David Howells | 607ca46 | 2012-10-13 10:46:48 +0100 | [diff] [blame] | 1 | #ifndef _UAPI__LINUX_NETFILTER_H |
| 2 | #define _UAPI__LINUX_NETFILTER_H |
| 3 | |
| 4 | #include <linux/types.h> |
| 5 | #include <linux/compiler.h> |
| 6 | #include <linux/sysctl.h> |
Pablo Neira Ayuso | a263653 | 2015-06-17 10:28:27 -0500 | [diff] [blame] | 7 | #include <linux/in.h> |
| 8 | #include <linux/in6.h> |
David Howells | 607ca46 | 2012-10-13 10:46:48 +0100 | [diff] [blame] | 9 | |
| 10 | /* Responses from hook functions. */ |
| 11 | #define NF_DROP 0 |
| 12 | #define NF_ACCEPT 1 |
| 13 | #define NF_STOLEN 2 |
| 14 | #define NF_QUEUE 3 |
| 15 | #define NF_REPEAT 4 |
| 16 | #define NF_STOP 5 |
| 17 | #define NF_MAX_VERDICT NF_STOP |
| 18 | |
| 19 | /* we overload the higher bits for encoding auxiliary data such as the queue |
| 20 | * number or errno values. Not nice, but better than additional function |
| 21 | * arguments. */ |
| 22 | #define NF_VERDICT_MASK 0x000000ff |
| 23 | |
| 24 | /* extra verdict flags have mask 0x0000ff00 */ |
| 25 | #define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000 |
| 26 | |
| 27 | /* queue number (NF_QUEUE) or errno (NF_DROP) */ |
| 28 | #define NF_VERDICT_QMASK 0xffff0000 |
| 29 | #define NF_VERDICT_QBITS 16 |
| 30 | |
| 31 | #define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE) |
| 32 | |
| 33 | #define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP) |
| 34 | |
| 35 | /* only for userspace compatibility */ |
| 36 | #ifndef __KERNEL__ |
| 37 | /* Generic cache responses from hook functions. |
| 38 | <= 0x2000 is used for protocol-flags. */ |
| 39 | #define NFC_UNKNOWN 0x4000 |
| 40 | #define NFC_ALTERED 0x8000 |
| 41 | |
| 42 | /* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */ |
| 43 | #define NF_VERDICT_BITS 16 |
| 44 | #endif |
| 45 | |
| 46 | enum nf_inet_hooks { |
| 47 | NF_INET_PRE_ROUTING, |
| 48 | NF_INET_LOCAL_IN, |
| 49 | NF_INET_FORWARD, |
| 50 | NF_INET_LOCAL_OUT, |
| 51 | NF_INET_POST_ROUTING, |
| 52 | NF_INET_NUMHOOKS |
| 53 | }; |
| 54 | |
Pablo Neira | e687ad6 | 2015-05-13 18:19:38 +0200 | [diff] [blame] | 55 | enum nf_dev_hooks { |
| 56 | NF_NETDEV_INGRESS, |
| 57 | NF_NETDEV_NUMHOOKS |
| 58 | }; |
| 59 | |
David Howells | 607ca46 | 2012-10-13 10:46:48 +0100 | [diff] [blame] | 60 | enum { |
| 61 | NFPROTO_UNSPEC = 0, |
Patrick McHardy | 1d49144 | 2014-01-03 12:16:16 +0000 | [diff] [blame] | 62 | NFPROTO_INET = 1, |
David Howells | 607ca46 | 2012-10-13 10:46:48 +0100 | [diff] [blame] | 63 | NFPROTO_IPV4 = 2, |
| 64 | NFPROTO_ARP = 3, |
Pablo Neira | e687ad6 | 2015-05-13 18:19:38 +0200 | [diff] [blame] | 65 | NFPROTO_NETDEV = 5, |
David Howells | 607ca46 | 2012-10-13 10:46:48 +0100 | [diff] [blame] | 66 | NFPROTO_BRIDGE = 7, |
| 67 | NFPROTO_IPV6 = 10, |
| 68 | NFPROTO_DECNET = 12, |
| 69 | NFPROTO_NUMPROTO, |
| 70 | }; |
| 71 | |
| 72 | union nf_inet_addr { |
| 73 | __u32 all[4]; |
| 74 | __be32 ip; |
| 75 | __be32 ip6[4]; |
| 76 | struct in_addr in; |
| 77 | struct in6_addr in6; |
| 78 | }; |
| 79 | |
| 80 | #endif /* _UAPI__LINUX_NETFILTER_H */ |