include/linux/netfilter_ipv4/ipt_policy.h

   1 #ifndef _IPT_POLICY_H
   2 #define _IPT_POLICY_H
   3
   4 #define IPT_POLICY_MAX_ELEM     4
   5
   6 #ifndef __KERNEL__
   7 #include <netinet/in.h>
   8 #endif
   9
  10 enum ipt_policy_flags
  11 {
  12         IPT_POLICY_MATCH_IN     = 0x1,
  13         IPT_POLICY_MATCH_OUT    = 0x2,
  14         IPT_POLICY_MATCH_NONE   = 0x4,
  15         IPT_POLICY_MATCH_STRICT = 0x8,
  16 };
  17
  18 enum ipt_policy_modes
  19 {
  20         IPT_POLICY_MODE_TRANSPORT,
  21         IPT_POLICY_MODE_TUNNEL
  22 };
  23
  24 struct ipt_policy_spec
  25 {
  26         u_int8_t        saddr:1,
  27                         daddr:1,
  28                         proto:1,
  29                         mode:1,
  30                         spi:1,
  31                         reqid:1;
  32 };
  33
  34 union ipt_policy_addr
  35 {
  36         struct in_addr  a4;
  37         struct in6_addr a6;
  38 };
  39
  40 struct ipt_policy_elem
  41 {
  42         union ipt_policy_addr   saddr;
  43         union ipt_policy_addr   smask;
  44         union ipt_policy_addr   daddr;
  45         union ipt_policy_addr   dmask;
  46         u_int32_t               spi;
  47         u_int32_t               reqid;
  48         u_int8_t                proto;
  49         u_int8_t                mode;
  50
  51         struct ipt_policy_spec  match;
  52         struct ipt_policy_spec  invert;
  53 };
  54
  55 struct ipt_policy_info
  56 {
  57         struct ipt_policy_elem pol[IPT_POLICY_MAX_ELEM];
  58         u_int16_t flags;
  59         u_int16_t len;
  60 };
  61
  62 #endif /* _IPT_POLICY_H */