include/linux/netfilter_ipv4/ipt_policy.h

   1 #ifndef _IPT_POLICY_H
   2 #define _IPT_POLICY_H
   3
   4 #define IPT_POLICY_MAX_ELEM     4
   5
   6 enum ipt_policy_flags
   7 {
   8         IPT_POLICY_MATCH_IN     = 0x1,
   9         IPT_POLICY_MATCH_OUT    = 0x2,
  10         IPT_POLICY_MATCH_NONE   = 0x4,
  11         IPT_POLICY_MATCH_STRICT = 0x8,
  12 };
  13
  14 enum ipt_policy_modes
  15 {
  16         IPT_POLICY_MODE_TRANSPORT,
  17         IPT_POLICY_MODE_TUNNEL
  18 };
  19
  20 struct ipt_policy_spec
  21 {
  22         u_int8_t        saddr:1,
  23                         daddr:1,
  24                         proto:1,
  25                         mode:1,
  26                         spi:1,
  27                         reqid:1;
  28 };
  29
  30 union ipt_policy_addr
  31 {
  32         struct in_addr  a4;
  33         struct in6_addr a6;
  34 };
  35
  36 struct ipt_policy_elem
  37 {
  38         union ipt_policy_addr   saddr;
  39         union ipt_policy_addr   smask;
  40         union ipt_policy_addr   daddr;
  41         union ipt_policy_addr   dmask;
  42         u_int32_t               spi;
  43         u_int32_t               reqid;
  44         u_int8_t                proto;
  45         u_int8_t                mode;
  46
  47         struct ipt_policy_spec  match;
  48         struct ipt_policy_spec  invert;
  49 };
  50
  51 struct ipt_policy_info
  52 {
  53         struct ipt_policy_elem pol[IPT_POLICY_MAX_ELEM];
  54         u_int16_t flags;
  55         u_int16_t len;
  56 };
  57
  58 #endif /* _IPT_POLICY_H */