1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ 2 #ifndef _XT_POLICY_H 3 #define _XT_POLICY_H 4 5 #include <linux/netfilter.h> 6 #include <linux/types.h> 7 #include <linux/in.h> 8 #include <linux/in6.h> 9 10 #define XT_POLICY_MAX_ELEM 4 11 12 enum xt_policy_flags { 13 XT_POLICY_MATCH_IN = 0x1, 14 XT_POLICY_MATCH_OUT = 0x2, 15 XT_POLICY_MATCH_NONE = 0x4, 16 XT_POLICY_MATCH_STRICT = 0x8, 17 }; 18 19 enum xt_policy_modes { 20 XT_POLICY_MODE_TRANSPORT, 21 XT_POLICY_MODE_TUNNEL 22 }; 23 24 struct xt_policy_spec { 25 __u8 saddr:1, 26 daddr:1, 27 proto:1, 28 mode:1, 29 spi:1, 30 reqid:1; 31 }; 32 33 #ifndef __KERNEL__ 34 union xt_policy_addr { 35 struct in_addr a4; 36 struct in6_addr a6; 37 }; 38 #endif 39 40 struct xt_policy_elem { 41 union { 42 #ifdef __KERNEL__ 43 struct { 44 union nf_inet_addr saddr; 45 union nf_inet_addr smask; 46 union nf_inet_addr daddr; 47 union nf_inet_addr dmask; 48 }; 49 #else 50 struct { 51 union xt_policy_addr saddr; 52 union xt_policy_addr smask; 53 union xt_policy_addr daddr; 54 union xt_policy_addr dmask; 55 }; 56 #endif 57 }; 58 __be32 spi; 59 __u32 reqid; 60 __u8 proto; 61 __u8 mode; 62 63 struct xt_policy_spec match; 64 struct xt_policy_spec invert; 65 }; 66 67 struct xt_policy_info { 68 struct xt_policy_elem pol[XT_POLICY_MAX_ELEM]; 69 __u16 flags; 70 __u16 len; 71 }; 72 73 #endif /* _XT_POLICY_H */ 74