summaryrefslogtreecommitdiffstats
path: root/include/linux/netfilter.h
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2014-01-08 13:02:16 +0000
committerPatrick McHardy <kaber@trash.net>2014-01-08 13:02:16 +0000
commitf9af5e9208c910c06d775dff54d12a0c77db9474 (patch)
tree0ed546af434a301e036c69fc47886bc82fc5fb24 /include/linux/netfilter.h
parentffdc2e402e76329c8dde88daab55791d6c6f5dd3 (diff)
include: resync nftables.h with kernel
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/linux/netfilter.h')
-rw-r--r--include/linux/netfilter.h22
1 files changed, 17 insertions, 5 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 2eb00b6c..be0bc182 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -3,6 +3,8 @@
#include <linux/types.h>
+#include <linux/sysctl.h>
+
/* Responses from hook functions. */
#define NF_DROP 0
@@ -14,14 +16,20 @@
#define NF_MAX_VERDICT NF_STOP
/* we overload the higher bits for encoding auxiliary data such as the queue
- * number. Not nice, but better than additional function arguments. */
-#define NF_VERDICT_MASK 0x0000ffff
-#define NF_VERDICT_BITS 16
+ * number or errno values. Not nice, but better than additional function
+ * arguments. */
+#define NF_VERDICT_MASK 0x000000ff
+
+/* extra verdict flags have mask 0x0000ff00 */
+#define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000
+/* queue number (NF_QUEUE) or errno (NF_DROP) */
#define NF_VERDICT_QMASK 0xffff0000
#define NF_VERDICT_QBITS 16
-#define NF_QUEUE_NR(x) ((((x) << NF_VERDICT_BITS) & NF_VERDICT_QMASK) | NF_QUEUE)
+#define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE)
+
+#define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP)
/* only for userspace compatibility */
/* Generic cache responses from hook functions.
@@ -29,6 +37,9 @@
#define NFC_UNKNOWN 0x4000
#define NFC_ALTERED 0x8000
+/* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */
+#define NF_VERDICT_BITS 16
+
enum nf_inet_hooks {
NF_INET_PRE_ROUTING,
NF_INET_LOCAL_IN,
@@ -40,6 +51,7 @@ enum nf_inet_hooks {
enum {
NFPROTO_UNSPEC = 0,
+ NFPROTO_INET = 1,
NFPROTO_IPV4 = 2,
NFPROTO_ARP = 3,
NFPROTO_BRIDGE = 7,
@@ -56,4 +68,4 @@ union nf_inet_addr {
struct in6_addr in6;
};
-#endif /*__LINUX_NETFILTER_H*/
+#endif /* __LINUX_NETFILTER_H */