include/linux/netfilter/xt_policy.h

   1 #ifndef _XT_POLICY_H
   2 #define _XT_POLICY_H
   3
   4 #define XT_POLICY_MAX_ELEM      4
   5
   6 enum xt_policy_flags
   7 {
   8         XT_POLICY_MATCH_IN      = 0x1,
   9         XT_POLICY_MATCH_OUT     = 0x2,
  10         XT_POLICY_MATCH_NONE    = 0x4,
  11         XT_POLICY_MATCH_STRICT  = 0x8,
  12 };
  13
  14 enum xt_policy_modes
  15 {
  16         XT_POLICY_MODE_TRANSPORT,
  17         XT_POLICY_MODE_TUNNEL
  18 };
  19
  20 struct xt_policy_spec
  21 {
  22         u_int8_t        saddr:1,
  23                         daddr:1,
  24                         proto:1,
  25                         mode:1,
  26                         spi:1,
  27                         reqid:1;
  28 };
  29
  30 union xt_policy_addr
  31 {
  32         struct in_addr  a4;
  33         struct in6_addr a6;
  34 };
  35
  36 struct xt_policy_elem
  37 {
  38         union {
  39                 struct {
  40                         union xt_policy_addr saddr;
  41                         union xt_policy_addr smask;
  42                         union xt_policy_addr daddr;
  43                         union xt_policy_addr dmask;
  44                 };
  45         };
  46         __be32                  spi;
  47         u_int32_t               reqid;
  48         u_int8_t                proto;
  49         u_int8_t                mode;
  50
  51         struct xt_policy_spec   match;
  52         struct xt_policy_spec   invert;
  53 };
  54
  55 struct xt_policy_info
  56 {
  57         struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];
  58         u_int16_t flags;
  59         u_int16_t len;
  60 };
  61
  62 #endif /* _XT_POLICY_H */