|
Packit |
c5a612 |
#ifndef NFTABLES_PROTO_H
|
|
Packit |
c5a612 |
#define NFTABLES_PROTO_H
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#include <nftables.h>
|
|
Packit |
c5a612 |
#include <datatype.h>
|
|
Packit |
c5a612 |
#include <linux/netfilter/nf_tables.h>
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
/**
|
|
Packit |
c5a612 |
* enum proto_bases - protocol bases
|
|
Packit |
c5a612 |
*
|
|
Packit |
c5a612 |
* @PROTO_BASE_INVALID: uninitialised, does not happen
|
|
Packit |
c5a612 |
* @PROTO_BASE_LL_HDR: link layer header
|
|
Packit |
c5a612 |
* @PROTO_BASE_NETWORK_HDR: network layer header
|
|
Packit |
c5a612 |
* @PROTO_BASE_TRANSPORT_HDR: transport layer header
|
|
Packit |
c5a612 |
*/
|
|
Packit |
c5a612 |
enum proto_bases {
|
|
Packit |
c5a612 |
PROTO_BASE_INVALID,
|
|
Packit |
c5a612 |
PROTO_BASE_LL_HDR,
|
|
Packit |
c5a612 |
PROTO_BASE_NETWORK_HDR,
|
|
Packit |
c5a612 |
PROTO_BASE_TRANSPORT_HDR,
|
|
Packit |
c5a612 |
__PROTO_BASE_MAX
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
#define PROTO_BASE_MAX (__PROTO_BASE_MAX - 1)
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern const char *proto_base_names[];
|
|
Packit |
c5a612 |
extern const char *proto_base_tokens[];
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
/**
|
|
Packit |
c5a612 |
* struct proto_hdr_template - protocol header field description
|
|
Packit |
c5a612 |
*
|
|
Packit |
c5a612 |
* @token: parser token describing the header field
|
|
Packit |
c5a612 |
* @dtype: data type of the header field
|
|
Packit |
c5a612 |
* @offset: offset of the header field from base
|
|
Packit |
c5a612 |
* @len: length of header field
|
|
Packit |
c5a612 |
* @meta_key: special case: meta expression key
|
|
Packit |
c5a612 |
*/
|
|
Packit |
c5a612 |
struct proto_hdr_template {
|
|
Packit |
c5a612 |
const char *token;
|
|
Packit |
c5a612 |
const struct datatype *dtype;
|
|
Packit |
c5a612 |
uint16_t offset;
|
|
Packit |
c5a612 |
uint16_t len;
|
|
Packit |
c5a612 |
enum byteorder byteorder;
|
|
Packit |
c5a612 |
enum nft_meta_keys meta_key;
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#define PROTO_HDR_TEMPLATE(__token, __dtype, __byteorder, __offset, __len)\
|
|
Packit |
c5a612 |
{ \
|
|
Packit |
c5a612 |
.token = (__token), \
|
|
Packit |
c5a612 |
.dtype = (__dtype), \
|
|
Packit |
c5a612 |
.byteorder = (__byteorder), \
|
|
Packit |
c5a612 |
.offset = (__offset), \
|
|
Packit |
c5a612 |
.len = (__len), \
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#define PROTO_META_TEMPLATE(__token, __dtype, __key, __len) \
|
|
Packit |
c5a612 |
{ \
|
|
Packit |
c5a612 |
.token = (__token), \
|
|
Packit |
c5a612 |
.dtype = (__dtype), \
|
|
Packit |
c5a612 |
.meta_key = (__key), \
|
|
Packit |
c5a612 |
.len = (__len), \
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#define PROTO_UPPER_MAX 16
|
|
Packit |
c5a612 |
#define PROTO_HDRS_MAX 20
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
/**
|
|
Packit |
c5a612 |
* struct proto_desc - protocol header description
|
|
Packit |
c5a612 |
*
|
|
Packit |
c5a612 |
* @name: protocol name
|
|
Packit |
c5a612 |
* @base: header base
|
|
Packit |
c5a612 |
* @checksum_key: key of template containing checksum
|
|
Packit |
c5a612 |
* @protocol_key: key of template containing upper layer protocol description
|
|
Packit |
c5a612 |
* @length: total size of the header, in bits
|
|
Packit |
c5a612 |
* @protocols: link to upper layer protocol descriptions indexed by protocol value
|
|
Packit |
c5a612 |
* @templates: header templates
|
|
Packit |
c5a612 |
* @pseudohdr: header fields that are part of upper layer checksum pseudoheader
|
|
Packit |
c5a612 |
*/
|
|
Packit |
c5a612 |
struct proto_desc {
|
|
Packit |
c5a612 |
const char *name;
|
|
Packit |
c5a612 |
enum proto_bases base;
|
|
Packit |
c5a612 |
unsigned int checksum_key;
|
|
Packit |
c5a612 |
unsigned int protocol_key;
|
|
Packit |
c5a612 |
unsigned int length;
|
|
Packit |
c5a612 |
struct {
|
|
Packit |
c5a612 |
unsigned int num;
|
|
Packit |
c5a612 |
const struct proto_desc *desc;
|
|
Packit |
c5a612 |
} protocols[PROTO_UPPER_MAX];
|
|
Packit |
c5a612 |
struct proto_hdr_template templates[PROTO_HDRS_MAX];
|
|
Packit |
c5a612 |
struct {
|
|
Packit |
c5a612 |
uint8_t order[PROTO_HDRS_MAX];
|
|
Packit |
c5a612 |
uint32_t filter;
|
|
Packit |
c5a612 |
} format;
|
|
Packit |
c5a612 |
unsigned int pseudohdr[PROTO_HDRS_MAX];
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#define PROTO_LINK(__num, __desc) { .num = (__num), .desc = (__desc), }
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
/**
|
|
Packit |
c5a612 |
* struct hook_proto_desc - description of protocol constraints imposed by hook family
|
|
Packit |
c5a612 |
*
|
|
Packit |
c5a612 |
* @base: protocol base of packets
|
|
Packit |
c5a612 |
* @desc: protocol description of packets
|
|
Packit |
c5a612 |
*/
|
|
Packit |
c5a612 |
struct hook_proto_desc {
|
|
Packit |
c5a612 |
enum proto_bases base;
|
|
Packit |
c5a612 |
const struct proto_desc *desc;
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#define HOOK_PROTO_DESC(__base, __desc) { .base = (__base), .desc = (__desc), }
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern const struct hook_proto_desc hook_proto_desc[];
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
/**
|
|
Packit |
c5a612 |
* struct dev_proto_desc - description of device LL protocol
|
|
Packit |
c5a612 |
*
|
|
Packit |
c5a612 |
* @desc: protocol description
|
|
Packit |
c5a612 |
* @type: arphrd value
|
|
Packit |
c5a612 |
*/
|
|
Packit |
c5a612 |
struct dev_proto_desc {
|
|
Packit |
c5a612 |
const struct proto_desc *desc;
|
|
Packit |
c5a612 |
uint16_t type;
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#define DEV_PROTO_DESC(__type, __desc) { .type = (__type), .desc = (__desc), }
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern int proto_dev_type(const struct proto_desc *desc, uint16_t *res);
|
|
Packit |
c5a612 |
extern const struct proto_desc *proto_dev_desc(uint16_t type);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
/**
|
|
Packit |
c5a612 |
* struct proto_ctx - protocol context
|
|
Packit |
c5a612 |
*
|
|
Packit |
c5a612 |
* debug_mask: display debugging information
|
|
Packit |
c5a612 |
* @family: hook family
|
|
Packit |
c5a612 |
* @location: location of the relational expression defining the context
|
|
Packit |
c5a612 |
* @desc: protocol description for this layer
|
|
Packit |
c5a612 |
* @offset: offset from the base, for stacked headers (eg 8*14 for vlan on top of ether)
|
|
Packit |
c5a612 |
*
|
|
Packit |
c5a612 |
* The location of the context is the location of the relational expression
|
|
Packit |
c5a612 |
* defining it, either directly through a protocol match or indirectly
|
|
Packit |
c5a612 |
* through a dependency.
|
|
Packit |
c5a612 |
*/
|
|
Packit |
c5a612 |
struct proto_ctx {
|
|
Packit |
c5a612 |
unsigned int debug_mask;
|
|
Packit |
c5a612 |
unsigned int family;
|
|
Packit |
c5a612 |
struct {
|
|
Packit |
c5a612 |
struct location location;
|
|
Packit |
c5a612 |
const struct proto_desc *desc;
|
|
Packit |
c5a612 |
unsigned int offset;
|
|
Packit |
c5a612 |
} protocol[PROTO_BASE_MAX + 1];
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern void proto_ctx_init(struct proto_ctx *ctx, unsigned int family,
|
|
Packit |
c5a612 |
unsigned int debug_mask);
|
|
Packit |
c5a612 |
extern void proto_ctx_update(struct proto_ctx *ctx, enum proto_bases base,
|
|
Packit |
c5a612 |
const struct location *loc,
|
|
Packit |
c5a612 |
const struct proto_desc *desc);
|
|
Packit |
c5a612 |
extern const struct proto_desc *proto_find_upper(const struct proto_desc *base,
|
|
Packit |
c5a612 |
unsigned int num);
|
|
Packit |
c5a612 |
extern int proto_find_num(const struct proto_desc *base,
|
|
Packit |
c5a612 |
const struct proto_desc *desc);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum eth_hdr_fields {
|
|
Packit |
c5a612 |
ETHHDR_INVALID,
|
|
Packit |
c5a612 |
ETHHDR_DADDR,
|
|
Packit |
c5a612 |
ETHHDR_SADDR,
|
|
Packit |
c5a612 |
ETHHDR_TYPE,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum vlan_hdr_fields {
|
|
Packit |
c5a612 |
VLANHDR_INVALID,
|
|
Packit |
c5a612 |
VLANHDR_PCP,
|
|
Packit |
c5a612 |
VLANHDR_CFI,
|
|
Packit |
c5a612 |
VLANHDR_VID,
|
|
Packit |
c5a612 |
VLANHDR_TYPE,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum arp_hdr_fields {
|
|
Packit |
c5a612 |
ARPHDR_INVALID,
|
|
Packit |
c5a612 |
ARPHDR_HRD,
|
|
Packit |
c5a612 |
ARPHDR_PRO,
|
|
Packit |
c5a612 |
ARPHDR_HLN,
|
|
Packit |
c5a612 |
ARPHDR_PLN,
|
|
Packit |
c5a612 |
ARPHDR_OP,
|
|
Packit |
c5a612 |
ARPHDR_SADDR_ETHER,
|
|
Packit |
c5a612 |
ARPHDR_DADDR_ETHER,
|
|
Packit |
c5a612 |
ARPHDR_SADDR_IP,
|
|
Packit |
c5a612 |
ARPHDR_DADDR_IP,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum ip_hdr_fields {
|
|
Packit |
c5a612 |
IPHDR_INVALID,
|
|
Packit |
c5a612 |
IPHDR_VERSION,
|
|
Packit |
c5a612 |
IPHDR_HDRLENGTH,
|
|
Packit |
c5a612 |
IPHDR_DSCP,
|
|
Packit |
c5a612 |
IPHDR_ECN,
|
|
Packit |
c5a612 |
IPHDR_LENGTH,
|
|
Packit |
c5a612 |
IPHDR_ID,
|
|
Packit |
c5a612 |
IPHDR_FRAG_OFF,
|
|
Packit |
c5a612 |
IPHDR_TTL,
|
|
Packit |
c5a612 |
IPHDR_PROTOCOL,
|
|
Packit |
c5a612 |
IPHDR_CHECKSUM,
|
|
Packit |
c5a612 |
IPHDR_SADDR,
|
|
Packit |
c5a612 |
IPHDR_DADDR,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum icmp_hdr_fields {
|
|
Packit |
c5a612 |
ICMPHDR_INVALID,
|
|
Packit |
c5a612 |
ICMPHDR_TYPE,
|
|
Packit |
c5a612 |
ICMPHDR_CODE,
|
|
Packit |
c5a612 |
ICMPHDR_CHECKSUM,
|
|
Packit |
c5a612 |
ICMPHDR_ID,
|
|
Packit |
c5a612 |
ICMPHDR_SEQ,
|
|
Packit |
c5a612 |
ICMPHDR_GATEWAY,
|
|
Packit |
c5a612 |
ICMPHDR_MTU,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum igmp_hdr_fields {
|
|
Packit |
c5a612 |
IGMPHDR_INVALID,
|
|
Packit |
c5a612 |
IGMPHDR_TYPE,
|
|
Packit |
c5a612 |
IGMPHDR_CHECKSUM,
|
|
Packit |
c5a612 |
IGMPHDR_MRT,
|
|
Packit |
c5a612 |
IGMPHDR_GROUP,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum icmp6_hdr_fields {
|
|
Packit |
c5a612 |
ICMP6HDR_INVALID,
|
|
Packit |
c5a612 |
ICMP6HDR_TYPE,
|
|
Packit |
c5a612 |
ICMP6HDR_CODE,
|
|
Packit |
c5a612 |
ICMP6HDR_CHECKSUM,
|
|
Packit |
c5a612 |
ICMP6HDR_PPTR,
|
|
Packit |
c5a612 |
ICMP6HDR_MTU,
|
|
Packit |
c5a612 |
ICMP6HDR_ID,
|
|
Packit |
c5a612 |
ICMP6HDR_SEQ,
|
|
Packit |
c5a612 |
ICMP6HDR_MAXDELAY,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum ip6_hdr_fields {
|
|
Packit |
c5a612 |
IP6HDR_INVALID,
|
|
Packit |
c5a612 |
IP6HDR_VERSION,
|
|
Packit |
c5a612 |
IP6HDR_DSCP,
|
|
Packit |
c5a612 |
IP6HDR_ECN,
|
|
Packit |
c5a612 |
IP6HDR_FLOWLABEL,
|
|
Packit |
c5a612 |
IP6HDR_LENGTH,
|
|
Packit |
c5a612 |
IP6HDR_NEXTHDR,
|
|
Packit |
c5a612 |
IP6HDR_HOPLIMIT,
|
|
Packit |
c5a612 |
IP6HDR_SADDR,
|
|
Packit |
c5a612 |
IP6HDR_DADDR,
|
|
Packit |
c5a612 |
IP6HDR_PROTOCOL,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum ah_hdr_fields {
|
|
Packit |
c5a612 |
AHHDR_INVALID,
|
|
Packit |
c5a612 |
AHHDR_NEXTHDR,
|
|
Packit |
c5a612 |
AHHDR_HDRLENGTH,
|
|
Packit |
c5a612 |
AHHDR_RESERVED,
|
|
Packit |
c5a612 |
AHHDR_SPI,
|
|
Packit |
c5a612 |
AHHDR_SEQUENCE,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum esp_hdr_fields {
|
|
Packit |
c5a612 |
ESPHDR_INVALID,
|
|
Packit |
c5a612 |
ESPHDR_SPI,
|
|
Packit |
c5a612 |
ESPHDR_SEQUENCE,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum comp_hdr_fields {
|
|
Packit |
c5a612 |
COMPHDR_INVALID,
|
|
Packit |
c5a612 |
COMPHDR_NEXTHDR,
|
|
Packit |
c5a612 |
COMPHDR_FLAGS,
|
|
Packit |
c5a612 |
COMPHDR_CPI,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum udp_hdr_fields {
|
|
Packit |
c5a612 |
UDPHDR_INVALID,
|
|
Packit |
c5a612 |
UDPHDR_SPORT,
|
|
Packit |
c5a612 |
UDPHDR_DPORT,
|
|
Packit |
c5a612 |
UDPHDR_LENGTH,
|
|
Packit |
c5a612 |
UDPHDR_CSUMCOV = UDPHDR_LENGTH,
|
|
Packit |
c5a612 |
UDPHDR_CHECKSUM,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum tcp_hdr_fields {
|
|
Packit |
c5a612 |
TCPHDR_INVALID,
|
|
Packit |
c5a612 |
TCPHDR_UNSPEC = TCPHDR_INVALID,
|
|
Packit |
c5a612 |
TCPHDR_SPORT,
|
|
Packit |
c5a612 |
TCPHDR_DPORT,
|
|
Packit |
c5a612 |
TCPHDR_SEQ,
|
|
Packit |
c5a612 |
TCPHDR_ACKSEQ,
|
|
Packit |
c5a612 |
TCPHDR_DOFF,
|
|
Packit |
c5a612 |
TCPHDR_RESERVED,
|
|
Packit |
c5a612 |
TCPHDR_FLAGS,
|
|
Packit |
c5a612 |
TCPHDR_WINDOW,
|
|
Packit |
c5a612 |
TCPHDR_CHECKSUM,
|
|
Packit |
c5a612 |
TCPHDR_URGPTR,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum dccp_hdr_fields {
|
|
Packit |
c5a612 |
DCCPHDR_INVALID,
|
|
Packit |
c5a612 |
DCCPHDR_SPORT,
|
|
Packit |
c5a612 |
DCCPHDR_DPORT,
|
|
Packit |
c5a612 |
DCCPHDR_TYPE,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum sctp_hdr_fields {
|
|
Packit |
c5a612 |
SCTPHDR_INVALID,
|
|
Packit |
c5a612 |
SCTPHDR_SPORT,
|
|
Packit |
c5a612 |
SCTPHDR_DPORT,
|
|
Packit |
c5a612 |
SCTPHDR_VTAG,
|
|
Packit |
c5a612 |
SCTPHDR_CHECKSUM,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum th_hdr_fields {
|
|
Packit |
c5a612 |
THDR_INVALID,
|
|
Packit |
c5a612 |
THDR_SPORT,
|
|
Packit |
c5a612 |
THDR_DPORT,
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_icmp;
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_igmp;
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_ah;
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_esp;
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_comp;
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_udp;
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_udplite;
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_tcp;
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_dccp;
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_sctp;
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_th;
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_icmp6;
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_ip;
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_ip6;
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_inet;
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_inet_service;
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_arp;
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_vlan;
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_eth;
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_netdev;
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern const struct proto_desc proto_unknown;
|
|
Packit |
c5a612 |
extern const struct proto_hdr_template proto_unknown_template;
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern const struct datatype icmp_type_type;
|
|
Packit |
c5a612 |
extern const struct datatype tcp_flag_type;
|
|
Packit |
c5a612 |
extern const struct datatype dccp_pkttype_type;
|
|
Packit |
c5a612 |
extern const struct datatype arpop_type;
|
|
Packit |
c5a612 |
extern const struct datatype icmp6_type_type;
|
|
Packit |
c5a612 |
extern const struct datatype dscp_type;
|
|
Packit |
c5a612 |
extern const struct datatype ecn_type;
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#endif /* NFTABLES_PROTO_H */
|