1 /* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
2 #ifndef _NFNETLINK_QUEUE_H
3 #define _NFNETLINK_QUEUE_H
4
5 #include <linux/types.h>
6 #include <linux/netfilter/nfnetlink.h>
7
8 enum nfqnl_msg_types {
9 NFQNL_MSG_PACKET, /* packet from kernel to userspace */
10 NFQNL_MSG_VERDICT, /* verdict from userspace to kernel */
11 NFQNL_MSG_CONFIG, /* connect to a particular queue */
12 NFQNL_MSG_VERDICT_BATCH, /* batchv from userspace to kernel */
13
14 NFQNL_MSG_MAX
15 };
16
17 struct nfqnl_msg_packet_hdr {
18 __be32 packet_id; /* unique ID of packet in queue */
19 __be16 hw_protocol; /* hw protocol (network order) */
20 __u8 hook; /* netfilter hook */
21 } __attribute__ ((packed));
22
23 struct nfqnl_msg_packet_hw {
24 __be16 hw_addrlen;
25 __u16 _pad;
26 __u8 hw_addr[8];
27 };
28
29 struct nfqnl_msg_packet_timestamp {
30 __aligned_be64 sec;
31 __aligned_be64 usec;
32 };
33
34 enum nfqnl_vlan_attr {
35 NFQA_VLAN_UNSPEC,
36 NFQA_VLAN_PROTO, /* __be16 skb vlan_proto */
37 NFQA_VLAN_TCI, /* __be16 skb htons(vlan_tci) */
38 __NFQA_VLAN_MAX,
39 };
40 #define NFQA_VLAN_MAX (__NFQA_VLAN_MAX - 1)
41
42 enum nfqnl_attr_type {
43 NFQA_UNSPEC,
44 NFQA_PACKET_HDR,
45 NFQA_VERDICT_HDR, /* nfqnl_msg_verdict_hrd */
46 NFQA_MARK, /* __u32 nfmark */
47 NFQA_TIMESTAMP, /* nfqnl_msg_packet_timestamp */
48 NFQA_IFINDEX_INDEV, /* __u32 ifindex */
49 NFQA_IFINDEX_OUTDEV, /* __u32 ifindex */
50 NFQA_IFINDEX_PHYSINDEV, /* __u32 ifindex */
51 NFQA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */
52 NFQA_HWADDR, /* nfqnl_msg_packet_hw */
53 NFQA_PAYLOAD, /* opaque data payload */
54 NFQA_CT, /* nf_conntrack_netlink.h */
55 NFQA_CT_INFO, /* enum ip_conntrack_info */
56 NFQA_CAP_LEN, /* __u32 length of captured packet */
57 NFQA_SKB_INFO, /* __u32 skb meta information */
58 NFQA_EXP, /* nf_conntrack_netlink.h */
59 NFQA_UID, /* __u32 sk uid */
60 NFQA_GID, /* __u32 sk gid */
61 NFQA_SECCTX, /* security context string */
62 NFQA_VLAN, /* nested attribute: packet vlan info */
63 NFQA_L2HDR, /* full L2 header */
64
65 __NFQA_MAX
66 };
67 #define NFQA_MAX (__NFQA_MAX - 1)
68
69 struct nfqnl_msg_verdict_hdr {
70 __be32 verdict;
71 __be32 id;
72 };
73
74
75 enum nfqnl_msg_config_cmds {
76 NFQNL_CFG_CMD_NONE,
77 NFQNL_CFG_CMD_BIND,
78 NFQNL_CFG_CMD_UNBIND,
79 NFQNL_CFG_CMD_PF_BIND,
80 NFQNL_CFG_CMD_PF_UNBIND,
81 };
82
83 struct nfqnl_msg_config_cmd {
84 __u8 command; /* nfqnl_msg_config_cmds */
85 __u8 _pad;
86 __be16 pf; /* AF_xxx for PF_[UN]BIND */
87 };
88
89 enum nfqnl_config_mode {
90 NFQNL_COPY_NONE,
91 NFQNL_COPY_META,
92 NFQNL_COPY_PACKET,
93 };
94
95 struct nfqnl_msg_config_params {
96 __be32 copy_range;
97 __u8 copy_mode; /* enum nfqnl_config_mode */
98 } __attribute__ ((packed));
99
100
101 enum nfqnl_attr_config {
102 NFQA_CFG_UNSPEC,
103 NFQA_CFG_CMD, /* nfqnl_msg_config_cmd */
104 NFQA_CFG_PARAMS, /* nfqnl_msg_config_params */
105 NFQA_CFG_QUEUE_MAXLEN, /* __u32 */
106 NFQA_CFG_MASK, /* identify which flags to change */
107 NFQA_CFG_FLAGS, /* value of these flags (__u32) */
108 __NFQA_CFG_MAX
109 };
110 #define NFQA_CFG_MAX (__NFQA_CFG_MAX-1)
111
112 /* Flags for NFQA_CFG_FLAGS */
113 #define NFQA_CFG_F_FAIL_OPEN (1 << 0)
114 #define NFQA_CFG_F_CONNTRACK (1 << 1)
115 #define NFQA_CFG_F_GSO (1 << 2)
116 #define NFQA_CFG_F_UID_GID (1 << 3)
117 #define NFQA_CFG_F_SECCTX (1 << 4)
118 #define NFQA_CFG_F_MAX (1 << 5)
119
120 /* flags for NFQA_SKB_INFO */
121 /* packet appears to have wrong checksums, but they are ok */
122 #define NFQA_SKB_CSUMNOTREADY (1 << 0)
123 /* packet is GSO (i.e., exceeds device mtu) */
124 #define NFQA_SKB_GSO (1 << 1)
125 /* csum not validated (incoming device doesn't support hw checksum, etc.) */
126 #define NFQA_SKB_CSUM_NOTVERIFIED (1 << 2)
127
128 #endif /* _NFNETLINK_QUEUE_H */