1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ 2 #ifndef _UAPI__LINUX_NETFILTER_H 3 #define _UAPI__LINUX_NETFILTER_H 4 5 #include <linux/types.h> 6 #include <linux/compiler.h> 7 #include <linux/in.h> 8 #include <linux/in6.h> 9 10 /* Responses from hook functions. */ 11 #define NF_DROP 0 12 #define NF_ACCEPT 1 13 #define NF_STOLEN 2 14 #define NF_QUEUE 3 15 #define NF_REPEAT 4 16 #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ 17 #define NF_MAX_VERDICT NF_STOP 18 19 /* we overload the higher bits for encoding auxiliary data such as the queue 20 * number or errno values. Not nice, but better than additional function 21 * arguments. */ 22 #define NF_VERDICT_MASK 0x000000ff 23 24 /* extra verdict flags have mask 0x0000ff00 */ 25 #define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000 26 27 /* queue number (NF_QUEUE) or errno (NF_DROP) */ 28 #define NF_VERDICT_QMASK 0xffff0000 29 #define NF_VERDICT_QBITS 16 30 31 #define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE) 32 33 #define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP) 34 35 /* only for userspace compatibility */ 36 #ifndef __KERNEL__ 37 38 /* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */ 39 #define NF_VERDICT_BITS 16 40 #endif 41 42 enum nf_inet_hooks { 43 NF_INET_PRE_ROUTING, 44 NF_INET_LOCAL_IN, 45 NF_INET_FORWARD, 46 NF_INET_LOCAL_OUT, 47 NF_INET_POST_ROUTING, 48 NF_INET_NUMHOOKS, 49 NF_INET_INGRESS = NF_INET_NUMHOOKS, 50 }; 51 52 enum nf_dev_hooks { 53 NF_NETDEV_INGRESS, 54 NF_NETDEV_EGRESS, 55 NF_NETDEV_NUMHOOKS 56 }; 57 58 enum { 59 NFPROTO_UNSPEC = 0, 60 NFPROTO_INET = 1, 61 NFPROTO_IPV4 = 2, 62 NFPROTO_ARP = 3, 63 NFPROTO_NETDEV = 5, 64 NFPROTO_BRIDGE = 7, 65 NFPROTO_IPV6 = 10, 66 #ifndef __KERNEL__ /* no longer supported by kernel */ 67 NFPROTO_DECNET = 12, 68 #endif 69 NFPROTO_NUMPROTO, 70 }; 71 72 union nf_inet_addr { 73 __u32 all[4]; 74 __be32 ip; 75 __be32 ip6[4]; 76 struct in_addr in; 77 struct in6_addr in6; 78 }; 79 80 #endif /* _UAPI__LINUX_NETFILTER_H */ 81