Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
422 | giacomo | 1 | #ifndef __LINUX_IP_NETFILTER_H |
2 | #define __LINUX_IP_NETFILTER_H |
||
3 | |||
4 | /* IPv4-specific defines for netfilter. |
||
5 | * (C)1998 Rusty Russell -- This code is GPL. |
||
6 | */ |
||
7 | |||
8 | #include <linux/config.h> |
||
9 | #include <linux/netfilter.h> |
||
10 | |||
11 | /* IP Cache bits. */ |
||
12 | /* Src IP address. */ |
||
13 | #define NFC_IP_SRC 0x0001 |
||
14 | /* Dest IP address. */ |
||
15 | #define NFC_IP_DST 0x0002 |
||
16 | /* Input device. */ |
||
17 | #define NFC_IP_IF_IN 0x0004 |
||
18 | /* Output device. */ |
||
19 | #define NFC_IP_IF_OUT 0x0008 |
||
20 | /* TOS. */ |
||
21 | #define NFC_IP_TOS 0x0010 |
||
22 | /* Protocol. */ |
||
23 | #define NFC_IP_PROTO 0x0020 |
||
24 | /* IP options. */ |
||
25 | #define NFC_IP_OPTIONS 0x0040 |
||
26 | /* Frag & flags. */ |
||
27 | #define NFC_IP_FRAG 0x0080 |
||
28 | |||
29 | /* Per-protocol information: only matters if proto match. */ |
||
30 | /* TCP flags. */ |
||
31 | #define NFC_IP_TCPFLAGS 0x0100 |
||
32 | /* Source port. */ |
||
33 | #define NFC_IP_SRC_PT 0x0200 |
||
34 | /* Dest port. */ |
||
35 | #define NFC_IP_DST_PT 0x0400 |
||
36 | /* Something else about the proto */ |
||
37 | #define NFC_IP_PROTO_UNKNOWN 0x2000 |
||
38 | |||
39 | /* IP Hooks */ |
||
40 | /* After promisc drops, checksum checks. */ |
||
41 | #define NF_IP_PRE_ROUTING 0 |
||
42 | /* If the packet is destined for this box. */ |
||
43 | #define NF_IP_LOCAL_IN 1 |
||
44 | /* If the packet is destined for another interface. */ |
||
45 | #define NF_IP_FORWARD 2 |
||
46 | /* Packets coming from a local process. */ |
||
47 | #define NF_IP_LOCAL_OUT 3 |
||
48 | /* Packets about to hit the wire. */ |
||
49 | #define NF_IP_POST_ROUTING 4 |
||
50 | #define NF_IP_NUMHOOKS 5 |
||
51 | |||
52 | enum nf_ip_hook_priorities { |
||
53 | NF_IP_PRI_FIRST = INT_MIN, |
||
54 | NF_IP_PRI_CONNTRACK = -200, |
||
55 | NF_IP_PRI_BRIDGE_SABOTAGE_FORWARD = -175, |
||
56 | NF_IP_PRI_MANGLE = -150, |
||
57 | NF_IP_PRI_NAT_DST = -100, |
||
58 | NF_IP_PRI_BRIDGE_SABOTAGE_LOCAL_OUT = -50, |
||
59 | NF_IP_PRI_FILTER = 0, |
||
60 | NF_IP_PRI_NAT_SRC = 100, |
||
61 | NF_IP_PRI_LAST = INT_MAX, |
||
62 | }; |
||
63 | |||
64 | /* Arguments for setsockopt SOL_IP: */ |
||
65 | /* 2.0 firewalling went from 64 through 71 (and +256, +512, etc). */ |
||
66 | /* 2.2 firewalling (+ masq) went from 64 through 76 */ |
||
67 | /* 2.4 firewalling went 64 through 67. */ |
||
68 | #define SO_ORIGINAL_DST 80 |
||
69 | |||
70 | #ifdef __KERNEL__ |
||
71 | #ifdef CONFIG_NETFILTER_DEBUG |
||
72 | void nf_debug_ip_local_deliver(struct sk_buff *skb); |
||
73 | void nf_debug_ip_loopback_xmit(struct sk_buff *newskb); |
||
74 | void nf_debug_ip_finish_output2(struct sk_buff *skb); |
||
75 | #endif /*CONFIG_NETFILTER_DEBUG*/ |
||
76 | |||
77 | extern int ip_route_me_harder(struct sk_buff **pskb); |
||
78 | |||
79 | /* Call this before modifying an existing IP packet: ensures it is |
||
80 | modifiable and linear to the point you care about (writable_len). |
||
81 | Returns true or false. */ |
||
82 | extern int skb_ip_make_writable(struct sk_buff **pskb, |
||
83 | unsigned int writable_len); |
||
84 | #endif /*__KERNEL__*/ |
||
85 | |||
86 | #endif /*__LINUX_IP_NETFILTER_H*/ |