1be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger#ifndef __LINUX_NETFILTER_H
2be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger#define __LINUX_NETFILTER_H
3be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger
43ea2fb985f3aa979a2b270d01fa651a5ef814464Stephen Hemminger#include <linux/types.h>
5be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger
6e760a19a437997820f16846636c0db23faa6d3baStephen Hemminger#include <linux/sysctl.h>
719ecc16d72bb5767b1427a7579e5884813f2c9e8Stephen Hemminger
8be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger/* Responses from hook functions. */
9be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger#define NF_DROP 0
10be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger#define NF_ACCEPT 1
11be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger#define NF_STOLEN 2
12be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger#define NF_QUEUE 3
13be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger#define NF_REPEAT 4
14be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger#define NF_STOP 5
15be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger#define NF_MAX_VERDICT NF_STOP
16be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger
17be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger/* we overload the higher bits for encoding auxiliary data such as the queue
1821cfb5e1d9dfce7612ba622bcaf8e301268a35c8Stephen Hemminger * number or errno values. Not nice, but better than additional function
1921cfb5e1d9dfce7612ba622bcaf8e301268a35c8Stephen Hemminger * arguments. */
2021cfb5e1d9dfce7612ba622bcaf8e301268a35c8Stephen Hemminger#define NF_VERDICT_MASK 0x000000ff
2121cfb5e1d9dfce7612ba622bcaf8e301268a35c8Stephen Hemminger
2221cfb5e1d9dfce7612ba622bcaf8e301268a35c8Stephen Hemminger/* extra verdict flags have mask 0x0000ff00 */
2321cfb5e1d9dfce7612ba622bcaf8e301268a35c8Stephen Hemminger#define NF_VERDICT_FLAG_QUEUE_BYPASS	0x00008000
24be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger
2521cfb5e1d9dfce7612ba622bcaf8e301268a35c8Stephen Hemminger/* queue number (NF_QUEUE) or errno (NF_DROP) */
26be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger#define NF_VERDICT_QMASK 0xffff0000
27be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger#define NF_VERDICT_QBITS 16
28be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger
2921cfb5e1d9dfce7612ba622bcaf8e301268a35c8Stephen Hemminger#define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE)
30be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger
3121cfb5e1d9dfce7612ba622bcaf8e301268a35c8Stephen Hemminger#define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP)
329351fec72d2bb4e7501c12949855ab252b037bceStephen Hemminger
33be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger/* only for userspace compatibility */
34be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger/* Generic cache responses from hook functions.
35be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger   <= 0x2000 is used for protocol-flags. */
36be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger#define NFC_UNKNOWN 0x4000
37be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger#define NFC_ALTERED 0x8000
38be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger
3921cfb5e1d9dfce7612ba622bcaf8e301268a35c8Stephen Hemminger/* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */
4021cfb5e1d9dfce7612ba622bcaf8e301268a35c8Stephen Hemminger#define NF_VERDICT_BITS 16
4121cfb5e1d9dfce7612ba622bcaf8e301268a35c8Stephen Hemminger
42be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemmingerenum nf_inet_hooks {
43be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger	NF_INET_PRE_ROUTING,
44be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger	NF_INET_LOCAL_IN,
45be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger	NF_INET_FORWARD,
46be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger	NF_INET_LOCAL_OUT,
47be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger	NF_INET_POST_ROUTING,
48be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger	NF_INET_NUMHOOKS
49be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger};
50be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger
5105bfd165958d1859275b0158fedcb00cea58ad0dStephen Hemmingerenum {
5205bfd165958d1859275b0158fedcb00cea58ad0dStephen Hemminger	NFPROTO_UNSPEC =  0,
5305bfd165958d1859275b0158fedcb00cea58ad0dStephen Hemminger	NFPROTO_IPV4   =  2,
5405bfd165958d1859275b0158fedcb00cea58ad0dStephen Hemminger	NFPROTO_ARP    =  3,
5505bfd165958d1859275b0158fedcb00cea58ad0dStephen Hemminger	NFPROTO_BRIDGE =  7,
5605bfd165958d1859275b0158fedcb00cea58ad0dStephen Hemminger	NFPROTO_IPV6   = 10,
5705bfd165958d1859275b0158fedcb00cea58ad0dStephen Hemminger	NFPROTO_DECNET = 12,
5805bfd165958d1859275b0158fedcb00cea58ad0dStephen Hemminger	NFPROTO_NUMPROTO,
5905bfd165958d1859275b0158fedcb00cea58ad0dStephen Hemminger};
6005bfd165958d1859275b0158fedcb00cea58ad0dStephen Hemminger
61bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemmingerunion nf_inet_addr {
625344bb287cbf6bb68741a19c2dc66b3fd33e9258Stephen Hemminger	__u32		all[4];
63bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger	__be32		ip;
64bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger	__be32		ip6[4];
65fb8cc5b26874bc67c4924155711b3f49f0d9b1eeStephen Hemminger	struct in_addr	in;
66fb8cc5b26874bc67c4924155711b3f49f0d9b1eeStephen Hemminger	struct in6_addr	in6;
67bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger};
68bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger
69be8d89d3bf4aac08a67c02e317e15dcd82447b58Stephen Hemminger#endif /*__LINUX_NETFILTER_H*/
70