1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2 #ifndef _XT_POLICY_H
3 #define _XT_POLICY_H
4 
5 #include <linux/netfilter.h>
6 #include <linux/types.h>
7 #include <linux/in.h>
8 #include <linux/in6.h>
9 
10 #define XT_POLICY_MAX_ELEM	4
11 
12 enum xt_policy_flags {
13 	XT_POLICY_MATCH_IN	= 0x1,
14 	XT_POLICY_MATCH_OUT	= 0x2,
15 	XT_POLICY_MATCH_NONE	= 0x4,
16 	XT_POLICY_MATCH_STRICT	= 0x8,
17 };
18 
19 enum xt_policy_modes {
20 	XT_POLICY_MODE_TRANSPORT,
21 	XT_POLICY_MODE_TUNNEL
22 };
23 
24 struct xt_policy_spec {
25 	uint8_t	saddr:1,
26 			daddr:1,
27 			proto:1,
28 			mode:1,
29 			spi:1,
30 			reqid:1;
31 };
32 
33 #ifndef __KERNEL__
34 union xt_policy_addr {
35 	struct in_addr	a4;
36 	struct in6_addr	a6;
37 };
38 #endif
39 
40 struct xt_policy_elem {
41 	union {
42 #ifdef __KERNEL__
43 		struct {
44 			union nf_inet_addr saddr;
45 			union nf_inet_addr smask;
46 			union nf_inet_addr daddr;
47 			union nf_inet_addr dmask;
48 		};
49 #else
50 		struct {
51 			union xt_policy_addr saddr;
52 			union xt_policy_addr smask;
53 			union xt_policy_addr daddr;
54 			union xt_policy_addr dmask;
55 		};
56 #endif
57 	};
58 	uint32_t			spi;
59 	uint32_t		reqid;
60 	uint8_t		proto;
61 	uint8_t		mode;
62 
63 	struct xt_policy_spec	match;
64 	struct xt_policy_spec	invert;
65 };
66 
67 struct xt_policy_info {
68 	struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];
69 	uint16_t flags;
70 	uint16_t len;
71 };
72 
73 #endif /* _XT_POLICY_H */
74