github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/socket_netlink_netfilter.txt

github.com/google/syzkaller@v0.0.0-20240517125934-c0f1611a36d6/sys/linux/socket_netlink_netfilter.txt (about)

     1  # Copyright 2017 syzkaller project authors. All rights reserved.
     2  # Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
     3  
     4  # AF_NETLINK/NETLINK_NETFILTER support.
     5  
     6  include <linux/net.h>
     7  include <uapi/linux/netlink.h>
     8  include <uapi/linux/netfilter.h>
     9  include <uapi/linux/netfilter/nfnetlink.h>
    10  
    11  resource sock_nl_netfilter[sock_netlink]
    12  
    13  socket$nl_netfilter(domain const[AF_NETLINK], type const[SOCK_RAW], proto const[NETLINK_NETFILTER]) sock_nl_netfilter
    14  
    15  sendmsg$nl_netfilter(fd sock_nl_netfilter, msg ptr[in, msghdr_nl_netfilter], f flags[send_flags])
    16  
    17  type msghdr_nl_netfilter msghdr_netlink[netlink_msg_netfilter]
    18  
    19  netlink_msg_netfilter {
    20  	len	len[parent, int32]
    21  	type	int8[0:20]
    22  	subsys	flags[nfnl_subsys, int8]
    23  	flags	flags[netlink_netfilter_msg_flags, int16]
    24  	seq	netlink_seq
    25  	pid	netlink_port_id
    26  	hdr	nfgenmsg
    27  # No body. Generic attribute can represent a random body.
    28  	attrs	array[nl_generic_attr]
    29  } [align[4]]
    30  
    31  type netlink_msg_netfilter_t[SUBSYS, CMD, POLICY] netlink_msg_netfilter_tt[SUBSYS, CMD, array[POLICY]]
    32  
    33  type netlink_msg_netfilter_tt[SUBSYS, CMD, POLICY] {
    34  	len	len[parent, int32]
    35  	type	const[CMD, int8]
    36  	subsys	const[SUBSYS, int8]
    37  	flags	flags[netlink_netfilter_msg_flags, int16]
    38  	seq	const[0, int32]
    39  	pid	const[0, int32]
    40  	hdr	nfgenmsg
    41  	attrs	POLICY
    42  } [align[4]]
    43  
    44  nfgenmsg {
    45  	nfgen_family	flags[nfproto, int8]
    46  	version		const[NFNETLINK_V0, int8]
    47  # res_id seems to mean things like cpu/queue/group number, so prefer small values.
    48  	res_id		int16be[0:10]
    49  } [align[4]]
    50  
    51  nfnl_subsys = NFNL_SUBSYS_CTNETLINK, NFNL_SUBSYS_CTNETLINK_EXP, NFNL_SUBSYS_QUEUE, NFNL_SUBSYS_ULOG, NFNL_SUBSYS_OSF, NFNL_SUBSYS_IPSET, NFNL_SUBSYS_ACCT, NFNL_SUBSYS_CTNETLINK_TIMEOUT, NFNL_SUBSYS_CTHELPER, NFNL_SUBSYS_NFTABLES, NFNL_SUBSYS_NFT_COMPAT
    52  nfproto = NFPROTO_UNSPEC, NFPROTO_INET, NFPROTO_IPV4, NFPROTO_ARP, NFPROTO_NETDEV, NFPROTO_BRIDGE, NFPROTO_IPV6
    53  
    54  # We always need to send NLM_F_REQUEST and some netlink flags are not used.
    55  netlink_netfilter_msg_flags = NLM_F_ACK_REQUEST, NLM_F_APPEND_REQUEST, NLM_F_CREATE_REQUEST, NLM_F_DUMP_REQUEST, NLM_F_EXCL_REQUEST, NLM_F_EXCL_REQUEST, NLM_F_MULTI_REQUEST, NLM_F_NONREC_REQUEST, NLM_F_REPLACE_REQUEST
    56  
    57  define NLM_F_ACK_REQUEST	NLM_F_ACK | NLM_F_REQUEST
    58  define NLM_F_APPEND_REQUEST	NLM_F_APPEND | NLM_F_REQUEST
    59  define NLM_F_CREATE_REQUEST	NLM_F_CREATE | NLM_F_REQUEST
    60  define NLM_F_DUMP_REQUEST	NLM_F_DUMP | NLM_F_REQUEST
    61  define NLM_F_EXCL_REQUEST	NLM_F_EXCL | NLM_F_REQUEST
    62  define NLM_F_MULTI_REQUEST	NLM_F_MULTI | NLM_F_REQUEST
    63  define NLM_F_NONREC_REQUEST	NLM_F_NONREC | NLM_F_REQUEST
    64  define NLM_F_REPLACE_REQUEST	NLM_F_REPLACE | NLM_F_REQUEST