Warning: This file is not a C or C++ file. It does not have highlighting.
1 | /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ |
---|---|
2 | #ifndef _NFNETLINK_QUEUE_H |
3 | #define _NFNETLINK_QUEUE_H |
4 | |
5 | #include <linux/types.h> |
6 | #include <linux/netfilter/nfnetlink.h> |
7 | |
8 | enum nfqnl_msg_types { |
9 | NFQNL_MSG_PACKET, /* packet from kernel to userspace */ |
10 | NFQNL_MSG_VERDICT, /* verdict from userspace to kernel */ |
11 | NFQNL_MSG_CONFIG, /* connect to a particular queue */ |
12 | NFQNL_MSG_VERDICT_BATCH, /* batchv from userspace to kernel */ |
13 | |
14 | NFQNL_MSG_MAX |
15 | }; |
16 | |
17 | struct nfqnl_msg_packet_hdr { |
18 | __be32 packet_id; /* unique ID of packet in queue */ |
19 | __be16 hw_protocol; /* hw protocol (network order) */ |
20 | __u8 hook; /* netfilter hook */ |
21 | } __attribute__ ((packed)); |
22 | |
23 | struct nfqnl_msg_packet_hw { |
24 | __be16 hw_addrlen; |
25 | __u16 _pad; |
26 | __u8 hw_addr[8]; |
27 | }; |
28 | |
29 | struct nfqnl_msg_packet_timestamp { |
30 | __aligned_be64 sec; |
31 | __aligned_be64 usec; |
32 | }; |
33 | |
34 | enum nfqnl_vlan_attr { |
35 | NFQA_VLAN_UNSPEC, |
36 | NFQA_VLAN_PROTO, /* __be16 skb vlan_proto */ |
37 | NFQA_VLAN_TCI, /* __be16 skb htons(vlan_tci) */ |
38 | __NFQA_VLAN_MAX, |
39 | }; |
40 | #define NFQA_VLAN_MAX (__NFQA_VLAN_MAX - 1) |
41 | |
42 | enum nfqnl_attr_type { |
43 | NFQA_UNSPEC, |
44 | NFQA_PACKET_HDR, |
45 | NFQA_VERDICT_HDR, /* nfqnl_msg_verdict_hrd */ |
46 | NFQA_MARK, /* __u32 nfmark */ |
47 | NFQA_TIMESTAMP, /* nfqnl_msg_packet_timestamp */ |
48 | NFQA_IFINDEX_INDEV, /* __u32 ifindex */ |
49 | NFQA_IFINDEX_OUTDEV, /* __u32 ifindex */ |
50 | NFQA_IFINDEX_PHYSINDEV, /* __u32 ifindex */ |
51 | NFQA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */ |
52 | NFQA_HWADDR, /* nfqnl_msg_packet_hw */ |
53 | NFQA_PAYLOAD, /* opaque data payload */ |
54 | NFQA_CT, /* nfnetlink_conntrack.h */ |
55 | NFQA_CT_INFO, /* enum ip_conntrack_info */ |
56 | NFQA_CAP_LEN, /* __u32 length of captured packet */ |
57 | NFQA_SKB_INFO, /* __u32 skb meta information */ |
58 | NFQA_EXP, /* nfnetlink_conntrack.h */ |
59 | NFQA_UID, /* __u32 sk uid */ |
60 | NFQA_GID, /* __u32 sk gid */ |
61 | NFQA_SECCTX, /* security context string */ |
62 | NFQA_VLAN, /* nested attribute: packet vlan info */ |
63 | NFQA_L2HDR, /* full L2 header */ |
64 | NFQA_PRIORITY, /* skb->priority */ |
65 | NFQA_CGROUP_CLASSID, /* __u32 cgroup classid */ |
66 | |
67 | __NFQA_MAX |
68 | }; |
69 | #define NFQA_MAX (__NFQA_MAX - 1) |
70 | |
71 | struct nfqnl_msg_verdict_hdr { |
72 | __be32 verdict; |
73 | __be32 id; |
74 | }; |
75 | |
76 | |
77 | enum nfqnl_msg_config_cmds { |
78 | NFQNL_CFG_CMD_NONE, |
79 | NFQNL_CFG_CMD_BIND, |
80 | NFQNL_CFG_CMD_UNBIND, |
81 | NFQNL_CFG_CMD_PF_BIND, |
82 | NFQNL_CFG_CMD_PF_UNBIND, |
83 | }; |
84 | |
85 | struct nfqnl_msg_config_cmd { |
86 | __u8 command; /* nfqnl_msg_config_cmds */ |
87 | __u8 _pad; |
88 | __be16 pf; /* AF_xxx for PF_[UN]BIND */ |
89 | }; |
90 | |
91 | enum nfqnl_config_mode { |
92 | NFQNL_COPY_NONE, |
93 | NFQNL_COPY_META, |
94 | NFQNL_COPY_PACKET, |
95 | }; |
96 | |
97 | struct nfqnl_msg_config_params { |
98 | __be32 copy_range; |
99 | __u8 copy_mode; /* enum nfqnl_config_mode */ |
100 | } __attribute__ ((packed)); |
101 | |
102 | |
103 | enum nfqnl_attr_config { |
104 | NFQA_CFG_UNSPEC, |
105 | NFQA_CFG_CMD, /* nfqnl_msg_config_cmd */ |
106 | NFQA_CFG_PARAMS, /* nfqnl_msg_config_params */ |
107 | NFQA_CFG_QUEUE_MAXLEN, /* __u32 */ |
108 | NFQA_CFG_MASK, /* identify which flags to change */ |
109 | NFQA_CFG_FLAGS, /* value of these flags (__u32) */ |
110 | __NFQA_CFG_MAX |
111 | }; |
112 | #define NFQA_CFG_MAX (__NFQA_CFG_MAX-1) |
113 | |
114 | /* Flags for NFQA_CFG_FLAGS */ |
115 | #define NFQA_CFG_F_FAIL_OPEN (1 << 0) |
116 | #define NFQA_CFG_F_CONNTRACK (1 << 1) |
117 | #define NFQA_CFG_F_GSO (1 << 2) |
118 | #define NFQA_CFG_F_UID_GID (1 << 3) |
119 | #define NFQA_CFG_F_SECCTX (1 << 4) |
120 | #define NFQA_CFG_F_MAX (1 << 5) |
121 | |
122 | /* flags for NFQA_SKB_INFO */ |
123 | /* packet appears to have wrong checksums, but they are ok */ |
124 | #define NFQA_SKB_CSUMNOTREADY (1 << 0) |
125 | /* packet is GSO (i.e., exceeds device mtu) */ |
126 | #define NFQA_SKB_GSO (1 << 1) |
127 | /* csum not validated (incoming device doesn't support hw checksum, etc.) */ |
128 | #define NFQA_SKB_CSUM_NOTVERIFIED (1 << 2) |
129 | |
130 | #endif /* _NFNETLINK_QUEUE_H */ |
131 |
Warning: This file is not a C or C++ file. It does not have highlighting.