1e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#ifndef __LINUX_IP_NETFILTER_H
2e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define __LINUX_IP_NETFILTER_H
3e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger
4e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* IPv4-specific defines for netfilter.
5e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger * (C)1998 Rusty Russell -- This code is GPL.
6e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger */
7e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger
8e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#include <linux/netfilter.h>
9e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger
10e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* only for userspace compatibility */
119044a4547d73df5c41fd53c83e5ccc2a59200797Stephen Hemminger
129044a4547d73df5c41fd53c83e5ccc2a59200797Stephen Hemminger#include <limits.h> /* for INT_MIN, INT_MAX */
139044a4547d73df5c41fd53c83e5ccc2a59200797Stephen Hemminger
14e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* IP Cache bits. */
15e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* Src IP address. */
16e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NFC_IP_SRC		0x0001
17e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* Dest IP address. */
18e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NFC_IP_DST		0x0002
19e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* Input device. */
20e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NFC_IP_IF_IN		0x0004
21e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* Output device. */
22e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NFC_IP_IF_OUT		0x0008
23e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* TOS. */
24e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NFC_IP_TOS		0x0010
25e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* Protocol. */
26e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NFC_IP_PROTO		0x0020
27e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* IP options. */
28e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NFC_IP_OPTIONS		0x0040
29e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* Frag & flags. */
30e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NFC_IP_FRAG		0x0080
31e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger
32e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* Per-protocol information: only matters if proto match. */
33e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* TCP flags. */
34e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NFC_IP_TCPFLAGS		0x0100
35e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* Source port. */
36e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NFC_IP_SRC_PT		0x0200
37e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* Dest port. */
38e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NFC_IP_DST_PT		0x0400
39e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* Something else about the proto */
40e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NFC_IP_PROTO_UNKNOWN	0x2000
41e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger
42e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* IP Hooks */
43e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* After promisc drops, checksum checks. */
44e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NF_IP_PRE_ROUTING	0
45e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* If the packet is destined for this box. */
46e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NF_IP_LOCAL_IN		1
47e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* If the packet is destined for another interface. */
48e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NF_IP_FORWARD		2
49e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* Packets coming from a local process. */
50e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NF_IP_LOCAL_OUT		3
51e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* Packets about to hit the wire. */
52e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NF_IP_POST_ROUTING	4
53e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define NF_IP_NUMHOOKS		5
54e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger
55e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemmingerenum nf_ip_hook_priorities {
56e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger	NF_IP_PRI_FIRST = INT_MIN,
57e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger	NF_IP_PRI_CONNTRACK_DEFRAG = -400,
58e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger	NF_IP_PRI_RAW = -300,
59e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger	NF_IP_PRI_SELINUX_FIRST = -225,
60e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger	NF_IP_PRI_CONNTRACK = -200,
61e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger	NF_IP_PRI_MANGLE = -150,
62e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger	NF_IP_PRI_NAT_DST = -100,
63e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger	NF_IP_PRI_FILTER = 0,
6419ecc16d72bb5767b1427a7579e5884813f2c9e8Stephen Hemminger	NF_IP_PRI_SECURITY = 50,
65e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger	NF_IP_PRI_NAT_SRC = 100,
66e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger	NF_IP_PRI_SELINUX_LAST = 225,
67e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger	NF_IP_PRI_CONNTRACK_CONFIRM = INT_MAX,
68e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger	NF_IP_PRI_LAST = INT_MAX,
69e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger};
70e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger
71e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* Arguments for setsockopt SOL_IP: */
72e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* 2.0 firewalling went from 64 through 71 (and +256, +512, etc). */
73e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* 2.2 firewalling (+ masq) went from 64 through 76 */
74e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* 2.4 firewalling went 64 through 67. */
75e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define SO_ORIGINAL_DST 80
76e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger
77e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger
78e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#endif /*__LINUX_IP_NETFILTER_H*/
79