130692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#ifndef _UAPI__LINUX_NETFILTER_H
230692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define _UAPI__LINUX_NETFILTER_H
330692c65c4174412c90e79489e98ab85c1a7412fBen Cheng
430692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#include <linux/types.h>
530692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#include <linux/compiler.h>
630692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#include <linux/sysctl.h>
730692c65c4174412c90e79489e98ab85c1a7412fBen Cheng
830692c65c4174412c90e79489e98ab85c1a7412fBen Cheng
930692c65c4174412c90e79489e98ab85c1a7412fBen Cheng/* Responses from hook functions. */
1030692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NF_DROP 0
1130692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NF_ACCEPT 1
1230692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NF_STOLEN 2
1330692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NF_QUEUE 3
1430692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NF_REPEAT 4
1530692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NF_STOP 5
1630692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NF_MAX_VERDICT NF_STOP
1730692c65c4174412c90e79489e98ab85c1a7412fBen Cheng
1830692c65c4174412c90e79489e98ab85c1a7412fBen Cheng/* we overload the higher bits for encoding auxiliary data such as the queue
1930692c65c4174412c90e79489e98ab85c1a7412fBen Cheng * number or errno values. Not nice, but better than additional function
2030692c65c4174412c90e79489e98ab85c1a7412fBen Cheng * arguments. */
2130692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NF_VERDICT_MASK 0x000000ff
2230692c65c4174412c90e79489e98ab85c1a7412fBen Cheng
2330692c65c4174412c90e79489e98ab85c1a7412fBen Cheng/* extra verdict flags have mask 0x0000ff00 */
2430692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NF_VERDICT_FLAG_QUEUE_BYPASS	0x00008000
2530692c65c4174412c90e79489e98ab85c1a7412fBen Cheng
2630692c65c4174412c90e79489e98ab85c1a7412fBen Cheng/* queue number (NF_QUEUE) or errno (NF_DROP) */
2730692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NF_VERDICT_QMASK 0xffff0000
2830692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NF_VERDICT_QBITS 16
2930692c65c4174412c90e79489e98ab85c1a7412fBen Cheng
3030692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE)
3130692c65c4174412c90e79489e98ab85c1a7412fBen Cheng
3230692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP)
3330692c65c4174412c90e79489e98ab85c1a7412fBen Cheng
3430692c65c4174412c90e79489e98ab85c1a7412fBen Cheng/* only for userspace compatibility */
3530692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#ifndef __KERNEL__
3630692c65c4174412c90e79489e98ab85c1a7412fBen Cheng/* Generic cache responses from hook functions.
3730692c65c4174412c90e79489e98ab85c1a7412fBen Cheng   <= 0x2000 is used for protocol-flags. */
3830692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NFC_UNKNOWN 0x4000
3930692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NFC_ALTERED 0x8000
4030692c65c4174412c90e79489e98ab85c1a7412fBen Cheng
4130692c65c4174412c90e79489e98ab85c1a7412fBen Cheng/* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */
4230692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#define NF_VERDICT_BITS 16
4330692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#endif
4430692c65c4174412c90e79489e98ab85c1a7412fBen Cheng
4530692c65c4174412c90e79489e98ab85c1a7412fBen Chengenum nf_inet_hooks {
4630692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	NF_INET_PRE_ROUTING,
4730692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	NF_INET_LOCAL_IN,
4830692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	NF_INET_FORWARD,
4930692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	NF_INET_LOCAL_OUT,
5030692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	NF_INET_POST_ROUTING,
5130692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	NF_INET_NUMHOOKS
5230692c65c4174412c90e79489e98ab85c1a7412fBen Cheng};
5330692c65c4174412c90e79489e98ab85c1a7412fBen Cheng
5430692c65c4174412c90e79489e98ab85c1a7412fBen Chengenum {
5530692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	NFPROTO_UNSPEC =  0,
56e87eaf040ab639e94ed0a58ff0eac68d1d38fb0aEd Heyl	NFPROTO_INET   =  1,
5730692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	NFPROTO_IPV4   =  2,
5830692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	NFPROTO_ARP    =  3,
5930692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	NFPROTO_BRIDGE =  7,
6030692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	NFPROTO_IPV6   = 10,
6130692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	NFPROTO_DECNET = 12,
6230692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	NFPROTO_NUMPROTO,
6330692c65c4174412c90e79489e98ab85c1a7412fBen Cheng};
6430692c65c4174412c90e79489e98ab85c1a7412fBen Cheng
6530692c65c4174412c90e79489e98ab85c1a7412fBen Chengunion nf_inet_addr {
6630692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	__u32		all[4];
6730692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	__be32		ip;
6830692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	__be32		ip6[4];
6930692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	struct in_addr	in;
7030692c65c4174412c90e79489e98ab85c1a7412fBen Cheng	struct in6_addr	in6;
7130692c65c4174412c90e79489e98ab85c1a7412fBen Cheng};
7230692c65c4174412c90e79489e98ab85c1a7412fBen Cheng
7330692c65c4174412c90e79489e98ab85c1a7412fBen Cheng#endif /* _UAPI__LINUX_NETFILTER_H */
74