diff options
Diffstat (limited to 'include/linux/netfilter.h')
| -rw-r--r-- | include/linux/netfilter.h | 72 |
1 files changed, 1 insertions, 71 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 1dcf2a38e51f..ee142846f56a 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -1,7 +1,6 @@ #ifndef __LINUX_NETFILTER_H #define __LINUX_NETFILTER_H -#ifdef __KERNEL__ #include <linux/init.h> #include <linux/skbuff.h> #include <linux/net.h> @@ -10,75 +9,7 @@ #include <linux/in6.h> #include <linux/wait.h> #include <linux/list.h> -#endif -#include <linux/types.h> -#include <linux/compiler.h> -#include <linux/sysctl.h> - -/* Responses from hook functions. */ -#define NF_DROP 0 -#define NF_ACCEPT 1 -#define NF_STOLEN 2 -#define NF_QUEUE 3 -#define NF_REPEAT 4 -#define NF_STOP 5 -#define NF_MAX_VERDICT NF_STOP - -/* we overload the higher bits for encoding auxiliary data such as the queue - * number or errno values. Not nice, but better than additional function - * arguments. */ -#define NF_VERDICT_MASK 0x000000ff - -/* extra verdict flags have mask 0x0000ff00 */ -#define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000 - -/* queue number (NF_QUEUE) or errno (NF_DROP) */ -#define NF_VERDICT_QMASK 0xffff0000 -#define NF_VERDICT_QBITS 16 - -#define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE) - -#define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP) - -/* only for userspace compatibility */ -#ifndef __KERNEL__ -/* Generic cache responses from hook functions. - <= 0x2000 is used for protocol-flags. */ -#define NFC_UNKNOWN 0x4000 -#define NFC_ALTERED 0x8000 - -/* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */ -#define NF_VERDICT_BITS 16 -#endif - -enum nf_inet_hooks { - NF_INET_PRE_ROUTING, - NF_INET_LOCAL_IN, - NF_INET_FORWARD, - NF_INET_LOCAL_OUT, - NF_INET_POST_ROUTING, - NF_INET_NUMHOOKS -}; - -enum { - NFPROTO_UNSPEC = 0, - NFPROTO_IPV4 = 2, - NFPROTO_ARP = 3, - NFPROTO_BRIDGE = 7, - NFPROTO_IPV6 = 10, - NFPROTO_DECNET = 12, - NFPROTO_NUMPROTO, -}; - -union nf_inet_addr { - __u32 all[4]; - __be32 ip; - __be32 ip6[4]; - struct in_addr in; - struct in6_addr in6; -}; - -#ifdef __KERNEL__ +#include <uapi/linux/netfilter.h> #ifdef CONFIG_NETFILTER static inline int NF_DROP_GETERR(int verdict) { @@ -411,5 +342,4 @@ extern struct nfq_ct_nat_hook __rcu *nfq_ct_nat_hook; static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {} #endif -#endif /*__KERNEL__*/ #endif /*__LINUX_NETFILTER_H*/ |