORCEADD),
         IPSET_FLAG_CADT_MAX     = 15,
 };
 
+/* The flag bits which correspond to the non-extension create flags */
+enum ipset_create_flags {
+        IPSET_CREATE_FLAG_BIT_FORCEADD = 0,
+        IPSET_CREATE_FLAG_FORCEADD = (1 << IPSET_CREATE_FLAG_BIT_FORCEADD),
+        IPSET_CREATE_FLAG_BIT_MAX = 7,
+};
+
 /* Commands with settype-specific attributes */
 enum ipset_adt {
         IPSET_ADD,
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 83c985a6170b..c88ccbfda5f1 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -1,7 +1,8 @@
 #ifndef _LINUX_NF_TABLES_H
 #define _LINUX_NF_TABLES_H
 
-#define NFT_CHAIN_MAXNAMELEN 32
+#define NFT_CHAIN_MAXNAMELEN    32
+#define NFT_USERDATA_MAXLEN     256
 
 enum nft_registers {
         NFT_REG_VERDICT,
@@ -156,6 +157,7 @@ enum nft_chain_attributes {
  * @NFTA_RULE_EXPRESSIONS: list of expressions (NLA_NESTED: nft_expr_attributes)
  * @NFTA_RULE_COMPAT: compatibility specifications of the rule (NLA_NESTED: nft_rule_compat_attributes)
  * @NFTA_RULE_POSITION: numeric handle of the previous rule (NLA_U64)
+ * @NFTA_RULE_USERDATA: user data (NLA_BINARY, NFT_USERDATA_MAXLEN)
  */
 enum nft_rule_attributes {
         NFTA_RULE_UNSPEC,
@@ -165,6 +167,7 @@ enum nft_rule_attributes {
         NFTA_RULE_EXPRESSIONS,
         NFTA_RULE_COMPAT,
         NFTA_RULE_POSITION,
+        NFTA_RULE_USERDATA,
         __NFTA_RULE_MAX
 };
 #define NFTA_RULE_MAX           (__NFTA_RULE_MAX - 1)
@@ -601,6 +604,7 @@ enum nft_ct_keys {
         NFT_CT_PROTOCOL,
         NFT_CT_PROTO_SRC,
         NFT_CT_PROTO_DST,
+        NFT_CT_LABELS,
 };
 
 /**