ipset: update to 6.9.1-genl

extensions/ipset-6/include/libipset/linux_ip_set.h

@@ -11,6 +11,8 @@
  * published by the Free Software Foundation.
  */
 
+#include <linux/types.h>
+
 /* The protocol version */
 #define IPSET_PROTOCOL		0x60
 
@@ -168,4 +170,30 @@ enum ipset_adt {
 	IPSET_CADT_MAX,
 };
 
+/* Sets are identified by an index in kernel space. Tweak with ip_set_id_t
+ * and IPSET_INVALID_ID if you want to increase the max number of sets.
+ */
+typedef __u16 ip_set_id_t;
+
+#define IPSET_INVALID_ID		65535
+
+enum ip_set_dim {
+	IPSET_DIM_ZERO = 0,
+	IPSET_DIM_ONE,
+	IPSET_DIM_TWO,
+	IPSET_DIM_THREE,
+	/* Max dimension in elements.
+	 * If changed, new revision of iptables match/target is required.
+	 */
+	IPSET_DIM_MAX = 6,
+};
+
+/* Option flags for kernel operations */
+enum ip_set_kopt {
+	IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO),
+	IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE),
+	IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO),
+	IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE),
+};
+
 #endif /* __IP_SET_H */

extensions/ipset-6/include/libipset/nfproto.h

@@ -0,0 +1,19 @@
+#ifndef LIBIPSET_NFPROTO_H
+#define LIBIPSET_NFPROTO_H
+
+/*
+ * The constants to select, same as in linux/netfilter.h.
+ * Like nf_inet_addr.h, this is just here so that we need not to rely on
+ * the presence of a recent-enough netfilter.h.
+ */
+enum {
+	NFPROTO_UNSPEC =  0,
+	NFPROTO_IPV4   =  2,
+	NFPROTO_ARP    =  3,
+	NFPROTO_BRIDGE =  7,
+	NFPROTO_IPV6   = 10,
+	NFPROTO_DECNET = 12,
+	NFPROTO_NUMPROTO,
+};
+
+#endif /* LIBIPSET_NFPROTO_H */

extensions/ipset-6/include/libipset/types.h

@@ -14,24 +14,22 @@
 #include <libipset/parse.h>			/* ipset_parsefn */
 #include <libipset/print.h>			/* ipset_printfn */
 #include <libipset/linux_ip_set.h>		/* IPSET_MAXNAMELEN */
-
-#define AF_INET46		255
+#include <libipset/nfproto.h>			/* for NFPROTO_ */
 
 /* Family rules:
- * - AF_UNSPEC:	type is family-neutral
- * - AF_INET:	type supports IPv4 only
- * - AF_INET6:	type supports IPv6 only
- * - AF_INET46:	type supports both IPv4 and IPv6
+ * - NFPROTO_UNSPEC:		type is family-neutral
+ * - NFPROTO_IPV4:		type supports IPv4 only
+ * - NFPROTO_IPV6:		type supports IPv6 only
+ * Special (userspace) ipset-only extra value:
+ * - NFPROTO_IPSET_IPV46:	type supports both IPv4 and IPv6
  */
-
-/* Set dimensions */
 enum {
-	IPSET_DIM_ONE,			/* foo */
-	IPSET_DIM_TWO,			/* foo,bar */
-	IPSET_DIM_THREE,		/* foo,bar,fie */
-	IPSET_DIM_MAX,
+	NFPROTO_IPSET_IPV46 = 255,
 };
 
+/* The maximal type dimension userspace supports */
+#define IPSET_DIM_UMAX		3
+
 /* Parser options */
 enum {
 	IPSET_NO_ARG = -1,
@@ -76,7 +74,7 @@ struct ipset_type {
 	uint8_t dimension;			/* elem dimension */
 	int8_t kernel_check;			/* kernel check */
 	bool last_elem_optional;		/* last element optional */
-	struct ipset_elem elem[IPSET_DIM_MAX];	/* parse elem */
+	struct ipset_elem elem[IPSET_DIM_UMAX];	/* parse elem */
 	ipset_parsefn compat_parse_elem;	/* compatibility parser */
 	const struct ipset_arg *args[IPSET_CADT_MAX]; /* create/ADT args besides elem */
 	uint64_t mandatory[IPSET_CADT_MAX];	/* create/ADT mandatory flags */