1 | /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ |
2 | #ifndef _XT_POLICY_H |
3 | #define _XT_POLICY_H |
4 | |
5 | #include <linux/netfilter.h> |
6 | #include <linux/types.h> |
7 | #include <linux/in.h> |
8 | #include <linux/in6.h> |
9 | |
10 | #define XT_POLICY_MAX_ELEM 4 |
11 | |
12 | enum xt_policy_flags { |
13 | XT_POLICY_MATCH_IN = 0x1, |
14 | XT_POLICY_MATCH_OUT = 0x2, |
15 | XT_POLICY_MATCH_NONE = 0x4, |
16 | XT_POLICY_MATCH_STRICT = 0x8, |
17 | }; |
18 | |
19 | enum xt_policy_modes { |
20 | XT_POLICY_MODE_TRANSPORT, |
21 | XT_POLICY_MODE_TUNNEL |
22 | }; |
23 | |
24 | struct xt_policy_spec { |
25 | __u8 saddr:1, |
26 | daddr:1, |
27 | proto:1, |
28 | mode:1, |
29 | spi:1, |
30 | reqid:1; |
31 | }; |
32 | |
33 | #ifndef __KERNEL__ |
34 | union xt_policy_addr { |
35 | struct in_addr a4; |
36 | struct in6_addr a6; |
37 | }; |
38 | #endif |
39 | |
40 | struct xt_policy_elem { |
41 | union { |
42 | #ifdef __KERNEL__ |
43 | struct { |
44 | union nf_inet_addr saddr; |
45 | union nf_inet_addr smask; |
46 | union nf_inet_addr daddr; |
47 | union nf_inet_addr dmask; |
48 | }; |
49 | #else |
50 | struct { |
51 | union xt_policy_addr saddr; |
52 | union xt_policy_addr smask; |
53 | union xt_policy_addr daddr; |
54 | union xt_policy_addr dmask; |
55 | }; |
56 | #endif |
57 | }; |
58 | __be32 spi; |
59 | __u32 reqid; |
60 | __u8 proto; |
61 | __u8 mode; |
62 | |
63 | struct xt_policy_spec match; |
64 | struct xt_policy_spec invert; |
65 | }; |
66 | |
67 | struct xt_policy_info { |
68 | struct xt_policy_elem pol[XT_POLICY_MAX_ELEM]; |
69 | __u16 flags; |
70 | __u16 len; |
71 | }; |
72 | |
73 | #endif /* _XT_POLICY_H */ |
74 | |