uapi/linux/netfilter_ipv4.h

0001 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
0002 /* IPv4-specific defines for netfilter.
0003  * (C)1998 Rusty Russell -- This code is GPL.
0004  */
0005 #ifndef _UAPI__LINUX_IP_NETFILTER_H
0006 #define _UAPI__LINUX_IP_NETFILTER_H
0007
0008
0009 #include <linux/netfilter.h>
0010
0011 /* only for userspace compatibility */
0012 #ifndef __KERNEL__
0013
0014 #include <limits.h> /* for INT_MIN, INT_MAX */
0015
0016 /* IP Hooks */
0017 /* After promisc drops, checksum checks. */
0018 #define NF_IP_PRE_ROUTING   0
0019 /* If the packet is destined for this box. */
0020 #define NF_IP_LOCAL_IN      1
0021 /* If the packet is destined for another interface. */
0022 #define NF_IP_FORWARD       2
0023 /* Packets coming from a local process. */
0024 #define NF_IP_LOCAL_OUT     3
0025 /* Packets about to hit the wire. */
0026 #define NF_IP_POST_ROUTING  4
0027 #define NF_IP_NUMHOOKS      5
0028 #endif /* ! __KERNEL__ */
0029
0030 enum nf_ip_hook_priorities {
0031     NF_IP_PRI_FIRST = INT_MIN,
0032     NF_IP_PRI_RAW_BEFORE_DEFRAG = -450,
0033     NF_IP_PRI_CONNTRACK_DEFRAG = -400,
0034     NF_IP_PRI_RAW = -300,
0035     NF_IP_PRI_SELINUX_FIRST = -225,
0036     NF_IP_PRI_CONNTRACK = -200,
0037     NF_IP_PRI_MANGLE = -150,
0038     NF_IP_PRI_NAT_DST = -100,
0039     NF_IP_PRI_FILTER = 0,
0040     NF_IP_PRI_SECURITY = 50,
0041     NF_IP_PRI_NAT_SRC = 100,
0042     NF_IP_PRI_SELINUX_LAST = 225,
0043     NF_IP_PRI_CONNTRACK_HELPER = 300,
0044     NF_IP_PRI_CONNTRACK_CONFIRM = INT_MAX,
0045     NF_IP_PRI_LAST = INT_MAX,
0046 };
0047
0048 /* Arguments for setsockopt SOL_IP: */
0049 /* 2.0 firewalling went from 64 through 71 (and +256, +512, etc). */
0050 /* 2.2 firewalling (+ masq) went from 64 through 76 */
0051 /* 2.4 firewalling went 64 through 67. */
0052 #define SO_ORIGINAL_DST 80
0053
0054
0055 #endif /* _UAPI__LINUX_IP_NETFILTER_H */