Commit | Line | Data |
---|---|---|
607ca46e DH |
1 | #ifndef _UAPI__LINUX_NETFILTER_H |
2 | #define _UAPI__LINUX_NETFILTER_H | |
3 | ||
4 | #include <linux/types.h> | |
5 | #include <linux/compiler.h> | |
6 | #include <linux/sysctl.h> | |
7 | ||
8 | ||
9 | /* Responses from hook functions. */ | |
10 | #define NF_DROP 0 | |
11 | #define NF_ACCEPT 1 | |
12 | #define NF_STOLEN 2 | |
13 | #define NF_QUEUE 3 | |
14 | #define NF_REPEAT 4 | |
15 | #define NF_STOP 5 | |
16 | #define NF_MAX_VERDICT NF_STOP | |
17 | ||
18 | /* we overload the higher bits for encoding auxiliary data such as the queue | |
19 | * number or errno values. Not nice, but better than additional function | |
20 | * arguments. */ | |
21 | #define NF_VERDICT_MASK 0x000000ff | |
22 | ||
23 | /* extra verdict flags have mask 0x0000ff00 */ | |
24 | #define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000 | |
25 | ||
26 | /* queue number (NF_QUEUE) or errno (NF_DROP) */ | |
27 | #define NF_VERDICT_QMASK 0xffff0000 | |
28 | #define NF_VERDICT_QBITS 16 | |
29 | ||
30 | #define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE) | |
31 | ||
32 | #define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP) | |
33 | ||
34 | /* only for userspace compatibility */ | |
35 | #ifndef __KERNEL__ | |
36 | /* Generic cache responses from hook functions. | |
37 | <= 0x2000 is used for protocol-flags. */ | |
38 | #define NFC_UNKNOWN 0x4000 | |
39 | #define NFC_ALTERED 0x8000 | |
40 | ||
41 | /* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */ | |
42 | #define NF_VERDICT_BITS 16 | |
43 | #endif | |
44 | ||
45 | enum nf_inet_hooks { | |
46 | NF_INET_PRE_ROUTING, | |
47 | NF_INET_LOCAL_IN, | |
48 | NF_INET_FORWARD, | |
49 | NF_INET_LOCAL_OUT, | |
50 | NF_INET_POST_ROUTING, | |
51 | NF_INET_NUMHOOKS | |
52 | }; | |
53 | ||
54 | enum { | |
55 | NFPROTO_UNSPEC = 0, | |
1d49144c | 56 | NFPROTO_INET = 1, |
607ca46e DH |
57 | NFPROTO_IPV4 = 2, |
58 | NFPROTO_ARP = 3, | |
59 | NFPROTO_BRIDGE = 7, | |
60 | NFPROTO_IPV6 = 10, | |
61 | NFPROTO_DECNET = 12, | |
62 | NFPROTO_NUMPROTO, | |
63 | }; | |
64 | ||
65 | union nf_inet_addr { | |
66 | __u32 all[4]; | |
67 | __be32 ip; | |
68 | __be32 ip6[4]; | |
69 | struct in_addr in; | |
70 | struct in6_addr in6; | |
71 | }; | |
72 | ||
73 | #endif /* _UAPI__LINUX_NETFILTER_H */ |