xref: /linux/include/uapi/linux/netfilter/xt_set.h (revision 564eb714f5f09ac733c26860d5f0831f213fbdf1) 
1 #ifndef _XT_SET_H
2 #define _XT_SET_H
3 
4 #include <linux/types.h>
5 #include <linux/netfilter/ipset/ip_set.h>
6 
7 /* Revision 0 interface: backward compatible with netfilter/iptables */
8 
9 /*
10  * Option flags for kernel operations (xt_set_info_v0)
11  */
12 #define IPSET_SRC		0x01	/* Source match/add */
13 #define IPSET_DST		0x02	/* Destination match/add */
14 #define IPSET_MATCH_INV		0x04	/* Inverse matching */
15 
16 struct xt_set_info_v0 {
17 	ip_set_id_t index;
18 	union {
19 		__u32 flags[IPSET_DIM_MAX + 1];
20 		struct {
21 			__u32 __flags[IPSET_DIM_MAX];
22 			__u8 dim;
23 			__u8 flags;
24 		} compat;
25 	} u;
26 };
27 
28 /* match and target infos */
29 struct xt_set_info_match_v0 {
30 	struct xt_set_info_v0 match_set;
31 };
32 
33 struct xt_set_info_target_v0 {
34 	struct xt_set_info_v0 add_set;
35 	struct xt_set_info_v0 del_set;
36 };
37 
38 /* Revision 1  match and target */
39 
40 struct xt_set_info {
41 	ip_set_id_t index;
42 	__u8 dim;
43 	__u8 flags;
44 };
45 
46 /* match and target infos */
47 struct xt_set_info_match_v1 {
48 	struct xt_set_info match_set;
49 };
50 
51 struct xt_set_info_target_v1 {
52 	struct xt_set_info add_set;
53 	struct xt_set_info del_set;
54 };
55 
56 /* Revision 2 target */
57 
58 struct xt_set_info_target_v2 {
59 	struct xt_set_info add_set;
60 	struct xt_set_info del_set;
61 	__u32 flags;
62 	__u32 timeout;
63 };
64 
65 /* Revision 3 match */
66 
67 struct xt_set_info_match_v3 {
68 	struct xt_set_info match_set;
69 	struct ip_set_counter_match packets;
70 	struct ip_set_counter_match bytes;
71 	__u32 flags;
72 };
73 
74 #endif /*_XT_SET_H*/
75