xref: /linux/include/uapi/linux/netfilter_ipv4.h (revision e2be04c7f9958dde770eeb8b30e829ca969b37bb) 
1*e2be04c7SGreg Kroah-Hartman /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2607ca46eSDavid Howells /* IPv4-specific defines for netfilter.
3607ca46eSDavid Howells  * (C)1998 Rusty Russell -- This code is GPL.
4607ca46eSDavid Howells  */
5607ca46eSDavid Howells #ifndef _UAPI__LINUX_IP_NETFILTER_H
6607ca46eSDavid Howells #define _UAPI__LINUX_IP_NETFILTER_H
7607ca46eSDavid Howells 
8607ca46eSDavid Howells 
9607ca46eSDavid Howells #include <linux/netfilter.h>
10607ca46eSDavid Howells 
11607ca46eSDavid Howells /* only for userspace compatibility */
12607ca46eSDavid Howells #ifndef __KERNEL__
13607ca46eSDavid Howells 
14607ca46eSDavid Howells #include <limits.h> /* for INT_MIN, INT_MAX */
15607ca46eSDavid Howells 
16607ca46eSDavid Howells /* IP Cache bits. */
17607ca46eSDavid Howells /* Src IP address. */
18607ca46eSDavid Howells #define NFC_IP_SRC		0x0001
19607ca46eSDavid Howells /* Dest IP address. */
20607ca46eSDavid Howells #define NFC_IP_DST		0x0002
21607ca46eSDavid Howells /* Input device. */
22607ca46eSDavid Howells #define NFC_IP_IF_IN		0x0004
23607ca46eSDavid Howells /* Output device. */
24607ca46eSDavid Howells #define NFC_IP_IF_OUT		0x0008
25607ca46eSDavid Howells /* TOS. */
26607ca46eSDavid Howells #define NFC_IP_TOS		0x0010
27607ca46eSDavid Howells /* Protocol. */
28607ca46eSDavid Howells #define NFC_IP_PROTO		0x0020
29607ca46eSDavid Howells /* IP options. */
30607ca46eSDavid Howells #define NFC_IP_OPTIONS		0x0040
31607ca46eSDavid Howells /* Frag & flags. */
32607ca46eSDavid Howells #define NFC_IP_FRAG		0x0080
33607ca46eSDavid Howells 
34607ca46eSDavid Howells /* Per-protocol information: only matters if proto match. */
35607ca46eSDavid Howells /* TCP flags. */
36607ca46eSDavid Howells #define NFC_IP_TCPFLAGS		0x0100
37607ca46eSDavid Howells /* Source port. */
38607ca46eSDavid Howells #define NFC_IP_SRC_PT		0x0200
39607ca46eSDavid Howells /* Dest port. */
40607ca46eSDavid Howells #define NFC_IP_DST_PT		0x0400
41607ca46eSDavid Howells /* Something else about the proto */
42607ca46eSDavid Howells #define NFC_IP_PROTO_UNKNOWN	0x2000
43607ca46eSDavid Howells 
44607ca46eSDavid Howells /* IP Hooks */
45607ca46eSDavid Howells /* After promisc drops, checksum checks. */
46607ca46eSDavid Howells #define NF_IP_PRE_ROUTING	0
47607ca46eSDavid Howells /* If the packet is destined for this box. */
48607ca46eSDavid Howells #define NF_IP_LOCAL_IN		1
49607ca46eSDavid Howells /* If the packet is destined for another interface. */
50607ca46eSDavid Howells #define NF_IP_FORWARD		2
51607ca46eSDavid Howells /* Packets coming from a local process. */
52607ca46eSDavid Howells #define NF_IP_LOCAL_OUT		3
53607ca46eSDavid Howells /* Packets about to hit the wire. */
54607ca46eSDavid Howells #define NF_IP_POST_ROUTING	4
55607ca46eSDavid Howells #define NF_IP_NUMHOOKS		5
56607ca46eSDavid Howells #endif /* ! __KERNEL__ */
57607ca46eSDavid Howells 
58607ca46eSDavid Howells enum nf_ip_hook_priorities {
59607ca46eSDavid Howells 	NF_IP_PRI_FIRST = INT_MIN,
60607ca46eSDavid Howells 	NF_IP_PRI_CONNTRACK_DEFRAG = -400,
61607ca46eSDavid Howells 	NF_IP_PRI_RAW = -300,
62607ca46eSDavid Howells 	NF_IP_PRI_SELINUX_FIRST = -225,
63607ca46eSDavid Howells 	NF_IP_PRI_CONNTRACK = -200,
64607ca46eSDavid Howells 	NF_IP_PRI_MANGLE = -150,
65607ca46eSDavid Howells 	NF_IP_PRI_NAT_DST = -100,
66607ca46eSDavid Howells 	NF_IP_PRI_FILTER = 0,
67607ca46eSDavid Howells 	NF_IP_PRI_SECURITY = 50,
68607ca46eSDavid Howells 	NF_IP_PRI_NAT_SRC = 100,
69607ca46eSDavid Howells 	NF_IP_PRI_SELINUX_LAST = 225,
70607ca46eSDavid Howells 	NF_IP_PRI_CONNTRACK_HELPER = 300,
71607ca46eSDavid Howells 	NF_IP_PRI_CONNTRACK_CONFIRM = INT_MAX,
72607ca46eSDavid Howells 	NF_IP_PRI_LAST = INT_MAX,
73607ca46eSDavid Howells };
74607ca46eSDavid Howells 
75607ca46eSDavid Howells /* Arguments for setsockopt SOL_IP: */
76607ca46eSDavid Howells /* 2.0 firewalling went from 64 through 71 (and +256, +512, etc). */
77607ca46eSDavid Howells /* 2.2 firewalling (+ masq) went from 64 through 76 */
78607ca46eSDavid Howells /* 2.4 firewalling went 64 through 67. */
79607ca46eSDavid Howells #define SO_ORIGINAL_DST 80
80607ca46eSDavid Howells 
81607ca46eSDavid Howells 
82607ca46eSDavid Howells #endif /* _UAPI__LINUX_IP_NETFILTER_H */
83