11 files changed, 246 insertions, 0 deletions
diff --git a/include/linux/netfilter_ipv6/Kbuild b/include/linux/netfilter_ipv6/Kbuild
new file mode 100644
index 00000000000..bd095bc075e
--- /dev/null
+++ b/include/linux/netfilter_ipv6/Kbuild
@@ -0,0 +1,11 @@
+header-y += ip6_tables.h
+header-y += ip6t_HL.h
+header-y += ip6t_LOG.h
+header-y += ip6t_REJECT.h
+header-y += ip6t_ah.h
+header-y += ip6t_frag.h
+header-y += ip6t_hl.h
+header-y += ip6t_ipv6header.h
+header-y += ip6t_mh.h
+header-y += ip6t_opts.h
+header-y += ip6t_rt.h
diff --git a/include/linux/netfilter_ipv6/ip6t_HL.h b/include/linux/netfilter_ipv6/ip6t_HL.h
new file mode 100644
index 00000000000..ebd8ead1bb6
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_HL.h
@@ -0,0 +1,24 @@
+/* Hop Limit modification module for ip6tables
+ * Maciej Soltysiak <solt@dns.toxicfilms.tv>
+ * Based on HW's TTL module */
+#ifndef _IP6T_HL_H
+#define _IP6T_HL_H
+#include <linux/types.h>
+enum {
+        IP6T_HL_SET = 0,
+        IP6T_HL_INC,
+        IP6T_HL_DEC
+};
+#define IP6T_HL_MAXMODE IP6T_HL_DEC
+struct ip6t_HL_info {
+        __u8    mode;
+        __u8    hop_limit;
+};
+#endif
diff --git a/include/linux/netfilter_ipv6/ip6t_LOG.h b/include/linux/netfilter_ipv6/ip6t_LOG.h
new file mode 100644
index 00000000000..9dd5579e02e
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_LOG.h
@@ -0,0 +1,19 @@
+#ifndef _IP6T_LOG_H
+#define _IP6T_LOG_H
+/* make sure not to change this without changing netfilter.h:NF_LOG_* (!) */
+#define IP6T_LOG_TCPSEQ         0x01    /* Log TCP sequence numbers */
+#define IP6T_LOG_TCPOPT         0x02    /* Log TCP options */
+#define IP6T_LOG_IPOPT          0x04    /* Log IP options */
+#define IP6T_LOG_UID            0x08    /* Log UID owning local socket */
+#define IP6T_LOG_NFLOG          0x10    /* Unsupported, don't use */
+#define IP6T_LOG_MACDECODE      0x20    /* Decode MAC header */
+#define IP6T_LOG_MASK           0x2f
+struct ip6t_log_info {
+        unsigned char level;
+        unsigned char logflags;
+        char prefix[30];
+};
+#endif /*_IPT_LOG_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_REJECT.h b/include/linux/netfilter_ipv6/ip6t_REJECT.h
new file mode 100644
index 00000000000..205ed62e460
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_REJECT.h
@@ -0,0 +1,20 @@
+#ifndef _IP6T_REJECT_H
+#define _IP6T_REJECT_H
+#include <linux/types.h>
+enum ip6t_reject_with {
+        IP6T_ICMP6_NO_ROUTE,
+        IP6T_ICMP6_ADM_PROHIBITED,
+        IP6T_ICMP6_NOT_NEIGHBOUR,
+        IP6T_ICMP6_ADDR_UNREACH,
+        IP6T_ICMP6_PORT_UNREACH,
+        IP6T_ICMP6_ECHOREPLY,
+        IP6T_TCP_RESET
+};
+struct ip6t_reject_info {
+        __u32   with;   /* reject type */
+};
+#endif /*_IP6T_REJECT_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_ah.h b/include/linux/netfilter_ipv6/ip6t_ah.h
new file mode 100644
index 00000000000..5da2b65cb3a
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_ah.h
@@ -0,0 +1,22 @@
+#ifndef _IP6T_AH_H
+#define _IP6T_AH_H
+#include <linux/types.h>
+struct ip6t_ah {
+        __u32 spis[2];                  /* Security Parameter Index */
+        __u32 hdrlen;                   /* Header Length */
+        __u8  hdrres;                   /* Test of the Reserved Filed */
+        __u8  invflags;                 /* Inverse flags */
+};
+#define IP6T_AH_SPI 0x01
+#define IP6T_AH_LEN 0x02
+#define IP6T_AH_RES 0x04
+/* Values for "invflags" field in struct ip6t_ah. */
+#define IP6T_AH_INV_SPI         0x01    /* Invert the sense of spi. */
+#define IP6T_AH_INV_LEN         0x02    /* Invert the sense of length. */
+#define IP6T_AH_INV_MASK        0x03    /* All possible flags. */
+#endif /*_IP6T_AH_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_frag.h b/include/linux/netfilter_ipv6/ip6t_frag.h
new file mode 100644
index 00000000000..b47f61b9e08
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_frag.h
@@ -0,0 +1,25 @@
+#ifndef _IP6T_FRAG_H
+#define _IP6T_FRAG_H
+#include <linux/types.h>
+struct ip6t_frag {
+        __u32 ids[2];                   /* Security Parameter Index */
+        __u32 hdrlen;                   /* Header Length */
+        __u8  flags;                    /*  */
+        __u8  invflags;                 /* Inverse flags */
+};
+#define IP6T_FRAG_IDS           0x01
+#define IP6T_FRAG_LEN           0x02
+#define IP6T_FRAG_RES           0x04
+#define IP6T_FRAG_FST           0x08
+#define IP6T_FRAG_MF            0x10
+#define IP6T_FRAG_NMF           0x20
+/* Values for "invflags" field in struct ip6t_frag. */
+#define IP6T_FRAG_INV_IDS       0x01    /* Invert the sense of ids. */
+#define IP6T_FRAG_INV_LEN       0x02    /* Invert the sense of length. */
+#define IP6T_FRAG_INV_MASK      0x03    /* All possible flags. */
+#endif /*_IP6T_FRAG_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_hl.h b/include/linux/netfilter_ipv6/ip6t_hl.h
new file mode 100644
index 00000000000..6e76dbc6c19
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_hl.h
@@ -0,0 +1,24 @@
+/* ip6tables module for matching the Hop Limit value
+ * Maciej Soltysiak <solt@dns.toxicfilms.tv>
+ * Based on HW's ttl module */
+#ifndef _IP6T_HL_H
+#define _IP6T_HL_H
+#include <linux/types.h>
+enum {
+        IP6T_HL_EQ = 0,         /* equals */
+        IP6T_HL_NE,             /* not equals */
+        IP6T_HL_LT,             /* less than */
+        IP6T_HL_GT,             /* greater than */
+};
+struct ip6t_hl_info {
+        __u8    mode;
+        __u8    hop_limit;
+};
+#endif
diff --git a/include/linux/netfilter_ipv6/ip6t_ipv6header.h b/include/linux/netfilter_ipv6/ip6t_ipv6header.h
new file mode 100644
index 00000000000..efae3a20c21
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_ipv6header.h
@@ -0,0 +1,28 @@
+/* ipv6header match - matches IPv6 packets based
+on whether they contain certain headers */
+/* Original idea: Brad Chapman 
+ * Rewritten by: Andras Kis-Szabo <kisza@sch.bme.hu> */
+#ifndef __IPV6HEADER_H
+#define __IPV6HEADER_H
+#include <linux/types.h>
+struct ip6t_ipv6header_info {
+        __u8 matchflags;
+        __u8 invflags;
+        __u8 modeflag;
+};
+#define MASK_HOPOPTS    128
+#define MASK_DSTOPTS    64
+#define MASK_ROUTING    32
+#define MASK_FRAGMENT   16
+#define MASK_AH         8
+#define MASK_ESP        4
+#define MASK_NONE       2
+#define MASK_PROTO      1
+#endif /* __IPV6HEADER_H */
diff --git a/include/linux/netfilter_ipv6/ip6t_mh.h b/include/linux/netfilter_ipv6/ip6t_mh.h
new file mode 100644
index 00000000000..a7729a5025c
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_mh.h
@@ -0,0 +1,16 @@
+#ifndef _IP6T_MH_H
+#define _IP6T_MH_H
+#include <linux/types.h>
+/* MH matching stuff */
+struct ip6t_mh {
+        __u8 types[2];  /* MH type range */
+        __u8 invflags;  /* Inverse flags */
+};
+/* Values for "invflags" field in struct ip6t_mh. */
+#define IP6T_MH_INV_TYPE        0x01    /* Invert the sense of type. */
+#define IP6T_MH_INV_MASK        0x01    /* All possible flags. */
+#endif /*_IP6T_MH_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_opts.h b/include/linux/netfilter_ipv6/ip6t_opts.h
new file mode 100644
index 00000000000..17d419a811f
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_opts.h
@@ -0,0 +1,24 @@
+#ifndef _IP6T_OPTS_H
+#define _IP6T_OPTS_H
+#include <linux/types.h>
+#define IP6T_OPTS_OPTSNR 16
+struct ip6t_opts {
+        __u32 hdrlen;                   /* Header Length */
+        __u8 flags;                             /*  */
+        __u8 invflags;                  /* Inverse flags */
+        __u16 opts[IP6T_OPTS_OPTSNR];   /* opts */
+        __u8 optsnr;                    /* Nr of OPts */
+};
+#define IP6T_OPTS_LEN           0x01
+#define IP6T_OPTS_OPTS          0x02
+#define IP6T_OPTS_NSTRICT       0x04
+/* Values for "invflags" field in struct ip6t_rt. */
+#define IP6T_OPTS_INV_LEN       0x01    /* Invert the sense of length. */
+#define IP6T_OPTS_INV_MASK      0x01    /* All possible flags. */
+#endif /*_IP6T_OPTS_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_rt.h b/include/linux/netfilter_ipv6/ip6t_rt.h
new file mode 100644
index 00000000000..7605a5ff81c
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_rt.h
@@ -0,0 +1,33 @@
+#ifndef _IP6T_RT_H
+#define _IP6T_RT_H
+#include <linux/types.h>
+/*#include <linux/in6.h>*/
+#define IP6T_RT_HOPS 16
+struct ip6t_rt {
+        __u32 rt_type;                  /* Routing Type */
+        __u32 segsleft[2];                      /* Segments Left */
+        __u32 hdrlen;                   /* Header Length */
+        __u8  flags;                    /*  */
+        __u8  invflags;                 /* Inverse flags */
+        struct in6_addr addrs[IP6T_RT_HOPS];    /* Hops */
+        __u8 addrnr;                    /* Nr of Addresses */
+};
+#define IP6T_RT_TYP             0x01
+#define IP6T_RT_SGS             0x02
+#define IP6T_RT_LEN             0x04
+#define IP6T_RT_RES             0x08
+#define IP6T_RT_FST_MASK        0x30
+#define IP6T_RT_FST             0x10
+#define IP6T_RT_FST_NSTRICT     0x20
+/* Values for "invflags" field in struct ip6t_rt. */
+#define IP6T_RT_INV_TYP         0x01    /* Invert the sense of type. */
+#define IP6T_RT_INV_SGS         0x02    /* Invert the sense of Segments. */
+#define IP6T_RT_INV_LEN         0x04    /* Invert the sense of length. */
+#define IP6T_RT_INV_MASK        0x07    /* All possible flags. */
+#endif /*_IP6T_RT_H*/

diff --git a/include/linux/netfilter_ipv6/Kbuild b/include/linux/netfilter_ipv6/Kbuild new file mode 100644 index 00000000000..bd095bc075e --- /dev/null +++ b/include/linux/netfilter_ipv6/Kbuild
@@ -0,0 +1,11 @@
	1	header-y += ip6_tables.h
	2	header-y += ip6t_HL.h
	3	header-y += ip6t_LOG.h
	4	header-y += ip6t_REJECT.h
	5	header-y += ip6t_ah.h
	6	header-y += ip6t_frag.h
	7	header-y += ip6t_hl.h
	8	header-y += ip6t_ipv6header.h
	9	header-y += ip6t_mh.h
	10	header-y += ip6t_opts.h
	11	header-y += ip6t_rt.h


diff --git a/include/linux/netfilter_ipv6/ip6t_HL.h b/include/linux/netfilter_ipv6/ip6t_HL.h new file mode 100644 index 00000000000..ebd8ead1bb6 --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_HL.h
@@ -0,0 +1,24 @@
	1	/* Hop Limit modification module for ip6tables
	2	* Maciej Soltysiak <solt@dns.toxicfilms.tv>
	3	* Based on HW's TTL module */
	4
	5	#ifndef _IP6T_HL_H
	6	#define _IP6T_HL_H
	7
	8	#include <linux/types.h>
	9
	10	enum {
	11	IP6T_HL_SET = 0,
	12	IP6T_HL_INC,
	13	IP6T_HL_DEC
	14	};
	15
	16	#define IP6T_HL_MAXMODE IP6T_HL_DEC
	17
	18	struct ip6t_HL_info {
	19	__u8 mode;
	20	__u8 hop_limit;
	21	};
	22
	23
	24	#endif


diff --git a/include/linux/netfilter_ipv6/ip6t_LOG.h b/include/linux/netfilter_ipv6/ip6t_LOG.h new file mode 100644 index 00000000000..9dd5579e02e --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_LOG.h
@@ -0,0 +1,19 @@
	1	#ifndef _IP6T_LOG_H
	2	#define _IP6T_LOG_H
	3
	4	/* make sure not to change this without changing netfilter.h:NF_LOG_* (!) */
	5	#define IP6T_LOG_TCPSEQ 0x01 /* Log TCP sequence numbers */
	6	#define IP6T_LOG_TCPOPT 0x02 /* Log TCP options */
	7	#define IP6T_LOG_IPOPT 0x04 /* Log IP options */
	8	#define IP6T_LOG_UID 0x08 /* Log UID owning local socket */
	9	#define IP6T_LOG_NFLOG 0x10 /* Unsupported, don't use */
	10	#define IP6T_LOG_MACDECODE 0x20 /* Decode MAC header */
	11	#define IP6T_LOG_MASK 0x2f
	12
	13	struct ip6t_log_info {
	14	unsigned char level;
	15	unsigned char logflags;
	16	char prefix[30];
	17	};
	18
	19	#endif /_IPT_LOG_H/


diff --git a/include/linux/netfilter_ipv6/ip6t_REJECT.h b/include/linux/netfilter_ipv6/ip6t_REJECT.h new file mode 100644 index 00000000000..205ed62e460 --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_REJECT.h
@@ -0,0 +1,20 @@
	1	#ifndef _IP6T_REJECT_H
	2	#define _IP6T_REJECT_H
	3
	4	#include <linux/types.h>
	5
	6	enum ip6t_reject_with {
	7	IP6T_ICMP6_NO_ROUTE,
	8	IP6T_ICMP6_ADM_PROHIBITED,
	9	IP6T_ICMP6_NOT_NEIGHBOUR,
	10	IP6T_ICMP6_ADDR_UNREACH,
	11	IP6T_ICMP6_PORT_UNREACH,
	12	IP6T_ICMP6_ECHOREPLY,
	13	IP6T_TCP_RESET
	14	};
	15
	16	struct ip6t_reject_info {
	17	__u32 with; /* reject type */
	18	};
	19
	20	#endif /_IP6T_REJECT_H/


diff --git a/include/linux/netfilter_ipv6/ip6t_ah.h b/include/linux/netfilter_ipv6/ip6t_ah.h new file mode 100644 index 00000000000..5da2b65cb3a --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_ah.h
@@ -0,0 +1,22 @@
	1	#ifndef _IP6T_AH_H
	2	#define _IP6T_AH_H
	3
	4	#include <linux/types.h>
	5
	6	struct ip6t_ah {
	7	__u32 spis[2]; /* Security Parameter Index */
	8	__u32 hdrlen; /* Header Length */
	9	__u8 hdrres; /* Test of the Reserved Filed */
	10	__u8 invflags; /* Inverse flags */
	11	};
	12
	13	#define IP6T_AH_SPI 0x01
	14	#define IP6T_AH_LEN 0x02
	15	#define IP6T_AH_RES 0x04
	16
	17	/* Values for "invflags" field in struct ip6t_ah. */
	18	#define IP6T_AH_INV_SPI 0x01 /* Invert the sense of spi. */
	19	#define IP6T_AH_INV_LEN 0x02 /* Invert the sense of length. */
	20	#define IP6T_AH_INV_MASK 0x03 /* All possible flags. */
	21
	22	#endif /_IP6T_AH_H/


diff --git a/include/linux/netfilter_ipv6/ip6t_frag.h b/include/linux/netfilter_ipv6/ip6t_frag.h new file mode 100644 index 00000000000..b47f61b9e08 --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_frag.h
@@ -0,0 +1,25 @@
	1	#ifndef _IP6T_FRAG_H
	2	#define _IP6T_FRAG_H
	3
	4	#include <linux/types.h>
	5
	6	struct ip6t_frag {
	7	__u32 ids[2]; /* Security Parameter Index */
	8	__u32 hdrlen; /* Header Length */
	9	__u8 flags; /* */
	10	__u8 invflags; /* Inverse flags */
	11	};
	12
	13	#define IP6T_FRAG_IDS 0x01
	14	#define IP6T_FRAG_LEN 0x02
	15	#define IP6T_FRAG_RES 0x04
	16	#define IP6T_FRAG_FST 0x08
	17	#define IP6T_FRAG_MF 0x10
	18	#define IP6T_FRAG_NMF 0x20
	19
	20	/* Values for "invflags" field in struct ip6t_frag. */
	21	#define IP6T_FRAG_INV_IDS 0x01 /* Invert the sense of ids. */
	22	#define IP6T_FRAG_INV_LEN 0x02 /* Invert the sense of length. */
	23	#define IP6T_FRAG_INV_MASK 0x03 /* All possible flags. */
	24
	25	#endif /_IP6T_FRAG_H/


diff --git a/include/linux/netfilter_ipv6/ip6t_hl.h b/include/linux/netfilter_ipv6/ip6t_hl.h new file mode 100644 index 00000000000..6e76dbc6c19 --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_hl.h
@@ -0,0 +1,24 @@
	1	/* ip6tables module for matching the Hop Limit value
	2	* Maciej Soltysiak <solt@dns.toxicfilms.tv>
	3	* Based on HW's ttl module */
	4
	5	#ifndef _IP6T_HL_H
	6	#define _IP6T_HL_H
	7
	8	#include <linux/types.h>
	9
	10	enum {
	11	IP6T_HL_EQ = 0, /* equals */
	12	IP6T_HL_NE, /* not equals */
	13	IP6T_HL_LT, /* less than */
	14	IP6T_HL_GT, /* greater than */
	15	};
	16
	17
	18	struct ip6t_hl_info {
	19	__u8 mode;
	20	__u8 hop_limit;
	21	};
	22
	23
	24	#endif


diff --git a/include/linux/netfilter_ipv6/ip6t_ipv6header.h b/include/linux/netfilter_ipv6/ip6t_ipv6header.h new file mode 100644 index 00000000000..efae3a20c21 --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_ipv6header.h
@@ -0,0 +1,28 @@
	1	/* ipv6header match - matches IPv6 packets based
	2	on whether they contain certain headers */
	3
	4	/* Original idea: Brad Chapman
	5	* Rewritten by: Andras Kis-Szabo <kisza@sch.bme.hu> */
	6
	7
	8	#ifndef __IPV6HEADER_H
	9	#define __IPV6HEADER_H
	10
	11	#include <linux/types.h>
	12
	13	struct ip6t_ipv6header_info {
	14	__u8 matchflags;
	15	__u8 invflags;
	16	__u8 modeflag;
	17	};
	18
	19	#define MASK_HOPOPTS 128
	20	#define MASK_DSTOPTS 64
	21	#define MASK_ROUTING 32
	22	#define MASK_FRAGMENT 16
	23	#define MASK_AH 8
	24	#define MASK_ESP 4
	25	#define MASK_NONE 2
	26	#define MASK_PROTO 1
	27
	28	#endif /* __IPV6HEADER_H */


diff --git a/include/linux/netfilter_ipv6/ip6t_mh.h b/include/linux/netfilter_ipv6/ip6t_mh.h new file mode 100644 index 00000000000..a7729a5025c --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_mh.h
@@ -0,0 +1,16 @@
	1	#ifndef _IP6T_MH_H
	2	#define _IP6T_MH_H
	3
	4	#include <linux/types.h>
	5
	6	/* MH matching stuff */
	7	struct ip6t_mh {
	8	__u8 types[2]; /* MH type range */
	9	__u8 invflags; /* Inverse flags */
	10	};
	11
	12	/* Values for "invflags" field in struct ip6t_mh. */
	13	#define IP6T_MH_INV_TYPE 0x01 /* Invert the sense of type. */
	14	#define IP6T_MH_INV_MASK 0x01 /* All possible flags. */
	15
	16	#endif /_IP6T_MH_H/


diff --git a/include/linux/netfilter_ipv6/ip6t_opts.h b/include/linux/netfilter_ipv6/ip6t_opts.h new file mode 100644 index 00000000000..17d419a811f --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_opts.h
@@ -0,0 +1,24 @@
	1	#ifndef _IP6T_OPTS_H
	2	#define _IP6T_OPTS_H
	3
	4	#include <linux/types.h>
	5
	6	#define IP6T_OPTS_OPTSNR 16
	7
	8	struct ip6t_opts {
	9	__u32 hdrlen; /* Header Length */
	10	__u8 flags; /* */
	11	__u8 invflags; /* Inverse flags */
	12	__u16 opts[IP6T_OPTS_OPTSNR]; /* opts */
	13	__u8 optsnr; /* Nr of OPts */
	14	};
	15
	16	#define IP6T_OPTS_LEN 0x01
	17	#define IP6T_OPTS_OPTS 0x02
	18	#define IP6T_OPTS_NSTRICT 0x04
	19
	20	/* Values for "invflags" field in struct ip6t_rt. */
	21	#define IP6T_OPTS_INV_LEN 0x01 /* Invert the sense of length. */
	22	#define IP6T_OPTS_INV_MASK 0x01 /* All possible flags. */
	23
	24	#endif /_IP6T_OPTS_H/


diff --git a/include/linux/netfilter_ipv6/ip6t_rt.h b/include/linux/netfilter_ipv6/ip6t_rt.h new file mode 100644 index 00000000000..7605a5ff81c --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_rt.h
@@ -0,0 +1,33 @@
	1	#ifndef _IP6T_RT_H
	2	#define _IP6T_RT_H
	3
	4	#include <linux/types.h>
	5	/#include <linux/in6.h>/
	6
	7	#define IP6T_RT_HOPS 16
	8
	9	struct ip6t_rt {
	10	__u32 rt_type; /* Routing Type */
	11	__u32 segsleft[2]; /* Segments Left */
	12	__u32 hdrlen; /* Header Length */
	13	__u8 flags; /* */
	14	__u8 invflags; /* Inverse flags */
	15	struct in6_addr addrs[IP6T_RT_HOPS]; /* Hops */
	16	__u8 addrnr; /* Nr of Addresses */
	17	};
	18
	19	#define IP6T_RT_TYP 0x01
	20	#define IP6T_RT_SGS 0x02
	21	#define IP6T_RT_LEN 0x04
	22	#define IP6T_RT_RES 0x08
	23	#define IP6T_RT_FST_MASK 0x30
	24	#define IP6T_RT_FST 0x10
	25	#define IP6T_RT_FST_NSTRICT 0x20
	26
	27	/* Values for "invflags" field in struct ip6t_rt. */
	28	#define IP6T_RT_INV_TYP 0x01 /* Invert the sense of type. */
	29	#define IP6T_RT_INV_SGS 0x02 /* Invert the sense of Segments. */
	30	#define IP6T_RT_INV_LEN 0x04 /* Invert the sense of length. */
	31	#define IP6T_RT_INV_MASK 0x07 /* All possible flags. */
	32
	33	#endif /_IP6T_RT_H/