github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/netfilter_ipv6.txt

github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/netfilter_ipv6.txt (about)

     1  # Copyright 2018 syzkaller project authors. All rights reserved.
     2  # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
     3  
     4  include <linux/socket.h>
     5  include <uapi/linux/netfilter_ipv6/ip6_tables.h>
     6  include <uapi/linux/netfilter_ipv6/ip6t_rt.h>
     7  include <uapi/linux/netfilter_ipv6/ip6t_mh.h>
     8  include <uapi/linux/netfilter_ipv6/ip6t_opts.h>
     9  include <uapi/linux/netfilter_ipv6/ip6t_frag.h>
    10  include <uapi/linux/netfilter_ipv6/ip6t_ipv6header.h>
    11  include <uapi/linux/netfilter_ipv6/ip6t_ah.h>
    12  include <uapi/linux/netfilter_ipv6/ip6t_srh.h>
    13  include <uapi/linux/netfilter_ipv6/ip6t_REJECT.h>
    14  include <uapi/linux/netfilter_ipv6/ip6t_NPT.h>
    15  include <uapi/linux/netfilter_ipv6/ip6t_HL.h>
    16  
    17  setsockopt$IP6T_SO_SET_REPLACE(fd sock_in6, level const[SOL_IPV6], opt const[IP6T_SO_SET_REPLACE], val ptr[in, ip6t_replace], len len[val])
    18  setsockopt$IP6T_SO_SET_ADD_COUNTERS(fd sock_in6, level const[SOL_IPV6], opt const[IP6T_SO_SET_ADD_COUNTERS], val ptr[in, ipt_counters_info], len len[val])
    19  getsockopt$IP6T_SO_GET_INFO(fd sock_in6, level const[SOL_IPV6], opt const[IP6T_SO_GET_INFO], val ptr[in, ipt_getinfo], len ptr[in, len[val, int32]])
    20  getsockopt$IP6T_SO_GET_ENTRIES(fd sock_in6, level const[SOL_IPV6], opt const[IP6T_SO_GET_ENTRIES], val ptr[in, ipt_get_entries], len ptr[in, len[val, int32]])
    21  getsockopt$IP6T_SO_GET_REVISION_MATCH(fd sock_in6, level const[SOL_IPV6], opt const[IP6T_SO_GET_REVISION_MATCH], val ptr[in, xt_get_revision], len ptr[in, len[val, int32]])
    22  getsockopt$IP6T_SO_GET_REVISION_TARGET(fd sock_in6, level const[SOL_IPV6], opt const[IP6T_SO_GET_REVISION_TARGET], val ptr[in, xt_get_revision], len ptr[in, len[val, int32]])
    23  
    24  ip6t_replace [
    25  	filter		ip6t_replace_t["filter", 3, 4, IPT_FILTER_VALID_HOOKS, ip6t_filter_matches, ip6t_filter_targets, ipt_unused, ipt_hook, ipt_hook, ipt_hook, ipt_unused, ipt_unused, ipt_hook, ipt_hook, ipt_hook, ipt_unused]
    26  	nat		ip6t_replace_t["nat", 4, 5, IPT_NAT_VALID_HOOKS, ip6t_nat_matches, ip6t_nat_targets, ipt_hook, ipt_hook, ipt_unused, ipt_hook, ipt_hook, ipt_hook, ipt_hook, ipt_unused, ipt_hook, ipt_hook]
    27  	mangle		ip6t_replace_t["mangle", 5, 6, IPT_MANGLE_VALID_HOOKS, ip6t_mangle_matches, ip6t_mangle_targets, ipt_hook, ipt_hook, ipt_hook, ipt_hook, ipt_hook, ipt_hook, ipt_hook, ipt_hook, ipt_hook, ipt_hook]
    28  	raw		ip6t_replace_t["raw", 2, 3, IPT_RAW_VALID_HOOKS, ip6t_raw_matches, ip6t_raw_targets, ipt_hook, ipt_unused, ipt_unused, ipt_hook, ipt_unused, ipt_hook, ipt_unused, ipt_unused, ipt_hook, ipt_unused]
    29  	security	ip6t_replace_t["security", 3, 4, IPT_SECURITY_VALID_HOOKS, ip6t_security_matches, ip6t_security_targets, ipt_unused, ipt_hook, ipt_hook, ipt_hook, ipt_unused, ipt_unused, ipt_hook, ipt_hook, ipt_hook, ipt_unused]
    30  ] [varlen]
    31  
    32  type ip6t_replace_t[NAME, NENTRIES, NHOOKS, HOOKS, MATCHES, TARGETS, H0, H1, H2, H3, H4, U0, U1, U2, U3, U4] {
    33  	name			string[NAME, XT_TABLE_MAXNAMELEN]
    34  	valid_hooks		const[HOOKS, int32]
    35  	num_entries		const[NHOOKS, int32]
    36  	size			bytesize[entries, int32]
    37  	hook_pre_routing	H0
    38  	hook_local_in		H1
    39  	hook_forward		H2
    40  	hook_local_out		H3
    41  	hook_post_routing	H4
    42  	underflow_pre_routing	U0
    43  	underflow_local_in	U1
    44  	underflow_forward	U2
    45  	underflow_local_out	U3
    46  	underflow_post_routing	U4
    47  	num_counters		const[NHOOKS, int32]
    48  	counters		ptr[out, array[xt_counters, NHOOKS]]
    49  	entries			ip6t_replace_entries[NENTRIES, MATCHES, TARGETS]
    50  }
    51  
    52  type ip6t_replace_entries[NENTRIES, MATCHES, TARGETS] {
    53  	entries		array[ip6t_entry[MATCHES, TARGETS], NENTRIES]
    54  	underflow	ip6t_entry_underflow
    55  } [packed, align[PTR_SIZE]]
    56  
    57  type ip6t_entry[MATCHES, TARGETS] {
    58  	matches	ip6t_entry_matches[MATCHES]
    59  	target	TARGETS
    60  } [packed, align[PTR_SIZE]]
    61  
    62  type ip6t_entry_matches[MATCHES] {
    63  	ipv6		ip6t_ip6_or_uncond
    64  	nfcache		const[0, int32]
    65  	target_offset	len[parent, int16]
    66  	next_offset	len[ip6t_entry, int16]
    67  	comefrom	const[0, int32]
    68  	counters	xt_counters
    69  	matches		array[MATCHES, 0:2]
    70  } [align[PTR_SIZE]]
    71  
    72  ip6t_entry_underflow {
    73  	matches	ip6t_entry_underflow_matches
    74  	target	xt_target_t["", const[NF_ACCEPT_VERDICT, int32], 0]
    75  } [align[PTR_SIZE]]
    76  
    77  ip6t_entry_underflow_matches {
    78  	ipv6		ip6t_ip6_uncond
    79  	nfcache		const[0, int32]
    80  	target_offset	len[parent, int16]
    81  	next_offset	len[ip6t_entry_underflow, int16]
    82  	comefrom	const[0, int32]
    83  	counters	xt_counters
    84  }
    85  
    86  ip6t_ip6_or_uncond [
    87  	ipv6	ip6t_ip6
    88  	uncond	ip6t_ip6_uncond
    89  ]
    90  
    91  type ip6t_ip6_uncond array[const[0, int8], IP6T_IP6_SIZE]
    92  define IP6T_IP6_SIZE	sizeof(struct ip6t_ip6)
    93  
    94  ip6t_ip6 {
    95  	src		ipv6_addr
    96  	dst		ipv6_addr
    97  	smsk		ipv6_addr_mask
    98  	dmsk		ipv6_addr_mask
    99  	iniface		devname
   100  	outiface	devname
   101  	iniface_mask	devname_mask
   102  	outiface_mask	devname_mask
   103  	proto		flags[ipv6_types, int16]
   104  	tos		int8
   105  	flags		flags[ip6t_ip6_flags, int8]
   106  	invflags	flags[ip6t_ip6_invflags, int8]
   107  }
   108  
   109  ip6t_ip6_flags = IP6T_F_PROTO, IP6T_F_TOS, IP6T_F_GOTO
   110  ip6t_ip6_invflags = IP6T_INV_VIA_IN, IP6T_INV_VIA_OUT, IP6T_INV_TOS, IP6T_INV_SRCIP, IP6T_INV_DSTIP, IP6T_INV_FRAG, IP6T_INV_PROTO
   111  
   112  # MATCHES:
   113  
   114  ipt6_matches [
   115  	unspec		xt_unspec_matches
   116  	inet		xt_inet_matches
   117  	icmp6		xt_entry_match_t["icmp6", ip6t_icmp, 0]
   118  	rt		xt_entry_match_t["rt", ip6t_rt, 0]
   119  	mh		xt_entry_match_t["mh", ip6t_mh, 0]
   120  	hbh		xt_entry_match_t["hbh", ip6t_opts, 0]
   121  	dst		xt_entry_match_t["dst", ip6t_opts, 0]
   122  	frag		xt_entry_match_t["frag", ip6t_frag, 0]
   123  	eui64		xt_entry_match_t["eui64", const[0, int32], 0]
   124  	ah		xt_entry_match_t["ah", ip6t_ah, 0]
   125  	ipv6header	xt_entry_match_t["ipv6header", ip6t_ipv6header_info, 0]
   126  	hl		xt_entry_match_t["hl", ipt_ttl_info, 0]
   127  	srh		xt_entry_match_t["srh", ip6t_srh, 0]
   128  	srh1		xt_entry_match_t["srh", ip6t_srh1, 1]
   129  ] [varlen]
   130  
   131  ip6t_filter_matches [
   132  	common	ipt6_matches
   133  ] [varlen]
   134  
   135  ip6t_nat_matches [
   136  	common	ipt6_matches
   137  ] [varlen]
   138  
   139  ip6t_mangle_matches [
   140  	common	ipt6_matches
   141  	inet	xt_inet_mangle_matches
   142  ] [varlen]
   143  
   144  ip6t_raw_matches [
   145  	common	ipt6_matches
   146  	inet	xt_inet_raw_matches
   147  ] [varlen]
   148  
   149  ip6t_security_matches [
   150  	common	ipt6_matches
   151  ] [varlen]
   152  
   153  ip6t_icmp {
   154  	type		flags[icmp_types, int8]
   155  	code		array[int8, 2]
   156  	invflags	bool8
   157  }
   158  
   159  ip6t_rt {
   160  	rt_type		int32
   161  	segsleft	array[int32, 2]
   162  	hdrlen		int32
   163  	flags		flags[ip6t_rt_flags, int8]
   164  	invflags	flags[ip6t_rt_invflags, int8]
   165  	addrs		array[ipv6_addr, IP6T_RT_HOPS]
   166  	addrnr		int8[0:IP6T_RT_HOPS]
   167  }
   168  
   169  ip6t_rt_flags = IP6T_RT_TYP, IP6T_RT_SGS, IP6T_RT_LEN, IP6T_RT_RES, IP6T_RT_FST_MASK, IP6T_RT_FST, IP6T_RT_FST_NSTRICT
   170  ip6t_rt_invflags = IP6T_RT_INV_TYP, IP6T_RT_INV_SGS, IP6T_RT_INV_LEN
   171  
   172  ip6t_mh {
   173  	types		array[int8, 2]
   174  	invflags	bool8
   175  }
   176  
   177  ip6t_opts {
   178  	hdrlen		int32
   179  	flags		flags[ip6t_opts_flags, int8]
   180  	invflags	flags[ip6t_opts_invflags, int8]
   181  	opts		array[int16, IP6T_OPTS_OPTSNR]
   182  	optsnr		int8[0:IP6T_OPTS_OPTSNR]
   183  }
   184  
   185  ip6t_opts_flags = IP6T_OPTS_LEN, IP6T_OPTS_OPTS, IP6T_OPTS_NSTRICT
   186  ip6t_opts_invflags = IP6T_OPTS_INV_LEN
   187  
   188  ip6t_frag {
   189  	ids		array[int32, 2]
   190  	hdrlen		int32
   191  	flags		flags[ip6t_frag_flags, int8]
   192  	invflags	flags[ip6t_frag_invflags, int8]
   193  }
   194  
   195  ip6t_frag_flags = IP6T_FRAG_IDS, IP6T_FRAG_LEN, IP6T_FRAG_RES, IP6T_FRAG_FST, IP6T_FRAG_MF, IP6T_FRAG_NMF
   196  ip6t_frag_invflags = IP6T_FRAG_INV_IDS, IP6T_FRAG_INV_LEN
   197  
   198  ip6t_ipv6header_info {
   199  	matchflags	flags[ip6t_ipv6header_flags, int8]
   200  	invflags	flags[ip6t_ipv6header_flags, int8]
   201  	modeflag	bool8
   202  }
   203  
   204  ip6t_ipv6header_flags = MASK_HOPOPTS, MASK_DSTOPTS, MASK_ROUTING, MASK_FRAGMENT, MASK_AH, MASK_ESP, MASK_NONE, MASK_PROTO
   205  
   206  ip6t_ah {
   207  	spis		array[xfrm_spi, 2]
   208  	hdrlen		int32
   209  	hdrres		int8
   210  	invflags	flags[ip6t_ah_flags, int8]
   211  }
   212  
   213  ip6t_ah_flags = IP6T_AH_INV_SPI, IP6T_AH_INV_LEN
   214  
   215  ip6t_srh {
   216  	next_hdr	flags[ipv6_types, int8]
   217  	hdr_len		int8
   218  	segs_left	int8
   219  	last_entry	int8
   220  	tag		int16
   221  	mt_flags	flags[ip6t_srh_flags, int16]
   222  	mt_invflags	flags[ip6t_srh_flags, int16]
   223  }
   224  
   225  ip6t_srh1 {
   226  	next_hdr	flags[ipv6_types, int8]
   227  	hdr_len		int8
   228  	segs_left	int8
   229  	last_entry	int8
   230  	tag		int16
   231  	psid_addr	ipv6_addr
   232  	nsid_addr	ipv6_addr
   233  	lsid_addr	ipv6_addr
   234  	psid_msk	ipv6_addr_mask
   235  	nsid_msk	ipv6_addr_mask
   236  	lsid_msk	ipv6_addr_mask
   237  	mt_flags	flags[ip6t_srh_flags, int16]
   238  	mt_invflags	flags[ip6t_srh_flags, int16]
   239  }
   240  
   241  ip6t_srh_flags = IP6T_SRH_NEXTHDR, IP6T_SRH_LEN_EQ, IP6T_SRH_LEN_GT, IP6T_SRH_LEN_LT, IP6T_SRH_SEGS_EQ, IP6T_SRH_SEGS_GT, IP6T_SRH_SEGS_LT, IP6T_SRH_LAST_EQ, IP6T_SRH_LAST_GT, IP6T_SRH_LAST_LT, IP6T_SRH_TAG, IP6T_SRH_PSID, IP6T_SRH_NSID, IP6T_SRH_LSID
   242  
   243  # TARGETS:
   244  
   245  ip6t_targets [
   246  	unspec	xt_unspec_targets
   247  	inet	xt_inet_targets
   248  ] [varlen]
   249  
   250  ip6t_filter_targets [
   251  	common	ip6t_targets
   252  	REJECT	xt_target_t["REJECT", ip6t_reject_info, 0]
   253  ] [varlen]
   254  
   255  ip6t_nat_targets [
   256  	common		ip6t_targets
   257  	unspec		xt_unspec_nat_targets
   258  	NETMAP		xt_target_t["NETMAP", nf_nat_range, 0]
   259  	REDIRECT	xt_target_t["REDIRECT", nf_nat_range, 0]
   260  	MASQUERADE	xt_target_t["MASQUERADE", nf_nat_range, 0]
   261  ] [varlen]
   262  
   263  ip6t_mangle_targets [
   264  	common	ip6t_targets
   265  	unspec	xt_unspec_mangle_targets
   266  	inet	xt_inet_mangle_targets
   267  	SNPT	xt_target_t["SNPT", ip6t_npt_tginfo, 0]
   268  	DNPT	xt_target_t["DNPT", ip6t_npt_tginfo, 0]
   269  	HL	xt_target_t["HL", ipt_TTL_info, 0]
   270  ] [varlen]
   271  
   272  ip6t_raw_targets [
   273  	common	ip6t_targets
   274  	unspec	xt_unspec_raw_targets
   275  ] [varlen]
   276  
   277  ip6t_security_targets [
   278  	common	ip6t_targets
   279  ] [varlen]
   280  
   281  ip6t_reject_info {
   282  	with	flags[ip6t_reject_with, int32]
   283  }
   284  
   285  ip6t_reject_with = IP6T_ICMP6_NO_ROUTE, IP6T_ICMP6_ADM_PROHIBITED, IP6T_ICMP6_NOT_NEIGHBOUR, IP6T_ICMP6_ADDR_UNREACH, IP6T_ICMP6_PORT_UNREACH, IP6T_ICMP6_ECHOREPLY, IP6T_TCP_RESET, IP6T_ICMP6_POLICY_FAIL, IP6T_ICMP6_REJECT_ROUTE
   286  
   287  ip6t_npt_tginfo {
   288  	src_pfx		nf_inet_addr
   289  	dst_pfx		nf_inet_addr
   290  	src_pfx_len	int8[0:64]
   291  	dst_pfx_len	int8[0:64]
   292  	adjustment	int16
   293  }