summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/Makefile.am1
-rw-r--r--include/libipset/Makefile.am17
-rw-r--r--include/libipset/data.h124
-rw-r--r--include/libipset/errcode.h23
-rw-r--r--include/libipset/linux_ip_set.h171
-rw-r--r--include/libipset/linux_ip_set_bitmap.h10
-rw-r--r--include/libipset/linux_ip_set_hash.h10
-rw-r--r--include/libipset/mnl.h29
-rw-r--r--include/libipset/nf_inet_addr.h22
-rw-r--r--include/libipset/parse.h57
-rw-r--r--include/libipset/pfxlen.h157
-rw-r--r--include/libipset/print.h49
-rw-r--r--include/libipset/session.h81
-rw-r--r--include/libipset/transport.h27
-rw-r--r--include/libipset/types.h128
-rw-r--r--include/libipset/ui.h47
-rw-r--r--include/libipset/utils.h45
17 files changed, 998 insertions, 0 deletions
diff --git a/include/Makefile.am b/include/Makefile.am
new file mode 100644
index 0000000..2c4eb5c
--- /dev/null
+++ b/include/Makefile.am
@@ -0,0 +1 @@
+SUBDIRS = libipset
diff --git a/include/libipset/Makefile.am b/include/libipset/Makefile.am
new file mode 100644
index 0000000..b17293c
--- /dev/null
+++ b/include/libipset/Makefile.am
@@ -0,0 +1,17 @@
+pkginclude_HEADERS = \
+ data.h \
+ errcode.h \
+ linux_ip_set_bitmap.h \
+ linux_ip_set.h \
+ linux_ip_set_hash.h \
+ mnl.h \
+ nf_inet_addr.h \
+ nlattr.h \
+ parse.h \
+ pfxlen.h \
+ print.h \
+ session.h
+ transport.h \
+ types.h \
+ ui.h \
+ utils.h
diff --git a/include/libipset/data.h b/include/libipset/data.h
new file mode 100644
index 0000000..0ebc1eb
--- /dev/null
+++ b/include/libipset/data.h
@@ -0,0 +1,124 @@
+/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef LIBIPSET_DATA_H
+#define LIBIPSET_DATA_H
+
+#include <stdbool.h> /* bool */
+#include <libipset/nf_inet_addr.h> /* union nf_inet_addr */
+
+/* Data options */
+enum ipset_opt {
+ IPSET_OPT_NONE = 0,
+ /* Common ones */
+ IPSET_SETNAME,
+ IPSET_OPT_TYPENAME,
+ IPSET_OPT_FAMILY,
+ /* CADT options */
+ IPSET_OPT_IP,
+ IPSET_OPT_IP_FROM = IPSET_OPT_IP,
+ IPSET_OPT_IP_TO,
+ IPSET_OPT_CIDR,
+ IPSET_OPT_PORT,
+ IPSET_OPT_PORT_FROM = IPSET_OPT_PORT,
+ IPSET_OPT_PORT_TO,
+ IPSET_OPT_TIMEOUT,
+ /* Create-specific options */
+ IPSET_OPT_GC,
+ IPSET_OPT_HASHSIZE,
+ IPSET_OPT_MAXELEM,
+ IPSET_OPT_NETMASK,
+ IPSET_OPT_PROBES,
+ IPSET_OPT_RESIZE,
+ IPSET_OPT_SIZE,
+ /* Create-specific options, filled out by the kernel */
+ IPSET_OPT_ELEMENTS,
+ IPSET_OPT_REFERENCES,
+ IPSET_OPT_MEMSIZE,
+ /* ADT-specific options */
+ IPSET_OPT_ETHER,
+ IPSET_OPT_NAME,
+ IPSET_OPT_NAMEREF,
+ IPSET_OPT_IP2,
+ IPSET_OPT_CIDR2,
+ /* Swap/rename to */
+ IPSET_OPT_SETNAME2,
+ /* Flags */
+ IPSET_OPT_EXIST,
+ IPSET_OPT_BEFORE,
+ /* Internal options */
+ IPSET_OPT_FLAGS = 48,
+ IPSET_OPT_ELEM,
+ IPSET_OPT_TYPE,
+ IPSET_OPT_LINENO,
+ IPSET_OPT_REVISION,
+ IPSET_OPT_REVISION_MIN,
+ IPSET_OPT_MAX,
+};
+
+#define IPSET_FLAG(opt) (1LL << (opt))
+#define IPSET_FLAGS_ALL (~0LL)
+
+#define IPSET_CREATE_FLAGS \
+ ( IPSET_FLAG(IPSET_OPT_IP) \
+ | IPSET_FLAG(IPSET_OPT_IP_TO) \
+ | IPSET_FLAG(IPSET_OPT_CIDR) \
+ | IPSET_FLAG(IPSET_OPT_PORT) \
+ | IPSET_FLAG(IPSET_OPT_PORT_TO) \
+ | IPSET_FLAG(IPSET_OPT_TIMEOUT) \
+ | IPSET_FLAG(IPSET_OPT_GC) \
+ | IPSET_FLAG(IPSET_OPT_HASHSIZE)\
+ | IPSET_FLAG(IPSET_OPT_MAXELEM) \
+ | IPSET_FLAG(IPSET_OPT_NETMASK) \
+ | IPSET_FLAG(IPSET_OPT_PROBES) \
+ | IPSET_FLAG(IPSET_OPT_RESIZE) \
+ | IPSET_FLAG(IPSET_OPT_SIZE))
+
+#define IPSET_ADT_FLAGS \
+ ( IPSET_FLAG(IPSET_OPT_IP) \
+ | IPSET_FLAG(IPSET_OPT_IP_TO) \
+ | IPSET_FLAG(IPSET_OPT_CIDR) \
+ | IPSET_FLAG(IPSET_OPT_PORT) \
+ | IPSET_FLAG(IPSET_OPT_PORT_TO) \
+ | IPSET_FLAG(IPSET_OPT_TIMEOUT) \
+ | IPSET_FLAG(IPSET_OPT_ETHER) \
+ | IPSET_FLAG(IPSET_OPT_NAME) \
+ | IPSET_FLAG(IPSET_OPT_NAMEREF) \
+ | IPSET_FLAG(IPSET_OPT_IP2) \
+ | IPSET_FLAG(IPSET_OPT_CIDR2) \
+ | IPSET_FLAG(IPSET_OPT_BEFORE))
+
+struct ipset_data;
+
+extern bool ipset_data_flags_test(const struct ipset_data *data,
+ uint64_t flags);
+extern void ipset_data_flags_set(struct ipset_data *data, uint64_t flags);
+extern void ipset_data_flags_unset(struct ipset_data *data, uint64_t flags);
+
+extern int ipset_data_set(struct ipset_data *data, enum ipset_opt opt,
+ const void *value);
+extern const void * ipset_data_get(const struct ipset_data *data,
+ enum ipset_opt opt);
+
+static inline bool
+ipset_data_test(const struct ipset_data *data, enum ipset_opt opt)
+{
+ return ipset_data_flags_test(data, IPSET_FLAG(opt));
+}
+
+/* Shortcuts */
+extern const char * ipset_data_setname(const struct ipset_data *data);
+extern uint8_t ipset_data_family(const struct ipset_data *data);
+extern uint8_t ipset_data_cidr(const struct ipset_data *data);
+extern uint64_t ipset_data_flags(const struct ipset_data *data);
+
+extern void ipset_data_reset(struct ipset_data *data);
+extern struct ipset_data * ipset_data_init(void);
+extern void ipset_data_fini(struct ipset_data *data);
+
+extern size_t ipset_data_sizeof(enum ipset_opt opt, uint8_t family);
+
+#endif /* LIBIPSET_DATA_H */
diff --git a/include/libipset/errcode.h b/include/libipset/errcode.h
new file mode 100644
index 0000000..5ad41ff
--- /dev/null
+++ b/include/libipset/errcode.h
@@ -0,0 +1,23 @@
+/* Copyright 2007-2008 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef LIBIPSET_ERRCODE_H
+#define LIBIPSET_ERRCODE_H
+
+#include <libipset/linux_ip_set.h> /* enum ipset_cmd */
+
+struct ipset_session;
+
+struct ipset_errcode_table {
+ int errcode;
+ enum ipset_cmd cmd;
+ const char *message;
+};
+
+extern int ipset_errcode(struct ipset_session *session, enum ipset_cmd cmd,
+ int errcode);
+
+#endif /* LIBIPSET_ERRCODE_H */
diff --git a/include/libipset/linux_ip_set.h b/include/libipset/linux_ip_set.h
new file mode 100644
index 0000000..254fb21
--- /dev/null
+++ b/include/libipset/linux_ip_set.h
@@ -0,0 +1,171 @@
+#ifndef _IP_SET_H
+#define _IP_SET_H
+
+/* Copyright (C) 2000-2002 Joakim Axelsson <gozem@linux.nu>
+ * Patrick Schaaf <bof@bof.de>
+ * Martin Josefsson <gandalf@wlug.westbo.se>
+ * Copyright (C) 2003-2010 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+
+#if 1
+#define IP_SET_DEBUG
+#endif
+
+/* The protocol version */
+#define IPSET_PROTOCOL 5
+
+/* The max length of strings: set and type identifiers */
+#define IPSET_MAXNAMELEN 32
+
+/* Message types and commands */
+enum ipset_cmd {
+ IPSET_CMD_NONE,
+ IPSET_CMD_CREATE, /* Create a new (empty) set */
+ IPSET_CMD_DESTROY, /* Remove a (empty) set */
+ IPSET_CMD_FLUSH, /* Remove all elements from a set */
+ IPSET_CMD_RENAME, /* Rename a set */
+ IPSET_CMD_SWAP, /* Swap two sets */
+ IPSET_CMD_LIST, /* List sets */
+ IPSET_CMD_SAVE, /* Save sets */
+ IPSET_CMD_ADD, /* Add an element to a set */
+ IPSET_CMD_DEL, /* Delete an element from a set */
+ IPSET_CMD_TEST, /* Test an element in a set */
+ IPSET_CMD_HEADER, /* Get set header data only */
+ IPSET_CMD_TYPE, /* Get set type */
+ IPSET_CMD_PROTOCOL, /* Return protocol version */
+ IPSET_MSG_MAX, /* Netlink message commands */
+
+ /* Commands in userspace: */
+ IPSET_CMD_RESTORE = IPSET_MSG_MAX, /* Enter restore mode */
+ IPSET_CMD_HELP, /* Get help */
+ IPSET_CMD_VERSION, /* Get program version */
+
+ IPSET_CMD_MAX,
+
+ IPSET_CMD_COMMIT = IPSET_CMD_MAX, /* Commit buffered commands */
+};
+
+/* Attributes at command level */
+enum {
+ IPSET_ATTR_UNSPEC,
+ IPSET_ATTR_PROTOCOL, /* Protocol version */
+ IPSET_ATTR_SETNAME, /* Name of the set */
+ IPSET_ATTR_TYPENAME, /* Typename */
+ IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, /* rename/swap */
+ IPSET_ATTR_REVISION, /* Settype revision */
+ IPSET_ATTR_FAMILY, /* Settype family */
+ IPSET_ATTR_DATA, /* Nested attributes */
+ IPSET_ATTR_ADT, /* Multiple data containers */
+ IPSET_ATTR_LINENO, /* Restore lineno */
+ IPSET_ATTR_PROTOCOL_MIN,/* Minimal supported version number */
+ IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, /* type rev min */
+ __IPSET_ATTR_CMD_MAX,
+};
+#define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1)
+
+/* CADT specific attributes */
+enum {
+ IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1,
+ IPSET_ATTR_IP_FROM = IPSET_ATTR_IP,
+ IPSET_ATTR_IP_TO,
+ IPSET_ATTR_CIDR,
+ IPSET_ATTR_PORT,
+ IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT,
+ IPSET_ATTR_PORT_TO,
+ IPSET_ATTR_TIMEOUT,
+ IPSET_ATTR_FLAGS,
+ /* IPSET_ATTR_LINENO */
+ /* Reserve empty slots */
+ IPSET_ATTR_CADT_MAX = 16,
+ /* Create-only specific attributes */
+ IPSET_ATTR_GC,
+ IPSET_ATTR_HASHSIZE,
+ IPSET_ATTR_MAXELEM,
+ IPSET_ATTR_NETMASK,
+ IPSET_ATTR_PROBES,
+ IPSET_ATTR_RESIZE,
+ IPSET_ATTR_SIZE,
+ /* Kernel-only */
+ IPSET_ATTR_ELEMENTS,
+ IPSET_ATTR_REFERENCES,
+ IPSET_ATTR_MEMSIZE,
+
+ __IPSET_ATTR_CREATE_MAX,
+};
+#define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1)
+
+/* ADT specific attributes */
+enum {
+ IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1,
+ IPSET_ATTR_NAME,
+ IPSET_ATTR_NAMEREF,
+ IPSET_ATTR_IP2,
+ IPSET_ATTR_CIDR2,
+ __IPSET_ATTR_ADT_MAX,
+};
+#define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1)
+
+/* Error codes */
+enum ipset_errno {
+ IPSET_ERR_PRIVATE = 128,
+ IPSET_ERR_PROTOCOL,
+ IPSET_ERR_FIND_TYPE,
+ IPSET_ERR_MAX_SETS,
+ IPSET_ERR_BUSY,
+ IPSET_ERR_EXIST_SETNAME2,
+ IPSET_ERR_TYPE_MISMATCH,
+ IPSET_ERR_EXIST,
+ IPSET_ERR_INVALID_CIDR,
+ IPSET_ERR_INVALID_NETMASK,
+ IPSET_ERR_INVALID_FAMILY,
+ IPSET_ERR_TIMEOUT,
+
+ IPSET_ERR_TYPE_SPECIFIC = 160,
+};
+
+enum ipset_data_flags {
+ IPSET_FLAG_BIT_EXIST = 0,
+ IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST),
+
+ IPSET_FLAG_BIT_BEFORE = 2,
+ IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE),
+};
+
+/* Commands with settype-specific attributes */
+enum ipset_adt {
+ IPSET_ADD,
+ IPSET_DEL,
+ IPSET_TEST,
+ IPSET_CREATE,
+ IPSET_CADT_MAX,
+};
+
+#ifndef __KERNEL__
+#ifdef IP_SET_DEBUG
+#include <stdio.h>
+#include <sys/socket.h>
+#include <linux/netlink.h>
+#define D(format, args...) do { \
+ fprintf(stderr, "%s: %s: ", __FILE__, __FUNCTION__); \
+ fprintf(stderr, format "\n" , ## args); \
+} while (0)
+static inline void
+dump_nla(struct nlattr *nla[], int maxlen)
+{
+ int i;
+
+ for (i = 0; i < maxlen; i++)
+ D("nla[%u] does%s exist", i, !nla[i] ? " NOT" : "");
+}
+
+#else
+#define D(format, args...)
+#define dump_nla(nla, maxlen)
+#endif
+#endif /* !__KERNEL__ */
+
+#endif /* __IP_SET_H */
diff --git a/include/libipset/linux_ip_set_bitmap.h b/include/libipset/linux_ip_set_bitmap.h
new file mode 100644
index 0000000..01ea534
--- /dev/null
+++ b/include/libipset/linux_ip_set_bitmap.h
@@ -0,0 +1,10 @@
+#ifndef __IP_SET_BITMAP_H
+#define __IP_SET_BITMAP_H
+
+/* Bitmap type specific error codes */
+enum {
+ IPSET_ERR_BITMAP_RANGE = IPSET_ERR_TYPE_SPECIFIC,
+ IPSET_ERR_BITMAP_RANGE_SIZE,
+};
+
+#endif /* __IP_SET_BITMAP_H */
diff --git a/include/libipset/linux_ip_set_hash.h b/include/libipset/linux_ip_set_hash.h
new file mode 100644
index 0000000..76d2489
--- /dev/null
+++ b/include/libipset/linux_ip_set_hash.h
@@ -0,0 +1,10 @@
+#ifndef __IP_SET_HASH_H
+#define __IP_SET_HASH_H
+
+/* Bitmap type specific error codes */
+enum {
+ IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC,
+ IPSET_ERR_HASH_ELEM,
+};
+
+#endif /* __IP_SET_HASH_H */
diff --git a/include/libipset/mnl.h b/include/libipset/mnl.h
new file mode 100644
index 0000000..c2b6d4c
--- /dev/null
+++ b/include/libipset/mnl.h
@@ -0,0 +1,29 @@
+/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef LIBIPSET_MNL_H
+#define LIBIPSET_MNL_H
+
+#include <stdint.h> /* uintxx_t */
+#include <libmnl/libmnl.h> /* libmnl backend */
+
+#include <libipset/transport.h> /* struct ipset_transport */
+
+#ifndef NFNETLINK_V0
+#define NFNETLINK_V0 0
+
+struct nfgenmsg {
+ uint8_t nfgen_family;
+ uint8_t version;
+ uint16_t res_id;
+};
+#endif
+
+extern int ipset_get_nlmsg_type(const struct nlmsghdr *nlh);
+
+extern const struct ipset_transport ipset_mnl_transport;
+
+#endif /* LIBIPSET_MNL_H */
diff --git a/include/libipset/nf_inet_addr.h b/include/libipset/nf_inet_addr.h
new file mode 100644
index 0000000..91f1914
--- /dev/null
+++ b/include/libipset/nf_inet_addr.h
@@ -0,0 +1,22 @@
+/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef LIBIPSET_NF_INET_ADDR_H
+#define LIBIPSET_NF_INET_ADDR_H
+
+#include <stdint.h> /* uint32_t */
+#include <netinet/in.h> /* struct in[6]_addr */
+
+/* The same structure to hold IP addresses as in linux/netfilter.h */
+union nf_inet_addr {
+ uint32_t all[4];
+ uint32_t ip;
+ uint32_t ip6[4];
+ struct in_addr in;
+ struct in6_addr in6;
+};
+
+#endif /* LIBIPSET_NF_INET_ADDR_H */
diff --git a/include/libipset/parse.h b/include/libipset/parse.h
new file mode 100644
index 0000000..09c1db4
--- /dev/null
+++ b/include/libipset/parse.h
@@ -0,0 +1,57 @@
+/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef LIBIPSET_PARSE_H
+#define LIBIPSET_PARSE_H
+
+#include <libipset/data.h> /* enum ipset_opt */
+
+/* For parsing/printing data */
+#define IPSET_CIDR_SEPARATOR "/"
+#define IPSET_RANGE_SEPARATOR "-"
+#define IPSET_ELEM_SEPARATOR ","
+#define IPSET_NAME_SEPARATOR ","
+
+struct ipset_session;
+
+extern int ipset_parse_ether(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_single_port(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_port(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_family(struct ipset_session *session,
+ int opt, const char *str);
+extern int ipset_parse_ip(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_single_ip(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_net(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_range(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_netrange(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_name(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_setname(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_uint32(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_uint8(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_netmask(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_flag(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_typename(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+extern int ipset_parse_output(struct ipset_session *session,
+ int opt, const char *str);
+extern int ipset_parse_elem(struct ipset_session *session,
+ enum ipset_opt opt, const char *str);
+
+#endif /* LIBIPSET_PARSE_H */
diff --git a/include/libipset/pfxlen.h b/include/libipset/pfxlen.h
new file mode 100644
index 0000000..ba94dd9
--- /dev/null
+++ b/include/libipset/pfxlen.h
@@ -0,0 +1,157 @@
+#ifndef _NET_PFXLEN_H
+#define _NET_PFXLEN_H 1
+
+#include <asm/byteorder.h>
+#ifdef HAVE_PFXLEN_H
+#include <linux/netfilter/pfxlen.h>
+#else
+
+#include <libipset/nf_inet_addr.h> /* union nf_inet_addr */
+
+#define E(a, b, c, d) \
+ {.ip6 = { \
+ __constant_htonl(a), __constant_htonl(b), \
+ __constant_htonl(c), __constant_htonl(d), \
+ }}
+
+/*
+ * This table works for both IPv4 and IPv6;
+ * just use prefixlen_netmask_map[prefixlength].ip.
+ */
+const union nf_inet_addr prefixlen_netmask_map[] = {
+ E(0x00000000, 0x00000000, 0x00000000, 0x00000000),
+ E(0x80000000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xC0000000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xE0000000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xF0000000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xF8000000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFC000000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFE000000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFF000000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFF800000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFC00000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFE00000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFF00000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFF80000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFC0000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFE0000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFF0000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFF8000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFC000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFE000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFF000, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFF800, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFFC00, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFFE00, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFFF00, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFFF80, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFC0, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFE0, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFF0, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFF8, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFC, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFE, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0x00000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0x80000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xC0000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xE0000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xF0000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xF8000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFC000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFE000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFF000000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFF800000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFC00000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFE00000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFF00000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFF80000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFC0000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFE0000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFF0000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFF8000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFC000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFE000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFF000, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFF800, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFC00, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFE00, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFF00, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFF80, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFC0, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFE0, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFF0, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFF8, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFC, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFE, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0x80000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xC0000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xE0000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xF0000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xF8000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFC000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFE000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFF000000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFF800000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFC00000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFE00000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFF00000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFF80000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFC0000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFE0000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFF0000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFF8000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFC000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFE000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFF000, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFF800, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFC00, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFE00, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFF00, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFF80, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFC0, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFE0, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFF0, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFF8, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFC, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x80000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xC0000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xE0000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xF0000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xF8000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFC000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFE000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFF000000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFF800000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFC00000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFE00000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFF00000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFF80000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFC0000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFE0000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFF0000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFF8000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFC000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFE000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFF000),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFF800),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFC00),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFE00),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFF00),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFF80),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFC0),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFE0),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFF0),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFF8),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFC),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE),
+ E(0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF),
+};
+#endif /* !HAVE_PFXLEN_H */
+
+#define PFXLEN(n) prefixlen_netmask_map[n].ip
+#define PFXLEN6(n) prefixlen_netmask_map[n].ip6
+
+#endif
diff --git a/include/libipset/print.h b/include/libipset/print.h
new file mode 100644
index 0000000..343386b
--- /dev/null
+++ b/include/libipset/print.h
@@ -0,0 +1,49 @@
+/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef LIBIPSET_PRINT_H
+#define LIBIPSET_PRINT_H
+
+#include <libipset/data.h> /* enum ipset_opt */
+
+extern int ipset_print_ether(char *buf, unsigned int len,
+ const struct ipset_data *data, enum ipset_opt opt,
+ uint8_t env);
+extern int ipset_print_family(char *buf, unsigned int len,
+ const struct ipset_data *data, int opt,
+ uint8_t env);
+extern int ipset_print_type(char *buf, unsigned int len,
+ const struct ipset_data *data, enum ipset_opt opt,
+ uint8_t env);
+extern int ipset_print_ip(char *buf, unsigned int len,
+ const struct ipset_data *data, enum ipset_opt opt,
+ uint8_t env);
+extern int ipset_print_ipaddr(char *buf, unsigned int len,
+ const struct ipset_data *data, enum ipset_opt opt,
+ uint8_t env);
+extern int ipset_print_number(char *buf, unsigned int len,
+ const struct ipset_data *data, enum ipset_opt opt,
+ uint8_t env);
+extern int ipset_print_name(char *buf, unsigned int len,
+ const struct ipset_data *data, enum ipset_opt opt,
+ uint8_t env);
+extern int ipset_print_port(char *buf, unsigned int len,
+ const struct ipset_data *data, enum ipset_opt opt,
+ uint8_t env);
+extern int ipset_print_flag(char *buf, unsigned int len,
+ const struct ipset_data *data, enum ipset_opt opt,
+ uint8_t env);
+extern int ipset_print_elem(char *buf, unsigned int len,
+ const struct ipset_data *data, enum ipset_opt opt,
+ uint8_t env);
+
+#define ipset_print_portnum ipset_print_number
+
+extern int ipset_print_data(char *buf, unsigned int len,
+ const struct ipset_data *data, enum ipset_opt opt,
+ uint8_t env);
+
+#endif /* LIBIPSET_PRINT_H */
diff --git a/include/libipset/session.h b/include/libipset/session.h
new file mode 100644
index 0000000..71b8e02
--- /dev/null
+++ b/include/libipset/session.h
@@ -0,0 +1,81 @@
+/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef LIBIPSET_SESSION_H
+#define LIBIPSET_SESSION_H
+
+#include <stdbool.h> /* bool */
+#include <stdint.h> /* uintxx_t */
+#include <stdio.h> /* printf */
+
+#include <libipset/linux_ip_set.h> /* enum ipset_cmd */
+#include <libipset/ui.h> /* enum ipset_envopt */
+
+/* Report and output buffer sizes */
+#define IPSET_ERRORBUFLEN 1024
+#define IPSET_OUTBUFLEN 8192
+
+struct ipset_session;
+struct ipset_data;
+struct ipset_handle;
+
+extern struct ipset_data * ipset_session_data(const struct ipset_session *session);
+extern struct ipset_handle * ipset_session_handle(const struct ipset_session *session);
+
+enum ipset_err_type {
+ IPSET_ERROR,
+ IPSET_WARNING,
+};
+
+extern int ipset_session_report(struct ipset_session *session,
+ enum ipset_err_type type,
+ const char *fmt, ...);
+
+#define ipset_err(session, fmt, args...) \
+ ipset_session_report(session, IPSET_ERROR, fmt , ## args)
+
+#define ipset_warn(session, fmt, args...) \
+ ipset_session_report(session, IPSET_WARNING, fmt , ## args)
+
+#define ipset_errptr(session, fmt, args...) ({ \
+ ipset_session_report(session, IPSET_ERROR, fmt , ## args); \
+ NULL; \
+})
+
+extern void ipset_session_report_reset(struct ipset_session *session);
+extern const char * ipset_session_error(const struct ipset_session *session);
+extern const char * ipset_session_warning(const struct ipset_session *session);
+
+#define ipset_session_data_set(session, opt, value) \
+ ipset_data_set(ipset_session_data(session), opt, value)
+#define ipset_session_data_get(session, opt) \
+ ipset_data_get(ipset_session_data(session), opt)
+
+enum ipset_output_mode {
+ IPSET_LIST_NONE,
+ IPSET_LIST_PLAIN,
+ IPSET_LIST_SAVE,
+ IPSET_LIST_XML,
+};
+
+extern int ipset_envopt_parse(struct ipset_session *session,
+ int env, const char *str);
+extern bool ipset_envopt_test(struct ipset_session *session,
+ enum ipset_envopt env);
+extern int ipset_session_output(struct ipset_session *session,
+ enum ipset_output_mode mode);
+
+extern int ipset_commit(struct ipset_session *session);
+extern int ipset_cmd(struct ipset_session *session, enum ipset_cmd cmd,
+ uint32_t lineno);
+
+typedef int (*ipset_outfn)(const char *fmt, ...)
+ __attribute__ ((format (printf, 1, 2)));
+
+extern struct ipset_session * ipset_session_init(ipset_outfn outfn);
+extern int ipset_session_fini(struct ipset_session *session);
+
+#endif /* LIBIPSET_SESSION_H */
diff --git a/include/libipset/transport.h b/include/libipset/transport.h
new file mode 100644
index 0000000..b22e073
--- /dev/null
+++ b/include/libipset/transport.h
@@ -0,0 +1,27 @@
+/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef LIBIPSET_TRANSPORT_H
+#define LIBIPSET_TRANSPORT_H
+
+#include <stdint.h> /* uintxx_t */
+#include <linux/netlink.h> /* struct nlmsghdr */
+
+#include <libmnl/libmnl.h> /* mnl_cb_t */
+
+#include <libipset/linux_ip_set.h> /* enum ipset_cmd */
+
+struct ipset_handle;
+
+struct ipset_transport {
+ struct ipset_handle * (*init)(mnl_cb_t *cb_ctl, void *data);
+ int (*fini)(struct ipset_handle *handle);
+ void (*fill_hdr)(struct ipset_handle *handle, enum ipset_cmd cmd,
+ void *buffer, size_t len, uint8_t envflags);
+ int (*query)(struct ipset_handle *handle, void *buffer, size_t len);
+};
+
+#endif /* LIBIPSET_TRANSPORT_H */
diff --git a/include/libipset/types.h b/include/libipset/types.h
new file mode 100644
index 0000000..461931a
--- /dev/null
+++ b/include/libipset/types.h
@@ -0,0 +1,128 @@
+/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef LIBIPSET_TYPES_H
+#define LIBIPSET_TYPES_H
+
+#include <stdint.h> /* uintxx_t */
+
+#include <libipset/data.h> /* enum ipset_opt */
+#include <libipset/linux_ip_set.h> /* IPSET_MAXNAMELEN */
+
+#define AF_INET46 255
+
+/* Family rules:
+ * - AF_UNSPEC: type is family-neutral
+ * - AF_INET: type supports IPv4 only
+ * - AF_INET6: type supports IPv6 only
+ * - AF_INET46: type supports both IPv4 and IPv6
+ */
+
+/* Set dimensions */
+enum {
+ IPSET_DIM_ONE, /* foo */
+ IPSET_DIM_TWO, /* foo,bar */
+ IPSET_DIM_THREE, /* foo,bar,fie */
+ IPSET_DIM_MAX,
+};
+
+/* Parser options */
+enum {
+ IPSET_NO_ARG = -1,
+ IPSET_OPTIONAL_ARG,
+ IPSET_MANDATORY_ARG,
+ IPSET_MANDATORY_ARG2,
+};
+
+struct ipset_session;
+
+typedef int (*ipset_parsefn)(struct ipset_session *s,
+ enum ipset_opt opt, const char *str);
+typedef int (*ipset_printfn)(char *buf, unsigned int len,
+ const struct ipset_data *data, enum ipset_opt opt,
+ uint8_t env);
+
+/* Parse and print type-specific arguments */
+struct ipset_arg {
+ const char *name[3]; /* option names */
+ int has_arg; /* mandatory/optional/no arg */
+ enum ipset_opt opt; /* argumentum type */
+ ipset_parsefn parse; /* parser function */
+ ipset_printfn print; /* printing function */
+};
+
+/* Type check against the kernel */
+enum {
+ IPSET_KERNEL_MISMATCH = -1,
+ IPSET_KERNEL_CHECK_NEEDED,
+ IPSET_KERNEL_OK,
+};
+
+/* Max sizes for aggregated ADD (and DEL) commands */
+enum {
+ IPSET_MAXSIZE_INET,
+ IPSET_MAXSIZE_INET6,
+ IPSET_MAXSIZE_MAX,
+};
+
+/* How element parts are parsed */
+struct ipset_elem {
+ ipset_parsefn parse; /* elem parser function */
+ ipset_printfn print; /* elem print function */
+ enum ipset_opt opt; /* elem option */
+};
+
+/* The set types in userspace
+ * we could collapse 'args' and 'mandatory' to two-element lists
+ * but for the readability the full list is supported.
+ */
+struct ipset_type {
+ char name[IPSET_MAXNAMELEN]; /* type name */
+ char alias[IPSET_MAXNAMELEN]; /* name alias */
+ uint8_t revision; /* revision number */
+ uint8_t family; /* supported family */
+ uint8_t dimension; /* elem dimension */
+ int8_t kernel_check; /* kernel check */
+ bool last_elem_optional; /* last element optional */
+ struct ipset_elem elem[IPSET_DIM_MAX]; /* parse elem */
+ const struct ipset_arg *args[IPSET_CADT_MAX]; /* create/ADT args except elem */
+ uint64_t mandatory[IPSET_CADT_MAX]; /* create/ADT mandatory flags */
+ uint64_t full[IPSET_CADT_MAX]; /* full args flags */
+ size_t maxsize[IPSET_MAXSIZE_MAX]; /* max sizes */
+ const char *usage; /* terse usage */
+
+ struct ipset_type *next;
+};
+
+extern int ipset_cache_add(const char *name, const struct ipset_type *type);
+extern int ipset_cache_del(const char *name);
+extern int ipset_cache_rename(const char *from, const char *to);
+extern int ipset_cache_swap(const char *from, const char *to);
+
+extern const struct ipset_type * ipset_type_get(struct ipset_session *session,
+ enum ipset_cmd cmd);
+extern const struct ipset_type * ipset_type_check(struct ipset_session *session);
+
+extern int ipset_type_add(struct ipset_type *type);
+extern const struct ipset_type * ipset_types(void);
+extern const char * ipset_typename_resolve(const char *str);
+
+extern int ipset_types_init(void);
+extern void ipset_types_fini(void);
+
+/* The known set types: (typename, revision, family) is unique */
+extern struct ipset_type ipset_bitmap_ip0;
+extern struct ipset_type ipset_bitmap_ipmac0;
+extern struct ipset_type ipset_bitmap_port0;
+extern struct ipset_type ipset_hash_ip0;
+extern struct ipset_type ipset_hash_net0;
+extern struct ipset_type ipset_hash_ipport0;
+extern struct ipset_type ipset_hash_ipportip0;
+extern struct ipset_type ipset_hash_ipportnet0;
+extern struct ipset_type ipset_tree_ip0;
+extern struct ipset_type ipset_list_set0;
+
+#endif /* LIBIPSET_TYPES_H */
diff --git a/include/libipset/ui.h b/include/libipset/ui.h
new file mode 100644
index 0000000..044e586
--- /dev/null
+++ b/include/libipset/ui.h
@@ -0,0 +1,47 @@
+/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef LIBIPSET_UI_H
+#define LIBIPSET_UI_H
+
+/* Commands in userspace */
+struct ipset_commands {
+ const char *name[6];
+ const char *help;
+ int has_arg;
+};
+
+extern const struct ipset_commands ipset_commands[];
+
+/* Environment option flags */
+enum ipset_envopt {
+ IPSET_ENV_BIT_SORTED = 0,
+ IPSET_ENV_SORTED = (1 << IPSET_ENV_BIT_SORTED),
+ IPSET_ENV_BIT_QUIET = 1,
+ IPSET_ENV_QUIET = (1 << IPSET_ENV_BIT_QUIET),
+ IPSET_ENV_BIT_RESOLVE = 2,
+ IPSET_ENV_RESOLVE = (1 << IPSET_ENV_BIT_RESOLVE),
+ IPSET_ENV_BIT_EXIST = 3,
+ IPSET_ENV_EXIST = (1 << IPSET_ENV_BIT_EXIST),
+};
+
+struct ipset_session;
+struct ipset_data;
+
+/* Environment options */
+struct ipset_envopts {
+ int flag;
+ int has_arg;
+ const char *name[3];
+ const char *help;
+ int (*parse)(struct ipset_session *s, int flag, const char *str);
+ int (*print)(char *buf, unsigned int len,
+ const struct ipset_data *data, int flag, uint8_t env);
+};
+
+extern const struct ipset_envopts ipset_envopts[];
+
+#endif /* LIBIPSET_UI_H */
diff --git a/include/libipset/utils.h b/include/libipset/utils.h
new file mode 100644
index 0000000..2d12e91
--- /dev/null
+++ b/include/libipset/utils.h
@@ -0,0 +1,45 @@
+/* Copyright 2007-2010 Jozsef Kadlecsik (kadlec@blackhole.kfki.hu)
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#ifndef LIBIPSET_UTILS_H
+#define LIBIPSET_UTILS_H
+
+#include <stdbool.h> /* bool */
+#include <string.h> /* strcmp */
+#include <netinet/in.h> /* struct in[6]_addr */
+
+/* String equality tests */
+#define STREQ(a,b) (strcmp(a,b) == 0)
+#define STRNEQ(a,b,n) (strncmp(a,b,n) == 0)
+
+/* Stringify tokens */
+#define _STR(c) #c
+#define STR(c) _STR(c)
+
+/* Min/max */
+#define MIN(a, b) (a < b ? a : b)
+#define MAX(a, b) (a > b ? a : b)
+
+#define UNUSED __attribute__ ((unused))
+
+static inline void
+in4cpy(struct in_addr *dest, const struct in_addr *src)
+{
+ dest->s_addr = src->s_addr;
+}
+
+static inline void
+in6cpy(struct in6_addr *dest, const struct in6_addr *src)
+{
+ memcpy(dest, src, sizeof(struct in6_addr));
+}
+
+extern char * ipset_strchr(const char *str, const char *sep);
+extern bool ipset_name_match(const char *arg, const char * const name[]);
+extern void ipset_shift_argv(int *argc, char *argv[], int from);
+extern void ipset_strncpy(char *dst, const char *src, size_t len);
+
+#endif /* LIBIPSET_UTILS_H */