[mirror_iproute2.git] / include / uapi / linux / netfilter.h

/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_NETFILTER_H
#define __LINUX_NETFILTER_H

#include <linux/types.h>

#include <linux/in.h>
#include <linux/in6.h>

/* Responses from hook functions. */
#define NF_DROP 0
#define NF_ACCEPT 1
#define NF_STOLEN 2
#define NF_QUEUE 3
#define NF_REPEAT 4
#define NF_STOP 5	/* Deprecated, for userspace nf_queue compatibility. */
#define NF_MAX_VERDICT NF_STOP

/* we overload the higher bits for encoding auxiliary data such as the queue
 * number or errno values. Not nice, but better than additional function
 * arguments. */
#define NF_VERDICT_MASK 0x000000ff

/* extra verdict flags have mask 0x0000ff00 */
#define NF_VERDICT_FLAG_QUEUE_BYPASS	0x00008000

/* queue number (NF_QUEUE) or errno (NF_DROP) */
#define NF_VERDICT_QMASK 0xffff0000
#define NF_VERDICT_QBITS 16

#define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE)

#define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP)

/* only for userspace compatibility */

/* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */
#define NF_VERDICT_BITS 16

enum nf_inet_hooks {
	NF_INET_PRE_ROUTING,
	NF_INET_LOCAL_IN,
	NF_INET_FORWARD,
	NF_INET_LOCAL_OUT,
	NF_INET_POST_ROUTING,
	NF_INET_NUMHOOKS
};

enum nf_dev_hooks {
	NF_NETDEV_INGRESS,
	NF_NETDEV_NUMHOOKS
};

enum {
	NFPROTO_UNSPEC =  0,
	NFPROTO_INET   =  1,
	NFPROTO_IPV4   =  2,
	NFPROTO_ARP    =  3,
	NFPROTO_NETDEV =  5,
	NFPROTO_BRIDGE =  7,
	NFPROTO_IPV6   = 10,
	NFPROTO_DECNET = 12,
	NFPROTO_NUMPROTO,
};

union nf_inet_addr {
	__u32		all[4];
	__be32		ip;
	__be32		ip6[4];
	struct in_addr	in;
	struct in6_addr	in6;
};

#endif /* __LINUX_NETFILTER_H */
Commit	Line	Data
ba914908	1	/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
910773dc SH	2	#ifndef __LINUX_NETFILTER_H
910773dc SH	3	#define __LINUX_NETFILTER_H
be8d89d3	4
3ea2fb98	5	#include <linux/types.h>
be8d89d3	6
ff631c3a SH	7	#include <linux/in.h>
ff631c3a SH	8	#include <linux/in6.h>
e95c8fc3	9
be8d89d3 SH	10	/* Responses from hook functions. */
	11	#define NF_DROP 0
	12	#define NF_ACCEPT 1
	13	#define NF_STOLEN 2
	14	#define NF_QUEUE 3
	15	#define NF_REPEAT 4
1a97748b	16	#define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */
be8d89d3 SH	17	#define NF_MAX_VERDICT NF_STOP
	18
	19	/* we overload the higher bits for encoding auxiliary data such as the queue
21cfb5e1 SH	20	* number or errno values. Not nice, but better than additional function
	21	* arguments. */
	22	#define NF_VERDICT_MASK 0x000000ff
	23
	24	/* extra verdict flags have mask 0x0000ff00 */
	25	#define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000
be8d89d3	26
21cfb5e1	27	/* queue number (NF_QUEUE) or errno (NF_DROP) */
be8d89d3 SH	28	#define NF_VERDICT_QMASK 0xffff0000
	29	#define NF_VERDICT_QBITS 16
	30
21cfb5e1	31	#define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) \| NF_QUEUE)
be8d89d3	32
21cfb5e1	33	#define NF_DROP_ERR(x) (((-x) << 16) \| NF_DROP)
9351fec7	34
be8d89d3	35	/* only for userspace compatibility */
be8d89d3	36
21cfb5e1 SH	37	/* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */
	38	#define NF_VERDICT_BITS 16
	39
be8d89d3 SH	40	enum nf_inet_hooks {
	41	NF_INET_PRE_ROUTING,
	42	NF_INET_LOCAL_IN,
	43	NF_INET_FORWARD,
	44	NF_INET_LOCAL_OUT,
	45	NF_INET_POST_ROUTING,
	46	NF_INET_NUMHOOKS
	47	};
	48
8f42ceaf SH	49	enum nf_dev_hooks {
	50	NF_NETDEV_INGRESS,
	51	NF_NETDEV_NUMHOOKS
	52	};
	53
05bfd165 SH	54	enum {
05bfd165 SH	55	NFPROTO_UNSPEC = 0,
af9cd912	56	NFPROTO_INET = 1,
05bfd165 SH	57	NFPROTO_IPV4 = 2,
05bfd165 SH	58	NFPROTO_ARP = 3,
8f42ceaf	59	NFPROTO_NETDEV = 5,
05bfd165 SH	60	NFPROTO_BRIDGE = 7,
	61	NFPROTO_IPV6 = 10,
	62	NFPROTO_DECNET = 12,
	63	NFPROTO_NUMPROTO,
	64	};
	65
bfe594fe	66	union nf_inet_addr {
5344bb28	67	__u32 all[4];
bfe594fe SH	68	__be32 ip;
bfe594fe SH	69	__be32 ip6[4];
fb8cc5b2 SH	70	struct in_addr in;
fb8cc5b2 SH	71	struct in6_addr in6;
bfe594fe SH	72	};
bfe594fe SH	73
910773dc	74	#endif /* __LINUX_NETFILTER_H */