1#ifndef _NFNETLINK_QUEUE_H
2#define _NFNETLINK_QUEUE_H
3
4#include <linux/types.h>
5#include <linux/netfilter/nfnetlink.h>
6
7enum nfqnl_msg_types {
8	NFQNL_MSG_PACKET,		/* packet from kernel to userspace */
9	NFQNL_MSG_VERDICT,		/* verdict from userspace to kernel */
10	NFQNL_MSG_CONFIG,		/* connect to a particular queue */
11	NFQNL_MSG_VERDICT_BATCH,	/* batchv from userspace to kernel */
12
13	NFQNL_MSG_MAX
14};
15
16struct nfqnl_msg_packet_hdr {
17	__be32		packet_id;	/* unique ID of packet in queue */
18	__be16		hw_protocol;	/* hw protocol (network order) */
19	__u8	hook;		/* netfilter hook */
20} __attribute__ ((packed));
21
22struct nfqnl_msg_packet_hw {
23	__be16		hw_addrlen;
24	__u16	_pad;
25	__u8	hw_addr[8];
26};
27
28struct nfqnl_msg_packet_timestamp {
29	__aligned_be64	sec;
30	__aligned_be64	usec;
31};
32
33enum nfqnl_attr_type {
34	NFQA_UNSPEC,
35	NFQA_PACKET_HDR,
36	NFQA_VERDICT_HDR,		/* nfqnl_msg_verdict_hrd */
37	NFQA_MARK,			/* __u32 nfmark */
38	NFQA_TIMESTAMP,			/* nfqnl_msg_packet_timestamp */
39	NFQA_IFINDEX_INDEV,		/* __u32 ifindex */
40	NFQA_IFINDEX_OUTDEV,		/* __u32 ifindex */
41	NFQA_IFINDEX_PHYSINDEV,		/* __u32 ifindex */
42	NFQA_IFINDEX_PHYSOUTDEV,	/* __u32 ifindex */
43	NFQA_HWADDR,			/* nfqnl_msg_packet_hw */
44	NFQA_PAYLOAD,			/* opaque data payload */
45	NFQA_CT,			/* nf_conntrack_netlink.h */
46	NFQA_CT_INFO,			/* enum ip_conntrack_info */
47	NFQA_CAP_LEN,			/* __u32 length of captured packet */
48	NFQA_SKB_INFO,			/* __u32 skb meta information */
49	NFQA_EXP,			/* nf_conntrack_netlink.h */
50	NFQA_UID,			/* __u32 sk uid */
51	NFQA_GID,			/* __u32 sk gid */
52
53	__NFQA_MAX
54};
55#define NFQA_MAX (__NFQA_MAX - 1)
56
57struct nfqnl_msg_verdict_hdr {
58	__be32 verdict;
59	__be32 id;
60};
61
62
63enum nfqnl_msg_config_cmds {
64	NFQNL_CFG_CMD_NONE,
65	NFQNL_CFG_CMD_BIND,
66	NFQNL_CFG_CMD_UNBIND,
67	NFQNL_CFG_CMD_PF_BIND,
68	NFQNL_CFG_CMD_PF_UNBIND,
69};
70
71struct nfqnl_msg_config_cmd {
72	__u8	command;	/* nfqnl_msg_config_cmds */
73	__u8	_pad;
74	__be16		pf;		/* AF_xxx for PF_[UN]BIND */
75};
76
77enum nfqnl_config_mode {
78	NFQNL_COPY_NONE,
79	NFQNL_COPY_META,
80	NFQNL_COPY_PACKET,
81};
82
83struct nfqnl_msg_config_params {
84	__be32		copy_range;
85	__u8	copy_mode;	/* enum nfqnl_config_mode */
86} __attribute__ ((packed));
87
88
89enum nfqnl_attr_config {
90	NFQA_CFG_UNSPEC,
91	NFQA_CFG_CMD,			/* nfqnl_msg_config_cmd */
92	NFQA_CFG_PARAMS,		/* nfqnl_msg_config_params */
93	NFQA_CFG_QUEUE_MAXLEN,		/* __u32 */
94	NFQA_CFG_MASK,			/* identify which flags to change */
95	NFQA_CFG_FLAGS,			/* value of these flags (__u32) */
96	__NFQA_CFG_MAX
97};
98#define NFQA_CFG_MAX (__NFQA_CFG_MAX-1)
99
100/* Flags for NFQA_CFG_FLAGS */
101#define NFQA_CFG_F_FAIL_OPEN			(1 << 0)
102#define NFQA_CFG_F_CONNTRACK			(1 << 1)
103#define NFQA_CFG_F_GSO				(1 << 2)
104#define NFQA_CFG_F_UID_GID			(1 << 3)
105#define NFQA_CFG_F_MAX				(1 << 4)
106
107/* flags for NFQA_SKB_INFO */
108/* packet appears to have wrong checksums, but they are ok */
109#define NFQA_SKB_CSUMNOTREADY (1 << 0)
110/* packet is GSO (i.e., exceeds device mtu) */
111#define NFQA_SKB_GSO (1 << 1)
112/* csum not validated (incoming device doesn't support hw checksum, etc.) */
113#define NFQA_SKB_CSUM_NOTVERIFIED (1 << 2)
114
115#endif /* _NFNETLINK_QUEUE_H */
116