1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
|
# Copyright 2018 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
# Netfilter targets shared between ipv6/ipv6.
include <linux/socket.h>
include <uapi/linux/netfilter/ipset/ip_set.h>
include <uapi/linux/netfilter/x_tables.h>
include <uapi/linux/netfilter/xt_connmark.h>
include <uapi/linux/netfilter/nf_nat.h>
include <uapi/linux/netfilter/xt_set.h>
include <uapi/linux/netfilter/xt_mark.h>
include <uapi/linux/netfilter/xt_TEE.h>
include <uapi/linux/netfilter/xt_LED.h>
include <uapi/linux/netfilter/xt_TCPMSS.h>
include <uapi/linux/netfilter/xt_RATEEST.h>
include <uapi/linux/netfilter/xt_DSCP.h>
include <uapi/linux/netfilter/xt_CLASSIFY.h>
include <uapi/linux/netfilter/xt_IDLETIMER.h>
include <uapi/linux/netfilter/xt_TCPOPTSTRIP.h>
include <uapi/linux/netfilter/xt_NFQUEUE.h>
include <uapi/linux/netfilter/xt_CT.h>
include <uapi/linux/netfilter/xt_AUDIT.h>
include <uapi/linux/netfilter/xt_HMARK.h>
include <uapi/linux/netfilter/xt_TPROXY.h>
include <uapi/linux/netfilter/xt_CHECKSUM.h>
include <uapi/linux/netfilter/xt_CONNSECMARK.h>
include <uapi/linux/netfilter/xt_SECMARK.h>
include <uapi/linux/netfilter/xt_NFLOG.h>
include <uapi/linux/netfilter/xt_LOG.h>
include <uapi/linux/netfilter/xt_SYNPROXY.h>
type xt_target_t[NAME, DATA, REV] {
target_size len[parent, int16]
name string[NAME, XT_EXTENSION_MAXNAMELEN]
revision const[REV, int8]
data DATA
} [align[PTR_SIZE]]
xt_unspec_targets [
STANDARD xt_target_t["", flags[nf_verdicts, int32], 0]
ERROR xt_target_t["ERROR", array[int8, XT_FUNCTION_MAXNAMELEN], 0]
LED xt_target_t["LED", xt_led_info, 0]
RATEEST xt_target_t["RATEEST", xt_rateest_target_info, 0]
NFQUEUE0 xt_target_t["NFQUEUE", xt_NFQ_info, 0]
NFQUEUE1 xt_target_t["NFQUEUE", xt_NFQ_info_v1, 1]
NFQUEUE2 xt_target_t["NFQUEUE", xt_NFQ_info_v3, 2]
NFQUEUE3 xt_target_t["NFQUEUE", xt_NFQ_info_v3, 3]
CLASSIFY xt_target_t["CLASSIFY", xt_classify_target_info, 0]
IDLETIMER xt_target_t["IDLETIMER", idletimer_tg_info, 0]
AUDIT xt_target_t["AUDIT", xt_audit_info, 0]
MARK xt_target_t["MARK", xt_mark_tginfo2, 2]
CONNSECMARK xt_target_t["CONNSECMARK", xt_connsecmark_target_info, 0]
SECMARK xt_target_t["SECMARK", xt_secmark_target_info, 0]
NFLOG xt_target_t["NFLOG", xt_nflog_info, 0]
CONNMARK xt_target_t["CONNMARK", xt_connmark_tginfo1, 1]
] [varlen]
nf_verdicts = 0, NF_DROP_VERDICT, NF_ACCEPT_VERDICT, NF_STOLEN_VERDICT, NF_QUEUE_VERDICT, NF_REPEAT_VERDICT
define NF_DROP_VERDICT -NF_DROP - 1
define NF_ACCEPT_VERDICT -NF_ACCEPT - 1
define NF_STOLEN_VERDICT -NF_STOLEN - 1
define NF_QUEUE_VERDICT -NF_QUEUE - 1
define NF_REPEAT_VERDICT -NF_REPEAT - 1
xt_unspec_mangle_targets [
CHECKSUM xt_target_t["CHECKSUM", xt_CHECKSUM_info, 0]
] [varlen]
xt_unspec_nat_targets [
SNAT1 xt_target_t["SNAT", nf_nat_range, 1]
DNAT1 xt_target_t["DNAT", nf_nat_range, 1]
] [varlen]
xt_unspec_raw_targets [
TRACE xt_target_t["TRACE", void, 0]
CT0 xt_target_t["CT", xt_ct_target_info, 0]
CT1 xt_target_t["CT", xt_ct_target_info_v1, 1]
CT2 xt_target_t["CT", xt_ct_target_info_v1, 2]
NOTRACK xt_target_t["NOTRACK", void, 0]
] [varlen]
xt_inet_targets [
TEE xt_target_t["TEE", xt_tee_tginfo, 1]
TCPMSS xt_target_t["TCPMSS", xt_tcpmss_info, 0]
TCPOPTSTRIP xt_target_t["TCPOPTSTRIP", xt_tcpoptstrip_target_info, 0]
HMARK xt_target_t["HMARK", xt_hmark_info, 0]
SET1 xt_target_t["SET", xt_set_info_target_v1, 1]
SET2 xt_target_t["SET", xt_set_info_target_v2, 2]
SET3 xt_target_t["SET", xt_set_info_target_v3, 3]
LOG xt_target_t["LOG", xt_log_info, 0]
SYNPROXY xt_target_t["SYNPROXY", xt_synproxy_info, 0]
] [varlen]
xt_inet_mangle_targets [
DSCP xt_target_t["DSCP", xt_DSCP_info, 0]
TOS xt_target_t["TOS", xt_tos_target_info, 0]
TPROXY1 xt_target_t["TPROXY", xt_tproxy_target_info_v1, 1]
] [varlen]
xt_tee_tginfo {
gw nf_inet_addr
oif devname
priv align64[intptr]
}
xt_led_info {
id string[xt_led_names, 27]
always_blink bool8
delay int32
internal_data align64[intptr]
}
xt_led_names = "syz0", "syz1"
xt_tcpmss_info {
mss int16
}
xt_rateest_target_info {
name string[xt_rateest_names, IFNAMSIZ]
interval int8
ewma_log int8
est align64[intptr]
}
xt_rateest_names = "syz0", "syz1"
nf_nat_range {
flags flags[nf_nat_flags, int32]
min_addr nf_inet_addr
max_addr nf_inet_addr
min_proto nf_conntrack_man_proto
max_proto nf_conntrack_man_proto
}
nf_nat_ipv4_multi_range_compat {
rangesize const[1, int32]
range nf_nat_ipv4_range
}
nf_nat_ipv4_range {
flags flags[nf_nat_flags, int32]
min_ip ipv4_addr
max_ip ipv4_addr
min nf_conntrack_man_proto
max nf_conntrack_man_proto
}
nf_nat_flags = NF_NAT_RANGE_MAP_IPS, NF_NAT_RANGE_PROTO_SPECIFIED, NF_NAT_RANGE_PROTO_RANDOM, NF_NAT_RANGE_PERSISTENT, NF_NAT_RANGE_PROTO_RANDOM_FULLY
xt_NFQ_info {
queuenum int16
}
xt_NFQ_info_v1 {
queuenum int16
queues_total int16
}
xt_NFQ_info_v3 {
queuenum int16
queues_total int16
flags flags[xt_NFQ_flags, int16]
}
xt_NFQ_flags = NFQ_FLAG_BYPASS, NFQ_FLAG_CPU_FANOUT
xt_DSCP_info {
dscp int8[0:XT_DSCP_MAX]
}
xt_tos_target_info {
tos_value int8
tos_mask int8
}
xt_classify_target_info {
priority int32
}
idletimer_tg_info {
timeout int32
label string[idletimer_tg_names, MAX_IDLETIMER_LABEL_SIZE]
timer align64[intptr]
}
idletimer_tg_names = "syz0", "syz1"
xt_tcpoptstrip_target_info {
strip_bmap array[int32, 8]
}
xt_ct_target_info {
flags bool16
zone int16
ct_events int32
exp_events int32
helper string[xt_ct_helpers, 16]
ct align64[intptr]
}
xt_ct_target_info_v1 {
flags flags[xt_ct_flags, int16]
zone int16
ct_events int32
exp_events int32
helper string[xt_ct_helpers, 16]
# TODO: these names must be registered somewhere from netlink.
timeout string[xt_ct_timeouts, 32]
ct align64[intptr]
}
xt_ct_flags = XT_CT_NOTRACK, XT_CT_NOTRACK_ALIAS, XT_CT_ZONE_DIR_ORIG, XT_CT_ZONE_DIR_REPL, XT_CT_ZONE_MARK
xt_ct_helpers = "", "snmp_trap", "netbios-ns", "pptp", "snmp", "syz0", "syz1"
xt_ct_timeouts = "syz0", "syz1"
xt_audit_info {
type flags[xt_audit_flags, int8]
}
xt_audit_flags = XT_AUDIT_TYPE_ACCEPT, XT_AUDIT_TYPE_DROP, XT_AUDIT_TYPE_REJECT
xt_hmark_info {
src_mask nf_inet_addr
dst_mask ipv6_addr_mask
src_port_mask sock_port
dst_port_mask sock_port
src_port_set sock_port
dst_port_set sock_port
flags int32
proto_mask int16
hashrnd int32
hmodulus int32
hoffset int32
}
xt_tproxy_target_info {
mark_mask int32
mark_value int32
laddr ipv4_addr
lport sock_port
}
xt_tproxy_target_info_v1 {
mark_mask int32
mark_value int32
laddr nf_inet_addr
lport sock_port
}
xt_set_info_target_v0 {
add_set xt_set_info_v0
del_set xt_set_info_v0
}
xt_set_info_target_v1 {
add_set xt_set_info
del_set xt_set_info
}
xt_set_info_target_v2 {
add_set xt_set_info
del_set xt_set_info
flags int32
timeout int32
}
xt_set_info_target_v3 {
add_set xt_set_info
del_set xt_set_info
map_set xt_set_info
flags int32
timeout int32
}
xt_set_info_v0 {
index ip_set_id_t
flags array[flags[xt_set_info_flags, int32], IPSET_DIM_MAX]
dim int8[0:IPSET_DIM_MAX]
flags2 flags[xt_set_info_flags, int8]
}
xt_set_info {
index ip_set_id_t
dim int8[0:IPSET_DIM_MAX]
flags flags[xt_set_info_flags, int8]
}
xt_set_info_flags = IPSET_SRC, IPSET_DST, IPSET_MATCH_INV
ip_set_counter_match0 {
op int8
value int64
}
ip_set_counter_match {
value align64[int64]
op int8
}
xt_mark_tginfo2 {
mark int32
mask int32
}
xt_CHECKSUM_info {
operation const[XT_CHECKSUM_OP_FILL, int8]
}
xt_log_info {
level int8
logflags flags[xt_log_flags, int8]
prefix array[int8, 30]
}
xt_log_flags = XT_LOG_TCPSEQ, XT_LOG_TCPOPT, XT_LOG_IPOPT, XT_LOG_UID, XT_LOG_NFLOG, XT_LOG_MACDECODE
xt_connsecmark_target_info {
mode int8[1:2]
}
xt_secmark_target_info {
mode int8[1:1]
secid int32
secctx string[selinux_security_context, SECMARK_SECCTX_MAX]
}
xt_nflog_info {
len int32
group int16
threshold int16
flags bool16
pad const[0, int16]
prefix array[int8, 64]
}
xt_connmark_tginfo1 {
ctmark int32
ctmask int32
nfmask int32
mode flags[xt_connmark_mode, int8]
}
xt_connmark_mode = XT_CONNMARK_SET, XT_CONNMARK_SAVE, XT_CONNMARK_RESTORE
xt_synproxy_info {
options flags[xt_synproxy_options, int8]
wscale int8
mss int16
}
xt_synproxy_options = XT_SYNPROXY_OPT_MSS, XT_SYNPROXY_OPT_WSCALE, XT_SYNPROXY_OPT_SACK_PERM, XT_SYNPROXY_OPT_TIMESTAMP, XT_SYNPROXY_OPT_ECN
|
