1 #ifndef __LINUX_NETFILTER_H 2 #define __LINUX_NETFILTER_H 3 4 #include <linux/types.h> 5 6 #include <linux/sysctl.h> 7 8 /* Responses from hook functions. */ 9 #define NF_DROP 0 10 #define NF_ACCEPT 1 11 #define NF_STOLEN 2 12 #define NF_QUEUE 3 13 #define NF_REPEAT 4 14 #define NF_STOP 5 15 #define NF_MAX_VERDICT NF_STOP 16 17 /* we overload the higher bits for encoding auxiliary data such as the queue 18 * number or errno values. Not nice, but better than additional function 19 * arguments. */ 20 #define NF_VERDICT_MASK 0x000000ff 21 22 /* extra verdict flags have mask 0x0000ff00 */ 23 #define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000 24 25 /* queue number (NF_QUEUE) or errno (NF_DROP) */ 26 #define NF_VERDICT_QMASK 0xffff0000 27 #define NF_VERDICT_QBITS 16 28 29 #define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE) 30 31 #define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP) 32 33 /* only for userspace compatibility */ 34 /* Generic cache responses from hook functions. 35 <= 0x2000 is used for protocol-flags. */ 36 #define NFC_UNKNOWN 0x4000 37 #define NFC_ALTERED 0x8000 38 39 /* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */ 40 #define NF_VERDICT_BITS 16 41 42 enum nf_inet_hooks { 43 NF_INET_PRE_ROUTING, 44 NF_INET_LOCAL_IN, 45 NF_INET_FORWARD, 46 NF_INET_LOCAL_OUT, 47 NF_INET_POST_ROUTING, 48 NF_INET_NUMHOOKS 49 }; 50 51 enum { 52 NFPROTO_UNSPEC = 0, 53 NFPROTO_IPV4 = 2, 54 NFPROTO_ARP = 3, 55 NFPROTO_BRIDGE = 7, 56 NFPROTO_IPV6 = 10, 57 NFPROTO_DECNET = 12, 58 NFPROTO_NUMPROTO, 59 }; 60 61 union nf_inet_addr { 62 __u32 all[4]; 63 __be32 ip; 64 __be32 ip6[4]; 65 struct in_addr in; 66 struct in6_addr in6; 67 }; 68 69 #endif /*__LINUX_NETFILTER_H*/ 70
