SET target revision 2 added

The new revision of the SET target supports the following new operations

- specifying the timeout value of the entry to be added
- flag to instruct the kernel that if the entry already
  exists then reset the timeout value to the specified one (or
  to the default from the set definition)

1 files changed, 17 insertions, 3 deletions

diff --git a/include/linux/netfilter/xt_set.h b/include/linux/netfilter/xt_set.h
index 3ad31378..4379ce9f 100644
--- a/include/linux/netfilter/xt_set.h
+++ b/include/linux/netfilter/xt_set.h
@@ -89,7 +89,7 @@ struct xt_set_info_target_v0 {
 	struct xt_set_info_v0 del_set;
 };
 
-/* Revision 1: current interface to netfilter/iptables */
+/* Revision 1 match and target */
 
 struct xt_set_info {
 	ip_set_id_t index;
@@ -98,13 +98,27 @@ struct xt_set_info {
 };
 
 /* match and target infos */
-struct xt_set_info_match {
+struct xt_set_info_match_v1 {
 	struct xt_set_info match_set;
 };
 
-struct xt_set_info_target {
+struct xt_set_info_target_v1 {
 	struct xt_set_info add_set;
 	struct xt_set_info del_set;
 };
 
+/* Revision 2 target */
+
+enum ipset_cmd_flags {
+	IPSET_FLAG_BIT_EXIST	= 0,
+	IPSET_FLAG_EXIST	= (1 << IPSET_FLAG_BIT_EXIST),
+};
+
+struct xt_set_info_target_v2 {
+	struct xt_set_info add_set;
+	struct xt_set_info del_set;
+	u_int32_t flags;
+	u_int32_t timeout;
+};
+
 #endif /*_XT_SET_H*/