1 #ifndef __LINUX_NETFILTER_H 2 #define __LINUX_NETFILTER_H 3 4 #include <linux/types.h> 5 6 #ifndef _NETINET_IN_H 7 #include <linux/in.h> 8 #include <linux/in6.h> 9 #endif 10 #include <limits.h> 11 12 /* Responses from hook functions. */ 13 #define NF_DROP 0 14 #define NF_ACCEPT 1 15 #define NF_STOLEN 2 16 #define NF_QUEUE 3 17 #define NF_REPEAT 4 18 #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ 19 #define NF_MAX_VERDICT NF_STOP 20 21 /* we overload the higher bits for encoding auxiliary data such as the queue 22 * number or errno values. Not nice, but better than additional function 23 * arguments. */ 24 #define NF_VERDICT_MASK 0x000000ff 25 26 /* extra verdict flags have mask 0x0000ff00 */ 27 #define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000 28 29 /* queue number (NF_QUEUE) or errno (NF_DROP) */ 30 #define NF_VERDICT_QMASK 0xffff0000 31 #define NF_VERDICT_QBITS 16 32 33 #define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE) 34 35 #define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP) 36 37 /* only for userspace compatibility */ 38 /* Generic cache responses from hook functions. 39 <= 0x2000 is used for protocol-flags. */ 40 #define NFC_UNKNOWN 0x4000 41 #define NFC_ALTERED 0x8000 42 43 /* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */ 44 #define NF_VERDICT_BITS 16 45 46 enum nf_inet_hooks { 47 NF_INET_PRE_ROUTING, 48 NF_INET_LOCAL_IN, 49 NF_INET_FORWARD, 50 NF_INET_LOCAL_OUT, 51 NF_INET_POST_ROUTING, 52 NF_INET_NUMHOOKS 53 }; 54 55 enum nf_dev_hooks { 56 NF_NETDEV_INGRESS, 57 NF_NETDEV_NUMHOOKS 58 }; 59 60 enum { 61 NFPROTO_UNSPEC = 0, 62 NFPROTO_INET = 1, 63 NFPROTO_IPV4 = 2, 64 NFPROTO_ARP = 3, 65 NFPROTO_NETDEV = 5, 66 NFPROTO_BRIDGE = 7, 67 NFPROTO_IPV6 = 10, 68 NFPROTO_DECNET = 12, 69 NFPROTO_NUMPROTO, 70 }; 71 72 union nf_inet_addr { 73 __u32 all[4]; 74 __be32 ip; 75 __be32 ip6[4]; 76 struct in_addr in; 77 struct in6_addr in6; 78 }; 79 80 #endif /* __LINUX_NETFILTER_H */ 81