Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
ip_set.h
Go to the documentation of this file.
1 /* Copyright (C) 2000-2002 Joakim Axelsson <[email protected]>
2  * Patrick Schaaf <[email protected]>
3  * Martin Josefsson <[email protected]>
4  * Copyright (C) 2003-2011 Jozsef Kadlecsik <[email protected]>
5  *
6  * This program is free software; you can redistribute it and/or modify
7  * it under the terms of the GNU General Public License version 2 as
8  * published by the Free Software Foundation.
9  */
10 #ifndef _UAPI_IP_SET_H
11 #define _UAPI_IP_SET_H
12 
13 
14 #include <linux/types.h>
15 
16 /* The protocol version */
17 #define IPSET_PROTOCOL 6
18 
19 /* The max length of strings including NUL: set and type identifiers */
20 #define IPSET_MAXNAMELEN 32
21 
22 /* Message types and commands */
23 enum ipset_cmd {
24  IPSET_CMD_NONE,
25  IPSET_CMD_PROTOCOL, /* 1: Return protocol version */
26  IPSET_CMD_CREATE, /* 2: Create a new (empty) set */
27  IPSET_CMD_DESTROY, /* 3: Destroy a (empty) set */
28  IPSET_CMD_FLUSH, /* 4: Remove all elements from a set */
29  IPSET_CMD_RENAME, /* 5: Rename a set */
30  IPSET_CMD_SWAP, /* 6: Swap two sets */
31  IPSET_CMD_LIST, /* 7: List sets */
32  IPSET_CMD_SAVE, /* 8: Save sets */
33  IPSET_CMD_ADD, /* 9: Add an element to a set */
34  IPSET_CMD_DEL, /* 10: Delete an element from a set */
35  IPSET_CMD_TEST, /* 11: Test an element in a set */
36  IPSET_CMD_HEADER, /* 12: Get set header data only */
37  IPSET_CMD_TYPE, /* 13: Get set type */
38  IPSET_MSG_MAX, /* Netlink message commands */
39 
40  /* Commands in userspace: */
41  IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* 14: Enter restore mode */
42  IPSET_CMD_HELP, /* 15: Get help */
43  IPSET_CMD_VERSION, /* 16: Get program version */
44  IPSET_CMD_QUIT, /* 17: Quit from interactive mode */
45 
46  IPSET_CMD_MAX,
47 
48  IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* 18: Commit buffered commands */
49 };
50 
51 /* Attributes at command level */
52 enum {
53  IPSET_ATTR_UNSPEC,
54  IPSET_ATTR_PROTOCOL, /* 1: Protocol version */
55  IPSET_ATTR_SETNAME, /* 2: Name of the set */
56  IPSET_ATTR_TYPENAME, /* 3: Typename */
57  IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* Setname at rename/swap */
58  IPSET_ATTR_REVISION, /* 4: Settype revision */
59  IPSET_ATTR_FAMILY, /* 5: Settype family */
60  IPSET_ATTR_FLAGS, /* 6: Flags at command level */
61  IPSET_ATTR_DATA, /* 7: Nested attributes */
62  IPSET_ATTR_ADT, /* 8: Multiple data containers */
63  IPSET_ATTR_LINENO, /* 9: Restore lineno */
64  IPSET_ATTR_PROTOCOL_MIN, /* 10: Minimal supported version number */
65  IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */
66  __IPSET_ATTR_CMD_MAX,
67 };
68 #define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1)
69 
70 /* CADT specific attributes */
71 enum {
72  IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1,
73  IPSET_ATTR_IP_FROM = IPSET_ATTR_IP,
74  IPSET_ATTR_IP_TO, /* 2 */
75  IPSET_ATTR_CIDR, /* 3 */
76  IPSET_ATTR_PORT, /* 4 */
77  IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT,
78  IPSET_ATTR_PORT_TO, /* 5 */
79  IPSET_ATTR_TIMEOUT, /* 6 */
80  IPSET_ATTR_PROTO, /* 7 */
81  IPSET_ATTR_CADT_FLAGS, /* 8 */
82  IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, /* 9 */
83  /* Reserve empty slots */
84  IPSET_ATTR_CADT_MAX = 16,
85  /* Create-only specific attributes */
86  IPSET_ATTR_GC,
87  IPSET_ATTR_HASHSIZE,
88  IPSET_ATTR_MAXELEM,
89  IPSET_ATTR_NETMASK,
90  IPSET_ATTR_PROBES,
91  IPSET_ATTR_RESIZE,
92  IPSET_ATTR_SIZE,
93  /* Kernel-only */
94  IPSET_ATTR_ELEMENTS,
95  IPSET_ATTR_REFERENCES,
96  IPSET_ATTR_MEMSIZE,
97 
98  __IPSET_ATTR_CREATE_MAX,
99 };
100 #define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1)
101 
102 /* ADT specific attributes */
103 enum {
104  IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1,
105  IPSET_ATTR_NAME,
106  IPSET_ATTR_NAMEREF,
107  IPSET_ATTR_IP2,
108  IPSET_ATTR_CIDR2,
109  IPSET_ATTR_IP2_TO,
110  IPSET_ATTR_IFACE,
111  __IPSET_ATTR_ADT_MAX,
112 };
113 #define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1)
114 
115 /* IP specific attributes */
116 enum {
117  IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1,
118  IPSET_ATTR_IPADDR_IPV6,
119  __IPSET_ATTR_IPADDR_MAX,
120 };
121 #define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1)
122 
123 /* Error codes */
124 enum ipset_errno {
125  IPSET_ERR_PRIVATE = 4096,
126  IPSET_ERR_PROTOCOL,
127  IPSET_ERR_FIND_TYPE,
128  IPSET_ERR_MAX_SETS,
129  IPSET_ERR_BUSY,
130  IPSET_ERR_EXIST_SETNAME2,
131  IPSET_ERR_TYPE_MISMATCH,
132  IPSET_ERR_EXIST,
133  IPSET_ERR_INVALID_CIDR,
134  IPSET_ERR_INVALID_NETMASK,
135  IPSET_ERR_INVALID_FAMILY,
136  IPSET_ERR_TIMEOUT,
137  IPSET_ERR_REFERENCED,
138  IPSET_ERR_IPADDR_IPV4,
139  IPSET_ERR_IPADDR_IPV6,
140 
141  /* Type specific error codes */
142  IPSET_ERR_TYPE_SPECIFIC = 4352,
143 };
144 
145 /* Flags at command level */
146 enum ipset_cmd_flags {
147  IPSET_FLAG_BIT_EXIST = 0,
148  IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST),
149  IPSET_FLAG_BIT_LIST_SETNAME = 1,
150  IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME),
151  IPSET_FLAG_BIT_LIST_HEADER = 2,
152  IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER),
153  IPSET_FLAG_CMD_MAX = 15, /* Lower half */
154 };
155 
156 /* Flags at CADT attribute level */
157 enum ipset_cadt_flags {
158  IPSET_FLAG_BIT_BEFORE = 0,
159  IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE),
160  IPSET_FLAG_BIT_PHYSDEV = 1,
161  IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV),
162  IPSET_FLAG_BIT_NOMATCH = 2,
163  IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH),
164  IPSET_FLAG_CADT_MAX = 15, /* Upper half */
165 };
166 
167 /* Commands with settype-specific attributes */
168 enum ipset_adt {
169  IPSET_ADD,
170  IPSET_DEL,
171  IPSET_TEST,
172  IPSET_ADT_MAX,
173  IPSET_CREATE = IPSET_ADT_MAX,
174  IPSET_CADT_MAX,
175 };
176 
177 /* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
178  * and IPSET_INVALID_ID if you want to increase the max number of sets.
179  */
180 typedef __u16 ip_set_id_t;
181 
182 #define IPSET_INVALID_ID 65535
183 
184 enum ip_set_dim {
185  IPSET_DIM_ZERO = 0,
186  IPSET_DIM_ONE,
187  IPSET_DIM_TWO,
188  IPSET_DIM_THREE,
189  /* Max dimension in elements.
190  * If changed, new revision of iptables match/target is required.
191  */
192  IPSET_DIM_MAX = 6,
193  IPSET_BIT_RETURN_NOMATCH = 7,
194 };
195 
196 /* Option flags for kernel operations */
197 enum ip_set_kopt {
198  IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
199  IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
200  IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
201  IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
202  IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH),
203 };
204 
205 
206 /* Interface to iptables/ip6tables */
207 
208 #define SO_IP_SET 83
209 
210 union ip_set_name_index {
211  char name[IPSET_MAXNAMELEN];
212  ip_set_id_t index;
213 };
214 
215 #define IP_SET_OP_GET_BYNAME 0x00000006 /* Get set index by name */
216 struct ip_set_req_get_set {
217  unsigned int op;
218  unsigned int version;
219  union ip_set_name_index set;
220 };
221 
222 #define IP_SET_OP_GET_BYINDEX 0x00000007 /* Get set name by index */
223 /* Uses ip_set_req_get_set */
224 
225 #define IP_SET_OP_VERSION 0x00000100 /* Ask kernel version */
226 struct ip_set_req_version {
227  unsigned int op;
228  unsigned int version;
229 };
230 
231 #endif /* _UAPI_IP_SET_H */
Generated on Thu Jan 10 2013 14:52:07 for Linux Kernel by   doxygen 1.8.2