include/linux/netfilter_ipv6.h

   1 #ifndef __LINUX_IP6_NETFILTER_H
   2 #define __LINUX_IP6_NETFILTER_H
   3
   4 /* IPv6-specific defines for netfilter.
   5  * (C)1998 Rusty Russell -- This code is GPL.
   6  * (C)1999 David Jeffery
   7  *   this header was blatantly ripped from netfilter_ipv4.h
   8  *   it's amazing what adding a bunch of 6s can do =8^)
   9  */
  10
  11 #include <linux/netfilter.h>
  12
  13 /* only for userspace compatibility */
  14 #ifndef __KERNEL__
  15 /* IP Cache bits. */
  16 /* Src IP address. */
  17 #define NFC_IP6_SRC              0x0001
  18 /* Dest IP address. */
  19 #define NFC_IP6_DST              0x0002
  20 /* Input device. */
  21 #define NFC_IP6_IF_IN            0x0004
  22 /* Output device. */
  23 #define NFC_IP6_IF_OUT           0x0008
  24 /* TOS. */
  25 #define NFC_IP6_TOS              0x0010
  26 /* Protocol. */
  27 #define NFC_IP6_PROTO            0x0020
  28 /* IP options. */
  29 #define NFC_IP6_OPTIONS          0x0040
  30 /* Frag & flags. */
  31 #define NFC_IP6_FRAG             0x0080
  32
  33
  34 /* Per-protocol information: only matters if proto match. */
  35 /* TCP flags. */
  36 #define NFC_IP6_TCPFLAGS         0x0100
  37 /* Source port. */
  38 #define NFC_IP6_SRC_PT           0x0200
  39 /* Dest port. */
  40 #define NFC_IP6_DST_PT           0x0400
  41 /* Something else about the proto */
  42 #define NFC_IP6_PROTO_UNKNOWN    0x2000
  43 #endif /* ! __KERNEL__ */
  44
  45
  46 /* IP6 Hooks */
  47 /* After promisc drops, checksum checks. */
  48 #define NF_IP6_PRE_ROUTING      0
  49 /* If the packet is destined for this box. */
  50 #define NF_IP6_LOCAL_IN         1
  51 /* If the packet is destined for another interface. */
  52 #define NF_IP6_FORWARD          2
  53 /* Packets coming from a local process. */
  54 #define NF_IP6_LOCAL_OUT                3
  55 /* Packets about to hit the wire. */
  56 #define NF_IP6_POST_ROUTING     4
  57 #define NF_IP6_NUMHOOKS         5
  58
  59
  60 enum nf_ip6_hook_priorities {
  61         NF_IP6_PRI_FIRST = INT_MIN,
  62         NF_IP6_PRI_CONNTRACK_DEFRAG = -400,
  63         NF_IP6_PRI_SELINUX_FIRST = -225,
  64         NF_IP6_PRI_CONNTRACK = -200,
  65         NF_IP6_PRI_BRIDGE_SABOTAGE_FORWARD = -175,
  66         NF_IP6_PRI_MANGLE = -150,
  67         NF_IP6_PRI_NAT_DST = -100,
  68         NF_IP6_PRI_BRIDGE_SABOTAGE_LOCAL_OUT = -50,
  69         NF_IP6_PRI_FILTER = 0,
  70         NF_IP6_PRI_NAT_SRC = 100,
  71         NF_IP6_PRI_SELINUX_LAST = 225,
  72         NF_IP6_PRI_LAST = INT_MAX,
  73 };
  74
  75 #ifdef CONFIG_NETFILTER
  76 extern int ip6_route_me_harder(struct sk_buff *skb);
  77 extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
  78                                     unsigned int dataoff, u_int8_t protocol);
  79
  80 extern int ipv6_netfilter_init(void);
  81 extern void ipv6_netfilter_fini(void);
  82 #else /* CONFIG_NETFILTER */
  83 static inline int ipv6_netfilter_init(void) { return 0; }
  84 static inline void ipv6_netfilter_fini(void) { return; }
  85 #endif /* CONFIG_NETFILTER */
  86
  87 #endif /*__LINUX_IP6_NETFILTER_H*/