github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/netfilter_targets.txt (about) 1 # Copyright 2018 syzkaller project authors. All rights reserved. 2 # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. 3 4 # Netfilter targets shared between ipv6/ipv6. 5 6 include <linux/socket.h> 7 include <uapi/linux/netfilter/ipset/ip_set.h> 8 include <uapi/linux/netfilter/x_tables.h> 9 include <uapi/linux/netfilter/xt_connmark.h> 10 include <uapi/linux/netfilter/nf_nat.h> 11 include <uapi/linux/netfilter/xt_set.h> 12 include <uapi/linux/netfilter/xt_mark.h> 13 include <uapi/linux/netfilter/xt_TEE.h> 14 include <uapi/linux/netfilter/xt_LED.h> 15 include <uapi/linux/netfilter/xt_TCPMSS.h> 16 include <uapi/linux/netfilter/xt_RATEEST.h> 17 include <uapi/linux/netfilter/xt_DSCP.h> 18 include <uapi/linux/netfilter/xt_CLASSIFY.h> 19 include <uapi/linux/netfilter/xt_IDLETIMER.h> 20 include <uapi/linux/netfilter/xt_TCPOPTSTRIP.h> 21 include <uapi/linux/netfilter/xt_NFQUEUE.h> 22 include <uapi/linux/netfilter/xt_CT.h> 23 include <uapi/linux/netfilter/xt_AUDIT.h> 24 include <uapi/linux/netfilter/xt_HMARK.h> 25 include <uapi/linux/netfilter/xt_TPROXY.h> 26 include <uapi/linux/netfilter/xt_CHECKSUM.h> 27 include <uapi/linux/netfilter/xt_CONNSECMARK.h> 28 include <uapi/linux/netfilter/xt_SECMARK.h> 29 include <uapi/linux/netfilter/xt_NFLOG.h> 30 include <uapi/linux/netfilter/xt_LOG.h> 31 include <uapi/linux/netfilter/xt_SYNPROXY.h> 32 33 type xt_target_t[NAME, DATA, REV] { 34 target_size len[parent, int16] 35 name string[NAME, XT_EXTENSION_MAXNAMELEN] 36 revision const[REV, int8] 37 data DATA 38 } [align[PTR_SIZE]] 39 40 xt_unspec_targets [ 41 STANDARD xt_target_t["", flags[nf_verdicts, int32], 0] 42 ERROR xt_target_t["ERROR", array[int8, XT_FUNCTION_MAXNAMELEN], 0] 43 LED xt_target_t["LED", xt_led_info, 0] 44 RATEEST xt_target_t["RATEEST", xt_rateest_target_info, 0] 45 NFQUEUE0 xt_target_t["NFQUEUE", xt_NFQ_info, 0] 46 NFQUEUE1 xt_target_t["NFQUEUE", xt_NFQ_info_v1, 1] 47 NFQUEUE2 xt_target_t["NFQUEUE", xt_NFQ_info_v3, 2] 48 NFQUEUE3 xt_target_t["NFQUEUE", xt_NFQ_info_v3, 3] 49 CLASSIFY xt_target_t["CLASSIFY", xt_classify_target_info, 0] 50 IDLETIMER xt_target_t["IDLETIMER", idletimer_tg_info, 0] 51 AUDIT xt_target_t["AUDIT", xt_audit_info, 0] 52 MARK xt_target_t["MARK", xt_mark_tginfo2, 2] 53 CONNSECMARK xt_target_t["CONNSECMARK", xt_connsecmark_target_info, 0] 54 SECMARK xt_target_t["SECMARK", xt_secmark_target_info, 0] 55 NFLOG xt_target_t["NFLOG", xt_nflog_info, 0] 56 CONNMARK xt_target_t["CONNMARK", xt_connmark_tginfo1, 1] 57 ] [varlen] 58 59 nf_verdicts = 0, NF_DROP_VERDICT, NF_ACCEPT_VERDICT, NF_STOLEN_VERDICT, NF_QUEUE_VERDICT, NF_REPEAT_VERDICT 60 61 define NF_DROP_VERDICT -NF_DROP - 1 62 define NF_ACCEPT_VERDICT -NF_ACCEPT - 1 63 define NF_STOLEN_VERDICT -NF_STOLEN - 1 64 define NF_QUEUE_VERDICT -NF_QUEUE - 1 65 define NF_REPEAT_VERDICT -NF_REPEAT - 1 66 67 xt_unspec_mangle_targets [ 68 CHECKSUM xt_target_t["CHECKSUM", xt_CHECKSUM_info, 0] 69 ] [varlen] 70 71 xt_unspec_nat_targets [ 72 SNAT1 xt_target_t["SNAT", nf_nat_range, 1] 73 DNAT1 xt_target_t["DNAT", nf_nat_range, 1] 74 ] [varlen] 75 76 xt_unspec_raw_targets [ 77 TRACE xt_target_t["TRACE", void, 0] 78 CT0 xt_target_t["CT", xt_ct_target_info, 0] 79 CT1 xt_target_t["CT", xt_ct_target_info_v1, 1] 80 CT2 xt_target_t["CT", xt_ct_target_info_v1, 2] 81 NOTRACK xt_target_t["NOTRACK", void, 0] 82 ] [varlen] 83 84 xt_inet_targets [ 85 TEE xt_target_t["TEE", xt_tee_tginfo, 1] 86 TCPMSS xt_target_t["TCPMSS", xt_tcpmss_info, 0] 87 TCPOPTSTRIP xt_target_t["TCPOPTSTRIP", xt_tcpoptstrip_target_info, 0] 88 HMARK xt_target_t["HMARK", xt_hmark_info, 0] 89 SET1 xt_target_t["SET", xt_set_info_target_v1, 1] 90 SET2 xt_target_t["SET", xt_set_info_target_v2, 2] 91 SET3 xt_target_t["SET", xt_set_info_target_v3, 3] 92 LOG xt_target_t["LOG", xt_log_info, 0] 93 SYNPROXY xt_target_t["SYNPROXY", xt_synproxy_info, 0] 94 ] [varlen] 95 96 xt_inet_mangle_targets [ 97 DSCP xt_target_t["DSCP", xt_DSCP_info, 0] 98 TOS xt_target_t["TOS", xt_tos_target_info, 0] 99 TPROXY1 xt_target_t["TPROXY", xt_tproxy_target_info_v1, 1] 100 ] [varlen] 101 102 xt_tee_tginfo { 103 gw nf_inet_addr 104 oif devname 105 priv align64[intptr] 106 } 107 108 xt_led_info { 109 id string[xt_led_names, 27] 110 always_blink bool8 111 delay int32 112 internal_data align64[intptr] 113 } 114 115 xt_led_names = "syz0", "syz1" 116 117 xt_tcpmss_info { 118 mss int16 119 } 120 121 xt_rateest_target_info { 122 name string[xt_rateest_names, IFNAMSIZ] 123 interval int8 124 ewma_log int8 125 est align64[intptr] 126 } 127 128 xt_rateest_names = "syz0", "syz1" 129 130 nf_nat_range { 131 flags flags[nf_nat_flags, int32] 132 min_addr nf_inet_addr 133 max_addr nf_inet_addr 134 min_proto nf_conntrack_man_proto 135 max_proto nf_conntrack_man_proto 136 } 137 138 nf_nat_ipv4_multi_range_compat { 139 rangesize const[1, int32] 140 range nf_nat_ipv4_range 141 } 142 143 nf_nat_ipv4_range { 144 flags flags[nf_nat_flags, int32] 145 min_ip ipv4_addr 146 max_ip ipv4_addr 147 min nf_conntrack_man_proto 148 max nf_conntrack_man_proto 149 } 150 151 nf_nat_flags = NF_NAT_RANGE_MAP_IPS, NF_NAT_RANGE_PROTO_SPECIFIED, NF_NAT_RANGE_PROTO_RANDOM, NF_NAT_RANGE_PERSISTENT, NF_NAT_RANGE_PROTO_RANDOM_FULLY 152 153 xt_NFQ_info { 154 queuenum int16 155 } 156 157 xt_NFQ_info_v1 { 158 queuenum int16 159 queues_total int16 160 } 161 162 xt_NFQ_info_v3 { 163 queuenum int16 164 queues_total int16 165 flags flags[xt_NFQ_flags, int16] 166 } 167 168 xt_NFQ_flags = NFQ_FLAG_BYPASS, NFQ_FLAG_CPU_FANOUT 169 170 xt_DSCP_info { 171 dscp int8[0:XT_DSCP_MAX] 172 } 173 174 xt_tos_target_info { 175 tos_value int8 176 tos_mask int8 177 } 178 179 xt_classify_target_info { 180 priority int32 181 } 182 183 idletimer_tg_info { 184 timeout int32 185 label string[idletimer_tg_names, MAX_IDLETIMER_LABEL_SIZE] 186 timer align64[intptr] 187 } 188 189 idletimer_tg_names = "syz0", "syz1" 190 191 xt_tcpoptstrip_target_info { 192 strip_bmap array[int32, 8] 193 } 194 195 xt_ct_target_info { 196 flags bool16 197 zone int16 198 ct_events int32 199 exp_events int32 200 helper string[xt_ct_helpers, 16] 201 ct align64[intptr] 202 } 203 204 xt_ct_target_info_v1 { 205 flags flags[xt_ct_flags, int16] 206 zone int16 207 ct_events int32 208 exp_events int32 209 helper string[xt_ct_helpers, 16] 210 # TODO: these names must be registered somewhere from netlink. 211 timeout string[xt_ct_timeouts, 32] 212 ct align64[intptr] 213 } 214 215 xt_ct_flags = XT_CT_NOTRACK, XT_CT_NOTRACK_ALIAS, XT_CT_ZONE_DIR_ORIG, XT_CT_ZONE_DIR_REPL, XT_CT_ZONE_MARK 216 xt_ct_helpers = "", "snmp_trap", "netbios-ns", "pptp", "snmp", "syz0", "syz1" 217 xt_ct_timeouts = "syz0", "syz1" 218 219 xt_audit_info { 220 type flags[xt_audit_flags, int8] 221 } 222 223 xt_audit_flags = XT_AUDIT_TYPE_ACCEPT, XT_AUDIT_TYPE_DROP, XT_AUDIT_TYPE_REJECT 224 225 xt_hmark_info { 226 src_mask nf_inet_addr 227 dst_mask ipv6_addr_mask 228 src_port_mask sock_port 229 dst_port_mask sock_port 230 src_port_set sock_port 231 dst_port_set sock_port 232 flags int32 233 proto_mask int16 234 hashrnd int32 235 hmodulus int32 236 hoffset int32 237 } 238 239 xt_tproxy_target_info { 240 mark_mask int32 241 mark_value int32 242 laddr ipv4_addr 243 lport sock_port 244 } 245 246 xt_tproxy_target_info_v1 { 247 mark_mask int32 248 mark_value int32 249 laddr nf_inet_addr 250 lport sock_port 251 } 252 253 xt_set_info_target_v0 { 254 add_set xt_set_info_v0 255 del_set xt_set_info_v0 256 } 257 258 xt_set_info_target_v1 { 259 add_set xt_set_info 260 del_set xt_set_info 261 } 262 263 xt_set_info_target_v2 { 264 add_set xt_set_info 265 del_set xt_set_info 266 flags int32 267 timeout int32 268 } 269 270 xt_set_info_target_v3 { 271 add_set xt_set_info 272 del_set xt_set_info 273 map_set xt_set_info 274 flags int32 275 timeout int32 276 } 277 278 xt_set_info_v0 { 279 index ip_set_id_t 280 flags array[flags[xt_set_info_flags, int32], IPSET_DIM_MAX] 281 dim int8[0:IPSET_DIM_MAX] 282 flags2 flags[xt_set_info_flags, int8] 283 } 284 285 xt_set_info { 286 index ip_set_id_t 287 dim int8[0:IPSET_DIM_MAX] 288 flags flags[xt_set_info_flags, int8] 289 } 290 291 xt_set_info_flags = IPSET_SRC, IPSET_DST, IPSET_MATCH_INV 292 293 ip_set_counter_match0 { 294 op int8 295 value int64 296 } 297 298 ip_set_counter_match { 299 value align64[int64] 300 op int8 301 } 302 303 xt_mark_tginfo2 { 304 mark int32 305 mask int32 306 } 307 308 xt_CHECKSUM_info { 309 operation const[XT_CHECKSUM_OP_FILL, int8] 310 } 311 312 xt_log_info { 313 level int8 314 logflags flags[xt_log_flags, int8] 315 prefix array[int8, 30] 316 } 317 318 xt_log_flags = XT_LOG_TCPSEQ, XT_LOG_TCPOPT, XT_LOG_IPOPT, XT_LOG_UID, XT_LOG_NFLOG, XT_LOG_MACDECODE 319 320 xt_connsecmark_target_info { 321 mode int8[1:2] 322 } 323 324 xt_secmark_target_info { 325 mode int8[1:1] 326 secid int32 327 secctx string[selinux_security_context, SECMARK_SECCTX_MAX] 328 } 329 330 xt_nflog_info { 331 len int32 332 group int16 333 threshold int16 334 flags bool16 335 pad const[0, int16] 336 prefix array[int8, 64] 337 } 338 339 xt_connmark_tginfo1 { 340 ctmark int32 341 ctmask int32 342 nfmask int32 343 mode flags[xt_connmark_mode, int8] 344 } 345 346 xt_connmark_mode = XT_CONNMARK_SET, XT_CONNMARK_SAVE, XT_CONNMARK_RESTORE 347 348 xt_synproxy_info { 349 options flags[xt_synproxy_options, int8] 350 wscale int8 351 mss int16 352 } 353 354 xt_synproxy_options = XT_SYNPROXY_OPT_MSS, XT_SYNPROXY_OPT_WSCALE, XT_SYNPROXY_OPT_SACK_PERM, XT_SYNPROXY_OPT_TIMESTAMP, XT_SYNPROXY_OPT_ECN