[NETFILTER]: x_tables: replace IPv4/IPv6 policy match by address family independant version

	unsigned int matchsize;

	unsigned int hooks;

	unsigned short proto;

	unsigned short family;

	u_int8_t revision;

};

	unsigned int targetsize;

	unsigned int hooks;

	unsigned short proto;

	unsigned short family;

	u_int8_t revision;

};

#ifndef _XT_POLICY_H

#define _XT_POLICY_H

#define XT_POLICY_MAX_ELEM	4

enum xt_policy_flags

{

	XT_POLICY_MATCH_IN	= 0x1,

	XT_POLICY_MATCH_OUT	= 0x2,

	XT_POLICY_MATCH_NONE	= 0x4,

	XT_POLICY_MATCH_STRICT	= 0x8,

};

enum xt_policy_modes

{

	XT_POLICY_MODE_TRANSPORT,

	XT_POLICY_MODE_TUNNEL

};

struct xt_policy_spec

{

	u_int8_t	saddr:1,

			daddr:1,

			proto:1,

			mode:1,

			spi:1,

			reqid:1;

};

union xt_policy_addr

{

	struct in_addr	a4;

	struct in6_addr	a6;

};

struct xt_policy_elem

{

	union xt_policy_addr	saddr;

	union xt_policy_addr	smask;

	union xt_policy_addr	daddr;

	union xt_policy_addr	dmask;

	u_int32_t		spi;

	u_int32_t		reqid;

	u_int8_t		proto;

	u_int8_t		mode;

	struct xt_policy_spec	match;

	struct xt_policy_spec	invert;

};

struct xt_policy_info

{

	struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];

	u_int16_t flags;

	u_int16_t len;

};

#endif /* _XT_POLICY_H */

#ifndef _IPT_POLICY_H

#define _IPT_POLICY_H

#define IPT_POLICY_MAX_ELEM	4

enum ipt_policy_flags

{

	IPT_POLICY_MATCH_IN	= 0x1,

	IPT_POLICY_MATCH_OUT	= 0x2,

	IPT_POLICY_MATCH_NONE	= 0x4,

	IPT_POLICY_MATCH_STRICT	= 0x8,

};

enum ipt_policy_modes

{

	IPT_POLICY_MODE_TRANSPORT,

	IPT_POLICY_MODE_TUNNEL

};

struct ipt_policy_spec

{

	u_int8_t	saddr:1,

			daddr:1,

			proto:1,

			mode:1,

			spi:1,

			reqid:1;

};

union ipt_policy_addr

{

	struct in_addr	a4;

	struct in6_addr	a6;

};

struct ipt_policy_elem

{

	union ipt_policy_addr	saddr;

	union ipt_policy_addr	smask;

	union ipt_policy_addr	daddr;

	union ipt_policy_addr	dmask;

	u_int32_t		spi;

	u_int32_t		reqid;

	u_int8_t		proto;

	u_int8_t		mode;

	struct ipt_policy_spec	match;

	struct ipt_policy_spec	invert;

};

struct ipt_policy_info

{

	struct ipt_policy_elem pol[IPT_POLICY_MAX_ELEM];

	u_int16_t flags;

	u_int16_t len;

};

#define IPT_POLICY_MAX_ELEM		XT_POLICY_MAX_ELEM

/* ipt_policy_flags */

#define IPT_POLICY_MATCH_IN		XT_POLICY_MATCH_IN

#define IPT_POLICY_MATCH_OUT		XT_POLICY_MATCH_OUT

#define IPT_POLICY_MATCH_NONE		XT_POLICY_MATCH_NONE

#define IPT_POLICY_MATCH_STRICT		XT_POLICY_MATCH_STRICT

/* ipt_policy_modes */

#define IPT_POLICY_MODE_TRANSPORT	XT_POLICY_MODE_TRANSPORT

#define IPT_POLICY_MODE_TUNNEL		XT_POLICY_MODE_TUNNEL

#define ipt_policy_spec			xt_policy_spec

#define ipt_policy_addr			xt_policy_addr

#define ipt_policy_elem			xt_policy_elem

#define ipt_policy_info			xt_policy_info

#endif /* _IPT_POLICY_H */

#ifndef _IP6T_POLICY_H

#define _IP6T_POLICY_H

#define IP6T_POLICY_MAX_ELEM	4

enum ip6t_policy_flags

{

	IP6T_POLICY_MATCH_IN		= 0x1,

	IP6T_POLICY_MATCH_OUT		= 0x2,

	IP6T_POLICY_MATCH_NONE		= 0x4,

	IP6T_POLICY_MATCH_STRICT	= 0x8,

};

enum ip6t_policy_modes

{

	IP6T_POLICY_MODE_TRANSPORT,

	IP6T_POLICY_MODE_TUNNEL

};

struct ip6t_policy_spec

{

	u_int8_t	saddr:1,

			daddr:1,

			proto:1,

			mode:1,

			spi:1,

			reqid:1;

};

union ip6t_policy_addr

{

	struct in_addr	a4;

	struct in6_addr	a6;

};

struct ip6t_policy_elem

{

	union ip6t_policy_addr	saddr;

	union ip6t_policy_addr	smask;

	union ip6t_policy_addr	daddr;

	union ip6t_policy_addr	dmask;

	u_int32_t		spi;

	u_int32_t		reqid;

	u_int8_t		proto;

	u_int8_t		mode;

	struct ip6t_policy_spec	match;

	struct ip6t_policy_spec	invert;

};

struct ip6t_policy_info

{

	struct ip6t_policy_elem pol[IP6T_POLICY_MAX_ELEM];

	u_int16_t flags;

	u_int16_t len;

};

#define IP6T_POLICY_MAX_ELEM		XT_POLICY_MAX_ELEM

/* ip6t_policy_flags */

#define IP6T_POLICY_MATCH_IN		XT_POLICY_MATCH_IN

#define IP6T_POLICY_MATCH_OUT		XT_POLICY_MATCH_OUT

#define IP6T_POLICY_MATCH_NONE		XT_POLICY_MATCH_NONE

#define IP6T_POLICY_MATCH_STRICT	XT_POLICY_MATCH_STRICT

/* ip6t_policy_modes */

#define IP6T_POLICY_MODE_TRANSPORT	XT_POLICY_MODE_TRANSPORT

#define IP6T_POLICY_MODE_TUNNEL		XT_POLICY_MODE_TUNNEL

#define ip6t_policy_spec		xt_policy_spec

#define ip6t_policy_addr		xt_policy_addr

#define ip6t_policy_elem		xt_policy_elem

#define ip6t_policy_info		xt_policy_info

#endif /* _IP6T_POLICY_H */

	  destination IP' or `500pps from any given source IP'  with a single

	  IPtables rule.

config IP_NF_MATCH_POLICY

       tristate "IPsec policy match support"

       depends on IP_NF_IPTABLES && XFRM

       help

         Policy matching allows you to match packets based on the

         IPsec policy that was used during decapsulation/will

         be used during encapsulation.

         To compile it as a module, choose M here.  If unsure, say N.

# `filter', generic and specific targets

config IP_NF_FILTER

	tristate "Packet filtering"