1#ifndef _NFNETLINK_QUEUE_H 2#define _NFNETLINK_QUEUE_H 3 4#include <linux/types.h> 5#include <linux/netfilter/nfnetlink.h> 6 7enum nfqnl_msg_types { 8 NFQNL_MSG_PACKET, /* packet from kernel to userspace */ 9 NFQNL_MSG_VERDICT, /* verdict from userspace to kernel */ 10 NFQNL_MSG_CONFIG, /* connect to a particular queue */ 11 NFQNL_MSG_VERDICT_BATCH, /* batchv from userspace to kernel */ 12 13 NFQNL_MSG_MAX 14}; 15 16struct nfqnl_msg_packet_hdr { 17 __be32 packet_id; /* unique ID of packet in queue */ 18 __be16 hw_protocol; /* hw protocol (network order) */ 19 __u8 hook; /* netfilter hook */ 20} __attribute__ ((packed)); 21 22struct nfqnl_msg_packet_hw { 23 __be16 hw_addrlen; 24 __u16 _pad; 25 __u8 hw_addr[8]; 26}; 27 28struct nfqnl_msg_packet_timestamp { 29 __aligned_be64 sec; 30 __aligned_be64 usec; 31}; 32 33enum nfqnl_vlan_attr { 34 NFQA_VLAN_UNSPEC, 35 NFQA_VLAN_PROTO, /* __be16 skb vlan_proto */ 36 NFQA_VLAN_TCI, /* __be16 skb htons(vlan_tci) */ 37 __NFQA_VLAN_MAX, 38}; 39#define NFQA_VLAN_MAX (__NFQA_VLAN_MAX + 1) 40 41enum nfqnl_attr_type { 42 NFQA_UNSPEC, 43 NFQA_PACKET_HDR, 44 NFQA_VERDICT_HDR, /* nfqnl_msg_verdict_hrd */ 45 NFQA_MARK, /* __u32 nfmark */ 46 NFQA_TIMESTAMP, /* nfqnl_msg_packet_timestamp */ 47 NFQA_IFINDEX_INDEV, /* __u32 ifindex */ 48 NFQA_IFINDEX_OUTDEV, /* __u32 ifindex */ 49 NFQA_IFINDEX_PHYSINDEV, /* __u32 ifindex */ 50 NFQA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */ 51 NFQA_HWADDR, /* nfqnl_msg_packet_hw */ 52 NFQA_PAYLOAD, /* opaque data payload */ 53 NFQA_CT, /* nf_conntrack_netlink.h */ 54 NFQA_CT_INFO, /* enum ip_conntrack_info */ 55 NFQA_CAP_LEN, /* __u32 length of captured packet */ 56 NFQA_SKB_INFO, /* __u32 skb meta information */ 57 NFQA_EXP, /* nf_conntrack_netlink.h */ 58 NFQA_UID, /* __u32 sk uid */ 59 NFQA_GID, /* __u32 sk gid */ 60 NFQA_SECCTX, /* security context string */ 61 NFQA_VLAN, /* nested attribute: packet vlan info */ 62 NFQA_L2HDR, /* full L2 header */ 63 64 __NFQA_MAX 65}; 66#define NFQA_MAX (__NFQA_MAX - 1) 67 68struct nfqnl_msg_verdict_hdr { 69 __be32 verdict; 70 __be32 id; 71}; 72 73 74enum nfqnl_msg_config_cmds { 75 NFQNL_CFG_CMD_NONE, 76 NFQNL_CFG_CMD_BIND, 77 NFQNL_CFG_CMD_UNBIND, 78 NFQNL_CFG_CMD_PF_BIND, 79 NFQNL_CFG_CMD_PF_UNBIND, 80}; 81 82struct nfqnl_msg_config_cmd { 83 __u8 command; /* nfqnl_msg_config_cmds */ 84 __u8 _pad; 85 __be16 pf; /* AF_xxx for PF_[UN]BIND */ 86}; 87 88enum nfqnl_config_mode { 89 NFQNL_COPY_NONE, 90 NFQNL_COPY_META, 91 NFQNL_COPY_PACKET, 92}; 93 94struct nfqnl_msg_config_params { 95 __be32 copy_range; 96 __u8 copy_mode; /* enum nfqnl_config_mode */ 97} __attribute__ ((packed)); 98 99 100enum nfqnl_attr_config { 101 NFQA_CFG_UNSPEC, 102 NFQA_CFG_CMD, /* nfqnl_msg_config_cmd */ 103 NFQA_CFG_PARAMS, /* nfqnl_msg_config_params */ 104 NFQA_CFG_QUEUE_MAXLEN, /* __u32 */ 105 NFQA_CFG_MASK, /* identify which flags to change */ 106 NFQA_CFG_FLAGS, /* value of these flags (__u32) */ 107 __NFQA_CFG_MAX 108}; 109#define NFQA_CFG_MAX (__NFQA_CFG_MAX-1) 110 111/* Flags for NFQA_CFG_FLAGS */ 112#define NFQA_CFG_F_FAIL_OPEN (1 << 0) 113#define NFQA_CFG_F_CONNTRACK (1 << 1) 114#define NFQA_CFG_F_GSO (1 << 2) 115#define NFQA_CFG_F_UID_GID (1 << 3) 116#define NFQA_CFG_F_SECCTX (1 << 4) 117#define NFQA_CFG_F_MAX (1 << 5) 118 119/* flags for NFQA_SKB_INFO */ 120/* packet appears to have wrong checksums, but they are ok */ 121#define NFQA_SKB_CSUMNOTREADY (1 << 0) 122/* packet is GSO (i.e., exceeds device mtu) */ 123#define NFQA_SKB_GSO (1 << 1) 124/* csum not validated (incoming device doesn't support hw checksum, etc.) */ 125#define NFQA_SKB_CSUM_NOTVERIFIED (1 << 2) 126 127#endif /* _NFNETLINK_QUEUE_H */ 128