1c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy#ifndef _XT_POLICY_H
2c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy#define _XT_POLICY_H
3c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy
460c195c729532815c5209c81442fa0eb26ace706Arnd Bergmann#include <linux/types.h>
560c195c729532815c5209c81442fa0eb26ace706Arnd Bergmann
6c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy#define XT_POLICY_MAX_ELEM	4
7c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy
8d94d9fee9fa4e66a0b91640a694b8b10177075b3Eric Dumazetenum xt_policy_flags {
9c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy	XT_POLICY_MATCH_IN	= 0x1,
10c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy	XT_POLICY_MATCH_OUT	= 0x2,
11c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy	XT_POLICY_MATCH_NONE	= 0x4,
12c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy	XT_POLICY_MATCH_STRICT	= 0x8,
13c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy};
14c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy
15d94d9fee9fa4e66a0b91640a694b8b10177075b3Eric Dumazetenum xt_policy_modes {
16c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy	XT_POLICY_MODE_TRANSPORT,
17c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy	XT_POLICY_MODE_TUNNEL
18c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy};
19c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy
20d94d9fee9fa4e66a0b91640a694b8b10177075b3Eric Dumazetstruct xt_policy_spec {
2160c195c729532815c5209c81442fa0eb26ace706Arnd Bergmann	__u8	saddr:1,
22c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy			daddr:1,
23c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy			proto:1,
24c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy			mode:1,
25c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy			spi:1,
26c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy			reqid:1;
27c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy};
28c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy
29917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt#ifndef __KERNEL__
30d94d9fee9fa4e66a0b91640a694b8b10177075b3Eric Dumazetunion xt_policy_addr {
31c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy	struct in_addr	a4;
32c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy	struct in6_addr	a6;
33c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy};
34917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt#endif
35c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy
36d94d9fee9fa4e66a0b91640a694b8b10177075b3Eric Dumazetstruct xt_policy_elem {
37917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt	union {
38917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt#ifdef __KERNEL__
39917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt		struct {
40917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt			union nf_inet_addr saddr;
41917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt			union nf_inet_addr smask;
42917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt			union nf_inet_addr daddr;
43917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt			union nf_inet_addr dmask;
44917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt		};
45917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt#else
46917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt		struct {
47917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt			union xt_policy_addr saddr;
48917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt			union xt_policy_addr smask;
49917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt			union xt_policy_addr daddr;
50917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt			union xt_policy_addr dmask;
51917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt		};
52917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt#endif
53917b6fbd6e8dd952c64d1d7468897160467d2cc0Jan Engelhardt	};
5498a4a86128d7179b22365e16bf880e849e20bc7dAl Viro	__be32			spi;
5560c195c729532815c5209c81442fa0eb26ace706Arnd Bergmann	__u32		reqid;
5660c195c729532815c5209c81442fa0eb26ace706Arnd Bergmann	__u8		proto;
5760c195c729532815c5209c81442fa0eb26ace706Arnd Bergmann	__u8		mode;
58c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy
59c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy	struct xt_policy_spec	match;
60c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy	struct xt_policy_spec	invert;
61c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy};
62c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy
63d94d9fee9fa4e66a0b91640a694b8b10177075b3Eric Dumazetstruct xt_policy_info {
64c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy	struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];
6560c195c729532815c5209c81442fa0eb26ace706Arnd Bergmann	__u16 flags;
6660c195c729532815c5209c81442fa0eb26ace706Arnd Bergmann	__u16 len;
67c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy};
68c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy
69c4b885139203d37f76662c37ae645fe8e0f4e4e5Patrick McHardy#endif /* _XT_POLICY_H */
70