1 | /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ |
2 | #ifndef _UAPI__LINUX_NETFILTER_H |
3 | #define _UAPI__LINUX_NETFILTER_H |
4 | |
5 | #include <linux/types.h> |
6 | #include <linux/compiler.h> |
7 | #include <linux/in.h> |
8 | #include <linux/in6.h> |
9 | |
10 | /* Responses from hook functions. */ |
11 | #define NF_DROP 0 |
12 | #define NF_ACCEPT 1 |
13 | #define NF_STOLEN 2 |
14 | #define NF_QUEUE 3 |
15 | #define NF_REPEAT 4 |
16 | #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ |
17 | #define NF_MAX_VERDICT NF_STOP |
18 | |
19 | /* we overload the higher bits for encoding auxiliary data such as the queue |
20 | * number or errno values. Not nice, but better than additional function |
21 | * arguments. */ |
22 | #define NF_VERDICT_MASK 0x000000ff |
23 | |
24 | /* extra verdict flags have mask 0x0000ff00 */ |
25 | #define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000 |
26 | |
27 | /* queue number (NF_QUEUE) or errno (NF_DROP) */ |
28 | #define NF_VERDICT_QMASK 0xffff0000 |
29 | #define NF_VERDICT_QBITS 16 |
30 | |
31 | #define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE) |
32 | |
33 | #define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP) |
34 | |
35 | /* only for userspace compatibility */ |
36 | #ifndef __KERNEL__ |
37 | |
38 | /* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */ |
39 | #define NF_VERDICT_BITS 16 |
40 | #endif |
41 | |
42 | enum nf_inet_hooks { |
43 | NF_INET_PRE_ROUTING, |
44 | NF_INET_LOCAL_IN, |
45 | NF_INET_FORWARD, |
46 | NF_INET_LOCAL_OUT, |
47 | NF_INET_POST_ROUTING, |
48 | NF_INET_NUMHOOKS, |
49 | NF_INET_INGRESS = NF_INET_NUMHOOKS, |
50 | }; |
51 | |
52 | enum nf_dev_hooks { |
53 | NF_NETDEV_INGRESS, |
54 | NF_NETDEV_EGRESS, |
55 | NF_NETDEV_NUMHOOKS |
56 | }; |
57 | |
58 | enum { |
59 | NFPROTO_UNSPEC = 0, |
60 | NFPROTO_INET = 1, |
61 | NFPROTO_IPV4 = 2, |
62 | NFPROTO_ARP = 3, |
63 | NFPROTO_NETDEV = 5, |
64 | NFPROTO_BRIDGE = 7, |
65 | NFPROTO_IPV6 = 10, |
66 | #ifndef __KERNEL__ /* no longer supported by kernel */ |
67 | NFPROTO_DECNET = 12, |
68 | #endif |
69 | NFPROTO_NUMPROTO, |
70 | }; |
71 | |
72 | union nf_inet_addr { |
73 | __u32 all[4]; |
74 | __be32 ip; |
75 | __be32 ip6[4]; |
76 | struct in_addr in; |
77 | struct in6_addr in6; |
78 | }; |
79 | |
80 | #endif /* _UAPI__LINUX_NETFILTER_H */ |
81 | |