mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-13 22:25:03 +00:00
c1c7e44b4f
IPv6 Segment Routing Header (SRH) contains a list of SIDs to be crossed by SR encapsulated packet. Each SID is encoded as an IPv6 prefix. When a Firewall receives an SR encapsulated packet, it should be able to identify which node previously processed the packet (previous SID), which node is going to process the packet next (next SID), and which node is the last to process the packet (last SID) which represent the final destination of the packet in case of inline SR mode. An example use-case of using these features could be SID list that includes two firewalls. When the second firewall receives a packet, it can check whether the packet has been processed by the first firewall or not. Based on that check, it decides to apply all rules, apply just subset of the rules, or totally skip all rules and forward the packet to the next SID. This patch extends SRH match to support matching previous SID, next SID, and last SID. Signed-off-by: Ahmed Abdelsalam <amsalam20@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
96 lines
3.2 KiB
C
96 lines
3.2 KiB
C
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
|
|
#ifndef _IP6T_SRH_H
|
|
#define _IP6T_SRH_H
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/netfilter.h>
|
|
|
|
/* Values for "mt_flags" field in struct ip6t_srh */
|
|
#define IP6T_SRH_NEXTHDR 0x0001
|
|
#define IP6T_SRH_LEN_EQ 0x0002
|
|
#define IP6T_SRH_LEN_GT 0x0004
|
|
#define IP6T_SRH_LEN_LT 0x0008
|
|
#define IP6T_SRH_SEGS_EQ 0x0010
|
|
#define IP6T_SRH_SEGS_GT 0x0020
|
|
#define IP6T_SRH_SEGS_LT 0x0040
|
|
#define IP6T_SRH_LAST_EQ 0x0080
|
|
#define IP6T_SRH_LAST_GT 0x0100
|
|
#define IP6T_SRH_LAST_LT 0x0200
|
|
#define IP6T_SRH_TAG 0x0400
|
|
#define IP6T_SRH_PSID 0x0800
|
|
#define IP6T_SRH_NSID 0x1000
|
|
#define IP6T_SRH_LSID 0x2000
|
|
#define IP6T_SRH_MASK 0x3FFF
|
|
|
|
/* Values for "mt_invflags" field in struct ip6t_srh */
|
|
#define IP6T_SRH_INV_NEXTHDR 0x0001
|
|
#define IP6T_SRH_INV_LEN_EQ 0x0002
|
|
#define IP6T_SRH_INV_LEN_GT 0x0004
|
|
#define IP6T_SRH_INV_LEN_LT 0x0008
|
|
#define IP6T_SRH_INV_SEGS_EQ 0x0010
|
|
#define IP6T_SRH_INV_SEGS_GT 0x0020
|
|
#define IP6T_SRH_INV_SEGS_LT 0x0040
|
|
#define IP6T_SRH_INV_LAST_EQ 0x0080
|
|
#define IP6T_SRH_INV_LAST_GT 0x0100
|
|
#define IP6T_SRH_INV_LAST_LT 0x0200
|
|
#define IP6T_SRH_INV_TAG 0x0400
|
|
#define IP6T_SRH_INV_PSID 0x0800
|
|
#define IP6T_SRH_INV_NSID 0x1000
|
|
#define IP6T_SRH_INV_LSID 0x2000
|
|
#define IP6T_SRH_INV_MASK 0x3FFF
|
|
|
|
/**
|
|
* struct ip6t_srh - SRH match options
|
|
* @ next_hdr: Next header field of SRH
|
|
* @ hdr_len: Extension header length field of SRH
|
|
* @ segs_left: Segments left field of SRH
|
|
* @ last_entry: Last entry field of SRH
|
|
* @ tag: Tag field of SRH
|
|
* @ mt_flags: match options
|
|
* @ mt_invflags: Invert the sense of match options
|
|
*/
|
|
|
|
struct ip6t_srh {
|
|
__u8 next_hdr;
|
|
__u8 hdr_len;
|
|
__u8 segs_left;
|
|
__u8 last_entry;
|
|
__u16 tag;
|
|
__u16 mt_flags;
|
|
__u16 mt_invflags;
|
|
};
|
|
|
|
/**
|
|
* struct ip6t_srh1 - SRH match options (revision 1)
|
|
* @ next_hdr: Next header field of SRH
|
|
* @ hdr_len: Extension header length field of SRH
|
|
* @ segs_left: Segments left field of SRH
|
|
* @ last_entry: Last entry field of SRH
|
|
* @ tag: Tag field of SRH
|
|
* @ psid_addr: Address of previous SID in SRH SID list
|
|
* @ nsid_addr: Address of NEXT SID in SRH SID list
|
|
* @ lsid_addr: Address of LAST SID in SRH SID list
|
|
* @ psid_msk: Mask of previous SID in SRH SID list
|
|
* @ nsid_msk: Mask of next SID in SRH SID list
|
|
* @ lsid_msk: MAsk of last SID in SRH SID list
|
|
* @ mt_flags: match options
|
|
* @ mt_invflags: Invert the sense of match options
|
|
*/
|
|
|
|
struct ip6t_srh1 {
|
|
__u8 next_hdr;
|
|
__u8 hdr_len;
|
|
__u8 segs_left;
|
|
__u8 last_entry;
|
|
__u16 tag;
|
|
struct in6_addr psid_addr;
|
|
struct in6_addr nsid_addr;
|
|
struct in6_addr lsid_addr;
|
|
struct in6_addr psid_msk;
|
|
struct in6_addr nsid_msk;
|
|
struct in6_addr lsid_msk;
|
|
__u16 mt_flags;
|
|
__u16 mt_invflags;
|
|
};
|
|
|
|
#endif /*_IP6T_SRH_H*/
|