1#ifndef __LINUX_NETFILTER_H 2#define __LINUX_NETFILTER_H 3 4#include <linux/types.h> 5 6#include <linux/sysctl.h> 7 8/* Responses from hook functions. */ 9#define NF_DROP 0 10#define NF_ACCEPT 1 11#define NF_STOLEN 2 12#define NF_QUEUE 3 13#define NF_REPEAT 4 14#define NF_STOP 5 15#define NF_MAX_VERDICT NF_STOP 16 17/* we overload the higher bits for encoding auxiliary data such as the queue 18 * number or errno values. Not nice, but better than additional function 19 * arguments. */ 20#define NF_VERDICT_MASK 0x000000ff 21 22/* extra verdict flags have mask 0x0000ff00 */ 23#define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000 24 25/* queue number (NF_QUEUE) or errno (NF_DROP) */ 26#define NF_VERDICT_QMASK 0xffff0000 27#define NF_VERDICT_QBITS 16 28 29#define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE) 30 31#define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP) 32 33/* only for userspace compatibility */ 34/* Generic cache responses from hook functions. 35 <= 0x2000 is used for protocol-flags. */ 36#define NFC_UNKNOWN 0x4000 37#define NFC_ALTERED 0x8000 38 39/* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */ 40#define NF_VERDICT_BITS 16 41 42enum nf_inet_hooks { 43 NF_INET_PRE_ROUTING, 44 NF_INET_LOCAL_IN, 45 NF_INET_FORWARD, 46 NF_INET_LOCAL_OUT, 47 NF_INET_POST_ROUTING, 48 NF_INET_NUMHOOKS 49}; 50 51enum { 52 NFPROTO_UNSPEC = 0, 53 NFPROTO_IPV4 = 2, 54 NFPROTO_ARP = 3, 55 NFPROTO_BRIDGE = 7, 56 NFPROTO_IPV6 = 10, 57 NFPROTO_DECNET = 12, 58 NFPROTO_NUMPROTO, 59}; 60 61union nf_inet_addr { 62 __u32 all[4]; 63 __be32 ip; 64 __be32 ip6[4]; 65 struct in_addr in; 66 struct in6_addr in6; 67}; 68 69#endif /*__LINUX_NETFILTER_H*/ 70