[PATCH 1/3] ipset: use NFPROTO_ constants

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



ipset is actually using NFPROTO values rather than AF (xt_set passes
that along).
---
 include/libipset/nfproto.h                         |   19 +++++++
 include/libipset/types.h                           |   15 +++--
 kernel/include/linux/netfilter/ipset/ip_set.h      |    5 ++-
 kernel/net/netfilter/ipset/ip_set_bitmap_ip.c      |    4 +-
 kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c   |    4 +-
 kernel/net/netfilter/ipset/ip_set_bitmap_port.c    |    4 +-
 kernel/net/netfilter/ipset/ip_set_core.c           |   16 +++---
 kernel/net/netfilter/ipset/ip_set_getport.c        |    4 +-
 kernel/net/netfilter/ipset/ip_set_hash_ip.c        |   18 +++---
 kernel/net/netfilter/ipset/ip_set_hash_ipport.c    |   10 ++--
 kernel/net/netfilter/ipset/ip_set_hash_ipportip.c  |   10 ++--
 kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c |   12 ++--
 kernel/net/netfilter/ipset/ip_set_hash_net.c       |   12 ++--
 kernel/net/netfilter/ipset/ip_set_hash_netiface.c  |   12 ++--
 kernel/net/netfilter/ipset/ip_set_hash_netport.c   |   12 ++--
 kernel/net/netfilter/ipset/ip_set_list_set.c       |    2 +-
 lib/data.c                                         |   21 ++++----
 lib/debug.c                                        |    4 +-
 lib/parse.c                                        |   52 ++++++++++----------
 lib/print.c                                        |   20 ++++----
 lib/session.c                                      |   34 ++++++------
 lib/types.c                                        |   26 +++++-----
 src/ipset.c                                        |   10 ++--
 src/ipset_bitmap_ip.c                              |    2 +-
 src/ipset_bitmap_ipmac.c                           |    2 +-
 src/ipset_bitmap_port.c                            |    2 +-
 src/ipset_hash_ip.c                                |    2 +-
 src/ipset_hash_ipport.c                            |    2 +-
 src/ipset_hash_ipportip.c                          |    2 +-
 src/ipset_hash_ipportnet.c                         |    4 +-
 src/ipset_hash_net.c                               |    4 +-
 src/ipset_hash_netiface.c                          |    2 +-
 src/ipset_hash_netport.c                           |    4 +-
 src/ipset_list_set.c                               |    2 +-
 34 files changed, 189 insertions(+), 165 deletions(-)
 create mode 100644 include/libipset/nfproto.h

diff --git a/include/libipset/nfproto.h b/include/libipset/nfproto.h
new file mode 100644
index 0000000..800da11
--- /dev/null
+++ b/include/libipset/nfproto.h
@@ -0,0 +1,19 @@
+#ifndef LIBIPSET_NFPROTO_H
+#define LIBIPSET_NFPROTO_H
+
+/*
+ * The constants to select, same as in linux/netfilter.h.
+ * Like nf_inet_addr.h, this is just here so that we need not to rely on
+ * the presence of a recent-enough netfilter.h.
+ */
+enum {
+	NFPROTO_UNSPEC =  0,
+	NFPROTO_IPV4   =  2,
+	NFPROTO_ARP    =  3,
+	NFPROTO_BRIDGE =  7,
+	NFPROTO_IPV6   = 10,
+	NFPROTO_DECNET = 12,
+	NFPROTO_NUMPROTO,
+};
+
+#endif /* LIBIPSET_NFPROTO_H */
diff --git a/include/libipset/types.h b/include/libipset/types.h
index d3a0b4c..edec2c9 100644
--- a/include/libipset/types.h
+++ b/include/libipset/types.h
@@ -14,15 +14,18 @@
 #include <libipset/parse.h>			/* ipset_parsefn */
 #include <libipset/print.h>			/* ipset_printfn */
 #include <libipset/linux_ip_set.h>		/* IPSET_MAXNAMELEN */
-
-#define AF_INET46		255
+#include <libipset/nfproto.h>			/* for NFPROTO_ */
 
 /* Family rules:
- * - AF_UNSPEC:	type is family-neutral
- * - AF_INET:	type supports IPv4 only
- * - AF_INET6:	type supports IPv6 only
- * - AF_INET46:	type supports both IPv4 and IPv6
+ * - NFPROTO_UNSPEC:	type is family-neutral
+ * - NFPROTO_IPV4:	type supports IPv4 only
+ * - NFPROTO_IPV6:	type supports IPv6 only
+ * Special (userspace) ipset-only extra value:
+ * - NFPROTO_X_IPV46:	type supports both IPv4 and IPv6
  */
+enum {
+	NFPROTO_X_IPV46 = 255,
+};
 
 /* Set dimensions */
 enum {
diff --git a/kernel/include/linux/netfilter/ipset/ip_set.h b/kernel/include/linux/netfilter/ipset/ip_set.h
index 3540c6e..e7b06f5 100644
--- a/kernel/include/linux/netfilter/ipset/ip_set.h
+++ b/kernel/include/linux/netfilter/ipset/ip_set.h
@@ -288,7 +288,10 @@ struct ip_set_type {
 	u8 features;
 	/* Set type dimension */
 	u8 dimension;
-	/* Supported family: may be AF_UNSPEC for both AF_INET/AF_INET6 */
+	/*
+	 * Supported family: may be NFPROTO_UNSPEC for both
+	 * NFPROTO_IPV4/NFPROTO_IPV6.
+	 */
 	u8 family;
 	/* Type revisions */
 	u8 revision_min, revision_max;
diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c b/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c
index e3e7399..a72a4df 100644
--- a/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c
+++ b/kernel/net/netfilter/ipset/ip_set_bitmap_ip.c
@@ -442,7 +442,7 @@ init_map_ip(struct ip_set *set, struct bitmap_ip *map,
 	map->timeout = IPSET_NO_TIMEOUT;
 
 	set->data = map;
-	set->family = AF_INET;
+	set->family = NFPROTO_IPV4;
 
 	return true;
 }
@@ -550,7 +550,7 @@ static struct ip_set_type bitmap_ip_type __read_mostly = {
 	.protocol	= IPSET_PROTOCOL,
 	.features	= IPSET_TYPE_IP,
 	.dimension	= IPSET_DIM_ONE,
-	.family		= AF_INET,
+	.family		= NFPROTO_IPV4,
 	.revision_min	= 0,
 	.revision_max	= 0,
 	.create		= bitmap_ip_create,
diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c
index 56096f5..81324c1 100644
--- a/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c
+++ b/kernel/net/netfilter/ipset/ip_set_bitmap_ipmac.c
@@ -543,7 +543,7 @@ init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map,
 	map->timeout = IPSET_NO_TIMEOUT;
 
 	set->data = map;
-	set->family = AF_INET;
+	set->family = NFPROTO_IPV4;
 
 	return true;
 }
@@ -623,7 +623,7 @@ static struct ip_set_type bitmap_ipmac_type = {
 	.protocol	= IPSET_PROTOCOL,
 	.features	= IPSET_TYPE_IP | IPSET_TYPE_MAC,
 	.dimension	= IPSET_DIM_TWO,
-	.family		= AF_INET,
+	.family		= NFPROTO_IPV4,
 	.revision_min	= 0,
 	.revision_max	= 0,
 	.create		= bitmap_ipmac_create,
diff --git a/kernel/net/netfilter/ipset/ip_set_bitmap_port.c b/kernel/net/netfilter/ipset/ip_set_bitmap_port.c
index 29ba93b..382ec28 100644
--- a/kernel/net/netfilter/ipset/ip_set_bitmap_port.c
+++ b/kernel/net/netfilter/ipset/ip_set_bitmap_port.c
@@ -422,7 +422,7 @@ init_map_port(struct ip_set *set, struct bitmap_port *map,
 	map->timeout = IPSET_NO_TIMEOUT;
 
 	set->data = map;
-	set->family = AF_UNSPEC;
+	set->family = NFPROTO_UNSPEC;
 
 	return true;
 }
@@ -483,7 +483,7 @@ static struct ip_set_type bitmap_port_type = {
 	.protocol	= IPSET_PROTOCOL,
 	.features	= IPSET_TYPE_PORT,
 	.dimension	= IPSET_DIM_ONE,
-	.family		= AF_UNSPEC,
+	.family		= NFPROTO_UNSPEC,
 	.revision_min	= 0,
 	.revision_max	= 0,
 	.create		= bitmap_port_create,
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index cb4abbb..1a01628 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -70,7 +70,7 @@ find_set_type(const char *name, u8 family, u8 revision)
 
 	list_for_each_entry_rcu(type, &ip_set_type_list, list)
 		if (STREQ(type->name, name) &&
-		    (type->family == family || type->family == AF_UNSPEC) &&
+		    (type->family == family || type->family == NFPROTO_UNSPEC) &&
 		    revision >= type->revision_min &&
 		    revision <= type->revision_max)
 			return type;
@@ -135,7 +135,7 @@ find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max)
 	rcu_read_lock();
 	list_for_each_entry_rcu(type, &ip_set_type_list, list)
 		if (STREQ(type->name, name) &&
-		    (type->family == family || type->family == AF_UNSPEC)) {
+		    (type->family == family || type->family == NFPROTO_UNSPEC)) {
 			found = true;
 			if (type->revision_min < *min)
 				*min = type->revision_min;
@@ -149,8 +149,8 @@ find_set_type_minmax(const char *name, u8 family, u8 *min, u8 *max)
 	return try_to_load_type(name);
 }
 
-#define family_name(f)	((f) == AF_INET ? "inet" : \
-			 (f) == AF_INET6 ? "inet6" : "any")
+#define family_name(f)	((f) == NFPROTO_IPV4 ? "inet" : \
+			 (f) == NFPROTO_IPV6 ? "inet6" : "any")
 
 /* Register a set type structure. The type is identified by
  * the unique triple of name, family and revision.
@@ -344,7 +344,7 @@ ip_set_test(ip_set_id_t index, const struct sk_buff *skb,
 	pr_debug("set %s, index %u\n", set->name, index);
 
 	if (opt->dim < set->type->dimension ||
-	    !(opt->family == set->family || set->family == AF_UNSPEC))
+	    !(opt->family == set->family || set->family == NFPROTO_UNSPEC))
 		return 0;
 
 	read_lock_bh(&set->lock);
@@ -377,7 +377,7 @@ ip_set_add(ip_set_id_t index, const struct sk_buff *skb,
 	pr_debug("set %s, index %u\n", set->name, index);
 
 	if (opt->dim < set->type->dimension ||
-	    !(opt->family == set->family || set->family == AF_UNSPEC))
+	    !(opt->family == set->family || set->family == NFPROTO_UNSPEC))
 		return 0;
 
 	write_lock_bh(&set->lock);
@@ -400,7 +400,7 @@ ip_set_del(ip_set_id_t index, const struct sk_buff *skb,
 	pr_debug("set %s, index %u\n", set->name, index);
 
 	if (opt->dim < set->type->dimension ||
-	    !(opt->family == set->family || set->family == AF_UNSPEC))
+	    !(opt->family == set->family || set->family == NFPROTO_UNSPEC))
 		return 0;
 
 	write_lock_bh(&set->lock);
@@ -565,7 +565,7 @@ start_msg(struct sk_buff *skb, u32 pid, u32 seq, unsigned int flags,
 		return NULL;
 
 	nfmsg = nlmsg_data(nlh);
-	nfmsg->nfgen_family = AF_INET;
+	nfmsg->nfgen_family = NFPROTO_IPV4;
 	nfmsg->version = NFNETLINK_V0;
 	nfmsg->res_id = 0;
 
diff --git a/kernel/net/netfilter/ipset/ip_set_getport.c b/kernel/net/netfilter/ipset/ip_set_getport.c
index 757143b..58ca4e1 100644
--- a/kernel/net/netfilter/ipset/ip_set_getport.c
+++ b/kernel/net/netfilter/ipset/ip_set_getport.c
@@ -133,10 +133,10 @@ ip_set_get_ip_port(const struct sk_buff *skb, u8 pf, bool src, __be16 *port)
 	u8 proto;
 
 	switch (pf) {
-	case AF_INET:
+	case NFPROTO_IPV4:
 		ret = ip_set_get_ip4_port(skb, src, port, &proto);
 		break;
-	case AF_INET6:
+	case NFPROTO_IPV6:
 		ret = ip_set_get_ip6_port(skb, src, port, &proto);
 		break;
 	default:
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ip.c b/kernel/net/netfilter/ipset/ip_set_hash_ip.c
index f2d576e..14a8628 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_ip.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ip.c
@@ -366,11 +366,11 @@ hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 	u8 netmask, hbits;
 	struct ip_set_hash *h;
 
-	if (!(set->family == AF_INET || set->family == AF_INET6))
+	if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
 		return -IPSET_ERR_INVALID_FAMILY;
-	netmask = set->family == AF_INET ? 32 : 128;
+	netmask = set->family == NFPROTO_IPV4 ? 32 : 128;
 	pr_debug("Create set %s with family %s\n",
-		 set->name, set->family == AF_INET ? "inet" : "inet6");
+		 set->name, set->family == NFPROTO_IPV4 ? "inet" : "inet6");
 
 	if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
 		     !ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) ||
@@ -389,8 +389,8 @@ hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 	if (tb[IPSET_ATTR_NETMASK]) {
 		netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]);
 
-		if ((set->family == AF_INET && netmask > 32) ||
-		    (set->family == AF_INET6 && netmask > 128) ||
+		if ((set->family == NFPROTO_IPV4 && netmask > 32) ||
+		    (set->family == NFPROTO_IPV6 && netmask > 128) ||
 		    netmask == 0)
 			return -IPSET_ERR_INVALID_NETMASK;
 	}
@@ -419,15 +419,15 @@ hash_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 	if (tb[IPSET_ATTR_TIMEOUT]) {
 		h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
 
-		set->variant = set->family == AF_INET
+		set->variant = set->family == NFPROTO_IPV4
 			? &hash_ip4_tvariant : &hash_ip6_tvariant;
 
-		if (set->family == AF_INET)
+		if (set->family == NFPROTO_IPV4)
 			hash_ip4_gc_init(set);
 		else
 			hash_ip6_gc_init(set);
 	} else {
-		set->variant = set->family == AF_INET
+		set->variant = set->family == NFPROTO_IPV4
 			? &hash_ip4_variant : &hash_ip6_variant;
 	}
 
@@ -443,7 +443,7 @@ static struct ip_set_type hash_ip_type __read_mostly = {
 	.protocol	= IPSET_PROTOCOL,
 	.features	= IPSET_TYPE_IP,
 	.dimension	= IPSET_DIM_ONE,
-	.family		= AF_UNSPEC,
+	.family		= NFPROTO_UNSPEC,
 	.revision_min	= 0,
 	.revision_max	= 0,
 	.create		= hash_ip_create,
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
index 6ee10f5..30a6273 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipport.c
@@ -450,7 +450,7 @@ hash_ipport_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 	u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
 	u8 hbits;
 
-	if (!(set->family == AF_INET || set->family == AF_INET6))
+	if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
 		return -IPSET_ERR_INVALID_FAMILY;
 
 	if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
@@ -490,15 +490,15 @@ hash_ipport_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 	if (tb[IPSET_ATTR_TIMEOUT]) {
 		h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
 
-		set->variant = set->family == AF_INET
+		set->variant = set->family == NFPROTO_IPV4
 			? &hash_ipport4_tvariant : &hash_ipport6_tvariant;
 
-		if (set->family == AF_INET)
+		if (set->family == NFPROTO_IPV4)
 			hash_ipport4_gc_init(set);
 		else
 			hash_ipport6_gc_init(set);
 	} else {
-		set->variant = set->family == AF_INET
+		set->variant = set->family == NFPROTO_IPV4
 			? &hash_ipport4_variant : &hash_ipport6_variant;
 	}
 
@@ -514,7 +514,7 @@ static struct ip_set_type hash_ipport_type __read_mostly = {
 	.protocol	= IPSET_PROTOCOL,
 	.features	= IPSET_TYPE_IP | IPSET_TYPE_PORT,
 	.dimension	= IPSET_DIM_TWO,
-	.family		= AF_UNSPEC,
+	.family		= NFPROTO_UNSPEC,
 	.revision_min	= 0,
 	.revision_max	= 1,	/* SCTP and UDPLITE support added */
 	.create		= hash_ipport_create,
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
index fb90e34..55de642 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportip.c
@@ -468,7 +468,7 @@ hash_ipportip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 	u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
 	u8 hbits;
 
-	if (!(set->family == AF_INET || set->family == AF_INET6))
+	if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
 		return -IPSET_ERR_INVALID_FAMILY;
 
 	if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
@@ -508,15 +508,15 @@ hash_ipportip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 	if (tb[IPSET_ATTR_TIMEOUT]) {
 		h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
 
-		set->variant = set->family == AF_INET
+		set->variant = set->family == NFPROTO_IPV4
 			? &hash_ipportip4_tvariant : &hash_ipportip6_tvariant;
 
-		if (set->family == AF_INET)
+		if (set->family == NFPROTO_IPV4)
 			hash_ipportip4_gc_init(set);
 		else
 			hash_ipportip6_gc_init(set);
 	} else {
-		set->variant = set->family == AF_INET
+		set->variant = set->family == NFPROTO_IPV4
 			? &hash_ipportip4_variant : &hash_ipportip6_variant;
 	}
 
@@ -532,7 +532,7 @@ static struct ip_set_type hash_ipportip_type __read_mostly = {
 	.protocol	= IPSET_PROTOCOL,
 	.features	= IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2,
 	.dimension	= IPSET_DIM_THREE,
-	.family		= AF_UNSPEC,
+	.family		= NFPROTO_UNSPEC,
 	.revision_min	= 0,
 	.revision_max	= 1,	/* SCTP and UDPLITE support added */
 	.create		= hash_ipportip_create,
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
index deb3e3d..6ee4f72 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_ipportnet.c
@@ -554,7 +554,7 @@ hash_ipportnet_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 	u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
 	u8 hbits;
 
-	if (!(set->family == AF_INET || set->family == AF_INET6))
+	if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
 		return -IPSET_ERR_INVALID_FAMILY;
 
 	if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
@@ -573,7 +573,7 @@ hash_ipportnet_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 
 	h = kzalloc(sizeof(*h)
 		    + sizeof(struct ip_set_hash_nets)
-		      * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+		      * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
 	if (!h)
 		return -ENOMEM;
 
@@ -596,16 +596,16 @@ hash_ipportnet_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 	if (tb[IPSET_ATTR_TIMEOUT]) {
 		h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
 
-		set->variant = set->family == AF_INET
+		set->variant = set->family == NFPROTO_IPV4
 			? &hash_ipportnet4_tvariant
 			: &hash_ipportnet6_tvariant;
 
-		if (set->family == AF_INET)
+		if (set->family == NFPROTO_IPV4)
 			hash_ipportnet4_gc_init(set);
 		else
 			hash_ipportnet6_gc_init(set);
 	} else {
-		set->variant = set->family == AF_INET
+		set->variant = set->family == NFPROTO_IPV4
 			? &hash_ipportnet4_variant : &hash_ipportnet6_variant;
 	}
 
@@ -621,7 +621,7 @@ static struct ip_set_type hash_ipportnet_type __read_mostly = {
 	.protocol	= IPSET_PROTOCOL,
 	.features	= IPSET_TYPE_IP | IPSET_TYPE_PORT | IPSET_TYPE_IP2,
 	.dimension	= IPSET_DIM_THREE,
-	.family		= AF_UNSPEC,
+	.family		= NFPROTO_UNSPEC,
 	.revision_min	= 0,
 	/*		  1	   SCTP and UDPLITE support added */
 	.revision_max	= 2,	/* Range as input support for IPv4 added */
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_net.c b/kernel/net/netfilter/ipset/ip_set_hash_net.c
index 60d0165..48e35ba 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_net.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_net.c
@@ -406,7 +406,7 @@ hash_net_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 	struct ip_set_hash *h;
 	u8 hbits;
 
-	if (!(set->family == AF_INET || set->family == AF_INET6))
+	if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
 		return -IPSET_ERR_INVALID_FAMILY;
 
 	if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
@@ -425,7 +425,7 @@ hash_net_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 
 	h = kzalloc(sizeof(*h)
 		    + sizeof(struct ip_set_hash_nets)
-		      * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+		      * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
 	if (!h)
 		return -ENOMEM;
 
@@ -448,15 +448,15 @@ hash_net_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 	if (tb[IPSET_ATTR_TIMEOUT]) {
 		h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
 
-		set->variant = set->family == AF_INET
+		set->variant = set->family == NFPROTO_IPV4
 			? &hash_net4_tvariant : &hash_net6_tvariant;
 
-		if (set->family == AF_INET)
+		if (set->family == NFPROTO_IPV4)
 			hash_net4_gc_init(set);
 		else
 			hash_net6_gc_init(set);
 	} else {
-		set->variant = set->family == AF_INET
+		set->variant = set->family == NFPROTO_IPV4
 			? &hash_net4_variant : &hash_net6_variant;
 	}
 
@@ -472,7 +472,7 @@ static struct ip_set_type hash_net_type __read_mostly = {
 	.protocol	= IPSET_PROTOCOL,
 	.features	= IPSET_TYPE_IP,
 	.dimension	= IPSET_DIM_ONE,
-	.family		= AF_UNSPEC,
+	.family		= NFPROTO_UNSPEC,
 	.revision_min	= 0,
 	.revision_max	= 1,	/* Range as input support for IPv4 added */
 	.create		= hash_net_create,
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
index e13095d..a9fb4af 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_netiface.c
@@ -678,7 +678,7 @@ hash_netiface_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 	u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
 	u8 hbits;
 
-	if (!(set->family == AF_INET || set->family == AF_INET6))
+	if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
 		return -IPSET_ERR_INVALID_FAMILY;
 
 	if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
@@ -697,7 +697,7 @@ hash_netiface_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 
 	h = kzalloc(sizeof(*h)
 		    + sizeof(struct ip_set_hash_nets)
-		      * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+		      * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
 	if (!h)
 		return -ENOMEM;
 
@@ -722,15 +722,15 @@ hash_netiface_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 	if (tb[IPSET_ATTR_TIMEOUT]) {
 		h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
 
-		set->variant = set->family == AF_INET
+		set->variant = set->family == NFPROTO_IPV4
 			? &hash_netiface4_tvariant : &hash_netiface6_tvariant;
 
-		if (set->family == AF_INET)
+		if (set->family == NFPROTO_IPV4)
 			hash_netiface4_gc_init(set);
 		else
 			hash_netiface6_gc_init(set);
 	} else {
-		set->variant = set->family == AF_INET
+		set->variant = set->family == NFPROTO_IPV4
 			? &hash_netiface4_variant : &hash_netiface6_variant;
 	}
 
@@ -746,7 +746,7 @@ static struct ip_set_type hash_netiface_type __read_mostly = {
 	.protocol	= IPSET_PROTOCOL,
 	.features	= IPSET_TYPE_IP | IPSET_TYPE_IFACE,
 	.dimension	= IPSET_DIM_TWO,
-	.family		= AF_UNSPEC,
+	.family		= NFPROTO_UNSPEC,
 	.revision_min	= 0,
 	.create		= hash_netiface_create,
 	.create_policy	= {
diff --git a/kernel/net/netfilter/ipset/ip_set_hash_netport.c b/kernel/net/netfilter/ipset/ip_set_hash_netport.c
index 8f9de72..1fcc102 100644
--- a/kernel/net/netfilter/ipset/ip_set_hash_netport.c
+++ b/kernel/net/netfilter/ipset/ip_set_hash_netport.c
@@ -507,7 +507,7 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 	u32 hashsize = IPSET_DEFAULT_HASHSIZE, maxelem = IPSET_DEFAULT_MAXELEM;
 	u8 hbits;
 
-	if (!(set->family == AF_INET || set->family == AF_INET6))
+	if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
 		return -IPSET_ERR_INVALID_FAMILY;
 
 	if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
@@ -526,7 +526,7 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 
 	h = kzalloc(sizeof(*h)
 		    + sizeof(struct ip_set_hash_nets)
-		      * (set->family == AF_INET ? 32 : 128), GFP_KERNEL);
+		      * (set->family == NFPROTO_IPV4 ? 32 : 128), GFP_KERNEL);
 	if (!h)
 		return -ENOMEM;
 
@@ -549,15 +549,15 @@ hash_netport_create(struct ip_set *set, struct nlattr *tb[], u32 flags)
 	if (tb[IPSET_ATTR_TIMEOUT]) {
 		h->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
 
-		set->variant = set->family == AF_INET
+		set->variant = set->family == NFPROTO_IPV4
 			? &hash_netport4_tvariant : &hash_netport6_tvariant;
 
-		if (set->family == AF_INET)
+		if (set->family == NFPROTO_IPV4)
 			hash_netport4_gc_init(set);
 		else
 			hash_netport6_gc_init(set);
 	} else {
-		set->variant = set->family == AF_INET
+		set->variant = set->family == NFPROTO_IPV4
 			? &hash_netport4_variant : &hash_netport6_variant;
 	}
 
@@ -573,7 +573,7 @@ static struct ip_set_type hash_netport_type __read_mostly = {
 	.protocol	= IPSET_PROTOCOL,
 	.features	= IPSET_TYPE_IP | IPSET_TYPE_PORT,
 	.dimension	= IPSET_DIM_TWO,
-	.family		= AF_UNSPEC,
+	.family		= NFPROTO_UNSPEC,
 	.revision_min	= 0,
 	/*		  1	   SCTP and UDPLITE support added */
 	.revision_max	= 2,	/* Range as input support for IPv4 added */
diff --git a/kernel/net/netfilter/ipset/ip_set_list_set.c b/kernel/net/netfilter/ipset/ip_set_list_set.c
index 4d10819..7e095f9 100644
--- a/kernel/net/netfilter/ipset/ip_set_list_set.c
+++ b/kernel/net/netfilter/ipset/ip_set_list_set.c
@@ -575,7 +575,7 @@ static struct ip_set_type list_set_type __read_mostly = {
 	.protocol	= IPSET_PROTOCOL,
 	.features	= IPSET_TYPE_NAME | IPSET_DUMP_LAST,
 	.dimension	= IPSET_DIM_ONE,
-	.family		= AF_UNSPEC,
+	.family		= NFPROTO_UNSPEC,
 	.revision_min	= 0,
 	.revision_max	= 0,
 	.create		= list_set_create,
diff --git a/lib/data.c b/lib/data.c
index dfae6aa..0210b7b 100644
--- a/lib/data.c
+++ b/lib/data.c
@@ -8,7 +8,6 @@
 #include <arpa/inet.h>				/* ntoh* */
 #include <net/ethernet.h>			/* ETH_ALEN */
 #include <net/if.h>				/* IFNAMSIZ */
-#include <sys/socket.h>				/* AF_ */
 #include <stdlib.h>				/* malloc, free */
 #include <string.h>				/* memset */
 
@@ -81,7 +80,7 @@ struct ipset_data {
 static void
 copy_addr(uint8_t family, union nf_inet_addr *ip, const void *value)
 {
-	if (family == AF_INET)
+	if (family == NFPROTO_IPV4)
 		in4cpy(&ip->in, value);
 	else
 		in6cpy(&ip->in6, value);
@@ -213,12 +212,12 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value)
 		break;
 	/* CADT options */
 	case IPSET_OPT_IP:
-		if (!(data->family == AF_INET || data->family == AF_INET6))
+		if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
 			return -1;
 		copy_addr(data->family, &data->ip, value);
 		break;
 	case IPSET_OPT_IP_TO:
-		if (!(data->family == AF_INET || data->family == AF_INET6))
+		if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
 			return -1;
 		copy_addr(data->family, &data->ip_to, value);
 		break;
@@ -288,12 +287,12 @@ ipset_data_set(struct ipset_data *data, enum ipset_opt opt, const void *value)
 		ipset_strlcpy(data->adt.nameref, value, IPSET_MAXNAMELEN);
 		break;
 	case IPSET_OPT_IP2:
-		if (!(data->family == AF_INET || data->family == AF_INET6))
+		if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
 			return -1;
 		copy_addr(data->family, &data->adt.ip2, value);
 		break;
 	case IPSET_OPT_IP2_TO:
-		if (!(data->family == AF_INET || data->family == AF_INET6))
+		if (!(data->family == NFPROTO_IPV4 || data->family == NFPROTO_IPV6))
 			return -1;
 		copy_addr(data->family, &data->adt.ip2_to, value);
 		break;
@@ -456,7 +455,7 @@ ipset_data_sizeof(enum ipset_opt opt, uint8_t family)
 	case IPSET_OPT_IP_TO:
 	case IPSET_OPT_IP2:
 	case IPSET_OPT_IP2_TO:
-		return family == AF_INET ? sizeof(uint32_t)
+		return family == NFPROTO_IPV4 ? sizeof(uint32_t)
 					 : sizeof(struct in6_addr);
 	case IPSET_OPT_PORT:
 	case IPSET_OPT_PORT_TO:
@@ -511,14 +510,14 @@ ipset_data_setname(const struct ipset_data *data)
  * @data: data blob
  *
  * Return the INET family supported by the set from the data blob.
- * If the family is not set yet, AF_UNSPEC is returned.
+ * If the family is not set yet, NFPROTO_UNSPEC is returned.
  */
 uint8_t
 ipset_data_family(const struct ipset_data *data)
 {
 	assert(data);
 	return ipset_data_test(data, IPSET_OPT_FAMILY)
-		? data->family : AF_UNSPEC;
+		? data->family : NFPROTO_UNSPEC;
 }
 
 /**
@@ -534,8 +533,8 @@ ipset_data_cidr(const struct ipset_data *data)
 {
 	assert(data);
 	return ipset_data_test(data, IPSET_OPT_CIDR) ? data->cidr :
-	       data->family == AF_INET ? 32 :
-	       data->family == AF_INET6 ? 128 : 0;
+	       data->family == NFPROTO_IPV4 ? 32 :
+	       data->family == NFPROTO_IPV6 ? 128 : 0;
 }
 
 /**
diff --git a/lib/debug.c b/lib/debug.c
index 931b0c1..486d910 100644
--- a/lib/debug.c
+++ b/lib/debug.c
@@ -116,14 +116,14 @@ debug_cadt_attrs(int max, const struct ipset_attr_policy *policy,
 				d = mnl_attr_get_payload(
 					ipattr[IPSET_ATTR_IPADDR_IPV4]);
 
-				inet_ntop(AF_INET, d, addr, INET6_ADDRSTRLEN);
+				inet_ntop(NFPROTO_IPV4, d, addr, INET6_ADDRSTRLEN);
 				fprintf(stderr, "\t\t%s: %s\n",
 					attr2name[i].name, addr);
 			} else if (ipattr[IPSET_ATTR_IPADDR_IPV6]) {
 				d = mnl_attr_get_payload(
 					ipattr[IPSET_ATTR_IPADDR_IPV6]);
 
-				inet_ntop(AF_INET6, d, addr, INET6_ADDRSTRLEN);
+				inet_ntop(NFPROTO_IPV6, d, addr, INET6_ADDRSTRLEN);
 				fprintf(stderr, "\t\t%s: %s\n",
 					attr2name[i].name, addr);
 			}
diff --git a/lib/parse.c b/lib/parse.c
index 2bb0601..b13b4d6 100644
--- a/lib/parse.c
+++ b/lib/parse.c
@@ -511,7 +511,7 @@ ipset_parse_proto_port(struct ipset_session *session,
 			tmp = a;
 			goto parse_port;
 		case IPPROTO_ICMP:
-			if (family != AF_INET) {
+			if (family != NFPROTO_IPV4) {
 				syntax_err("Protocol ICMP can be used "
 					   "with family INET only");
 				goto error;
@@ -519,7 +519,7 @@ ipset_parse_proto_port(struct ipset_session *session,
 			err = ipset_parse_icmp(session, opt, a);
 			break;
 		case IPPROTO_ICMPV6:
-			if (family != AF_INET6) {
+			if (family != NFPROTO_IPV6) {
 				syntax_err("Protocol ICMPv6 can be used "
 					   "with family INET6 only");
 				goto error;
@@ -577,11 +577,11 @@ ipset_parse_family(struct ipset_session *session,
 			   "multiple times");
 
 	if (STREQ(str, "inet") || STREQ(str, "ipv4") || STREQ(str, "-4"))
-		family = AF_INET;
+		family = NFPROTO_IPV4;
 	else if (STREQ(str, "inet6") || STREQ(str, "ipv6") || STREQ(str, "-6"))
-		family = AF_INET6;
+		family = NFPROTO_IPV6;
 	else if (STREQ(str, "any") || STREQ(str, "unspec"))
-		family = AF_UNSPEC;
+		family = NFPROTO_UNSPEC;
 	else
 		return syntax_err("unknown INET family %s", str);
 
@@ -610,7 +610,7 @@ call_getaddrinfo(struct ipset_session *session, const char *str,
 
 	if ((err = getaddrinfo(str, NULL, &hints, &res)) != 0) {
 		syntax_err("cannot resolve '%s' to an %s address: %s",
-			   str, family == AF_INET6 ? "IPv6" : "IPv4",
+			   str, family == NFPROTO_IPV6 ? "IPv6" : "IPv4",
 			   gai_strerror(err));
 		return NULL;
 	} else
@@ -625,13 +625,13 @@ get_addrinfo(struct ipset_session *session,
 	     uint8_t family)
 {
 	struct addrinfo *i;
-	size_t addrlen = family == AF_INET ? sizeof(struct sockaddr_in)
+	size_t addrlen = family == NFPROTO_IPV4 ? sizeof(struct sockaddr_in)
 					   : sizeof(struct sockaddr_in6);
 	int found, err = 0;
 
 	if ((*info = call_getaddrinfo(session, str, family)) == NULL) {
 		syntax_err("cannot parse %s: resolving to %s address failed",
-			   str, family == AF_INET ? "IPv4" : "IPv6");
+			   str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6");
 		return EINVAL;
 	}
 
@@ -639,7 +639,7 @@ get_addrinfo(struct ipset_session *session,
 		if (i->ai_family != family || i->ai_addrlen != addrlen)
 			continue;
 		if (found == 0) {
-			if (family == AF_INET) {
+			if (family == NFPROTO_IPV4) {
 				/* Workaround: direct cast increases
 				 * required alignment on Sparc
 				 */
@@ -668,7 +668,7 @@ get_addrinfo(struct ipset_session *session,
 	if (found == 0)
 		return syntax_err("cannot parse %s: "
 				  "%s address could not be resolved",
-				  str, family == AF_INET ? "IPv4" : "IPv6");
+				  str, family == NFPROTO_IPV4 ? "IPv4" : "IPv6");
 	return err;
 }
 
@@ -677,7 +677,7 @@ parse_ipaddr(struct ipset_session *session,
 	     enum ipset_opt opt, const char *str,
 	     uint8_t family)
 {
-	uint8_t m = family == AF_INET ? 32 : 128;
+	uint8_t m = family == NFPROTO_IPV4 ? 32 : 128;
 	int aerr = EINVAL, err = 0, range = 0;
 	char *saved = strdup(str);
 	char *a, *tmp = saved;
@@ -737,7 +737,7 @@ cidr_hostaddr(const char *str, uint8_t family)
 {
 	char *a = cidr_separator(str);
 
-	return family == AF_INET ? STREQ(a, "/32") : STREQ(a, "/128");
+	return family == NFPROTO_IPV4 ? STREQ(a, "/32") : STREQ(a, "/128");
 }
 
 static int
@@ -747,8 +747,8 @@ parse_ip(struct ipset_session *session,
 	struct ipset_data *data = ipset_session_data(session);
 	uint8_t family = ipset_data_family(data);
 
-	if (family == AF_UNSPEC) {
-		family = AF_INET;
+	if (family == NFPROTO_UNSPEC) {
+		family = NFPROTO_IPV4;
 		ipset_data_set(data, IPSET_OPT_FAMILY, &family);
 	}
 
@@ -985,12 +985,12 @@ ipset_parse_ip4_single6(struct ipset_session *session,
 	data = ipset_session_data(session);
 	family = ipset_data_family(data);
 
-	if (family == AF_UNSPEC) {
-		family = AF_INET;
+	if (family == NFPROTO_UNSPEC) {
+		family = NFPROTO_IPV4;
 		ipset_data_set(data, IPSET_OPT_FAMILY, &family);
 	}
 
-	return family == AF_INET ? ipset_parse_ip(session, opt, str)
+	return family == NFPROTO_IPV4 ? ipset_parse_ip(session, opt, str)
 				 : ipset_parse_single_ip(session, opt, str);
 
 }
@@ -1025,12 +1025,12 @@ ipset_parse_ip4_net6(struct ipset_session *session,
 	data = ipset_session_data(session);
 	family = ipset_data_family(data);
 
-	if (family == AF_UNSPEC) {
-		family = AF_INET;
+	if (family == NFPROTO_UNSPEC) {
+		family = NFPROTO_IPV4;
 		ipset_data_set(data, IPSET_OPT_FAMILY, &family);
 	}
 
-	return family == AF_INET ? parse_ip(session, opt, str, IPADDR_ANY)
+	return family == NFPROTO_IPV4 ? parse_ip(session, opt, str, IPADDR_ANY)
 				 : ipset_parse_ipnet(session, opt, str);
 
 }
@@ -1330,21 +1330,21 @@ ipset_parse_netmask(struct ipset_session *session,
 
 	data = ipset_session_data(session);
 	family = ipset_data_family(data);
-	if (family == AF_UNSPEC) {
-		family = AF_INET;
+	if (family == NFPROTO_UNSPEC) {
+		family = NFPROTO_IPV4;
 		ipset_data_set(data, IPSET_OPT_FAMILY, &family);
 	}
 
 	err = string_to_cidr(session, str,
-			     family == AF_INET ? 1 : 4,
-			     family == AF_INET ? 31 : 124,
+			     family == NFPROTO_IPV4 ? 1 : 4,
+			     family == NFPROTO_IPV4 ? 31 : 124,
 			     &cidr);
 
 	if (err)
 		return syntax_err("netmask is out of the inclusive range "
 				  "of %u-%u",
-				  family == AF_INET ? 1 : 4,
-				  family == AF_INET ? 31 : 124);
+				  family == NFPROTO_IPV4 ? 1 : 4,
+				  family == NFPROTO_IPV4 ? 31 : 124);
 
 	return ipset_data_set(data, opt, &cidr);
 }
diff --git a/lib/print.c b/lib/print.c
index 6452ab5..d7f99a4 100644
--- a/lib/print.c
+++ b/lib/print.c
@@ -152,7 +152,7 @@ __getnameinfo4(char *buf, unsigned int len,
 
 	memset(&saddr, 0, sizeof(saddr));
 	in4cpy(&saddr.sin_addr, &addr->in);
-	saddr.sin_family = AF_INET;
+	saddr.sin_family = NFPROTO_IPV4;
 
 	err = getnameinfo((const struct sockaddr *)&saddr,
 			  sizeof(saddr),
@@ -178,7 +178,7 @@ __getnameinfo6(char *buf, unsigned int len,
 
 	memset(&saddr, 0, sizeof(saddr));
 	in6cpy(&saddr.sin6_addr, &addr->in6);
-	saddr.sin6_family = AF_INET6;
+	saddr.sin6_family = NFPROTO_IPV6;
 
 	err = getnameinfo((const struct sockaddr *)&saddr,
 			  sizeof(saddr),
@@ -253,14 +253,14 @@ ipset_print_ip(char *buf, unsigned int len,
 		cidr = *(const uint8_t *) ipset_data_get(data, cidropt);
 		D("CIDR: %u", cidr);
 	} else
-		cidr = family == AF_INET6 ? 128 : 32;
+		cidr = family == NFPROTO_IPV6 ? 128 : 32;
 	flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST;
 
 	ip = ipset_data_get(data, opt);
 	assert(ip);
-	if (family == AF_INET)
+	if (family == NFPROTO_IPV4)
 		size = snprintf_ipv4(buf, len, flags, ip, cidr);
-	else if (family == AF_INET6)
+	else if (family == NFPROTO_IPV6)
 		size = snprintf_ipv6(buf, len, flags, ip, cidr);
 	else
 		return -1;
@@ -275,9 +275,9 @@ ipset_print_ip(char *buf, unsigned int len,
 	SNPRINTF_FAILURE(size, len, offset);
 
 	ip = ipset_data_get(data, IPSET_OPT_IP_TO);
-	if (family == AF_INET)
+	if (family == NFPROTO_IPV4)
 		size = snprintf_ipv4(buf + offset, len, flags, ip, cidr);
-	else if (family == AF_INET6)
+	else if (family == NFPROTO_IPV6)
 		size = snprintf_ipv6(buf + offset, len, flags, ip, cidr);
 	else
 		return -1;
@@ -320,14 +320,14 @@ ipset_print_ipaddr(char *buf, unsigned int len,
 	if (ipset_data_test(data, cidropt))
 		cidr = *(const uint8_t *) ipset_data_get(data, cidropt);
 	else
-		cidr = family == AF_INET6 ? 128 : 32;
+		cidr = family == NFPROTO_IPV6 ? 128 : 32;
 	flags = (env & IPSET_ENV_RESOLVE) ? 0 : NI_NUMERICHOST;
 
 	ip = ipset_data_get(data, opt);
 	assert(ip);
-	if (family == AF_INET)
+	if (family == NFPROTO_IPV4)
 		return snprintf_ipv4(buf, len, flags, ip, cidr);
-	else if (family == AF_INET6)
+	else if (family == NFPROTO_IPV6)
 		return snprintf_ipv6(buf, len, flags, ip, cidr);
 
 	return -1;
diff --git a/lib/session.c b/lib/session.c
index 9e36efd..472b974 100644
--- a/lib/session.c
+++ b/lib/session.c
@@ -568,7 +568,7 @@ attr2data(struct ipset_session *session, struct nlattr *nla[],
 
 		/* Validate by hand */
 		switch (family) {
-		case AF_INET:
+		case NFPROTO_IPV4:
 			atype = IPSET_ATTR_IPADDR_IPV4;
 			if (!ipattr[atype])
 				FAILURE("Broken kernel message: IPv4 address "
@@ -578,7 +578,7 @@ attr2data(struct ipset_session *session, struct nlattr *nla[],
 					"cannot validate IPv4 "
 					"address attribute!");
 			break;
-		case AF_INET6:
+		case NFPROTO_IPV6:
 			atype = IPSET_ATTR_IPADDR_IPV6;
 			if (!ipattr[atype])
 				FAILURE("Broken kernel message: IPv6 address "
@@ -814,8 +814,8 @@ list_adt(struct ipset_session *session, struct nlattr *nla[])
 }
 
 #define FAMILY_TO_STR(f)		\
-	((f) == AF_INET ? "inet" :	\
-	 (f) == AF_INET6 ? "inet6" : "any")
+	((f) == NFPROTO_IPV4 ? "inet" :	\
+	 (f) == NFPROTO_IPV6 ? "inet6" : "any")
 
 static int
 list_create(struct ipset_session *session, struct nlattr *nla[])
@@ -1413,7 +1413,7 @@ attr_len(const struct ipset_attr_policy *attr, uint8_t family, uint16_t *flags)
 			return attr->len;
 
 		*flags = NLA_F_NET_BYTEORDER;
-		return family == AF_INET ? sizeof(uint32_t)
+		return family == NFPROTO_IPV4 ? sizeof(uint32_t)
 					 : sizeof(struct in6_addr);
 	case MNL_TYPE_U32:
 		*flags = NLA_F_NET_BYTEORDER;
@@ -1446,7 +1446,7 @@ rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh,
 	if (attr->type == MNL_TYPE_NESTED) {
 		/* IP addresses */
 		struct nlattr *nested;
-		int atype = family == AF_INET ? IPSET_ATTR_IPADDR_IPV4
+		int atype = family == NFPROTO_IPV4 ? IPSET_ATTR_IPADDR_IPV4
 					      : IPSET_ATTR_IPADDR_IPV6;
 
 		alen = attr_len(attr, family, &flags);
@@ -1454,8 +1454,8 @@ rawdata2attr(struct ipset_session *session, struct nlmsghdr *nlh,
 				MNL_ATTR_HDRLEN, alen))
 			return 1;
 		nested = mnl_attr_nest_start(nlh, type);
-		D("family: %s", family == AF_INET ? "INET" :
-				family == AF_INET6 ? "INET6" : "UNSPEC");
+		D("family: %s", family == NFPROTO_IPV4 ? "INET" :
+				family == NFPROTO_IPV6 ? "INET6" : "UNSPEC");
 		mnl_attr_put(nlh, atype | flags, alen, d);
 		mnl_attr_nest_end(nlh, nested);
 
@@ -1509,14 +1509,14 @@ data2attr(struct ipset_session *session, struct nlmsghdr *nlh,
 	data2attr(session, nlh, data, type, family, attrs)
 
 #define ADDATTR_SETNAME(session, nlh, data)				\
-	data2attr(session, nlh, data, IPSET_ATTR_SETNAME, AF_INET, cmd_attrs)
+	data2attr(session, nlh, data, IPSET_ATTR_SETNAME, NFPROTO_IPV4, cmd_attrs)
 
 #define ADDATTR_IF(session, nlh, data, type, family, attrs)		\
 	ipset_data_test(data, attrs[type].opt) ?			\
 		data2attr(session, nlh, data, type, family, attrs) : 0
 
 #define ADDATTR_RAW(session, nlh, data, type, attrs)			\
-	rawdata2attr(session, nlh, data, type, AF_INET, attrs)
+	rawdata2attr(session, nlh, data, type, NFPROTO_IPV4, attrs)
 
 static void
 addattr_create(struct ipset_session *session,
@@ -1572,13 +1572,13 @@ build_send_private_msg(struct ipset_session *session, enum ipset_cmd cmd)
 				"Invalid internal TYPE command: "
 				"missing settype");
 		ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME,
-			AF_INET, cmd_attrs);
+			NFPROTO_IPV4, cmd_attrs);
 		if (ipset_data_test(data, IPSET_OPT_FAMILY))
 			ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY,
-				AF_INET, cmd_attrs);
+				NFPROTO_IPV4, cmd_attrs);
 		else
 			/* bitmap:port and list:set types */
-			mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC);
+			mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC);
 		break;
 	default:
 		return ipset_err(session, "Internal error: "
@@ -1638,17 +1638,17 @@ build_msg(struct ipset_session *session, bool aggregate)
 		 * setname, typename, revision, family, flags (optional) */
 		ADDATTR_SETNAME(session, nlh, data);
 		ADDATTR(session, nlh, data, IPSET_ATTR_TYPENAME,
-			AF_INET, cmd_attrs);
+			NFPROTO_IPV4, cmd_attrs);
 		ADDATTR_RAW(session, nlh, &type->revision,
 			    IPSET_ATTR_REVISION, cmd_attrs);
 		D("family: %u, type family %u",
 		  ipset_data_family(data), type->family);
 		if (ipset_data_test(data, IPSET_OPT_FAMILY))
 			ADDATTR(session, nlh, data, IPSET_ATTR_FAMILY,
-				AF_INET, cmd_attrs);
+				NFPROTO_IPV4, cmd_attrs);
 		else
 			/* bitmap:port and list:set types */
-			mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, AF_UNSPEC);
+			mnl_attr_put_u8(nlh, IPSET_ATTR_FAMILY, NFPROTO_UNSPEC);
 
 		/* Type-specific create attributes */
 		D("call open_nested");
@@ -1675,7 +1675,7 @@ build_msg(struct ipset_session *session, bool aggregate)
 			ADDATTR_SETNAME(session, nlh, data);
 		if (flags && session->mode != IPSET_LIST_SAVE) {
 			ipset_data_set(data, IPSET_OPT_FLAGS, &flags);
-			ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, AF_INET,
+			ADDATTR(session, nlh, data, IPSET_ATTR_FLAGS, NFPROTO_IPV4,
 				cmd_attrs);
 		}
 		break;
diff --git a/lib/types.c b/lib/types.c
index 7c16a30..2048568 100644
--- a/lib/types.c
+++ b/lib/types.c
@@ -173,7 +173,7 @@ ipset_cache_swap(const char *from, const char *to)
 }
 
 #define MATCH_FAMILY(type, f)	\
-	(f == AF_UNSPEC || type->family == f || type->family == AF_INET46)
+	(f == NFPROTO_UNSPEC || type->family == f || type->family == NFPROTO_X_IPV46)
 
 bool
 ipset_match_typename(const char *name, const struct ipset_type *type)
@@ -227,8 +227,8 @@ create_type_get(struct ipset_session *session)
 				    typename);
 
 	/* Family is unspecified yet: set from matching set type */
-	if (family == AF_UNSPEC && match->family != AF_UNSPEC) {
-		family = match->family == AF_INET46 ? AF_INET : match->family;
+	if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC) {
+		family = match->family == NFPROTO_X_IPV46 ? NFPROTO_IPV4 : match->family;
 		ipset_data_set(data, IPSET_OPT_FAMILY, &family);
 	}
 
@@ -254,8 +254,8 @@ create_type_get(struct ipset_session *session)
 				"with maximal revision %u.\n"
 				"You need to upgrade your ipset program.",
 				typename,
-				family == AF_INET ? "INET" :
-				family == AF_INET6 ? "INET6" : "UNSPEC",
+				family == NFPROTO_IPV4 ? "INET" :
+				family == NFPROTO_IPV6 ? "INET6" : "UNSPEC",
 				kmin, tmax);
 		else
 			return ipset_errptr(session,
@@ -264,8 +264,8 @@ create_type_get(struct ipset_session *session)
 				"with minimal revision %u.\n"
 				"You need to upgrade your kernel.",
 				typename,
-				family == AF_INET ? "INET" :
-				family == AF_INET6 ? "INET6" : "UNSPEC",
+				family == NFPROTO_IPV4 ? "INET" :
+				family == NFPROTO_IPV6 ? "INET6" : "UNSPEC",
 				kmax, tmin);
 	}
 
@@ -290,8 +290,8 @@ found:
 }
 
 #define set_family_and_type(data, match, family) do {		\
-	if (family == AF_UNSPEC && match->family != AF_UNSPEC)	\
-		family = match->family == AF_INET46 ? AF_INET : match->family;\
+	if (family == NFPROTO_UNSPEC && match->family != NFPROTO_UNSPEC)	\
+		family = match->family == NFPROTO_X_IPV46 ? NFPROTO_IPV4 : match->family;\
 	ipset_data_set(data, IPSET_OPT_FAMILY, &family);	\
 	ipset_data_set(data, IPSET_OPT_TYPE, match);		\
 } while (0)
@@ -306,7 +306,7 @@ adt_type_get(struct ipset_session *session)
 	const struct ipset_type *match;
 	const char *setname, *typename;
 	const uint8_t *revision;
-	uint8_t family = AF_UNSPEC;
+	uint8_t family = NFPROTO_UNSPEC;
 	int ret;
 
 	data = ipset_session_data(session);
@@ -352,8 +352,8 @@ adt_type_get(struct ipset_session *session)
 				    "ipset library does not support the "
 				    "settype with that family and revision.",
 				    setname, typename,
-				    family == AF_INET ? "inet" :
-				    family == AF_INET6 ? "inet6" : "unspec",
+				    family == NFPROTO_IPV4 ? "inet" :
+				    family == NFPROTO_IPV6 ? "inet6" : "unspec",
 				    *revision);
 
 	set_family_and_type(data, match, family);
@@ -409,7 +409,7 @@ ipset_type_check(struct ipset_session *session)
 	const struct ipset_type *t, *match = NULL;
 	struct ipset_data *data;
 	const char *typename;
-	uint8_t family = AF_UNSPEC, revision;
+	uint8_t family = NFPROTO_UNSPEC, revision;
 
 	assert(session);
 	data = ipset_session_data(session);
diff --git a/src/ipset.c b/src/ipset.c
index 358befe..d68b446 100644
--- a/src/ipset.c
+++ b/src/ipset.c
@@ -324,9 +324,9 @@ static const char *
 session_family(void)
 {
 	switch (ipset_data_family(ipset_session_data(session))) {
-	case AF_INET:
+	case NFPROTO_IPV4:
 		return "inet";
-	case AF_INET6:
+	case NFPROTO_IPV6:
 		return "inet6";
 	default:
 		return "unspec";
@@ -581,10 +581,10 @@ parse_commandline(int argc, char *argv[])
 				       type->name, type->usage);
 				if (type->usagefn)
 					type->usagefn();
-				if (type->family == AF_UNSPEC)
+				if (type->family == NFPROTO_UNSPEC)
 					printf("\nType %s is family neutral.\n",
 					       type->name);
-				else if (type->family == AF_INET46)
+				else if (type->family == NFPROTO_X_IPV46)
 					printf("\nType %s supports INET "
 					       "and INET6.\n",
 					       type->name);
@@ -592,7 +592,7 @@ parse_commandline(int argc, char *argv[])
 					printf("\nType %s supports family "
 					       "%s only.\n",
 					       type->name,
-					       type->family == AF_INET
+					       type->family == NFPROTO_IPV4
 						? "INET" : "INET6");
 			} else {
 				printf("\nSupported set types:\n");
diff --git a/src/ipset_bitmap_ip.c b/src/ipset_bitmap_ip.c
index e73bc7c..890b0dc 100644
--- a/src/ipset_bitmap_ip.c
+++ b/src/ipset_bitmap_ip.c
@@ -60,7 +60,7 @@ struct ipset_type ipset_bitmap_ip0 = {
 	.name = "bitmap:ip",
 	.alias = { "ipmap", NULL },
 	.revision = 0,
-	.family = AF_INET,
+	.family = NFPROTO_IPV4,
 	.dimension = IPSET_DIM_ONE,
 	.elem = {
 		[IPSET_DIM_ONE] = {
diff --git a/src/ipset_bitmap_ipmac.c b/src/ipset_bitmap_ipmac.c
index f47f25d..385f2a8 100644
--- a/src/ipset_bitmap_ipmac.c
+++ b/src/ipset_bitmap_ipmac.c
@@ -57,7 +57,7 @@ struct ipset_type ipset_bitmap_ipmac0 = {
 	.name = "bitmap:ip,mac",
 	.alias = { "macipmap", NULL },
 	.revision = 0,
-	.family = AF_INET,
+	.family = NFPROTO_IPV4,
 	.dimension = IPSET_DIM_TWO,
 	.last_elem_optional = true,
 	.elem = {
diff --git a/src/ipset_bitmap_port.c b/src/ipset_bitmap_port.c
index c8c6e1f..d9b4cd8 100644
--- a/src/ipset_bitmap_port.c
+++ b/src/ipset_bitmap_port.c
@@ -51,7 +51,7 @@ struct ipset_type ipset_bitmap_port0 = {
 	.name = "bitmap:port",
 	.alias = { "portmap", NULL },
 	.revision = 0,
-	.family = AF_UNSPEC,
+	.family = NFPROTO_UNSPEC,
 	.dimension = IPSET_DIM_ONE,
 	.elem = {
 		[IPSET_DIM_ONE] = {
diff --git a/src/ipset_hash_ip.c b/src/ipset_hash_ip.c
index 315804a..88bba80 100644
--- a/src/ipset_hash_ip.c
+++ b/src/ipset_hash_ip.c
@@ -83,7 +83,7 @@ struct ipset_type ipset_hash_ip0 = {
 	.name = "hash:ip",
 	.alias = { "iphash", NULL },
 	.revision = 0,
-	.family = AF_INET46,
+	.family = NFPROTO_X_IPV46,
 	.dimension = IPSET_DIM_ONE,
 	.elem = {
 		[IPSET_DIM_ONE] = {
diff --git a/src/ipset_hash_ipport.c b/src/ipset_hash_ipport.c
index b5bd41b..8fd152c 100644
--- a/src/ipset_hash_ipport.c
+++ b/src/ipset_hash_ipport.c
@@ -89,7 +89,7 @@ struct ipset_type ipset_hash_ipport1 = {
 	.name = "hash:ip,port",
 	.alias = { "ipporthash", NULL },
 	.revision = 1,
-	.family = AF_INET46,
+	.family = NFPROTO_X_IPV46,
 	.dimension = IPSET_DIM_TWO,
 	.elem = {
 		[IPSET_DIM_ONE] = {
diff --git a/src/ipset_hash_ipportip.c b/src/ipset_hash_ipportip.c
index b27cebf..bf77fbd 100644
--- a/src/ipset_hash_ipportip.c
+++ b/src/ipset_hash_ipportip.c
@@ -89,7 +89,7 @@ struct ipset_type ipset_hash_ipportip1 = {
 	.name = "hash:ip,port,ip",
 	.alias = { "ipportiphash", NULL },
 	.revision = 1,
-	.family = AF_INET46,
+	.family = NFPROTO_X_IPV46,
 	.dimension = IPSET_DIM_THREE,
 	.elem = {
 		[IPSET_DIM_ONE] = {
diff --git a/src/ipset_hash_ipportnet.c b/src/ipset_hash_ipportnet.c
index ecab191..47fd013 100644
--- a/src/ipset_hash_ipportnet.c
+++ b/src/ipset_hash_ipportnet.c
@@ -90,7 +90,7 @@ struct ipset_type ipset_hash_ipportnet1 = {
 	.name = "hash:ip,port,net",
 	.alias = { "ipportnethash", NULL },
 	.revision = 1,
-	.family = AF_INET46,
+	.family = NFPROTO_X_IPV46,
 	.dimension = IPSET_DIM_THREE,
 	.elem = {
 		[IPSET_DIM_ONE] = {
@@ -180,7 +180,7 @@ struct ipset_type ipset_hash_ipportnet2 = {
 	.name = "hash:ip,port,net",
 	.alias = { "ipportnethash", NULL },
 	.revision = 2,
-	.family = AF_INET46,
+	.family = NFPROTO_X_IPV46,
 	.dimension = IPSET_DIM_THREE,
 	.elem = {
 		[IPSET_DIM_ONE] = {
diff --git a/src/ipset_hash_net.c b/src/ipset_hash_net.c
index 665c398..f799987 100644
--- a/src/ipset_hash_net.c
+++ b/src/ipset_hash_net.c
@@ -73,7 +73,7 @@ struct ipset_type ipset_hash_net0 = {
 	.name = "hash:net",
 	.alias = { "nethash", NULL },
 	.revision = 0,
-	.family = AF_INET46,
+	.family = NFPROTO_X_IPV46,
 	.dimension = IPSET_DIM_ONE,
 	.elem = {
 		[IPSET_DIM_ONE] = {
@@ -125,7 +125,7 @@ struct ipset_type ipset_hash_net1 = {
 	.name = "hash:net",
 	.alias = { "nethash", NULL },
 	.revision = 1,
-	.family = AF_INET46,
+	.family = NFPROTO_X_IPV46,
 	.dimension = IPSET_DIM_ONE,
 	.elem = {
 		[IPSET_DIM_ONE] = {
diff --git a/src/ipset_hash_netiface.c b/src/ipset_hash_netiface.c
index 2fbe27d..b31e30d 100644
--- a/src/ipset_hash_netiface.c
+++ b/src/ipset_hash_netiface.c
@@ -66,7 +66,7 @@ struct ipset_type ipset_hash_netiface0 = {
 	.name = "hash:net,iface",
 	.alias = { "netifacehash", NULL },
 	.revision = 0,
-	.family = AF_INET46,
+	.family = NFPROTO_X_IPV46,
 	.dimension = IPSET_DIM_TWO,
 	.elem = {
 		[IPSET_DIM_ONE] = {
diff --git a/src/ipset_hash_netport.c b/src/ipset_hash_netport.c
index 480dd84..83bd631 100644
--- a/src/ipset_hash_netport.c
+++ b/src/ipset_hash_netport.c
@@ -67,7 +67,7 @@ struct ipset_type ipset_hash_netport1 = {
 	.name = "hash:net,port",
 	.alias = { "netporthash", NULL },
 	.revision = 1,
-	.family = AF_INET46,
+	.family = NFPROTO_X_IPV46,
 	.dimension = IPSET_DIM_TWO,
 	.elem = {
 		[IPSET_DIM_ONE] = {
@@ -141,7 +141,7 @@ struct ipset_type ipset_hash_netport2 = {
 	.name = "hash:net,port",
 	.alias = { "netporthash", NULL },
 	.revision = 2,
-	.family = AF_INET46,
+	.family = NFPROTO_X_IPV46,
 	.dimension = IPSET_DIM_TWO,
 	.elem = {
 		[IPSET_DIM_ONE] = {
diff --git a/src/ipset_list_set.c b/src/ipset_list_set.c
index f3fa6df..8f813d6 100644
--- a/src/ipset_list_set.c
+++ b/src/ipset_list_set.c
@@ -50,7 +50,7 @@ struct ipset_type ipset_list_set0 = {
 	.name = "list:set",
 	.alias = { "setlist", NULL },
 	.revision = 0,
-	.family = AF_UNSPEC,
+	.family = NFPROTO_UNSPEC,
 	.dimension = IPSET_DIM_ONE,
 	.elem = {
 		[IPSET_DIM_ONE] = {
-- 
1.7.3.4

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux