]>
Commit | Line | Data |
---|---|---|
ba914908 | 1 | /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ |
910773dc SH |
2 | #ifndef __LINUX_NETFILTER_H |
3 | #define __LINUX_NETFILTER_H | |
be8d89d3 | 4 | |
3ea2fb98 | 5 | #include <linux/types.h> |
be8d89d3 | 6 | |
ff631c3a SH |
7 | #include <linux/in.h> |
8 | #include <linux/in6.h> | |
e95c8fc3 | 9 | |
be8d89d3 SH |
10 | /* Responses from hook functions. */ |
11 | #define NF_DROP 0 | |
12 | #define NF_ACCEPT 1 | |
13 | #define NF_STOLEN 2 | |
14 | #define NF_QUEUE 3 | |
15 | #define NF_REPEAT 4 | |
1a97748b | 16 | #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ |
be8d89d3 SH |
17 | #define NF_MAX_VERDICT NF_STOP |
18 | ||
19 | /* we overload the higher bits for encoding auxiliary data such as the queue | |
21cfb5e1 SH |
20 | * number or errno values. Not nice, but better than additional function |
21 | * arguments. */ | |
22 | #define NF_VERDICT_MASK 0x000000ff | |
23 | ||
24 | /* extra verdict flags have mask 0x0000ff00 */ | |
25 | #define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000 | |
be8d89d3 | 26 | |
21cfb5e1 | 27 | /* queue number (NF_QUEUE) or errno (NF_DROP) */ |
be8d89d3 SH |
28 | #define NF_VERDICT_QMASK 0xffff0000 |
29 | #define NF_VERDICT_QBITS 16 | |
30 | ||
21cfb5e1 | 31 | #define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE) |
be8d89d3 | 32 | |
21cfb5e1 | 33 | #define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP) |
9351fec7 | 34 | |
be8d89d3 | 35 | /* only for userspace compatibility */ |
be8d89d3 | 36 | |
21cfb5e1 SH |
37 | /* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */ |
38 | #define NF_VERDICT_BITS 16 | |
39 | ||
be8d89d3 SH |
40 | enum nf_inet_hooks { |
41 | NF_INET_PRE_ROUTING, | |
42 | NF_INET_LOCAL_IN, | |
43 | NF_INET_FORWARD, | |
44 | NF_INET_LOCAL_OUT, | |
45 | NF_INET_POST_ROUTING, | |
14b189f0 SH |
46 | NF_INET_NUMHOOKS, |
47 | NF_INET_INGRESS = NF_INET_NUMHOOKS, | |
be8d89d3 SH |
48 | }; |
49 | ||
8f42ceaf SH |
50 | enum nf_dev_hooks { |
51 | NF_NETDEV_INGRESS, | |
52 | NF_NETDEV_NUMHOOKS | |
53 | }; | |
54 | ||
05bfd165 SH |
55 | enum { |
56 | NFPROTO_UNSPEC = 0, | |
af9cd912 | 57 | NFPROTO_INET = 1, |
05bfd165 SH |
58 | NFPROTO_IPV4 = 2, |
59 | NFPROTO_ARP = 3, | |
8f42ceaf | 60 | NFPROTO_NETDEV = 5, |
05bfd165 SH |
61 | NFPROTO_BRIDGE = 7, |
62 | NFPROTO_IPV6 = 10, | |
63 | NFPROTO_DECNET = 12, | |
64 | NFPROTO_NUMPROTO, | |
65 | }; | |
66 | ||
bfe594fe | 67 | union nf_inet_addr { |
5344bb28 | 68 | __u32 all[4]; |
bfe594fe SH |
69 | __be32 ip; |
70 | __be32 ip6[4]; | |
fb8cc5b2 SH |
71 | struct in_addr in; |
72 | struct in6_addr in6; | |
bfe594fe SH |
73 | }; |
74 | ||
910773dc | 75 | #endif /* __LINUX_NETFILTER_H */ |