1 #ifndef _IPT_POLICY_H 2 #define _IPT_POLICY_H 3 4 #define IPT_POLICY_MAX_ELEM 4 5 6 #ifndef __KERNEL__ 7 #include <netinet/in.h> 8 #endif 9 10 enum ipt_policy_flags 11 { 12 IPT_POLICY_MATCH_IN = 0x1, 13 IPT_POLICY_MATCH_OUT = 0x2, 14 IPT_POLICY_MATCH_NONE = 0x4, 15 IPT_POLICY_MATCH_STRICT = 0x8, 16 }; 17 18 enum ipt_policy_modes 19 { 20 IPT_POLICY_MODE_TRANSPORT, 21 IPT_POLICY_MODE_TUNNEL 22 }; 23 24 struct ipt_policy_spec 25 { 26 u_int8_t saddr:1, 27 daddr:1, 28 proto:1, 29 mode:1, 30 spi:1, 31 reqid:1; 32 }; 33 34 union ipt_policy_addr 35 { 36 struct in_addr a4; 37 struct in6_addr a6; 38 }; 39 40 struct ipt_policy_elem 41 { 42 union ipt_policy_addr saddr; 43 union ipt_policy_addr smask; 44 union ipt_policy_addr daddr; 45 union ipt_policy_addr dmask; 46 u_int32_t spi; 47 u_int32_t reqid; 48 u_int8_t proto; 49 u_int8_t mode; 50 51 struct ipt_policy_spec match; 52 struct ipt_policy_spec invert; 53 }; 54 55 struct ipt_policy_info 56 { 57 struct ipt_policy_elem pol[IPT_POLICY_MAX_ELEM]; 58 u_int16_t flags; 59 u_int16_t len; 60 }; 61 62 #endif /* _IPT_POLICY_H */ 63
