Warning: This file is not a C or C++ file. It does not have highlighting.
| 1 | /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ |
|---|---|
| 2 | #ifndef _NFNETLINK_QUEUE_H |
| 3 | #define _NFNETLINK_QUEUE_H |
| 4 | |
| 5 | #include <linux/types.h> |
| 6 | #include <linux/netfilter/nfnetlink.h> |
| 7 | |
| 8 | enum nfqnl_msg_types { |
| 9 | NFQNL_MSG_PACKET, /* packet from kernel to userspace */ |
| 10 | NFQNL_MSG_VERDICT, /* verdict from userspace to kernel */ |
| 11 | NFQNL_MSG_CONFIG, /* connect to a particular queue */ |
| 12 | NFQNL_MSG_VERDICT_BATCH, /* batchv from userspace to kernel */ |
| 13 | |
| 14 | NFQNL_MSG_MAX |
| 15 | }; |
| 16 | |
| 17 | struct nfqnl_msg_packet_hdr { |
| 18 | __be32 packet_id; /* unique ID of packet in queue */ |
| 19 | __be16 hw_protocol; /* hw protocol (network order) */ |
| 20 | __u8 hook; /* netfilter hook */ |
| 21 | } __attribute__ ((packed)); |
| 22 | |
| 23 | struct nfqnl_msg_packet_hw { |
| 24 | __be16 hw_addrlen; |
| 25 | __u16 _pad; |
| 26 | __u8 hw_addr[8]; |
| 27 | }; |
| 28 | |
| 29 | struct nfqnl_msg_packet_timestamp { |
| 30 | __aligned_be64 sec; |
| 31 | __aligned_be64 usec; |
| 32 | }; |
| 33 | |
| 34 | enum nfqnl_vlan_attr { |
| 35 | NFQA_VLAN_UNSPEC, |
| 36 | NFQA_VLAN_PROTO, /* __be16 skb vlan_proto */ |
| 37 | NFQA_VLAN_TCI, /* __be16 skb htons(vlan_tci) */ |
| 38 | __NFQA_VLAN_MAX, |
| 39 | }; |
| 40 | #define NFQA_VLAN_MAX (__NFQA_VLAN_MAX - 1) |
| 41 | |
| 42 | enum nfqnl_attr_type { |
| 43 | NFQA_UNSPEC, |
| 44 | NFQA_PACKET_HDR, |
| 45 | NFQA_VERDICT_HDR, /* nfqnl_msg_verdict_hrd */ |
| 46 | NFQA_MARK, /* __u32 nfmark */ |
| 47 | NFQA_TIMESTAMP, /* nfqnl_msg_packet_timestamp */ |
| 48 | NFQA_IFINDEX_INDEV, /* __u32 ifindex */ |
| 49 | NFQA_IFINDEX_OUTDEV, /* __u32 ifindex */ |
| 50 | NFQA_IFINDEX_PHYSINDEV, /* __u32 ifindex */ |
| 51 | NFQA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */ |
| 52 | NFQA_HWADDR, /* nfqnl_msg_packet_hw */ |
| 53 | NFQA_PAYLOAD, /* opaque data payload */ |
| 54 | NFQA_CT, /* nfnetlink_conntrack.h */ |
| 55 | NFQA_CT_INFO, /* enum ip_conntrack_info */ |
| 56 | NFQA_CAP_LEN, /* __u32 length of captured packet */ |
| 57 | NFQA_SKB_INFO, /* __u32 skb meta information */ |
| 58 | NFQA_EXP, /* nfnetlink_conntrack.h */ |
| 59 | NFQA_UID, /* __u32 sk uid */ |
| 60 | NFQA_GID, /* __u32 sk gid */ |
| 61 | NFQA_SECCTX, /* security context string */ |
| 62 | NFQA_VLAN, /* nested attribute: packet vlan info */ |
| 63 | NFQA_L2HDR, /* full L2 header */ |
| 64 | NFQA_PRIORITY, /* skb->priority */ |
| 65 | NFQA_CGROUP_CLASSID, /* __u32 cgroup classid */ |
| 66 | |
| 67 | __NFQA_MAX |
| 68 | }; |
| 69 | #define NFQA_MAX (__NFQA_MAX - 1) |
| 70 | |
| 71 | struct nfqnl_msg_verdict_hdr { |
| 72 | __be32 verdict; |
| 73 | __be32 id; |
| 74 | }; |
| 75 | |
| 76 | |
| 77 | enum nfqnl_msg_config_cmds { |
| 78 | NFQNL_CFG_CMD_NONE, |
| 79 | NFQNL_CFG_CMD_BIND, |
| 80 | NFQNL_CFG_CMD_UNBIND, |
| 81 | NFQNL_CFG_CMD_PF_BIND, |
| 82 | NFQNL_CFG_CMD_PF_UNBIND, |
| 83 | }; |
| 84 | |
| 85 | struct nfqnl_msg_config_cmd { |
| 86 | __u8 command; /* nfqnl_msg_config_cmds */ |
| 87 | __u8 _pad; |
| 88 | __be16 pf; /* AF_xxx for PF_[UN]BIND */ |
| 89 | }; |
| 90 | |
| 91 | enum nfqnl_config_mode { |
| 92 | NFQNL_COPY_NONE, |
| 93 | NFQNL_COPY_META, |
| 94 | NFQNL_COPY_PACKET, |
| 95 | }; |
| 96 | |
| 97 | struct nfqnl_msg_config_params { |
| 98 | __be32 copy_range; |
| 99 | __u8 copy_mode; /* enum nfqnl_config_mode */ |
| 100 | } __attribute__ ((packed)); |
| 101 | |
| 102 | |
| 103 | enum nfqnl_attr_config { |
| 104 | NFQA_CFG_UNSPEC, |
| 105 | NFQA_CFG_CMD, /* nfqnl_msg_config_cmd */ |
| 106 | NFQA_CFG_PARAMS, /* nfqnl_msg_config_params */ |
| 107 | NFQA_CFG_QUEUE_MAXLEN, /* __u32 */ |
| 108 | NFQA_CFG_MASK, /* identify which flags to change */ |
| 109 | NFQA_CFG_FLAGS, /* value of these flags (__u32) */ |
| 110 | __NFQA_CFG_MAX |
| 111 | }; |
| 112 | #define NFQA_CFG_MAX (__NFQA_CFG_MAX-1) |
| 113 | |
| 114 | /* Flags for NFQA_CFG_FLAGS */ |
| 115 | #define NFQA_CFG_F_FAIL_OPEN (1 << 0) |
| 116 | #define NFQA_CFG_F_CONNTRACK (1 << 1) |
| 117 | #define NFQA_CFG_F_GSO (1 << 2) |
| 118 | #define NFQA_CFG_F_UID_GID (1 << 3) |
| 119 | #define NFQA_CFG_F_SECCTX (1 << 4) |
| 120 | #define NFQA_CFG_F_MAX (1 << 5) |
| 121 | |
| 122 | /* flags for NFQA_SKB_INFO */ |
| 123 | /* packet appears to have wrong checksums, but they are ok */ |
| 124 | #define NFQA_SKB_CSUMNOTREADY (1 << 0) |
| 125 | /* packet is GSO (i.e., exceeds device mtu) */ |
| 126 | #define NFQA_SKB_GSO (1 << 1) |
| 127 | /* csum not validated (incoming device doesn't support hw checksum, etc.) */ |
| 128 | #define NFQA_SKB_CSUM_NOTVERIFIED (1 << 2) |
| 129 | |
| 130 | #endif /* _NFNETLINK_QUEUE_H */ |
| 131 |
Warning: This file is not a C or C++ file. It does not have highlighting.