xref: /linux/include/uapi/linux/netfilter_ipv4.h (revision 597473720f4dc69749542bfcfed4a927a43d935e) 
1e2be04c7SGreg Kroah-Hartman /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2607ca46eSDavid Howells /* IPv4-specific defines for netfilter.
3607ca46eSDavid Howells  * (C)1998 Rusty Russell -- This code is GPL.
4607ca46eSDavid Howells  */
5607ca46eSDavid Howells #ifndef _UAPI__LINUX_IP_NETFILTER_H
6607ca46eSDavid Howells #define _UAPI__LINUX_IP_NETFILTER_H
7607ca46eSDavid Howells 
8607ca46eSDavid Howells 
9607ca46eSDavid Howells #include <linux/netfilter.h>
10607ca46eSDavid Howells 
11607ca46eSDavid Howells /* only for userspace compatibility */
12607ca46eSDavid Howells #ifndef __KERNEL__
13607ca46eSDavid Howells 
14607ca46eSDavid Howells #include <limits.h> /* for INT_MIN, INT_MAX */
15607ca46eSDavid Howells 
16607ca46eSDavid Howells /* IP Hooks */
17607ca46eSDavid Howells /* After promisc drops, checksum checks. */
18607ca46eSDavid Howells #define NF_IP_PRE_ROUTING	0
19607ca46eSDavid Howells /* If the packet is destined for this box. */
20607ca46eSDavid Howells #define NF_IP_LOCAL_IN		1
21607ca46eSDavid Howells /* If the packet is destined for another interface. */
22607ca46eSDavid Howells #define NF_IP_FORWARD		2
23607ca46eSDavid Howells /* Packets coming from a local process. */
24607ca46eSDavid Howells #define NF_IP_LOCAL_OUT		3
25607ca46eSDavid Howells /* Packets about to hit the wire. */
26607ca46eSDavid Howells #define NF_IP_POST_ROUTING	4
27607ca46eSDavid Howells #define NF_IP_NUMHOOKS		5
28607ca46eSDavid Howells #endif /* ! __KERNEL__ */
29607ca46eSDavid Howells 
30607ca46eSDavid Howells enum nf_ip_hook_priorities {
31607ca46eSDavid Howells 	NF_IP_PRI_FIRST = INT_MIN,
32*902d6a4cSSubash Abhinov Kasiviswanathan 	NF_IP_PRI_RAW_BEFORE_DEFRAG = -450,
33607ca46eSDavid Howells 	NF_IP_PRI_CONNTRACK_DEFRAG = -400,
34607ca46eSDavid Howells 	NF_IP_PRI_RAW = -300,
35607ca46eSDavid Howells 	NF_IP_PRI_SELINUX_FIRST = -225,
36607ca46eSDavid Howells 	NF_IP_PRI_CONNTRACK = -200,
37607ca46eSDavid Howells 	NF_IP_PRI_MANGLE = -150,
38607ca46eSDavid Howells 	NF_IP_PRI_NAT_DST = -100,
39607ca46eSDavid Howells 	NF_IP_PRI_FILTER = 0,
40607ca46eSDavid Howells 	NF_IP_PRI_SECURITY = 50,
41607ca46eSDavid Howells 	NF_IP_PRI_NAT_SRC = 100,
42607ca46eSDavid Howells 	NF_IP_PRI_SELINUX_LAST = 225,
43607ca46eSDavid Howells 	NF_IP_PRI_CONNTRACK_HELPER = 300,
44607ca46eSDavid Howells 	NF_IP_PRI_CONNTRACK_CONFIRM = INT_MAX,
45607ca46eSDavid Howells 	NF_IP_PRI_LAST = INT_MAX,
46607ca46eSDavid Howells };
47607ca46eSDavid Howells 
48607ca46eSDavid Howells /* Arguments for setsockopt SOL_IP: */
49607ca46eSDavid Howells /* 2.0 firewalling went from 64 through 71 (and +256, +512, etc). */
50607ca46eSDavid Howells /* 2.2 firewalling (+ masq) went from 64 through 76 */
51607ca46eSDavid Howells /* 2.4 firewalling went 64 through 67. */
52607ca46eSDavid Howells #define SO_ORIGINAL_DST 80
53607ca46eSDavid Howells 
54607ca46eSDavid Howells 
55607ca46eSDavid Howells #endif /* _UAPI__LINUX_IP_NETFILTER_H */
56