---

---

---

01: #ifndef __LINUX_NETFILTER_H
02: #define __LINUX_NETFILTER_H
03: 
04: #include <linux/types.h>
05: 
06: #include <linux/sysctl.h>
07: 
08: /* Responses from hook functions. */
09: #define NF_DROP 0
10: #define NF_ACCEPT 1
11: #define NF_STOLEN 2
12: #define NF_QUEUE 3
13: #define NF_REPEAT 4
14: #define NF_STOP 5
15: #define NF_MAX_VERDICT NF_STOP
16: 
17: /* we overload the higher bits for encoding auxiliary data such as the queue
18:  * number or errno values. Not nice, but better than additional function
19:  * arguments. */
20: #define NF_VERDICT_MASK 0x000000ff
21: 
22: /* extra verdict flags have mask 0x0000ff00 */
23: #define NF_VERDICT_FLAG_QUEUE_BYPASS    0x00008000
24: 
25: /* queue number (NF_QUEUE) or errno (NF_DROP) */
26: #define NF_VERDICT_QMASK 0xffff0000
27: #define NF_VERDICT_QBITS 16
28: 
29: #define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE)
30: 
31: #define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP)
32: 
33: /* only for userspace compatibility */
34: /* Generic cache responses from hook functions.
35:    <= 0x2000 is used for protocol-flags. */
36: #define NFC_UNKNOWN 0x4000
37: #define NFC_ALTERED 0x8000
38: 
39: /* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */
40: #define NF_VERDICT_BITS 16
41: 
42: enum nf_inet_hooks {
43:         NF_INET_PRE_ROUTING,
44:         NF_INET_LOCAL_IN,
45:         NF_INET_FORWARD,
46:         NF_INET_LOCAL_OUT,
47:         NF_INET_POST_ROUTING,
48:         NF_INET_NUMHOOKS
49: };
50: 
51: enum {
52:         NFPROTO_UNSPEC =  0,
53:         NFPROTO_IPV4   =  2,
54:         NFPROTO_ARP    =  3,
55:         NFPROTO_BRIDGE =  7,
56:         NFPROTO_IPV6   = 10,
57:         NFPROTO_DECNET = 12,
58:         NFPROTO_NUMPROTO,
59: };
60: 
61: union nf_inet_addr {
62:         __u32           all[4];
63:         __be32          ip;
64:         __be32          ip6[4];
65:         struct in_addr  in;
66:         struct in6_addr in6;
67: };
68: 
69: #endif /*__LINUX_NETFILTER_H*/
70: 

---

---

---