1/*
2 *
3 *	Flow based forwarding rules (usage: firewalling, etc)
4 *
5 */
6
7#ifndef _NET_FLOW_H
8#define _NET_FLOW_H
9
10struct flowi {
11	int	proto;		/*	{TCP, UDP, ICMP}	*/
12
13	union {
14		struct {
15			__u32			daddr;
16			__u32			saddr;
17		} ip4_u;
18
19		struct {
20			struct in6_addr *	daddr;
21			struct in6_addr *	saddr;
22			__u32			flowlabel;
23		} ip6_u;
24	} nl_u;
25#define fl6_dst		nl_u.ip6_u.daddr
26#define fl6_src		nl_u.ip6_u.saddr
27#define fl6_flowlabel	nl_u.ip6_u.flowlabel
28#define fl4_dst		nl_u.ip4_u.daddr
29#define fl4_src		nl_u.ip4_u.saddr
30
31	int	oif;
32
33	union {
34		struct {
35			__u16	sport;
36			__u16	dport;
37		} ports;
38
39		struct {
40			__u8	type;
41			__u8	code;
42		} icmpt;
43
44		unsigned long	data;
45	} uli_u;
46};
47
48#define FLOWR_NODECISION	0	/* rule not appliable to flow	*/
49#define FLOWR_SELECT		1	/* flow must follow this rule	*/
50#define FLOWR_CLEAR		2	/* priority level clears flow	*/
51#define FLOWR_ERROR		3
52
53struct fl_acc_args {
54	int	type;
55
56
57#define FL_ARG_FORWARD	1
58#define FL_ARG_ORIGIN	2
59
60	union {
61		struct sk_buff		*skb;
62		struct {
63			struct sock	*sk;
64			struct flowi	*flow;
65		} fl_o;
66	} fl_u;
67};
68
69
70struct pkt_filter {
71	atomic_t		refcnt;
72	unsigned int		offset;
73	__u32			value;
74	__u32			mask;
75	struct pkt_filter	*next;
76};
77
78#define FLR_INPUT		1
79#define FLR_OUTPUT		2
80
81struct flow_filter {
82	int				type;
83	union {
84		struct pkt_filter	*filter;
85		struct sock		*sk;
86	} u;
87};
88
89struct flow_rule {
90	struct flow_rule_ops		*ops;
91	unsigned char			private[0];
92};
93
94struct flow_rule_ops {
95	int			(*accept)(struct rt6_info *rt,
96					  struct rt6_info *rule,
97					  struct fl_acc_args *args,
98					  struct rt6_info **nrt);
99};
100
101#endif
102