1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
# Copyright 2018 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
include <linux/socket.h>
include <uapi/linux/netfilter_arp/arp_tables.h>
include <uapi/linux/netfilter_arp/arpt_mangle.h>
setsockopt$ARPT_SO_SET_REPLACE(fd sock_in, level const[SOL_IP], opt const[ARPT_SO_SET_REPLACE], val ptr[in, arpt_replace], len len[val])
setsockopt$ARPT_SO_SET_ADD_COUNTERS(fd sock_in, level const[SOL_IP], opt const[ARPT_SO_SET_ADD_COUNTERS], val ptr[in, arpt_counters_info], len len[val])
getsockopt$ARPT_SO_GET_INFO(fd sock_in, level const[SOL_IP], opt const[ARPT_SO_GET_INFO], val ptr[in, arpt_getinfo], len ptr[in, len[val, int32]])
getsockopt$ARPT_SO_GET_ENTRIES(fd sock_in, level const[SOL_IP], opt const[ARPT_SO_GET_ENTRIES], val ptr[in, arpt_get_entries], len ptr[in, len[val, int32]])
getsockopt$ARPT_SO_GET_REVISION_TARGET(fd sock_in, level const[SOL_IP], opt const[ARPT_SO_GET_REVISION_TARGET], val ptr[in, xt_get_revision], len ptr[in, len[val, int32]])
arpt_replace {
name string["filter", XT_TABLE_MAXNAMELEN]
valid_hooks const[ARPT_FILTER_VALID_HOOKS, int32]
num_entries const[4, int32]
size bytesize[entries, int32]
hook_in ipt_hook
hook_out ipt_hook
hook_forward ipt_hook
underflow_in ipt_hook
underflow_out ipt_hook
underflow_forward ipt_hook
num_counters const[4, int32]
counters ptr[out, array[xt_counters, 4]]
entries arpt_replace_entries
}
define ARPT_FILTER_VALID_HOOKS (1 << NF_ARP_IN) | (1 << NF_ARP_OUT) | (1 << NF_ARP_FORWARD)
arpt_replace_entries {
entries array[arpt_entry, 3]
underflow arpt_entry_underflow
} [packed, align[PTR_SIZE]]
arpt_entry {
matches arpt_entry_matches
target arpt_targets
} [packed, align[PTR_SIZE]]
arpt_entry_matches {
arp arpt_arp_or_uncond
target_offset len[parent, int16]
next_offset len[arpt_entry, int16]
comefrom const[0, int32]
counters xt_counters
# Note: matches should go here, but they seem to be unused in arp tables.
} [align[PTR_SIZE]]
arpt_entry_underflow {
matches arpt_entry_underflow_matches
target xt_target_t["", const[NF_ACCEPT_VERDICT, int32], 0]
} [align[PTR_SIZE]]
arpt_entry_underflow_matches {
arp arpt_arp_uncond
target_offset len[parent, int16]
next_offset len[arpt_entry_underflow, int16]
comefrom const[0, int32]
counters xt_counters
}
arpt_arp_or_uncond [
arp arpt_arp
uncond arpt_arp_uncond
]
type arpt_arp_uncond array[const[0, int8], ARPT_ARP_SIZE]
define ARPT_ARP_SIZE sizeof(struct arpt_arp)
arpt_arp {
src ipv4_addr
tgt ipv4_addr
smsk ipv4_addr_mask
tmsk ipv4_addr_mask
arhln int8[0:ARPT_DEV_ADDR_LEN_MAX]
arhln_mask int8[0:ARPT_DEV_ADDR_LEN_MAX]
src_devaddr arpt_devaddr_info
tgt_devaddr arpt_devaddr_info
arpop int16be
arpop_mask int16be
arhrd int16be
arhrd_mask int16be
arpro int16be
arpro_mask int16be
iniface devname
outiface devname
iniface_mask devname_mask
outiface_mask devname_mask
flags const[0, int8]
invflags flags[arpt_arp_invflags, int16]
}
arpt_devaddr_info {
addr arpt_devaddr
mask arpt_devmask
}
arpt_devaddr [
empty array[const[0, int8], ARPT_DEV_ADDR_LEN_MAX]
mac mac_addr
]
arpt_devmask {
mac mac_addr_mask
} [size[ARPT_DEV_ADDR_LEN_MAX]]
arpt_arp_invflags = ARPT_INV_VIA_IN, ARPT_INV_VIA_OUT, ARPT_INV_SRCIP, ARPT_INV_TGTIP, ARPT_INV_SRCDEVADDR, ARPT_INV_TGTDEVADDR, ARPT_INV_ARPOP, ARPT_INV_ARPHRD, ARPT_INV_ARPPRO, ARPT_INV_ARPHLN
arpt_targets [
unspec xt_unspec_targets
mangle xt_target_t["mangle", arpt_mangle, 0]
] [varlen]
arpt_mangle {
src_devaddr arpt_devaddr
tgt_devaddr arpt_devaddr
src_ip ipv4_addr
tgt_ip ipv4_addr
flags flags[arpt_mangle_flags, int8]
target flags[arpt_mangle_targets, int32]
}
arpt_mangle_flags = ARPT_MANGLE_SDEV, ARPT_MANGLE_TDEV, ARPT_MANGLE_SIP, ARPT_MANGLE_TIP, ARPT_MANGLE_MASK
arpt_mangle_targets = NF_DROP, NF_ACCEPT, XT_CONTINUE
arpt_counters_info {
name string["filter", XT_TABLE_MAXNAMELEN]
num_counters len[counters, int32]
counters array[xt_counters, 4:4]
}
arpt_getinfo {
name string["filter", XT_TABLE_MAXNAMELEN]
valid_hooks const[0, int32]
hook_entry array[int32, NF_ARP_NUMHOOKS]
underflow array[const[0, int32], NF_ARP_NUMHOOKS]
num_entries const[0, int32]
size const[0, int32]
}
arpt_get_entries {
name string["filter", XT_TABLE_MAXNAMELEN]
size bytesize[entrytable, int32]
entrytable array[int8]
}
|
