Commit | Line | Data |
---|---|---|
6f52b16c | 1 | /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ |
607ca46e DH |
2 | #ifndef _UAPI__LINUX_NETFILTER_H |
3 | #define _UAPI__LINUX_NETFILTER_H | |
4 | ||
5 | #include <linux/types.h> | |
6 | #include <linux/compiler.h> | |
a263653e PNA |
7 | #include <linux/in.h> |
8 | #include <linux/in6.h> | |
607ca46e DH |
9 | |
10 | /* Responses from hook functions. */ | |
11 | #define NF_DROP 0 | |
12 | #define NF_ACCEPT 1 | |
13 | #define NF_STOLEN 2 | |
14 | #define NF_QUEUE 3 | |
15 | #define NF_REPEAT 4 | |
06fd3a39 | 16 | #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ |
607ca46e DH |
17 | #define NF_MAX_VERDICT NF_STOP |
18 | ||
19 | /* we overload the higher bits for encoding auxiliary data such as the queue | |
20 | * number or errno values. Not nice, but better than additional function | |
21 | * arguments. */ | |
22 | #define NF_VERDICT_MASK 0x000000ff | |
23 | ||
24 | /* extra verdict flags have mask 0x0000ff00 */ | |
25 | #define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000 | |
26 | ||
27 | /* queue number (NF_QUEUE) or errno (NF_DROP) */ | |
28 | #define NF_VERDICT_QMASK 0xffff0000 | |
29 | #define NF_VERDICT_QBITS 16 | |
30 | ||
31 | #define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE) | |
32 | ||
33 | #define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP) | |
34 | ||
35 | /* only for userspace compatibility */ | |
36 | #ifndef __KERNEL__ | |
607ca46e DH |
37 | |
38 | /* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */ | |
39 | #define NF_VERDICT_BITS 16 | |
40 | #endif | |
41 | ||
42 | enum nf_inet_hooks { | |
43 | NF_INET_PRE_ROUTING, | |
44 | NF_INET_LOCAL_IN, | |
45 | NF_INET_FORWARD, | |
46 | NF_INET_LOCAL_OUT, | |
47 | NF_INET_POST_ROUTING, | |
d25e2e93 PNA |
48 | NF_INET_NUMHOOKS, |
49 | NF_INET_INGRESS = NF_INET_NUMHOOKS, | |
607ca46e DH |
50 | }; |
51 | ||
e687ad60 PN |
52 | enum nf_dev_hooks { |
53 | NF_NETDEV_INGRESS, | |
42df6e1d | 54 | NF_NETDEV_EGRESS, |
e687ad60 PN |
55 | NF_NETDEV_NUMHOOKS |
56 | }; | |
57 | ||
607ca46e DH |
58 | enum { |
59 | NFPROTO_UNSPEC = 0, | |
1d49144c | 60 | NFPROTO_INET = 1, |
607ca46e DH |
61 | NFPROTO_IPV4 = 2, |
62 | NFPROTO_ARP = 3, | |
e687ad60 | 63 | NFPROTO_NETDEV = 5, |
607ca46e DH |
64 | NFPROTO_BRIDGE = 7, |
65 | NFPROTO_IPV6 = 10, | |
a0a4de4d | 66 | #ifndef __KERNEL__ /* no longer supported by kernel */ |
607ca46e | 67 | NFPROTO_DECNET = 12, |
a0a4de4d | 68 | #endif |
607ca46e DH |
69 | NFPROTO_NUMPROTO, |
70 | }; | |
71 | ||
72 | union nf_inet_addr { | |
73 | __u32 all[4]; | |
74 | __be32 ip; | |
75 | __be32 ip6[4]; | |
76 | struct in_addr in; | |
77 | struct in6_addr in6; | |
78 | }; | |
79 | ||
80 | #endif /* _UAPI__LINUX_NETFILTER_H */ |