Google Git
Sign in
android / platform / external / syzkaller / refs/tags/android-cts-10.0_r6 / . / sys / linux / netfilter_targets.txt
blob: 4efbf1020fb96b924037c4f2e674a73245b33bdc [file] [log] [blame]
# Copyright 2018 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
# Netfilter targets shared between ipv6/ipv6.
include <linux/socket.h>
include <uapi/linux/netfilter/ipset/ip_set.h>
include <uapi/linux/netfilter/x_tables.h>
include <uapi/linux/netfilter/xt_connmark.h>
include <uapi/linux/netfilter/nf_nat.h>
include <uapi/linux/netfilter/xt_set.h>
include <uapi/linux/netfilter/xt_mark.h>
include <uapi/linux/netfilter/xt_TEE.h>
include <uapi/linux/netfilter/xt_LED.h>
include <uapi/linux/netfilter/xt_TCPMSS.h>
include <uapi/linux/netfilter/xt_RATEEST.h>
include <uapi/linux/netfilter/xt_DSCP.h>
include <uapi/linux/netfilter/xt_CLASSIFY.h>
include <uapi/linux/netfilter/xt_IDLETIMER.h>
include <uapi/linux/netfilter/xt_TCPOPTSTRIP.h>
include <uapi/linux/netfilter/xt_NFQUEUE.h>
include <uapi/linux/netfilter/xt_CT.h>
include <uapi/linux/netfilter/xt_AUDIT.h>
include <uapi/linux/netfilter/xt_HMARK.h>
include <uapi/linux/netfilter/xt_TPROXY.h>
include <uapi/linux/netfilter/xt_CHECKSUM.h>
include <uapi/linux/netfilter/xt_CONNSECMARK.h>
include <uapi/linux/netfilter/xt_SECMARK.h>
include <uapi/linux/netfilter/xt_NFLOG.h>
include <uapi/linux/netfilter/xt_LOG.h>
include <uapi/linux/netfilter/xt_SYNPROXY.h>
type xt_target_t[NAME, DATA, REV] {
target_size len[parent, int16]
name string[NAME, XT_EXTENSION_MAXNAMELEN]
revision const[REV, int8]
data DATA
} [align_ptr]
xt_unspec_targets [
STANDARD xt_target_t["", flags[nf_verdicts, int32], 0]
ERROR xt_target_t["ERROR", array[int8, XT_FUNCTION_MAXNAMELEN], 0]
LED xt_target_t["LED", xt_led_info, 0]
RATEEST xt_target_t["RATEEST", xt_rateest_target_info, 0]
NFQUEUE0 xt_target_t["NFQUEUE", xt_NFQ_info, 0]
NFQUEUE1 xt_target_t["NFQUEUE", xt_NFQ_info_v1, 1]
NFQUEUE2 xt_target_t["NFQUEUE", xt_NFQ_info_v3, 2]
NFQUEUE3 xt_target_t["NFQUEUE", xt_NFQ_info_v3, 3]
CLASSIFY xt_target_t["CLASSIFY", xt_classify_target_info, 0]
IDLETIMER xt_target_t["IDLETIMER", idletimer_tg_info, 0]
AUDIT xt_target_t["AUDIT", xt_audit_info, 0]
MARK xt_target_t["MARK", xt_mark_tginfo2, 2]
CONNSECMARK xt_target_t["CONNSECMARK", xt_connsecmark_target_info, 0]
SECMARK xt_target_t["SECMARK", xt_secmark_target_info, 0]
NFLOG xt_target_t["NFLOG", xt_nflog_info, 0]
CONNMARK xt_target_t["CONNMARK", xt_connmark_tginfo1, 1]
] [varlen]
nf_verdicts = 0, NF_DROP_VERDICT, NF_ACCEPT_VERDICT, NF_STOLEN_VERDICT, NF_QUEUE_VERDICT, NF_REPEAT_VERDICT
define NF_DROP_VERDICT -NF_DROP - 1
define NF_ACCEPT_VERDICT -NF_ACCEPT - 1
define NF_STOLEN_VERDICT -NF_STOLEN - 1
define NF_QUEUE_VERDICT -NF_QUEUE - 1
define NF_REPEAT_VERDICT -NF_REPEAT - 1
xt_unspec_mangle_targets [
CHECKSUM xt_target_t["CHECKSUM", xt_CHECKSUM_info, 0]
] [varlen]
xt_unspec_nat_targets [
SNAT1 xt_target_t["SNAT", nf_nat_range, 1]
DNAT1 xt_target_t["DNAT", nf_nat_range, 1]
] [varlen]
xt_unspec_raw_targets [
TRACE xt_target_t["TRACE", void, 0]
CT0 xt_target_t["CT", xt_ct_target_info, 0]
CT1 xt_target_t["CT", xt_ct_target_info_v1, 1]
CT2 xt_target_t["CT", xt_ct_target_info_v1, 2]
NOTRACK xt_target_t["NOTRACK", void, 0]
] [varlen]
xt_inet_targets [
TEE xt_target_t["TEE", xt_tee_tginfo, 1]
TCPMSS xt_target_t["TCPMSS", xt_tcpmss_info, 0]
TCPOPTSTRIP xt_target_t["TCPOPTSTRIP", xt_tcpoptstrip_target_info, 0]
HMARK xt_target_t["HMARK", xt_hmark_info, 0]
SET1 xt_target_t["SET", xt_set_info_target_v1, 1]
SET2 xt_target_t["SET", xt_set_info_target_v2, 2]
SET3 xt_target_t["SET", xt_set_info_target_v3, 3]
LOG xt_target_t["LOG", xt_log_info, 0]
SYNPROXY xt_target_t["SYNPROXY", xt_synproxy_info, 0]
] [varlen]
xt_inet_mangle_targets [
DSCP xt_target_t["DSCP", xt_DSCP_info, 0]
TOS xt_target_t["TOS", xt_tos_target_info, 0]
TPROXY1 xt_target_t["TPROXY", xt_tproxy_target_info_v1, 1]
] [varlen]
xt_tee_tginfo {
gw nf_inet_addr
oif devname
priv intptr
}
xt_led_info {
id string[xt_led_names, 27]
always_blink bool8
delay int32
internal_data intptr
}
xt_led_names = "syz0", "syz1"
xt_tcpmss_info {
mss int16
}
xt_rateest_target_info {
name string[xt_rateest_names, IFNAMSIZ]
interval int8
ewma_log int8
est intptr
}
xt_rateest_names = "syz0", "syz1"
nf_nat_range {
flags flags[nf_nat_flags, int32]
min_addr nf_inet_addr
max_addr nf_inet_addr
min_proto nf_conntrack_man_proto
max_proto nf_conntrack_man_proto
}
nf_nat_ipv4_multi_range_compat {
rangesize const[1, int32]
range nf_nat_ipv4_range
}
nf_nat_ipv4_range {
flags flags[nf_nat_flags, int32]
min_ip ipv4_addr
max_ip ipv4_addr
min nf_conntrack_man_proto
max nf_conntrack_man_proto
}
nf_nat_flags = NF_NAT_RANGE_MAP_IPS, NF_NAT_RANGE_PROTO_SPECIFIED, NF_NAT_RANGE_PROTO_RANDOM, NF_NAT_RANGE_PERSISTENT, NF_NAT_RANGE_PROTO_RANDOM_FULLY
xt_NFQ_info {
queuenum int16
}
xt_NFQ_info_v1 {
queuenum int16
queues_total int16
}
xt_NFQ_info_v3 {
queuenum int16
queues_total int16
flags flags[xt_NFQ_flags, int16]
}
xt_NFQ_flags = NFQ_FLAG_BYPASS, NFQ_FLAG_CPU_FANOUT
xt_DSCP_info {
dscp int8[0:XT_DSCP_MAX]
}
xt_tos_target_info {
tos_value int8
tos_mask int8
}
xt_classify_target_info {
priority int32
}
idletimer_tg_info {
timeout int32
label string[idletimer_tg_names, MAX_IDLETIMER_LABEL_SIZE]
timer intptr
}
idletimer_tg_names = "syz0", "syz1"
xt_tcpoptstrip_target_info {
strip_bmap array[int32, 8]
}
xt_ct_target_info {
flags bool16
zone int16
ct_events int32
exp_events int32
helper string[xt_ct_helpers, 16]
ct intptr
}
xt_ct_target_info_v1 {
flags flags[xt_ct_flags, int16]
zone int16
ct_events int32
exp_events int32
helper string[xt_ct_helpers, 16]
# TODO: these names must be registered somewhere from netlink.
timeout string[xt_ct_timeouts, 32]
ct intptr
}
xt_ct_flags = XT_CT_NOTRACK, XT_CT_NOTRACK_ALIAS, XT_CT_ZONE_DIR_ORIG, XT_CT_ZONE_DIR_REPL, XT_CT_ZONE_MARK
xt_ct_helpers = "", "snmp_trap", "netbios-ns", "pptp", "snmp"
xt_ct_timeouts = "syz0", "syz1"
xt_audit_info {
type flags[xt_audit_flags, int8]
}
xt_audit_flags = XT_AUDIT_TYPE_ACCEPT, XT_AUDIT_TYPE_DROP, XT_AUDIT_TYPE_REJECT
xt_hmark_info {
src_mask nf_inet_addr
dst_mask ipv6_addr_mask
src_port_mask sock_port
dst_port_mask sock_port
src_port_set sock_port
dst_port_set sock_port
flags int32
proto_mask int16
hashrnd int32
hmodulus int32
hoffset int32
}
xt_tproxy_target_info {
mark_mask int32
mark_value int32
laddr ipv4_addr
lport sock_port
}
xt_tproxy_target_info_v1 {
mark_mask int32
mark_value int32
laddr nf_inet_addr
lport sock_port
}
xt_set_info_target_v0 {
add_set xt_set_info_v0
del_set xt_set_info_v0
}
xt_set_info_target_v1 {
add_set xt_set_info
del_set xt_set_info
}
xt_set_info_target_v2 {
add_set xt_set_info
del_set xt_set_info
flags int32
timeout int32
}
xt_set_info_target_v3 {
add_set xt_set_info
del_set xt_set_info
map_set xt_set_info
flags int32
timeout int32
}
type ip_set_id_t int16
xt_set_info_v0 {
index ip_set_id_t
flags array[int32, IPSET_DIM_MAX]
dim int8
flags2 int8
pad int16
}
xt_set_info {
index ip_set_id_t
dim int8
flags int8
}
ip_set_counter_match0 {
op int8
value int64
}
ip_set_counter_match {
value int64
op int8
}
xt_mark_tginfo2 {
mark int32
mask int32
}
xt_CHECKSUM_info {
operation const[XT_CHECKSUM_OP_FILL, int8]
}
xt_log_info {
level int8
logflags flags[xt_log_flags, int8]
prefix array[int8, 30]
}
xt_log_flags = XT_LOG_TCPSEQ, XT_LOG_TCPOPT, XT_LOG_IPOPT, XT_LOG_UID, XT_LOG_NFLOG, XT_LOG_MACDECODE
xt_connsecmark_target_info {
mode int8[1:2]
}
xt_secmark_target_info {
mode int8[1:1]
secid int32
secctx string[selinux_security_context, SECMARK_SECCTX_MAX]
}
xt_nflog_info {
len int32
group int16
threshold int16
flags bool16
pad const[0, int16]
prefix array[int8, 64]
}
xt_connmark_tginfo1 {
ctmark int32
ctmask int32
nfmask int32
mode flags[xt_connmark_mode, int8]
}
xt_connmark_mode = XT_CONNMARK_SET, XT_CONNMARK_SAVE, XT_CONNMARK_RESTORE
xt_synproxy_info {
options flags[xt_synproxy_options, int8]
wscale int8
mss int16
}
xt_synproxy_options = XT_SYNPROXY_OPT_MSS, XT_SYNPROXY_OPT_WSCALE, XT_SYNPROXY_OPT_SACK_PERM, XT_SYNPROXY_OPT_TIMESTAMP, XT_SYNPROXY_OPT_ECN