diff --git a/doc/changelog.txt b/doc/changelog.txt
index 3be2331..29b320d 100644
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -1,6 +1,7 @@
 
 
 - RAWNAT: make iptable_rawpost compile with 2.6.30-rc5
+- ipset: fast forward to 3.0
 
 
 Xtables-addons 1.15 (April 30 2009)
diff --git a/extensions/ipset/ip_set.c b/extensions/ipset/ip_set.c
index 0928e8c..90c7f8d 100644
--- a/extensions/ipset/ip_set.c
+++ b/extensions/ipset/ip_set.c
@@ -493,7 +493,7 @@ ip_set_find_byindex(ip_set_id_t index)
 static inline int
 __ip_set_testip(struct ip_set *set,
 	        const void *data,
-	        size_t size,
+	        u_int32_t size,
 	        ip_set_ip_t *ip)
 {
 	int res;
@@ -508,7 +508,7 @@ __ip_set_testip(struct ip_set *set,
 static int
 __ip_set_addip(ip_set_id_t index,
 	       const void *data,
-	       size_t size)
+	       u_int32_t size)
 {
 	struct ip_set *set = ip_set_list[index];
 	ip_set_ip_t ip;
@@ -529,15 +529,15 @@ __ip_set_addip(ip_set_id_t index,
 static int
 ip_set_addip(ip_set_id_t index,
 	     const void *data,
-	     size_t size)
+	     u_int32_t size)
 {
 	struct ip_set *set = ip_set_list[index];
 
 	IP_SET_ASSERT(set);
 
 	if (size - sizeof(struct ip_set_req_adt) != set->type->reqsize) {
-		ip_set_printk("data length wrong (want %zu, have %zu)",
-			      set->type->reqsize,
+		ip_set_printk("data length wrong (want %lu, have %zu)",
+			      (long unsigned)set->type->reqsize,
 			      size - sizeof(struct ip_set_req_adt));
 		return -EINVAL;
 	}
@@ -549,7 +549,7 @@ ip_set_addip(ip_set_id_t index,
 static int
 ip_set_delip(ip_set_id_t index,
 	     const void *data,
-	     size_t size)
+	     u_int32_t size)
 {
 	struct ip_set *set = ip_set_list[index];
 	ip_set_ip_t ip;
@@ -558,8 +558,8 @@ ip_set_delip(ip_set_id_t index,
 	IP_SET_ASSERT(set);
 
 	if (size - sizeof(struct ip_set_req_adt) != set->type->reqsize) {
-		ip_set_printk("data length wrong (want %zu, have %zu)",
-			      set->type->reqsize,
+		ip_set_printk("data length wrong (want %lu, have %zu)",
+			      (long unsigned)set->type->reqsize,
 			      size - sizeof(struct ip_set_req_adt));
 		return -EINVAL;
 	}
@@ -576,7 +576,7 @@ ip_set_delip(ip_set_id_t index,
 static int
 ip_set_testip(ip_set_id_t index,
 	      const void *data,
-	      size_t size)
+	      u_int32_t size)
 {
 	struct ip_set *set = ip_set_list[index];
 	ip_set_ip_t ip;
@@ -585,8 +585,8 @@ ip_set_testip(ip_set_id_t index,
 	IP_SET_ASSERT(set);
 	
 	if (size - sizeof(struct ip_set_req_adt) != set->type->reqsize) {
-		ip_set_printk("data length wrong (want %zu, have %zu)",
-			      set->type->reqsize,
+		ip_set_printk("data length wrong (want %lu, have %zu)",
+			      (long unsigned)set->type->reqsize,
 			      size - sizeof(struct ip_set_req_adt));
 		return -EINVAL;
 	}
@@ -601,7 +601,7 @@ ip_set_testip(ip_set_id_t index,
 static int
 ip_set_bindip(ip_set_id_t index,
 	      const void *data,
-	      size_t size)
+	      u_int32_t size)
 {
 	struct ip_set *set = ip_set_list[index];
 	const struct ip_set_req_bind *req_bind;
@@ -687,7 +687,7 @@ __unbind_default(struct ip_set *set)
 static int
 ip_set_unbindip(ip_set_id_t index,
 	        const void *data,
-	        size_t size)
+	        u_int32_t size)
 {
 	struct ip_set *set;
 	const struct ip_set_req_bind *req_bind;
@@ -760,7 +760,7 @@ ip_set_unbindip(ip_set_id_t index,
 static int
 ip_set_testbind(ip_set_id_t index,
 	        const void *data,
-	        size_t size)
+	        u_int32_t size)
 {
 	struct ip_set *set = ip_set_list[index];
 	const struct ip_set_req_bind *req_bind;
@@ -862,7 +862,7 @@ ip_set_create(const char *name,
 	      const char *typename,
 	      ip_set_id_t restore,
 	      const void *data,
-	      size_t size)
+	      u_int32_t size)
 {
 	struct ip_set *set;
 	ip_set_id_t index = 0, id;
@@ -915,9 +915,9 @@ ip_set_create(const char *name,
 
 	/* Check request size */
 	if (size != set->type->header_size) {
-		ip_set_printk("data length wrong (want %zu, have %zu)",
-			      set->type->header_size,
-			      size);
+		ip_set_printk("data length wrong (want %lu, have %lu)",
+			      (long unsigned)set->type->header_size,
+			      (long unsigned)size);
 		goto put_out;
 	}
 
@@ -1109,7 +1109,7 @@ ip_set_swap(ip_set_id_t from_index, ip_set_id_t to_index)
 
 static inline void
 __set_hash_bindings_size_list(struct ip_set_hash *set_hash,
-			      ip_set_id_t id, size_t *size)
+			      ip_set_id_t id, u_int32_t *size)
 {
 	if (set_hash->id == id)
 		*size += sizeof(struct ip_set_hash_list);
@@ -1117,7 +1117,7 @@ __set_hash_bindings_size_list(struct ip_set_hash *set_hash,
 
 static inline void
 __set_hash_bindings_size_save(struct ip_set_hash *set_hash,
-			      ip_set_id_t id, size_t *size)
+			      ip_set_id_t id, u_int32_t *size)
 {
 	if (set_hash->id == id)
 		*size += sizeof(struct ip_set_hash_save);
@@ -1220,7 +1220,7 @@ static int ip_set_save_set(ip_set_id_t index,
 	*used += sizeof(struct ip_set_save);
 
 	set = ip_set_list[index];
-	DP("set: %s, used: %u(%u) %p %p", set->name, *used, len,
+	DP("set: %s, used: %d(%d) %p %p", set->name, *used, len,
 	   data, data + *used);
 
 	read_lock_bh(&set->lock);
@@ -1237,8 +1237,8 @@ static int ip_set_save_set(ip_set_id_t index,
 	set->type->list_header(set, data + *used);
 	*used += set_save->header_size;
 
-	DP("set header filled: %s, used: %u(%u) %p %p", set->name, *used,
-	   set_save->header_size, data, data + *used);
+	DP("set header filled: %s, used: %d(%lu) %p %p", set->name, *used,
+	   (unsigned long)set_save->header_size, data, data + *used);
 	/* Get and ensure set specific members size */
 	set_save->members_size = set->type->list_members_size(set);
 	if (*used + set_save->members_size > len)
@@ -1248,8 +1248,8 @@ static int ip_set_save_set(ip_set_id_t index,
 	set->type->list_members(set, data + *used);
 	*used += set_save->members_size;
 	read_unlock_bh(&set->lock);
-	DP("set members filled: %s, used: %u(%u) %p %p", set->name, *used,
-	   set_save->members_size, data, data + *used);
+	DP("set members filled: %s, used: %d(%lu) %p %p", set->name, *used,
+	   (unsigned long)set_save->members_size, data, data + *used);
 	return 0;
 
     unlock_set:
@@ -1329,7 +1329,7 @@ static int ip_set_restore(void *data,
 	while (1) {
 		line++;
 		
-		DP("%u %u %u", used, sizeof(struct ip_set_restore), len);
+		DP("%d %zu %d", used, sizeof(struct ip_set_restore), len);
 		/* Get and ensure header size */
 		if (used + sizeof(struct ip_set_restore) > len)
 			return line;
@@ -1367,12 +1367,13 @@ static int ip_set_restore(void *data,
 		/* Try to restore members data */
 		set = ip_set_list[index];
 		members_size = 0;
-		DP("members_size %u reqsize %u",
-		   set_restore->members_size, set->type->reqsize);
+		DP("members_size %lu reqsize %lu",
+		   (unsigned long)set_restore->members_size,
+		   (unsigned long)set->type->reqsize);
 		while (members_size + set->type->reqsize <=
 		       set_restore->members_size) {
 			line++;
-		       	DP("members: %u, line %u", members_size, line);
+			DP("members: %d, line %d", members_size, line);
 			res = __ip_set_addip(index,
 					   data + used + members_size,
 					   set->type->reqsize);
@@ -1381,8 +1382,8 @@ static int ip_set_restore(void *data,
 			members_size += set->type->reqsize;
 		}
 
-		DP("members_size %u  %u",
-		   set_restore->members_size, members_size);
+		DP("members_size %lu  %d",
+		   (unsigned long)set_restore->members_size, members_size);
 		if (members_size != set_restore->members_size)
 			return line++;
 		used += set_restore->members_size;		
@@ -1442,10 +1443,10 @@ ip_set_sockfn_set(struct sock *sk, int optval, void *user, unsigned int len)
 	struct ip_set_req_adt *req_adt;
 	ip_set_id_t index = IP_SET_INVALID_ID;
 	int (*adtfn)(ip_set_id_t index,
-		     const void *data, size_t size);
+		     const void *data, u_int32_t size);
 	struct fn_table {
 		int (*fn)(ip_set_id_t index,
-			  const void *data, size_t size);
+			  const void *data, u_int32_t size);
 	} adtfn_table[] =
 	{ { ip_set_addip }, { ip_set_delip }, { ip_set_testip},
 	  { ip_set_bindip}, { ip_set_unbindip }, { ip_set_testbind },
@@ -1938,14 +1939,14 @@ ip_set_sockfn_get(struct sock *sk, int optval, void *user, int *len)
 
 		if (*len < sizeof(struct ip_set_req_setnames)
 		    || *len != req_restore->size) {
-			ip_set_printk("invalid RESTORE (want =%zu, got %d)",
-				      req_restore->size, *len);
+			ip_set_printk("invalid RESTORE (want =%lu, got %d)",
+				      (long unsigned)req_restore->size, *len);
 			res = -EINVAL;
 			goto done;
 		}
 		line = ip_set_restore(data + sizeof(struct ip_set_req_setnames),
 				      req_restore->size - sizeof(struct ip_set_req_setnames));
-		DP("ip_set_restore: %u", line);
+		DP("ip_set_restore: %d", line);
 		if (line != 0) {
 			res = -EAGAIN;
 			req_restore->size = line;
@@ -1960,7 +1961,7 @@ ip_set_sockfn_get(struct sock *sk, int optval, void *user, int *len)
 	}	/* end of switch(op) */
 
     copy:
-   	DP("set %s, copylen %u", index != IP_SET_INVALID_ID
+   	DP("set %s, copylen %d", index != IP_SET_INVALID_ID
    	             		 && ip_set_list[index]
    	             ? ip_set_list[index]->name
    	             : ":all:", copylen);
diff --git a/extensions/ipset/ip_set.h b/extensions/ipset/ip_set.h
index 9970b94..c3a54a6 100644
--- a/extensions/ipset/ip_set.h
+++ b/extensions/ipset/ip_set.h
@@ -48,7 +48,7 @@
 /* 
  * Used so that the kernel module and ipset-binary can match their versions 
  */
-#define IP_SET_PROTOCOL_VERSION 2
+#define IP_SET_PROTOCOL_VERSION 3
 
 #define IP_SET_MAXNAMELEN 32	/* set names and set typenames */
 
@@ -236,7 +236,7 @@ struct ip_set_req_max_sets {
 struct ip_set_req_setnames {
 	unsigned op;
 	ip_set_id_t index;		/* set to list/save */
-	size_t size;			/* size to get setdata/bindings */
+	u_int32_t size;			/* size to get setdata/bindings */
 	/* followed by sets number of struct ip_set_name_list */
 };
 
@@ -258,9 +258,9 @@ struct ip_set_list {
 	ip_set_id_t index;
 	ip_set_id_t binding;
 	u_int32_t ref;
-	size_t header_size;	/* Set header data of header_size */
-	size_t members_size;	/* Set members data of members_size */
-	size_t bindings_size;	/* Set bindings data of bindings_size */
+	u_int32_t header_size;	/* Set header data of header_size */
+	u_int32_t members_size;	/* Set members data of members_size */
+	u_int32_t bindings_size;/* Set bindings data of bindings_size */
 };
 
 struct ip_set_hash_list {
@@ -277,8 +277,8 @@ struct ip_set_hash_list {
 struct ip_set_save {
 	ip_set_id_t index;
 	ip_set_id_t binding;
-	size_t header_size;	/* Set header data of header_size */
-	size_t members_size;	/* Set members data of members_size */
+	u_int32_t header_size;	/* Set header data of header_size */
+	u_int32_t members_size;	/* Set members data of members_size */
 };
 
 /* At restoring, ip == 0 means default binding for the given set: */
@@ -298,8 +298,8 @@ struct ip_set_restore {
 	char name[IP_SET_MAXNAMELEN];
 	char typename[IP_SET_MAXNAMELEN];
 	ip_set_id_t index;
-	size_t header_size;	/* Create data of header_size */
-	size_t members_size;	/* Set members data of members_size */
+	u_int32_t header_size;	/* Create data of header_size */
+	u_int32_t members_size;	/* Set members data of members_size */
 };
 
 static inline int bitmap_bytes(ip_set_ip_t a, ip_set_ip_t b)
@@ -366,14 +366,14 @@ struct ip_set_type {
 	 * return 0 if not in set, 1 if in set.
 	 */
 	int (*testip) (struct ip_set *set,
-		       const void *data, size_t size,
+		       const void *data, u_int32_t size,
 		       ip_set_ip_t *ip);
 
 	/*
 	 * Size of the data structure passed by when
 	 * adding/deletin/testing an entry.
 	 */
-	size_t reqsize;
+	u_int32_t reqsize;
 
 	/* Add IP into set (userspace: ipset -A set IP)
 	 * Return -EEXIST if the address is already in the set,
@@ -381,7 +381,7 @@ struct ip_set_type {
 	 * If the address was not already in the set, 0 is returned.
 	 */
 	int (*addip) (struct ip_set *set, 
-		      const void *data, size_t size,
+		      const void *data, u_int32_t size,
 		      ip_set_ip_t *ip);
 
 	/* Add IP into set (kernel: iptables ... -j SET set src|dst)
@@ -401,7 +401,7 @@ struct ip_set_type {
 	 * If the address really was in the set, 0 is returned.
 	 */
 	int (*delip) (struct ip_set *set, 
-		      const void *data, size_t size,
+		      const void *data, u_int32_t size,
 		      ip_set_ip_t *ip);
 
 	/* remove IP from set (kernel: iptables ... -j SET --entry x)
@@ -418,7 +418,7 @@ struct ip_set_type {
 	/* new set creation - allocated type specific items
 	 */
 	int (*create) (struct ip_set *set,
-		       const void *data, size_t size);
+		       const void *data, u_int32_t size);
 
 	/* retry the operation after successfully tweaking the set
 	 */
@@ -437,7 +437,7 @@ struct ip_set_type {
 
 	/* Listing: size needed for header
 	 */
-	size_t header_size;
+	u_int32_t header_size;
 
 	/* Listing: Get the header
 	 *
@@ -523,7 +523,7 @@ extern int ip_set_testip_kernel(ip_set_id_t id,
 
 #define UADT0(type, adt, args...)					\
 static int								\
-FNAME(type,_u,adt)(struct ip_set *set, const void *data, size_t size,	\
+FNAME(type,_u,adt)(struct ip_set *set, const void *data, u_int32_t size,\
 	     ip_set_ip_t *hash_ip)					\
 {									\
 	const STRUCT(ip_set_req_,type) *req = data;			\
diff --git a/extensions/ipset/ip_set_bitmaps.h b/extensions/ipset/ip_set_bitmaps.h
index 2e9293f..90e87e3 100644
--- a/extensions/ipset/ip_set_bitmaps.h
+++ b/extensions/ipset/ip_set_bitmaps.h
@@ -6,7 +6,7 @@
 #ifdef __KERNEL__
 #define BITMAP_CREATE(type)						\
 static int								\
-type##_create(struct ip_set *set, const void *data, size_t size)	\
+type##_create(struct ip_set *set, const void *data, u_int32_t size)	\
 {									\
 	int newbytes;							\
 	const struct ip_set_req_##type##_create *req = data;		\
@@ -19,8 +19,8 @@ type##_create(struct ip_set *set, const void *data, size_t size)	\
 									\
 	map = kmalloc(sizeof(struct ip_set_##type), GFP_KERNEL);	\
 	if (!map) {							\
-		DP("out of memory for %d bytes",			\
-		   sizeof(struct ip_set_#type));			\
+		DP("out of memory for %zu bytes",			\
+		   sizeof(struct ip_set_##type));			\
 		return -ENOMEM;						\
 	}								\
 	map->first_ip = req->from;					\
@@ -35,7 +35,7 @@ type##_create(struct ip_set *set, const void *data, size_t size)	\
 	map->size = newbytes;						\
 	map->members = ip_set_malloc(newbytes);				\
 	if (!map->members) {						\
-		DP("out of memory for %d bytes", newbytes);		\
+		DP("out of memory for %i bytes", newbytes);		\
 		kfree(map);						\
 		return -ENOMEM;						\
 	}								\
diff --git a/extensions/ipset/ip_set_compat.h b/extensions/ipset/ip_set_compat.h
index 5695b3b..96c2024 100644
--- a/extensions/ipset/ip_set_compat.h
+++ b/extensions/ipset/ip_set_compat.h
@@ -58,6 +58,7 @@ static inline void *kzalloc(size_t size, gfp_t flags)
 #endif
 
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,23)
+#include <linux/netfilter.h>
 #define KMEM_CACHE_CREATE(name, size) \
 	kmem_cache_create(name, size, 0, 0, NULL, NULL)
 #else
diff --git a/extensions/ipset/ip_set_hashes.h b/extensions/ipset/ip_set_hashes.h
index 6914a12..f7d6a69 100644
--- a/extensions/ipset/ip_set_hashes.h
+++ b/extensions/ipset/ip_set_hashes.h
@@ -28,20 +28,22 @@ type##_retry(struct ip_set *set)					\
 		hashsize++;						\
 									\
 	ip_set_printk("rehashing of set %s triggered: "			\
-		      "hashsize grows from %u to %u",			\
-		      set->name, map->hashsize, hashsize);		\
+		      "hashsize grows from %lu to %lu",			\
+		      set->name,					\
+		      (long unsigned)map->hashsize,			\
+		      (long unsigned)hashsize);				\
 		      							\
 	tmp = kmalloc(sizeof(struct ip_set_##type)			\
 		      + map->probes * sizeof(initval_t), GFP_ATOMIC);	\
 	if (!tmp) {							\
-		DP("out of memory for %d bytes",			\
+		DP("out of memory for %zu bytes",			\
 		   sizeof(struct ip_set_##type)				\
 		   + map->probes * sizeof(initval_t));			\
 		return -ENOMEM;						\
 	}								\
 	tmp->members = harray_malloc(hashsize, sizeof(dtype), GFP_ATOMIC);\
 	if (!tmp->members) {						\
-		DP("out of memory for %d bytes", hashsize * sizeof(dtype));\
+		DP("out of memory for %zu bytes", hashsize * sizeof(dtype));\
 		kfree(tmp);						\
 		return -ENOMEM;						\
 	}								\
@@ -88,7 +90,7 @@ type##_retry(struct ip_set *set)					\
 
 #define HASH_CREATE(type, dtype)					\
 static int								\
-type##_create(struct ip_set *set, const void *data, size_t size)	\
+type##_create(struct ip_set *set, const void *data, u_int32_t size)	\
 {									\
 	const struct ip_set_req_##type##_create *req = data;		\
 	struct ip_set_##type *map;					\
@@ -107,7 +109,7 @@ type##_create(struct ip_set *set, const void *data, size_t size)	\
 	map = kmalloc(sizeof(struct ip_set_##type)			\
 		      + req->probes * sizeof(initval_t), GFP_KERNEL);	\
 	if (!map) {							\
-		DP("out of memory for %d bytes",			\
+		DP("out of memory for %zu bytes",			\
 		   sizeof(struct ip_set_##type)				\
 		   + req->probes * sizeof(initval_t));			\
 		return -ENOMEM;						\
@@ -124,7 +126,7 @@ type##_create(struct ip_set *set, const void *data, size_t size)	\
 	}								\
 	map->members = harray_malloc(map->hashsize, sizeof(dtype), GFP_KERNEL);\
 	if (!map->members) {						\
-		DP("out of memory for %d bytes", map->hashsize * sizeof(dtype));\
+		DP("out of memory for %zu bytes", map->hashsize * sizeof(dtype));\
 		kfree(map);						\
 		return -ENOMEM;						\
 	}								\
diff --git a/extensions/ipset/ip_set_ipmap.h b/extensions/ipset/ip_set_ipmap.h
index f0a2d08..8d3ff3f 100644
--- a/extensions/ipset/ip_set_ipmap.h
+++ b/extensions/ipset/ip_set_ipmap.h
@@ -13,7 +13,7 @@ struct ip_set_ipmap {
 	ip_set_ip_t netmask;		/* subnet netmask */
 	ip_set_ip_t sizeid;		/* size of set in IPs */
 	ip_set_ip_t hosts;		/* number of hosts in a subnet */
-	size_t size;			/* size of the ipmap proper */
+	u_int32_t size;			/* size of the ipmap proper */
 };
 
 struct ip_set_req_ipmap_create {
diff --git a/extensions/ipset/ip_set_ipportnethash.c b/extensions/ipset/ip_set_ipportnethash.c
index b4445cb..aa9ca88 100644
--- a/extensions/ipset/ip_set_ipportnethash.c
+++ b/extensions/ipset/ip_set_ipportnethash.c
@@ -102,7 +102,7 @@ ipportnethash_test(struct ip_set *set, ip_set_ip_t *hash_ip,
 }
 
 static int
-ipportnethash_utest(struct ip_set *set, const void *data, size_t size,
+ipportnethash_utest(struct ip_set *set, const void *data, u_int32_t size,
 		    ip_set_ip_t *hash_ip)
 {
 	const struct ip_set_req_ipportnethash *req = data;
diff --git a/extensions/ipset/ip_set_iptree.c b/extensions/ipset/ip_set_iptree.c
index 269c785..ba0bf24 100644
--- a/extensions/ipset/ip_set_iptree.c
+++ b/extensions/ipset/ip_set_iptree.c
@@ -276,21 +276,21 @@ init_gc_timer(struct ip_set *set)
 }
 
 static int
-iptree_create(struct ip_set *set, const void *data, size_t size)
+iptree_create(struct ip_set *set, const void *data, u_int32_t size)
 {
 	const struct ip_set_req_iptree_create *req = data;
 	struct ip_set_iptree *map;
 
 	if (size != sizeof(struct ip_set_req_iptree_create)) {
-		ip_set_printk("data length wrong (want %zu, have %zu)",
+		ip_set_printk("data length wrong (want %zu, have %lu)",
 			      sizeof(struct ip_set_req_iptree_create),
-			      size);
+			      (unsigned long)size);
 		return -EINVAL;
 	}
 
 	map = kmalloc(sizeof(struct ip_set_iptree), GFP_KERNEL);
 	if (!map) {
-		DP("out of memory for %d bytes",
+		DP("out of memory for %zu bytes",
 		   sizeof(struct ip_set_iptree));
 		return -ENOMEM;
 	}
diff --git a/extensions/ipset/ip_set_iptreemap.c b/extensions/ipset/ip_set_iptreemap.c
index 564c2e1..f1fec0c 100644
--- a/extensions/ipset/ip_set_iptreemap.c
+++ b/extensions/ipset/ip_set_iptreemap.c
@@ -470,7 +470,7 @@ init_gc_timer(struct ip_set *set)
 }
 
 static int
-iptreemap_create(struct ip_set *set, const void *data, size_t size)
+iptreemap_create(struct ip_set *set, const void *data, u_int32_t size)
 {
 	const struct ip_set_req_iptreemap_create *req = data;
 	struct ip_set_iptreemap *map;
@@ -567,7 +567,7 @@ iptreemap_list_members_size(const struct ip_set *set)
 	return (count * sizeof(struct ip_set_req_iptreemap));
 }
 
-static inline size_t
+static inline u_int32_t
 add_member(void *data, size_t offset, ip_set_ip_t start, ip_set_ip_t end)
 {
 	struct ip_set_req_iptreemap *entry = data + offset;
diff --git a/extensions/ipset/ip_set_macipmap.c b/extensions/ipset/ip_set_macipmap.c
index 5a02ca0..d781858 100644
--- a/extensions/ipset/ip_set_macipmap.c
+++ b/extensions/ipset/ip_set_macipmap.c
@@ -22,7 +22,7 @@
 #include "ip_set_macipmap.h"
 
 static int
-macipmap_utest(struct ip_set *set, const void *data, size_t size,
+macipmap_utest(struct ip_set *set, const void *data, u_int32_t size,
 	       ip_set_ip_t *hash_ip)
 {
 	const struct ip_set_macipmap *map = set->data;
@@ -35,8 +35,7 @@ macipmap_utest(struct ip_set *set, const void *data, size_t size,
 	*hash_ip = req->ip;
 	DP("set: %s, ip:%u.%u.%u.%u, %u.%u.%u.%u",
 	   set->name, HIPQUAD(req->ip), HIPQUAD(*hash_ip));		
-	if (test_bit(IPSET_MACIP_ISSET,
-		     (void *) &table[req->ip - map->first_ip].flags)) {
+	if (table[req->ip - map->first_ip].match) {
 		return (memcmp(req->ethernet,
 			       &table[req->ip - map->first_ip].ethernet,
 			       ETH_ALEN) == 0);
@@ -64,8 +63,7 @@ macipmap_ktest(struct ip_set *set,
 	*hash_ip = ip;	
 	DP("set: %s, ip:%u.%u.%u.%u, %u.%u.%u.%u",
 	   set->name, HIPQUAD(ip), HIPQUAD(*hash_ip));		
-	if (test_bit(IPSET_MACIP_ISSET,
-	    (void *) &table[ip - map->first_ip].flags)) {
+	if (table[ip - map->first_ip].match) {
 		/* Is mac pointer valid?
 		 * If so, compare... */
 		return (skb_mac_header(skb) >= skb->head
@@ -88,13 +86,13 @@ macipmap_add(struct ip_set *set, ip_set_ip_t *hash_ip,
 
 	if (ip < map->first_ip || ip > map->last_ip)
 		return -ERANGE;
-	if (test_and_set_bit(IPSET_MACIP_ISSET,
-			     (void *) &table[ip - map->first_ip].flags))
+	if (table[ip - map->first_ip].match)
 		return -EEXIST;
 
 	*hash_ip = ip;
 	DP("%u.%u.%u.%u, %u.%u.%u.%u", HIPQUAD(ip), HIPQUAD(*hash_ip));
 	memcpy(&table[ip - map->first_ip].ethernet, ethernet, ETH_ALEN);
+	table[ip - map->first_ip].match = IPSET_MACIP_ISSET;
 	return 0;
 }
 
@@ -114,11 +112,11 @@ macipmap_del(struct ip_set *set, ip_set_ip_t *hash_ip, ip_set_ip_t ip)
 
 	if (ip < map->first_ip || ip > map->last_ip)
 		return -ERANGE;
-	if (!test_and_clear_bit(IPSET_MACIP_ISSET,
-				(void *)&table[ip - map->first_ip].flags))
+	if (!table[ip - map->first_ip].match)
 		return -EEXIST;
 
 	*hash_ip = ip;
+	table[ip - map->first_ip].match = 0;
 	DP("%u.%u.%u.%u, %u.%u.%u.%u", HIPQUAD(ip), HIPQUAD(*hash_ip));
 	return 0;
 }
diff --git a/extensions/ipset/ip_set_macipmap.h b/extensions/ipset/ip_set_macipmap.h
index 5f5e286..4b738f2 100644
--- a/extensions/ipset/ip_set_macipmap.h
+++ b/extensions/ipset/ip_set_macipmap.h
@@ -17,7 +17,7 @@ struct ip_set_macipmap {
 	ip_set_ip_t first_ip;		/* host byte order, included in range */
 	ip_set_ip_t last_ip;		/* host byte order, included in range */
 	u_int32_t flags;
-	size_t size;			/* size of the ipmap proper */
+	u_int32_t size;			/* size of the ipmap proper */
 };
 
 struct ip_set_req_macipmap_create {
@@ -32,7 +32,7 @@ struct ip_set_req_macipmap {
 };
 
 struct ip_set_macip {
-	unsigned short flags;
+	unsigned short match;
 	unsigned char ethernet[ETH_ALEN];
 };
 
diff --git a/extensions/ipset/ip_set_nethash.c b/extensions/ipset/ip_set_nethash.c
index 96f9e60..ef5d157 100644
--- a/extensions/ipset/ip_set_nethash.c
+++ b/extensions/ipset/ip_set_nethash.c
@@ -80,7 +80,7 @@ nethash_test(struct ip_set *set, ip_set_ip_t *hash_ip, ip_set_ip_t ip)
 }
 
 static int
-nethash_utest(struct ip_set *set, const void *data, size_t size,
+nethash_utest(struct ip_set *set, const void *data, u_int32_t size,
 	      ip_set_ip_t *hash_ip)
 {
 	const struct ip_set_req_nethash *req = data;
diff --git a/extensions/ipset/ip_set_portmap.h b/extensions/ipset/ip_set_portmap.h
index f65d7f9..963e02b 100644
--- a/extensions/ipset/ip_set_portmap.h
+++ b/extensions/ipset/ip_set_portmap.h
@@ -10,7 +10,7 @@ struct ip_set_portmap {
 	void *members;			/* the portmap proper */
 	ip_set_ip_t first_ip;		/* host byte order, included in range */
 	ip_set_ip_t last_ip;		/* host byte order, included in range */
-	size_t size;			/* size of the ipmap proper */
+	u_int32_t size;			/* size of the ipmap proper */
 };
 
 struct ip_set_req_portmap_create {
diff --git a/extensions/ipset/ip_set_setlist.c b/extensions/ipset/ip_set_setlist.c
index e3334f2..d4945f1 100644
--- a/extensions/ipset/ip_set_setlist.c
+++ b/extensions/ipset/ip_set_setlist.c
@@ -28,7 +28,7 @@ next_index_eq(const struct ip_set_setlist *map, int i, ip_set_id_t index)
 }
 
 static int
-setlist_utest(struct ip_set *set, const void *data, size_t size,
+setlist_utest(struct ip_set *set, const void *data, u_int32_t size,
 	       ip_set_ip_t *hash_ip)
 {
 	const struct ip_set_setlist *map = set->data;
@@ -109,7 +109,7 @@ insert_setlist(struct ip_set_setlist *map, int i, ip_set_id_t index)
 }
 
 static int
-setlist_uadd(struct ip_set *set, const void *data, size_t size,
+setlist_uadd(struct ip_set *set, const void *data, u_int32_t size,
 	     ip_set_ip_t *hash_ip)
 {
 	struct ip_set_setlist *map = set->data;
@@ -184,7 +184,7 @@ unshift_setlist(struct ip_set_setlist *map, int i)
 }
 
 static int
-setlist_udel(struct ip_set *set, const void *data, size_t size,
+setlist_udel(struct ip_set *set, const void *data, u_int32_t size,
 	     ip_set_ip_t *hash_ip)
 {
 	struct ip_set_setlist *map = set->data;
@@ -251,7 +251,7 @@ setlist_kdel(struct ip_set *set,
 }
 
 static int
-setlist_create(struct ip_set *set, const void *data, size_t size)
+setlist_create(struct ip_set *set, const void *data, u_int32_t size)
 {
 	struct ip_set_setlist *map;
 	const struct ip_set_req_setlist_create *req = data;
diff --git a/extensions/ipset/ipset.c b/extensions/ipset/ipset.c
index 013906f..70935a3 100644
--- a/extensions/ipset/ipset.c
+++ b/extensions/ipset/ipset.c
@@ -1580,7 +1580,7 @@ static int set_adtip(struct set *set, const char *adt,
 
 	/* Alloc memory for the data to send */
 	size = sizeof(struct ip_set_req_adt) + set->settype->adt_size ;
-	DP("alloc size %i", size);
+	DP("alloc size %d", size);
 	data = ipset_malloc(size);
 
 	/* Fill out the request */
@@ -1666,7 +1666,7 @@ static int set_bind(struct set *set, const char *adt,
 		size += IP_SET_MAXNAMELEN;
 	else if (!(op == IP_SET_OP_UNBIND_SET && set == NULL))
 		size += set->settype->adt_size;
-	DP("alloc size %i", size);
+	DP("alloc size %d", size);
 	data = ipset_malloc(size);
 
 	/* Fill out the request */
diff --git a/extensions/ipset/ipset.h b/extensions/ipset/ipset.h
index de0adcf..3617721 100644
--- a/extensions/ipset/ipset.h
+++ b/extensions/ipset/ipset.h
@@ -95,7 +95,7 @@ struct settype {
 	 */
 
 	/* Size of create data. Will be sent to kernel */
-	size_t create_size;
+	u_int32_t create_size;
 
 	/* Initialize the create. */
 	void (*create_init) (void *data);
@@ -115,7 +115,7 @@ struct settype {
 	 */
 
 	/* Size of data. Will be sent to kernel */
-	size_t adt_size;
+	u_int32_t adt_size;
 
 	/* Function which parses command options */
 	ip_set_ip_t (*adt_parser) (int cmd, const char *optarg, void *data);
@@ -125,7 +125,7 @@ struct settype {
 	 */
 
 	/* Size of header. */
-	size_t header_size;
+	u_int32_t header_size;
 
 	/* Initialize the type-header */
 	void (*initheader) (struct set *set, const void *data);
@@ -134,16 +134,16 @@ struct settype {
 	void (*printheader) (struct set *set, unsigned options);
 
 	/* Pretty print all IPs */
-	void (*printips) (struct set *set, void *data, size_t len, unsigned options);
+	void (*printips) (struct set *set, void *data, u_int32_t len, unsigned options);
 
 	/* Pretty print all IPs sorted */
-	void (*printips_sorted) (struct set *set, void *data, size_t len, unsigned options);
+	void (*printips_sorted) (struct set *set, void *data, u_int32_t len, unsigned options);
 
 	/* Print save arguments for creating the set */
 	void (*saveheader) (struct set *set, unsigned options);
 
 	/* Print save for all IPs */
-	void (*saveips) (struct set *set, void *data, size_t len, unsigned options);
+	void (*saveips) (struct set *set, void *data, u_int32_t len, unsigned options);
 
 	/* Conver a single IP (binding) to string */
 	char * (*bindip_tostring)(struct set *set, ip_set_ip_t ip, unsigned options);
@@ -189,10 +189,13 @@ extern struct set *set_find_byid(ip_set_id_t id);
 
 extern unsigned warn_once;
 
-#define BITSPERBYTE	(8*sizeof(char))
-#define ID2BYTE(id)	((id)/BITSPERBYTE)
-#define ID2MASK(id)	(1 << ((id)%BITSPERBYTE))
-#define test_bit(id, heap)	((((char *)(heap))[ID2BYTE(id)] & ID2MASK(id)) != 0)
+#define BITS_PER_LONG	(8*sizeof(unsigned long))
+#define BIT_WORD(nr)	((nr) / BITS_PER_LONG)
+
+static inline int test_bit(int nr, const unsigned long *addr)
+{
+	return 1UL & (addr[BIT_WORD(nr)] >> (nr & (BITS_PER_LONG-1)));
+}
 
 #define UNUSED __attribute__ ((unused))
 #define CONSTRUCTOR(module) \
diff --git a/extensions/ipset/ipset_iphash.c b/extensions/ipset/ipset_iphash.c
index 20872ac..8984691 100644
--- a/extensions/ipset/ipset_iphash.c
+++ b/extensions/ipset/ipset_iphash.c
@@ -192,7 +192,7 @@ printheader(struct set *set, unsigned options UNUSED)
 }
 
 static void
-printips(struct set *set UNUSED, void *data, size_t len, unsigned options)
+printips(struct set *set UNUSED, void *data, u_int32_t len, unsigned options)
 {
 	size_t offset = 0;
 	ip_set_ip_t *ip;
@@ -221,7 +221,7 @@ saveheader(struct set *set, unsigned options UNUSED)
 
 /* Print save for an IP */
 static void
-saveips(struct set *set UNUSED, void *data, size_t len, unsigned options)
+saveips(struct set *set UNUSED, void *data, u_int32_t len, unsigned options)
 {
 	size_t offset = 0;
 	ip_set_ip_t *ip;
diff --git a/extensions/ipset/ipset_ipmap.c b/extensions/ipset/ipset_ipmap.c
index fd242c5..ee96f5e 100644
--- a/extensions/ipset/ipset_ipmap.c
+++ b/extensions/ipset/ipset_ipmap.c
@@ -225,12 +225,12 @@ initheader(struct set *set, const void *data)
 		mask = range_to_mask(header->from, header->to, &mask_bits);
 		netmask_bits = mask_to_bits(header->netmask);
 
-		DP("bits: %i %i", mask_bits, netmask_bits);
+		DP("bits: %d %d", mask_bits, netmask_bits);
 		map->hosts = 2 << (32 - netmask_bits - 1);
 		map->sizeid = 2 << (netmask_bits - mask_bits - 1);
 	}
 
-	DP("%i %i", map->hosts, map->sizeid );
+	DP("%d %d", map->hosts, map->sizeid );
 }
 
 static void
@@ -248,7 +248,7 @@ printheader(struct set *set, unsigned options)
 
 static void
 printips_sorted(struct set *set, void *data,
-		size_t len UNUSED, unsigned options)
+		u_int32_t len UNUSED, unsigned options)
 {
 	struct ip_set_ipmap *mysetdata = set->settype->header;
 	ip_set_ip_t id;
@@ -279,7 +279,7 @@ saveheader(struct set *set, unsigned options)
 }
 
 static void
-saveips(struct set *set, void *data, size_t len UNUSED, unsigned options)
+saveips(struct set *set, void *data, u_int32_t len UNUSED, unsigned options)
 {
 	struct ip_set_ipmap *mysetdata = set->settype->header;
 	ip_set_ip_t id;
diff --git a/extensions/ipset/ipset_ipporthash.c b/extensions/ipset/ipset_ipporthash.c
index 3899975..df85af0 100644
--- a/extensions/ipset/ipset_ipporthash.c
+++ b/extensions/ipset/ipset_ipporthash.c
@@ -248,7 +248,7 @@ printheader(struct set *set, unsigned options)
 }
 
 static void
-printips(struct set *set, void *data, size_t len, unsigned options)
+printips(struct set *set, void *data, u_int32_t len, unsigned options)
 {
 	struct ip_set_ipporthash *mysetdata = set->settype->header;
 	size_t offset = 0;
@@ -284,7 +284,7 @@ saveheader(struct set *set, unsigned options)
 
 /* Print save for an IP */
 static void
-saveips(struct set *set, void *data, size_t len, unsigned options)
+saveips(struct set *set, void *data, u_int32_t len, unsigned options)
 {
 	struct ip_set_ipporthash *mysetdata = set->settype->header;
 	size_t offset = 0;
diff --git a/extensions/ipset/ipset_ipportiphash.c b/extensions/ipset/ipset_ipportiphash.c
index 5e42114..c35c832 100644
--- a/extensions/ipset/ipset_ipportiphash.c
+++ b/extensions/ipset/ipset_ipportiphash.c
@@ -253,7 +253,7 @@ printheader(struct set *set, unsigned options)
 }
 
 static void
-printips(struct set *set, void *data, size_t len, unsigned options)
+printips(struct set *set, void *data, u_int32_t len, unsigned options)
 {
 	struct ip_set_ipportiphash *mysetdata = set->settype->header;
 	size_t offset = 0;
@@ -292,7 +292,7 @@ saveheader(struct set *set, unsigned options)
 
 /* Print save for an IP */
 static void
-saveips(struct set *set, void *data, size_t len, unsigned options)
+saveips(struct set *set, void *data, u_int32_t len, unsigned options)
 {
 	struct ip_set_ipportiphash *mysetdata = set->settype->header;
 	size_t offset = 0;
diff --git a/extensions/ipset/ipset_ipportnethash.c b/extensions/ipset/ipset_ipportnethash.c
index 15e41ec..98d6837 100644
--- a/extensions/ipset/ipset_ipportnethash.c
+++ b/extensions/ipset/ipset_ipportnethash.c
@@ -318,7 +318,7 @@ unpack_ip_tostring(ip_set_ip_t ip, unsigned options UNUSED)
 }
 
 static void
-printips(struct set *set, void *data, size_t len, unsigned options)
+printips(struct set *set, void *data, u_int32_t len, unsigned options)
 {
 	struct ip_set_ipportnethash *mysetdata = set->settype->header;
 	size_t offset = 0;
@@ -357,7 +357,7 @@ saveheader(struct set *set, unsigned options)
 
 /* Print save for an IP */
 static void
-saveips(struct set *set, void *data, size_t len, unsigned options)
+saveips(struct set *set, void *data, u_int32_t len, unsigned options)
 {
 	struct ip_set_ipportnethash *mysetdata = set->settype->header;
 	size_t offset = 0;
diff --git a/extensions/ipset/ipset_iptree.c b/extensions/ipset/ipset_iptree.c
index aa8c3fc..d550982 100644
--- a/extensions/ipset/ipset_iptree.c
+++ b/extensions/ipset/ipset_iptree.c
@@ -123,7 +123,7 @@ printheader(struct set *set, unsigned options UNUSED)
 }
 
 static void
-printips_sorted(struct set *set, void *data, size_t len, unsigned options)
+printips_sorted(struct set *set, void *data, u_int32_t len, unsigned options)
 {
 	struct ip_set_iptree *mysetdata = set->settype->header;
 	struct ip_set_req_iptree *req;
@@ -155,7 +155,7 @@ saveheader(struct set *set, unsigned options UNUSED)
 }
 
 static void
-saveips(struct set *set, void *data, size_t len, unsigned options)
+saveips(struct set *set, void *data, u_int32_t len, unsigned options)
 {
 	struct ip_set_iptree *mysetdata = set->settype->header;
 	struct ip_set_req_iptree *req;
diff --git a/extensions/ipset/ipset_iptreemap.c b/extensions/ipset/ipset_iptreemap.c
index 65c7349..c2fb695 100644
--- a/extensions/ipset/ipset_iptreemap.c
+++ b/extensions/ipset/ipset_iptreemap.c
@@ -115,7 +115,7 @@ printheader(struct set *set, unsigned int options UNUSED)
 
 static void
 printips_sorted(struct set *set UNUSED, void *data,
-		size_t len, unsigned int options)
+		u_int32_t len, unsigned int options)
 {
 	struct ip_set_req_iptreemap *req;
 	size_t offset = 0;
@@ -147,7 +147,7 @@ saveheader(struct set *set, unsigned int options UNUSED)
 
 static void
 saveips(struct set *set UNUSED, void *data,
-	size_t len, unsigned int options)
+	u_int32_t len, unsigned int options)
 {
 	struct ip_set_req_iptreemap *req;
 	size_t offset = 0;
diff --git a/extensions/ipset/ipset_macipmap.c b/extensions/ipset/ipset_macipmap.c
index c0b508e..6944360 100644
--- a/extensions/ipset/ipset_macipmap.c
+++ b/extensions/ipset/ipset_macipmap.c
@@ -245,15 +245,14 @@ print_mac(unsigned char macaddress[ETH_ALEN])
 
 static void
 printips_sorted(struct set *set, void *data,
-		size_t len UNUSED, unsigned options)
+		u_int32_t len UNUSED, unsigned options)
 {
 	struct ip_set_macipmap *mysetdata = set->settype->header;
 	struct ip_set_macip *table = data;
 	u_int32_t addr = mysetdata->first_ip;
 
 	while (addr <= mysetdata->last_ip) {
-		if (test_bit(IPSET_MACIP_ISSET,
-			     (void *)&table[addr - mysetdata->first_ip].flags)) {
+		if (table[addr - mysetdata->first_ip].match) {
 			printf("%s,", ip_tostring(addr, options));
 			print_mac(table[addr - mysetdata->first_ip].
 				  ethernet);
@@ -280,15 +279,14 @@ saveheader(struct set *set, unsigned options)
 
 static void
 saveips(struct set *set, void *data,
-	size_t len UNUSED, unsigned options)
+	u_int32_t len UNUSED, unsigned options)
 {
 	struct ip_set_macipmap *mysetdata = set->settype->header;
 	struct ip_set_macip *table = data;
 	u_int32_t addr = mysetdata->first_ip;
 
 	while (addr <= mysetdata->last_ip) {
-		if (test_bit(IPSET_MACIP_ISSET,
-			     (void *)&table[addr - mysetdata->first_ip].flags)) {
+		if (table[addr - mysetdata->first_ip].match) {
 			printf("-A %s %s,",
 			       set->name, ip_tostring(addr, options));
 			print_mac(table[addr - mysetdata->first_ip].
diff --git a/extensions/ipset/ipset_nethash.c b/extensions/ipset/ipset_nethash.c
index b86180d..393fc7d 100644
--- a/extensions/ipset/ipset_nethash.c
+++ b/extensions/ipset/ipset_nethash.c
@@ -224,7 +224,7 @@ unpack_ip_tostring(ip_set_ip_t ip, unsigned options UNUSED)
 }
 
 static void
-printips(struct set *set UNUSED, void *data, size_t len, unsigned options)
+printips(struct set *set UNUSED, void *data, u_int32_t len, unsigned options)
 {
 	size_t offset = 0;
 	ip_set_ip_t *ip;
@@ -249,7 +249,7 @@ saveheader(struct set *set, unsigned options UNUSED)
 
 /* Print save for an IP */
 static void
-saveips(struct set *set UNUSED, void *data, size_t len, unsigned options)
+saveips(struct set *set UNUSED, void *data, u_int32_t len, unsigned options)
 {
 	size_t offset = 0;
 	ip_set_ip_t *ip;
diff --git a/extensions/ipset/ipset_portmap.c b/extensions/ipset/ipset_portmap.c
index 6c0aa8a..23999dd 100644
--- a/extensions/ipset/ipset_portmap.c
+++ b/extensions/ipset/ipset_portmap.c
@@ -149,7 +149,7 @@ printheader(struct set *set, unsigned options)
 
 static void
 printports_sorted(struct set *set, void *data,
-		  size_t len UNUSED, unsigned options)
+		  u_int32_t len UNUSED, unsigned options)
 {
 	struct ip_set_portmap *mysetdata = set->settype->header;
 	u_int32_t addr = mysetdata->first_ip;
@@ -184,7 +184,7 @@ saveheader(struct set *set, unsigned options)
 
 static void
 saveports(struct set *set, void *data,
-	  size_t len UNUSED, unsigned options)
+	  u_int32_t len UNUSED, unsigned options)
 {
 	struct ip_set_portmap *mysetdata = set->settype->header;
 	u_int32_t addr = mysetdata->first_ip;
diff --git a/extensions/ipset/ipset_setlist.c b/extensions/ipset/ipset_setlist.c
index 6154fa5..a012d5a 100644
--- a/extensions/ipset/ipset_setlist.c
+++ b/extensions/ipset/ipset_setlist.c
@@ -134,7 +134,7 @@ printheader(struct set *set, unsigned options UNUSED)
 
 static void
 printips_sorted(struct set *set, void *data,
-		size_t len UNUSED, unsigned options UNUSED)
+		u_int32_t len UNUSED, unsigned options UNUSED)
 {
 	struct ip_set_setlist *mysetdata = set->settype->header;
 	int i;
@@ -162,7 +162,7 @@ saveheader(struct set *set, unsigned options UNUSED)
 
 static void
 saveips(struct set *set, void *data,
-	size_t len UNUSED, unsigned options UNUSED)
+	u_int32_t len UNUSED, unsigned options UNUSED)
 {
 	struct ip_set_setlist *mysetdata = set->settype->header;
 	int i;