conntrack.yaml 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642
  1. # SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
  2. ---
  3. name: conntrack
  4. protocol: netlink-raw
  5. protonum: 12
  6. doc: >-
  7. Netfilter connection tracking subsystem over nfnetlink
  8. definitions:
  9. -
  10. name: nfgenmsg
  11. type: struct
  12. members:
  13. -
  14. name: nfgen-family
  15. type: u8
  16. -
  17. name: version
  18. type: u8
  19. -
  20. name: res-id
  21. byte-order: big-endian
  22. type: u16
  23. -
  24. name: nf-ct-tcp-flags-mask
  25. type: struct
  26. members:
  27. -
  28. name: flags
  29. type: u8
  30. enum: nf-ct-tcp-flags
  31. enum-as-flags: true
  32. -
  33. name: mask
  34. type: u8
  35. enum: nf-ct-tcp-flags
  36. enum-as-flags: true
  37. -
  38. name: nf-ct-tcp-flags
  39. type: flags
  40. entries:
  41. - window-scale
  42. - sack-perm
  43. - close-init
  44. - be-liberal
  45. - unacked
  46. - maxack
  47. - challenge-ack
  48. - simultaneous-open
  49. -
  50. name: nf-ct-tcp-state
  51. type: enum
  52. entries:
  53. - none
  54. - syn-sent
  55. - syn-recv
  56. - established
  57. - fin-wait
  58. - close-wait
  59. - last-ack
  60. - time-wait
  61. - close
  62. - syn-sent2
  63. - max
  64. - ignore
  65. - retrans
  66. - unack
  67. - timeout-max
  68. -
  69. name: nf-ct-sctp-state
  70. type: enum
  71. entries:
  72. - none
  73. - cloned
  74. - cookie-wait
  75. - cookie-echoed
  76. - established
  77. - shutdown-sent
  78. - shutdown-received
  79. - shutdown-ack-sent
  80. - shutdown-heartbeat-sent
  81. -
  82. name: nf-ct-status
  83. type: flags
  84. entries:
  85. - expected
  86. - seen-reply
  87. - assured
  88. - confirmed
  89. - src-nat
  90. - dst-nat
  91. - seq-adj
  92. - src-nat-done
  93. - dst-nat-done
  94. - dying
  95. - fixed-timeout
  96. - template
  97. - nat-clash
  98. - helper
  99. - offload
  100. - hw-offload
  101. attribute-sets:
  102. -
  103. name: counter-attrs
  104. attributes:
  105. -
  106. name: packets
  107. type: u64
  108. byte-order: big-endian
  109. -
  110. name: bytes
  111. type: u64
  112. byte-order: big-endian
  113. -
  114. name: packets-old
  115. type: u32
  116. -
  117. name: bytes-old
  118. type: u32
  119. -
  120. name: pad
  121. type: pad
  122. -
  123. name: tuple-proto-attrs
  124. attributes:
  125. -
  126. name: proto-num
  127. type: u8
  128. doc: l4 protocol number
  129. -
  130. name: proto-src-port
  131. type: u16
  132. byte-order: big-endian
  133. doc: l4 source port
  134. -
  135. name: proto-dst-port
  136. type: u16
  137. byte-order: big-endian
  138. doc: l4 source port
  139. -
  140. name: proto-icmp-id
  141. type: u16
  142. byte-order: big-endian
  143. doc: l4 icmp id
  144. -
  145. name: proto-icmp-type
  146. type: u8
  147. -
  148. name: proto-icmp-code
  149. type: u8
  150. -
  151. name: proto-icmpv6-id
  152. type: u16
  153. byte-order: big-endian
  154. doc: l4 icmp id
  155. -
  156. name: proto-icmpv6-type
  157. type: u8
  158. -
  159. name: proto-icmpv6-code
  160. type: u8
  161. -
  162. name: tuple-ip-attrs
  163. attributes:
  164. -
  165. name: ip-v4-src
  166. type: u32
  167. byte-order: big-endian
  168. display-hint: ipv4
  169. doc: ipv4 source address
  170. -
  171. name: ip-v4-dst
  172. type: u32
  173. byte-order: big-endian
  174. display-hint: ipv4
  175. doc: ipv4 destination address
  176. -
  177. name: ip-v6-src
  178. type: binary
  179. checks:
  180. min-len: 16
  181. byte-order: big-endian
  182. display-hint: ipv6
  183. doc: ipv6 source address
  184. -
  185. name: ip-v6-dst
  186. type: binary
  187. checks:
  188. min-len: 16
  189. byte-order: big-endian
  190. display-hint: ipv6
  191. doc: ipv6 destination address
  192. -
  193. name: tuple-attrs
  194. attributes:
  195. -
  196. name: tuple-ip
  197. type: nest
  198. nested-attributes: tuple-ip-attrs
  199. doc: conntrack l3 information
  200. -
  201. name: tuple-proto
  202. type: nest
  203. nested-attributes: tuple-proto-attrs
  204. doc: conntrack l4 information
  205. -
  206. name: tuple-zone
  207. type: u16
  208. byte-order: big-endian
  209. doc: conntrack zone id
  210. -
  211. name: protoinfo-tcp-attrs
  212. attributes:
  213. -
  214. name: tcp-state
  215. type: u8
  216. enum: nf-ct-tcp-state
  217. doc: tcp connection state
  218. -
  219. name: tcp-wscale-original
  220. type: u8
  221. doc: window scaling factor in original direction
  222. -
  223. name: tcp-wscale-reply
  224. type: u8
  225. doc: window scaling factor in reply direction
  226. -
  227. name: tcp-flags-original
  228. type: binary
  229. struct: nf-ct-tcp-flags-mask
  230. -
  231. name: tcp-flags-reply
  232. type: binary
  233. struct: nf-ct-tcp-flags-mask
  234. -
  235. name: protoinfo-dccp-attrs
  236. attributes:
  237. -
  238. name: dccp-state
  239. type: u8
  240. doc: dccp connection state
  241. -
  242. name: dccp-role
  243. type: u8
  244. -
  245. name: dccp-handshake-seq
  246. type: u64
  247. byte-order: big-endian
  248. -
  249. name: dccp-pad
  250. type: pad
  251. -
  252. name: protoinfo-sctp-attrs
  253. attributes:
  254. -
  255. name: sctp-state
  256. type: u8
  257. doc: sctp connection state
  258. enum: nf-ct-sctp-state
  259. -
  260. name: vtag-original
  261. type: u32
  262. byte-order: big-endian
  263. -
  264. name: vtag-reply
  265. type: u32
  266. byte-order: big-endian
  267. -
  268. name: protoinfo-attrs
  269. attributes:
  270. -
  271. name: protoinfo-tcp
  272. type: nest
  273. nested-attributes: protoinfo-tcp-attrs
  274. doc: conntrack tcp state information
  275. -
  276. name: protoinfo-dccp
  277. type: nest
  278. nested-attributes: protoinfo-dccp-attrs
  279. doc: conntrack dccp state information
  280. -
  281. name: protoinfo-sctp
  282. type: nest
  283. nested-attributes: protoinfo-sctp-attrs
  284. doc: conntrack sctp state information
  285. -
  286. name: help-attrs
  287. attributes:
  288. -
  289. name: help-name
  290. type: string
  291. doc: helper name
  292. -
  293. name: nat-proto-attrs
  294. attributes:
  295. -
  296. name: nat-port-min
  297. type: u16
  298. byte-order: big-endian
  299. -
  300. name: nat-port-max
  301. type: u16
  302. byte-order: big-endian
  303. -
  304. name: nat-attrs
  305. attributes:
  306. -
  307. name: nat-v4-minip
  308. type: u32
  309. byte-order: big-endian
  310. -
  311. name: nat-v4-maxip
  312. type: u32
  313. byte-order: big-endian
  314. -
  315. name: nat-v6-minip
  316. type: binary
  317. -
  318. name: nat-v6-maxip
  319. type: binary
  320. -
  321. name: nat-proto
  322. type: nest
  323. nested-attributes: nat-proto-attrs
  324. -
  325. name: seqadj-attrs
  326. attributes:
  327. -
  328. name: correction-pos
  329. type: u32
  330. byte-order: big-endian
  331. -
  332. name: offset-before
  333. type: u32
  334. byte-order: big-endian
  335. -
  336. name: offset-after
  337. type: u32
  338. byte-order: big-endian
  339. -
  340. name: secctx-attrs
  341. attributes:
  342. -
  343. name: secctx-name
  344. type: string
  345. -
  346. name: synproxy-attrs
  347. attributes:
  348. -
  349. name: isn
  350. type: u32
  351. byte-order: big-endian
  352. -
  353. name: its
  354. type: u32
  355. byte-order: big-endian
  356. -
  357. name: tsoff
  358. type: u32
  359. byte-order: big-endian
  360. -
  361. name: conntrack-attrs
  362. attributes:
  363. -
  364. name: tuple-orig
  365. type: nest
  366. nested-attributes: tuple-attrs
  367. doc: conntrack l3+l4 protocol information, original direction
  368. -
  369. name: tuple-reply
  370. type: nest
  371. nested-attributes: tuple-attrs
  372. doc: conntrack l3+l4 protocol information, reply direction
  373. -
  374. name: status
  375. type: u32
  376. byte-order: big-endian
  377. enum: nf-ct-status
  378. enum-as-flags: true
  379. doc: conntrack flag bits
  380. -
  381. name: protoinfo
  382. type: nest
  383. nested-attributes: protoinfo-attrs
  384. -
  385. name: help
  386. type: nest
  387. nested-attributes: help-attrs
  388. -
  389. name: nat-src
  390. type: nest
  391. nested-attributes: nat-attrs
  392. -
  393. name: timeout
  394. type: u32
  395. byte-order: big-endian
  396. -
  397. name: mark
  398. type: u32
  399. byte-order: big-endian
  400. -
  401. name: counters-orig
  402. type: nest
  403. nested-attributes: counter-attrs
  404. -
  405. name: counters-reply
  406. type: nest
  407. nested-attributes: counter-attrs
  408. -
  409. name: use
  410. type: u32
  411. byte-order: big-endian
  412. -
  413. name: id
  414. type: u32
  415. byte-order: big-endian
  416. -
  417. name: nat-dst
  418. type: nest
  419. nested-attributes: nat-attrs
  420. -
  421. name: tuple-master
  422. type: nest
  423. nested-attributes: tuple-attrs
  424. -
  425. name: seq-adj-orig
  426. type: nest
  427. nested-attributes: seqadj-attrs
  428. -
  429. name: seq-adj-reply
  430. type: nest
  431. nested-attributes: seqadj-attrs
  432. -
  433. name: secmark
  434. type: binary
  435. doc: obsolete
  436. -
  437. name: zone
  438. type: u16
  439. byte-order: big-endian
  440. doc: conntrack zone id
  441. -
  442. name: secctx
  443. type: nest
  444. nested-attributes: secctx-attrs
  445. -
  446. name: timestamp
  447. type: u64
  448. byte-order: big-endian
  449. -
  450. name: mark-mask
  451. type: u32
  452. byte-order: big-endian
  453. -
  454. name: labels
  455. type: binary
  456. -
  457. name: labels-mask
  458. type: binary
  459. -
  460. name: synproxy
  461. type: nest
  462. nested-attributes: synproxy-attrs
  463. -
  464. name: filter
  465. type: nest
  466. nested-attributes: tuple-attrs
  467. -
  468. name: status-mask
  469. type: u32
  470. byte-order: big-endian
  471. enum: nf-ct-status
  472. enum-as-flags: true
  473. doc: conntrack flag bits to change
  474. -
  475. name: timestamp-event
  476. type: u64
  477. byte-order: big-endian
  478. -
  479. name: conntrack-stats-attrs
  480. attributes:
  481. -
  482. name: searched
  483. type: u32
  484. byte-order: big-endian
  485. doc: obsolete
  486. -
  487. name: found
  488. type: u32
  489. byte-order: big-endian
  490. -
  491. name: new
  492. type: u32
  493. byte-order: big-endian
  494. doc: obsolete
  495. -
  496. name: invalid
  497. type: u32
  498. byte-order: big-endian
  499. doc: obsolete
  500. -
  501. name: ignore
  502. type: u32
  503. byte-order: big-endian
  504. doc: obsolete
  505. -
  506. name: delete
  507. type: u32
  508. byte-order: big-endian
  509. doc: obsolete
  510. -
  511. name: delete-list
  512. type: u32
  513. byte-order: big-endian
  514. doc: obsolete
  515. -
  516. name: insert
  517. type: u32
  518. byte-order: big-endian
  519. -
  520. name: insert-failed
  521. type: u32
  522. byte-order: big-endian
  523. -
  524. name: drop
  525. type: u32
  526. byte-order: big-endian
  527. -
  528. name: early-drop
  529. type: u32
  530. byte-order: big-endian
  531. -
  532. name: error
  533. type: u32
  534. byte-order: big-endian
  535. -
  536. name: search-restart
  537. type: u32
  538. byte-order: big-endian
  539. -
  540. name: clash-resolve
  541. type: u32
  542. byte-order: big-endian
  543. -
  544. name: chain-toolong
  545. type: u32
  546. byte-order: big-endian
  547. operations:
  548. enum-model: directional
  549. list:
  550. -
  551. name: get
  552. doc: get / dump entries
  553. attribute-set: conntrack-attrs
  554. fixed-header: nfgenmsg
  555. do:
  556. request:
  557. value: 0x101
  558. attributes:
  559. - tuple-orig
  560. - tuple-reply
  561. - zone
  562. reply:
  563. value: 0x100
  564. attributes:
  565. - tuple-orig
  566. - tuple-reply
  567. - status
  568. - protoinfo
  569. - help
  570. - nat-src
  571. - nat-dst
  572. - timeout
  573. - mark
  574. - counters-orig
  575. - counters-reply
  576. - use
  577. - id
  578. - nat-dst
  579. - tuple-master
  580. - seq-adj-orig
  581. - seq-adj-reply
  582. - zone
  583. - secctx
  584. - labels
  585. - synproxy
  586. dump:
  587. request:
  588. value: 0x101
  589. attributes:
  590. - mark
  591. - filter
  592. - status
  593. - zone
  594. reply:
  595. value: 0x100
  596. attributes:
  597. - tuple-orig
  598. - tuple-reply
  599. - status
  600. - protoinfo
  601. - help
  602. - nat-src
  603. - nat-dst
  604. - timeout
  605. - mark
  606. - counters-orig
  607. - counters-reply
  608. - use
  609. - id
  610. - nat-dst
  611. - tuple-master
  612. - seq-adj-orig
  613. - seq-adj-reply
  614. - zone
  615. - secctx
  616. - labels
  617. - synproxy
  618. -
  619. name: get-stats
  620. doc: dump pcpu conntrack stats
  621. attribute-set: conntrack-stats-attrs
  622. fixed-header: nfgenmsg
  623. dump:
  624. request:
  625. value: 0x104
  626. reply:
  627. value: 0x104
  628. attributes:
  629. - searched
  630. - found
  631. - insert
  632. - insert-failed
  633. - drop
  634. - early-drop
  635. - error
  636. - search-restart
  637. - clash-resolve
  638. - chain-toolong