summaryrefslogtreecommitdiffstats
path: root/include/linux/netfilter_ipv6
diff options
context:
space:
mode:
authorHarald Welte <laforge@gnumonks.org>2002-03-25 08:38:26 +0000
committerHarald Welte <laforge@gnumonks.org>2002-03-25 08:38:26 +0000
commitd32980df1da9d81a93280b4f0e023c58055c4b0c (patch)
tree765f774d26940fbca39981425535b06801175787 /include/linux/netfilter_ipv6
parente920f29853671e9a7f7fea3e0b43305136793159 (diff)
Add AH/ESP match for ipv6
Diffstat (limited to 'include/linux/netfilter_ipv6')
-rw-r--r--include/linux/netfilter_ipv6/ip6t_ah.h21
-rw-r--r--include/linux/netfilter_ipv6/ip6t_esp.h23
2 files changed, 44 insertions, 0 deletions
diff --git a/include/linux/netfilter_ipv6/ip6t_ah.h b/include/linux/netfilter_ipv6/ip6t_ah.h
new file mode 100644
index 00000000..8531879e
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_ah.h
@@ -0,0 +1,21 @@
+#ifndef _IP6T_AH_H
+#define _IP6T_AH_H
+
+struct ip6t_ah
+{
+ u_int32_t spis[2]; /* Security Parameter Index */
+ u_int32_t hdrlen; /* Header Length */
+ u_int8_t hdrres; /* Test of the Reserved Filed */
+ u_int8_t invflags; /* Inverse flags */
+};
+
+#define IP6T_AH_SPI 0x01
+#define IP6T_AH_LEN 0x02
+#define IP6T_AH_RES 0x04
+
+/* Values for "invflags" field in struct ip6t_ah. */
+#define IP6T_AH_INV_SPI 0x01 /* Invert the sense of spi. */
+#define IP6T_AH_INV_LEN 0x02 /* Invert the sense of length. */
+#define IP6T_AH_INV_MASK 0x03 /* All possible flags. */
+
+#endif /*_IP6T_AH_H*/
diff --git a/include/linux/netfilter_ipv6/ip6t_esp.h b/include/linux/netfilter_ipv6/ip6t_esp.h
new file mode 100644
index 00000000..01142b98
--- /dev/null
+++ b/include/linux/netfilter_ipv6/ip6t_esp.h
@@ -0,0 +1,23 @@
+#ifndef _IP6T_ESP_H
+#define _IP6T_ESP_H
+
+struct ip6t_esp
+{
+ u_int32_t spis[2]; /* Security Parameter Index */
+ u_int8_t invflags; /* Inverse flags */
+};
+
+#define MASK_HOPOPTS 128
+#define MASK_DSTOPTS 64
+#define MASK_ROUTING 32
+#define MASK_FRAGMENT 16
+#define MASK_AH 8
+#define MASK_ESP 4
+#define MASK_NONE 2
+#define MASK_PROTO 1
+
+/* Values for "invflags" field in struct ip6t_esp. */
+#define IP6T_ESP_INV_SPI 0x01 /* Invert the sense of spi. */
+#define IP6T_ESP_INV_MASK 0x01 /* All possible flags. */
+
+#endif /*_IP6T_ESP_H*/