1/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2#ifndef _XT_POLICY_H
3#define _XT_POLICY_H
4
5#include <linux/netfilter.h>
6#include <linux/types.h>
7#include <linux/in.h>
8#include <linux/in6.h>
9
10#define XT_POLICY_MAX_ELEM 4
11
12enum xt_policy_flags {
13 XT_POLICY_MATCH_IN = 0x1,
14 XT_POLICY_MATCH_OUT = 0x2,
15 XT_POLICY_MATCH_NONE = 0x4,
16 XT_POLICY_MATCH_STRICT = 0x8,
17};
18
19enum xt_policy_modes {
20 XT_POLICY_MODE_TRANSPORT,
21 XT_POLICY_MODE_TUNNEL
22};
23
24struct xt_policy_spec {
25 __u8 saddr:1,
26 daddr:1,
27 proto:1,
28 mode:1,
29 spi:1,
30 reqid:1;
31};
32
33#ifndef __KERNEL__
34union xt_policy_addr {
35 struct in_addr a4;
36 struct in6_addr a6;
37};
38#endif
39
40struct xt_policy_elem {
41 union {
42#ifdef __KERNEL__
43 struct {
44 union nf_inet_addr saddr;
45 union nf_inet_addr smask;
46 union nf_inet_addr daddr;
47 union nf_inet_addr dmask;
48 };
49#else
50 struct {
51 union xt_policy_addr saddr;
52 union xt_policy_addr smask;
53 union xt_policy_addr daddr;
54 union xt_policy_addr dmask;
55 };
56#endif
57 };
58 __be32 spi;
59 __u32 reqid;
60 __u8 proto;
61 __u8 mode;
62
63 struct xt_policy_spec match;
64 struct xt_policy_spec invert;
65};
66
67struct xt_policy_info {
68 struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];
69 __u16 flags;
70 __u16 len;
71};
72
73#endif /* _XT_POLICY_H */
74

source code of linux/include/uapi/linux/netfilter/xt_policy.h