[NETFILTER]: Add ipt_policy/ip6t_policy matches

Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Patrick McHardy <kaber@trash.net> 2006-01-07 02:06:48 -0500
committer: David S. Miller <davem@sunset.davemloft.net> 2006-01-07 15:57:38 -0500
commit: e16a8f0b8c53312beb1d8b52e463aae79aa809c7 (patch)
tree: 2f8e8747261db640e3cc4a5ededb2bcd6a47dedf /include
parent: eb9c7ebe6980c41cf6ae889e301c3b49f473ee9f (diff)
2 files changed, 104 insertions, 0 deletions
diff --git a/include/linux/netfilter_ipv4/ipt_policy.h b/include/linux/netfilter_ipv4/ipt_policy.h
new file mode 100644
index 000000000000..7fd1bec453f1
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ipt_policy.h
@@ -0,0 +1,52 @@
+#ifndef _IPT_POLICY_H
+#define _IPT_POLICY_H
+#define IPT_POLICY_MAX_ELEM     4
+enum ipt_policy_flags
+{
+        IPT_POLICY_MATCH_IN     = 0x1,
+        IPT_POLICY_MATCH_OUT    = 0x2,
+        IPT_POLICY_MATCH_NONE   = 0x4,
+        IPT_POLICY_MATCH_STRICT = 0x8,
+};
+enum ipt_policy_modes
+{
+        IPT_POLICY_MODE_TRANSPORT,
+        IPT_POLICY_MODE_TUNNEL
+};
+struct ipt_policy_spec
+{
+        u_int8_t        saddr:1,
+                        daddr:1,
+                        proto:1,
+                        mode:1,
+                        spi:1,
+                        reqid:1;
+};
+struct ipt_policy_elem
+{
+        u_int32_t       saddr;
+        u_int32_t       smask;
+        u_int32_t       daddr;
+        u_int32_t       dmask;
+        u_int32_t       spi;
+        u_int32_t       reqid;
+        u_int8_t        proto;
+        u_int8_t        mode;
+        struct ipt_policy_spec  match;
+        struct ipt_policy_spec  invert;
+};
+struct ipt_policy_info
+{
+        struct ipt_policy_elem pol[IPT_POLICY_MAX_ELEM];
+        u_int16_t flags;
+        u_int16_t len;
+};
+#endif /* _IPT_POLICY_H */
diff --git a/include/linux/netfilter_ipv6/ip6t_policy.h b/include/linux/netfilter_ipv6/ip6t_policy.h
new file mode 100644
index 000000000000..5a93afcd2ff1
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_policy.h
@@ -0,0 +1,52 @@
+#ifndef _IP6T_POLICY_H
+#define _IP6T_POLICY_H
+#define IP6T_POLICY_MAX_ELEM    4
+enum ip6t_policy_flags
+{
+        IP6T_POLICY_MATCH_IN            = 0x1,
+        IP6T_POLICY_MATCH_OUT           = 0x2,
+        IP6T_POLICY_MATCH_NONE          = 0x4,
+        IP6T_POLICY_MATCH_STRICT        = 0x8,
+};
+enum ip6t_policy_modes
+{
+        IP6T_POLICY_MODE_TRANSPORT,
+        IP6T_POLICY_MODE_TUNNEL
+};
+struct ip6t_policy_spec
+{
+        u_int8_t        saddr:1,
+                        daddr:1,
+                        proto:1,
+                        mode:1,
+                        spi:1,
+                        reqid:1;
+};
+struct ip6t_policy_elem
+{
+        struct in6_addr saddr;
+        struct in6_addr smask;
+        struct in6_addr daddr;
+        struct in6_addr dmask;
+        u_int32_t       spi;
+        u_int32_t       reqid;
+        u_int8_t        proto;
+        u_int8_t        mode;
+        struct ip6t_policy_spec match;
+        struct ip6t_policy_spec invert;
+};
+struct ip6t_policy_info
+{
+        struct ip6t_policy_elem pol[IP6T_POLICY_MAX_ELEM];
+        u_int16_t flags;
+        u_int16_t len;
+};
+#endif /* _IP6T_POLICY_H */
author	Patrick McHardy <kaber@trash.net>	2006-01-07 02:06:48 -0500
committer	David S. Miller <davem@sunset.davemloft.net>	2006-01-07 15:57:38 -0500
commit	e16a8f0b8c53312beb1d8b52e463aae79aa809c7 (patch)
tree	2f8e8747261db640e3cc4a5ededb2bcd6a47dedf /include
parent	eb9c7ebe6980c41cf6ae889e301c3b49f473ee9f (diff)

diff --git a/include/linux/netfilter_ipv4/ipt_policy.h b/include/linux/netfilter_ipv4/ipt_policy.h new file mode 100644 index 000000000000..7fd1bec453f1 --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_policy.h
@@ -0,0 +1,52 @@
	1	#ifndef _IPT_POLICY_H
	2	#define _IPT_POLICY_H
	3
	4	#define IPT_POLICY_MAX_ELEM 4
	5
	6	enum ipt_policy_flags
	7	{
	8	IPT_POLICY_MATCH_IN = 0x1,
	9	IPT_POLICY_MATCH_OUT = 0x2,
	10	IPT_POLICY_MATCH_NONE = 0x4,
	11	IPT_POLICY_MATCH_STRICT = 0x8,
	12	};
	13
	14	enum ipt_policy_modes
	15	{
	16	IPT_POLICY_MODE_TRANSPORT,
	17	IPT_POLICY_MODE_TUNNEL
	18	};
	19
	20	struct ipt_policy_spec
	21	{
	22	u_int8_t saddr:1,
	23	daddr:1,
	24	proto:1,
	25	mode:1,
	26	spi:1,
	27	reqid:1;
	28	};
	29
	30	struct ipt_policy_elem
	31	{
	32	u_int32_t saddr;
	33	u_int32_t smask;
	34	u_int32_t daddr;
	35	u_int32_t dmask;
	36	u_int32_t spi;
	37	u_int32_t reqid;
	38	u_int8_t proto;
	39	u_int8_t mode;
	40
	41	struct ipt_policy_spec match;
	42	struct ipt_policy_spec invert;
	43	};
	44
	45	struct ipt_policy_info
	46	{
	47	struct ipt_policy_elem pol[IPT_POLICY_MAX_ELEM];
	48	u_int16_t flags;
	49	u_int16_t len;
	50	};
	51
	52	#endif /* _IPT_POLICY_H */


diff --git a/include/linux/netfilter_ipv6/ip6t_policy.h b/include/linux/netfilter_ipv6/ip6t_policy.h new file mode 100644 index 000000000000..5a93afcd2ff1 --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_policy.h
@@ -0,0 +1,52 @@
	1	#ifndef _IP6T_POLICY_H
	2	#define _IP6T_POLICY_H
	3
	4	#define IP6T_POLICY_MAX_ELEM 4
	5
	6	enum ip6t_policy_flags
	7	{
	8	IP6T_POLICY_MATCH_IN = 0x1,
	9	IP6T_POLICY_MATCH_OUT = 0x2,
	10	IP6T_POLICY_MATCH_NONE = 0x4,
	11	IP6T_POLICY_MATCH_STRICT = 0x8,
	12	};
	13
	14	enum ip6t_policy_modes
	15	{
	16	IP6T_POLICY_MODE_TRANSPORT,
	17	IP6T_POLICY_MODE_TUNNEL
	18	};
	19
	20	struct ip6t_policy_spec
	21	{
	22	u_int8_t saddr:1,
	23	daddr:1,
	24	proto:1,
	25	mode:1,
	26	spi:1,
	27	reqid:1;
	28	};
	29
	30	struct ip6t_policy_elem
	31	{
	32	struct in6_addr saddr;
	33	struct in6_addr smask;
	34	struct in6_addr daddr;
	35	struct in6_addr dmask;
	36	u_int32_t spi;
	37	u_int32_t reqid;
	38	u_int8_t proto;
	39	u_int8_t mode;
	40
	41	struct ip6t_policy_spec match;
	42	struct ip6t_policy_spec invert;
	43	};
	44
	45	struct ip6t_policy_info
	46	{
	47	struct ip6t_policy_elem pol[IP6T_POLICY_MAX_ELEM];
	48	u_int16_t flags;
	49	u_int16_t len;
	50	};
	51
	52	#endif /* _IP6T_POLICY_H */