1f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy#ifndef __LINUX_NETFILTER_H
2f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy#define __LINUX_NETFILTER_H
3f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy
4350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt#include <linux/types.h>
5350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardt
6dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#include <linux/sysctl.h>
7ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt
8f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy/* Responses from hook functions. */
9f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy#define NF_DROP 0
10f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy#define NF_ACCEPT 1
11f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy#define NF_STOLEN 2
12f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy#define NF_QUEUE 3
13f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy#define NF_REPEAT 4
14f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy#define NF_STOP 5
15f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy#define NF_MAX_VERDICT NF_STOP
16f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy
17f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy/* we overload the higher bits for encoding auxiliary data such as the queue
18dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt * number or errno values. Not nice, but better than additional function
19dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt * arguments. */
20dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define NF_VERDICT_MASK 0x000000ff
21dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt
22dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt/* extra verdict flags have mask 0x0000ff00 */
23dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define NF_VERDICT_FLAG_QUEUE_BYPASS	0x00008000
24f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy
25dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt/* queue number (NF_QUEUE) or errno (NF_DROP) */
26f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy#define NF_VERDICT_QMASK 0xffff0000
27f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy#define NF_VERDICT_QBITS 16
28f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy
29dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE)
30dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt
31dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP)
32f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy
33f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy/* only for userspace compatibility */
34f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy/* Generic cache responses from hook functions.
35f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy   <= 0x2000 is used for protocol-flags. */
36f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy#define NFC_UNKNOWN 0x4000
37f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy#define NFC_ALTERED 0x8000
38f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy
39dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt/* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */
40dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define NF_VERDICT_BITS 16
41dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt
42f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardyenum nf_inet_hooks {
43f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy	NF_INET_PRE_ROUTING,
44f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy	NF_INET_LOCAL_IN,
45f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy	NF_INET_FORWARD,
46f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy	NF_INET_LOCAL_OUT,
47f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy	NF_INET_POST_ROUTING,
48f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy	NF_INET_NUMHOOKS
49f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy};
50f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy
5103d99486d8283552705b58dc55b6085dffc38792Jan Engelhardtenum {
5203d99486d8283552705b58dc55b6085dffc38792Jan Engelhardt	NFPROTO_UNSPEC =  0,
5303d99486d8283552705b58dc55b6085dffc38792Jan Engelhardt	NFPROTO_IPV4   =  2,
5403d99486d8283552705b58dc55b6085dffc38792Jan Engelhardt	NFPROTO_ARP    =  3,
5503d99486d8283552705b58dc55b6085dffc38792Jan Engelhardt	NFPROTO_BRIDGE =  7,
5603d99486d8283552705b58dc55b6085dffc38792Jan Engelhardt	NFPROTO_IPV6   = 10,
5703d99486d8283552705b58dc55b6085dffc38792Jan Engelhardt	NFPROTO_DECNET = 12,
5803d99486d8283552705b58dc55b6085dffc38792Jan Engelhardt	NFPROTO_NUMPROTO,
5903d99486d8283552705b58dc55b6085dffc38792Jan Engelhardt};
6003d99486d8283552705b58dc55b6085dffc38792Jan Engelhardt
61f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardyunion nf_inet_addr {
62ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt	__u32		all[4];
63e0bba47e550420e371c97425cc6d39909a6e059bPatrick McHardy	__be32		ip;
64e0bba47e550420e371c97425cc6d39909a6e059bPatrick McHardy	__be32		ip6[4];
65f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy	struct in_addr	in;
66f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy	struct in6_addr	in6;
67f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy};
68f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy
69f2565b7a45c51d318706ffd0e372ba4e23cd2d32Patrick McHardy#endif /*__LINUX_NETFILTER_H*/
70