github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/netfilter_arp.txt

github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/netfilter_arp.txt (about)

     1  # Copyright 2018 syzkaller project authors. All rights reserved.
     2  # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
     3  
     4  include <linux/socket.h>
     5  include <uapi/linux/netfilter_arp/arp_tables.h>
     6  include <uapi/linux/netfilter_arp/arpt_mangle.h>
     7  
     8  setsockopt$ARPT_SO_SET_REPLACE(fd sock_in, level const[SOL_IP], opt const[ARPT_SO_SET_REPLACE], val ptr[in, arpt_replace], len len[val])
     9  setsockopt$ARPT_SO_SET_ADD_COUNTERS(fd sock_in, level const[SOL_IP], opt const[ARPT_SO_SET_ADD_COUNTERS], val ptr[in, arpt_counters_info], len len[val])
    10  getsockopt$ARPT_SO_GET_INFO(fd sock_in, level const[SOL_IP], opt const[ARPT_SO_GET_INFO], val ptr[in, arpt_getinfo], len ptr[in, len[val, int32]])
    11  getsockopt$ARPT_SO_GET_ENTRIES(fd sock_in, level const[SOL_IP], opt const[ARPT_SO_GET_ENTRIES], val ptr[in, arpt_get_entries], len ptr[in, len[val, int32]])
    12  getsockopt$ARPT_SO_GET_REVISION_TARGET(fd sock_in, level const[SOL_IP], opt const[ARPT_SO_GET_REVISION_TARGET], val ptr[in, xt_get_revision], len ptr[in, len[val, int32]])
    13  
    14  arpt_replace {
    15  	name			string["filter", XT_TABLE_MAXNAMELEN]
    16  	valid_hooks		const[ARPT_FILTER_VALID_HOOKS, int32]
    17  	num_entries		const[4, int32]
    18  	size			bytesize[entries, int32]
    19  	hook_in			ipt_hook
    20  	hook_out		ipt_hook
    21  	hook_forward		ipt_hook
    22  	underflow_in		ipt_hook
    23  	underflow_out		ipt_hook
    24  	underflow_forward	ipt_hook
    25  	num_counters		const[4, int32]
    26  	counters		ptr[out, array[xt_counters, 4]]
    27  	entries			arpt_replace_entries
    28  }
    29  
    30  define ARPT_FILTER_VALID_HOOKS	(1 << NF_ARP_IN) | (1 << NF_ARP_OUT) | (1 << NF_ARP_FORWARD)
    31  
    32  arpt_replace_entries {
    33  	entries		array[arpt_entry, 3]
    34  	underflow	arpt_entry_underflow
    35  } [packed, align[PTR_SIZE]]
    36  
    37  arpt_entry {
    38  	matches	arpt_entry_matches
    39  	target	arpt_targets
    40  } [packed, align[PTR_SIZE]]
    41  
    42  arpt_entry_matches {
    43  	arp		arpt_arp_or_uncond
    44  	target_offset	len[parent, int16]
    45  	next_offset	len[arpt_entry, int16]
    46  	comefrom	const[0, int32]
    47  	counters	xt_counters
    48  # Note: matches should go here, but they seem to be unused in arp tables.
    49  } [align[PTR_SIZE]]
    50  
    51  arpt_entry_underflow {
    52  	matches	arpt_entry_underflow_matches
    53  	target	xt_target_t["", const[NF_ACCEPT_VERDICT, int32], 0]
    54  } [align[PTR_SIZE]]
    55  
    56  arpt_entry_underflow_matches {
    57  	arp		arpt_arp_uncond
    58  	target_offset	len[parent, int16]
    59  	next_offset	len[arpt_entry_underflow, int16]
    60  	comefrom	const[0, int32]
    61  	counters	xt_counters
    62  }
    63  
    64  arpt_arp_or_uncond [
    65  	arp	arpt_arp
    66  	uncond	arpt_arp_uncond
    67  ]
    68  
    69  type arpt_arp_uncond array[const[0, int8], ARPT_ARP_SIZE]
    70  define ARPT_ARP_SIZE	sizeof(struct arpt_arp)
    71  
    72  arpt_arp {
    73  	src		ipv4_addr
    74  	tgt		ipv4_addr
    75  	smsk		ipv4_addr_mask
    76  	tmsk		ipv4_addr_mask
    77  	arhln		int8[0:ARPT_DEV_ADDR_LEN_MAX]
    78  	arhln_mask	int8[0:ARPT_DEV_ADDR_LEN_MAX]
    79  	src_devaddr	arpt_devaddr_info
    80  	tgt_devaddr	arpt_devaddr_info
    81  	arpop		int16be
    82  	arpop_mask	int16be
    83  	arhrd		int16be
    84  	arhrd_mask	int16be
    85  	arpro		int16be
    86  	arpro_mask	int16be
    87  	iniface		devname
    88  	outiface	devname
    89  	iniface_mask	devname_mask
    90  	outiface_mask	devname_mask
    91  	flags		const[0, int8]
    92  	invflags	flags[arpt_arp_invflags, int16]
    93  }
    94  
    95  arpt_devaddr_info {
    96  	addr	arpt_devaddr
    97  	mask	arpt_devmask
    98  }
    99  
   100  arpt_devaddr [
   101  	empty	array[const[0, int8], ARPT_DEV_ADDR_LEN_MAX]
   102  	mac	mac_addr
   103  ]
   104  
   105  arpt_devmask {
   106  	mac	mac_addr_mask
   107  } [size[ARPT_DEV_ADDR_LEN_MAX]]
   108  
   109  arpt_arp_invflags = ARPT_INV_VIA_IN, ARPT_INV_VIA_OUT, ARPT_INV_SRCIP, ARPT_INV_TGTIP, ARPT_INV_SRCDEVADDR, ARPT_INV_TGTDEVADDR, ARPT_INV_ARPOP, ARPT_INV_ARPHRD, ARPT_INV_ARPPRO, ARPT_INV_ARPHLN
   110  
   111  arpt_targets [
   112  	unspec	xt_unspec_targets
   113  	mangle	xt_target_t["mangle", arpt_mangle, 0]
   114  ] [varlen]
   115  
   116  arpt_mangle {
   117  	src_devaddr	arpt_devaddr
   118  	tgt_devaddr	arpt_devaddr
   119  	src_ip		ipv4_addr
   120  	tgt_ip		ipv4_addr
   121  	flags		flags[arpt_mangle_flags, int8]
   122  	target		flags[arpt_mangle_targets, int32]
   123  }
   124  
   125  arpt_mangle_flags = ARPT_MANGLE_SDEV, ARPT_MANGLE_TDEV, ARPT_MANGLE_SIP, ARPT_MANGLE_TIP, ARPT_MANGLE_MASK
   126  arpt_mangle_targets = NF_DROP, NF_ACCEPT, XT_CONTINUE
   127  
   128  arpt_counters_info {
   129  	name		string["filter", XT_TABLE_MAXNAMELEN]
   130  	num_counters	len[counters, int32]
   131  	counters	array[xt_counters, 4:4]
   132  }
   133  
   134  arpt_getinfo {
   135  	name		string["filter", XT_TABLE_MAXNAMELEN]
   136  	valid_hooks	const[0, int32]
   137  	hook_entry	array[int32, NF_ARP_NUMHOOKS]
   138  	underflow	array[const[0, int32], NF_ARP_NUMHOOKS]
   139  	num_entries	const[0, int32]
   140  	size		const[0, int32]
   141  }
   142  
   143  arpt_get_entries {
   144  	name		string["filter", XT_TABLE_MAXNAMELEN]
   145  	size		bytesize[entrytable, int32]
   146  	entrytable	array[int8]
   147  }