1
2 #ifndef _XT_POLICY_H
3 #define _XT_POLICY_H
4
5 #include <linux/netfilter.h>
6 #include <linux/types.h>
7 #include <linux/in.h>
8 #include <linux/in6.h>
9
10 #define XT_POLICY_MAX_ELEM 4
11
12 enum xt_policy_flags {
13 XT_POLICY_MATCH_IN = 0x1,
14 XT_POLICY_MATCH_OUT = 0x2,
15 XT_POLICY_MATCH_NONE = 0x4,
16 XT_POLICY_MATCH_STRICT = 0x8,
17 };
18
19 enum xt_policy_modes {
20 XT_POLICY_MODE_TRANSPORT,
21 XT_POLICY_MODE_TUNNEL
22 };
23
24 struct xt_policy_spec {
25 __u8 saddr:1,
26 daddr:1,
27 proto:1,
28 mode:1,
29 spi:1,
30 reqid:1;
31 };
32
33 #ifndef __KERNEL__
34 union xt_policy_addr {
35 struct in_addr a4;
36 struct in6_addr a6;
37 };
38 #endif
39
40 struct xt_policy_elem {
41 union {
42 #ifdef __KERNEL__
43 struct {
44 union nf_inet_addr saddr;
45 union nf_inet_addr smask;
46 union nf_inet_addr daddr;
47 union nf_inet_addr dmask;
48 };
49 #else
50 struct {
51 union xt_policy_addr saddr;
52 union xt_policy_addr smask;
53 union xt_policy_addr daddr;
54 union xt_policy_addr dmask;
55 };
56 #endif
57 };
58 __be32 spi;
59 __u32 reqid;
60 __u8 proto;
61 __u8 mode;
62
63 struct xt_policy_spec match;
64 struct xt_policy_spec invert;
65 };
66
67 struct xt_policy_info {
68 struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];
69 __u16 flags;
70 __u16 len;
71 };
72
73 #endif