LXR linux/include/uapi/linux/netfilter/nfnetlink

   1#ifndef _NFNETLINK_QUEUE_H
   2#define _NFNETLINK_QUEUE_H
   3
   4#include <linux/types.h>
   5#include <linux/netfilter/nfnetlink.h>
   6
   7enum nfqnl_msg_types {
   8        NFQNL_MSG_PACKET,               /* packet from kernel to userspace */
   9        NFQNL_MSG_VERDICT,              /* verdict from userspace to kernel */
  10        NFQNL_MSG_CONFIG,               /* connect to a particular queue */
  11        NFQNL_MSG_VERDICT_BATCH,        /* batchv from userspace to kernel */
  12
  13        NFQNL_MSG_MAX
  14};
  15
  16struct nfqnl_msg_packet_hdr {
  17        __be32          packet_id;      /* unique ID of packet in queue */
  18        __be16          hw_protocol;    /* hw protocol (network order) */
  19        __u8    hook;           /* netfilter hook */
  20} __attribute__ ((packed));
  21
  22struct nfqnl_msg_packet_hw {
  23        __be16          hw_addrlen;
  24        __u16   _pad;
  25        __u8    hw_addr[8];
  26};
  27
  28struct nfqnl_msg_packet_timestamp {
  29        __aligned_be64  sec;
  30        __aligned_be64  usec;
  31};
  32
  33enum nfqnl_vlan_attr {
  34        NFQA_VLAN_UNSPEC,
  35        NFQA_VLAN_PROTO,                /* __be16 skb vlan_proto */
  36        NFQA_VLAN_TCI,                  /* __be16 skb htons(vlan_tci) */
  37        __NFQA_VLAN_MAX,
  38};
  39#define NFQA_VLAN_MAX (__NFQA_VLAN_MAX - 1)
  40
  41enum nfqnl_attr_type {
  42        NFQA_UNSPEC,
  43        NFQA_PACKET_HDR,
  44        NFQA_VERDICT_HDR,               /* nfqnl_msg_verdict_hrd */
  45        NFQA_MARK,                      /* __u32 nfmark */
  46        NFQA_TIMESTAMP,                 /* nfqnl_msg_packet_timestamp */
  47        NFQA_IFINDEX_INDEV,             /* __u32 ifindex */
  48        NFQA_IFINDEX_OUTDEV,            /* __u32 ifindex */
  49        NFQA_IFINDEX_PHYSINDEV,         /* __u32 ifindex */
  50        NFQA_IFINDEX_PHYSOUTDEV,        /* __u32 ifindex */
  51        NFQA_HWADDR,                    /* nfqnl_msg_packet_hw */
  52        NFQA_PAYLOAD,                   /* opaque data payload */
  53        NFQA_CT,                        /* nf_conntrack_netlink.h */
  54        NFQA_CT_INFO,                   /* enum ip_conntrack_info */
  55        NFQA_CAP_LEN,                   /* __u32 length of captured packet */
  56        NFQA_SKB_INFO,                  /* __u32 skb meta information */
  57        NFQA_EXP,                       /* nf_conntrack_netlink.h */
  58        NFQA_UID,                       /* __u32 sk uid */
  59        NFQA_GID,                       /* __u32 sk gid */
  60        NFQA_SECCTX,                    /* security context string */
  61        NFQA_VLAN,                      /* nested attribute: packet vlan info */
  62        NFQA_L2HDR,                     /* full L2 header */
  63
  64        __NFQA_MAX
  65};
  66#define NFQA_MAX (__NFQA_MAX - 1)
  67
  68struct nfqnl_msg_verdict_hdr {
  69        __be32 verdict;
  70        __be32 id;
  71};
  72
  73
  74enum nfqnl_msg_config_cmds {
  75        NFQNL_CFG_CMD_NONE,
  76        NFQNL_CFG_CMD_BIND,
  77        NFQNL_CFG_CMD_UNBIND,
  78        NFQNL_CFG_CMD_PF_BIND,
  79        NFQNL_CFG_CMD_PF_UNBIND,
  80};
  81
  82struct nfqnl_msg_config_cmd {
  83        __u8    command;        /* nfqnl_msg_config_cmds */
  84        __u8    _pad;
  85        __be16          pf;             /* AF_xxx for PF_[UN]BIND */
  86};
  87
  88enum nfqnl_config_mode {
  89        NFQNL_COPY_NONE,
  90        NFQNL_COPY_META,
  91        NFQNL_COPY_PACKET,
  92};
  93
  94struct nfqnl_msg_config_params {
  95        __be32          copy_range;
  96        __u8    copy_mode;      /* enum nfqnl_config_mode */
  97} __attribute__ ((packed));
  98
  99
 100enum nfqnl_attr_config {
 101        NFQA_CFG_UNSPEC,
 102        NFQA_CFG_CMD,                   /* nfqnl_msg_config_cmd */
 103        NFQA_CFG_PARAMS,                /* nfqnl_msg_config_params */
 104        NFQA_CFG_QUEUE_MAXLEN,          /* __u32 */
 105        NFQA_CFG_MASK,                  /* identify which flags to change */
 106        NFQA_CFG_FLAGS,                 /* value of these flags (__u32) */
 107        __NFQA_CFG_MAX
 108};
 109#define NFQA_CFG_MAX (__NFQA_CFG_MAX-1)
 110
 111/* Flags for NFQA_CFG_FLAGS */
 112#define NFQA_CFG_F_FAIL_OPEN                    (1 << 0)
 113#define NFQA_CFG_F_CONNTRACK                    (1 << 1)
 114#define NFQA_CFG_F_GSO                          (1 << 2)
 115#define NFQA_CFG_F_UID_GID                      (1 << 3)
 116#define NFQA_CFG_F_SECCTX                       (1 << 4)
 117#define NFQA_CFG_F_MAX                          (1 << 5)
 118
 119/* flags for NFQA_SKB_INFO */
 120/* packet appears to have wrong checksums, but they are ok */
 121#define NFQA_SKB_CSUMNOTREADY (1 << 0)
 122/* packet is GSO (i.e., exceeds device mtu) */
 123#define NFQA_SKB_GSO (1 << 1)
 124/* csum not validated (incoming device doesn't support hw checksum, etc.) */
 125#define NFQA_SKB_CSUM_NOTVERIFIED (1 << 2)
 126
 127#endif /* _NFNETLINK_QUEUE_H */
 128