1# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 2 3name: conntrack 4protocol: netlink-raw 5protonum: 12 6 7doc: 8 Netfilter connection tracking subsystem over nfnetlink 9 10definitions: 11 - 12 name: nfgenmsg 13 type: struct 14 members: 15 - 16 name: nfgen-family 17 type: u8 18 - 19 name: version 20 type: u8 21 - 22 name: res-id 23 byte-order: big-endian 24 type: u16 25 - 26 name: nf-ct-tcp-flags-mask 27 type: struct 28 members: 29 - 30 name: flags 31 type: u8 32 enum: nf-ct-tcp-flags 33 enum-as-flags: true 34 - 35 name: mask 36 type: u8 37 enum: nf-ct-tcp-flags 38 enum-as-flags: true 39 - 40 name: nf-ct-tcp-flags 41 type: flags 42 entries: 43 - window-scale 44 - sack-perm 45 - close-init 46 - be-liberal 47 - unacked 48 - maxack 49 - challenge-ack 50 - simultaneous-open 51 - 52 name: nf-ct-tcp-state 53 type: enum 54 entries: 55 - none 56 - syn-sent 57 - syn-recv 58 - established 59 - fin-wait 60 - close-wait 61 - last-ack 62 - time-wait 63 - close 64 - syn-sent2 65 - max 66 - ignore 67 - retrans 68 - unack 69 - timeout-max 70 - 71 name: nf-ct-sctp-state 72 type: enum 73 entries: 74 - none 75 - cloned 76 - cookie-wait 77 - cookie-echoed 78 - established 79 - shutdown-sent 80 - shutdown-received 81 - shutdown-ack-sent 82 - shutdown-heartbeat-sent 83 - 84 name: nf-ct-status 85 type: flags 86 entries: 87 - expected 88 - seen-reply 89 - assured 90 - confirmed 91 - src-nat 92 - dst-nat 93 - seq-adj 94 - src-nat-done 95 - dst-nat-done 96 - dying 97 - fixed-timeout 98 - template 99 - nat-clash 100 - helper 101 - offload 102 - hw-offload 103 104attribute-sets: 105 - 106 name: counter-attrs 107 attributes: 108 - 109 name: packets 110 type: u64 111 byte-order: big-endian 112 - 113 name: bytes 114 type: u64 115 byte-order: big-endian 116 - 117 name: packets-old 118 type: u32 119 - 120 name: bytes-old 121 type: u32 122 - 123 name: pad 124 type: pad 125 - 126 name: tuple-proto-attrs 127 attributes: 128 - 129 name: proto-num 130 type: u8 131 doc: l4 protocol number 132 - 133 name: proto-src-port 134 type: u16 135 byte-order: big-endian 136 doc: l4 source port 137 - 138 name: proto-dst-port 139 type: u16 140 byte-order: big-endian 141 doc: l4 source port 142 - 143 name: proto-icmp-id 144 type: u16 145 byte-order: big-endian 146 doc: l4 icmp id 147 - 148 name: proto-icmp-type 149 type: u8 150 - 151 name: proto-icmp-code 152 type: u8 153 - 154 name: proto-icmpv6-id 155 type: u16 156 byte-order: big-endian 157 doc: l4 icmp id 158 - 159 name: proto-icmpv6-type 160 type: u8 161 - 162 name: proto-icmpv6-code 163 type: u8 164 - 165 name: tuple-ip-attrs 166 attributes: 167 - 168 name: ip-v4-src 169 type: u32 170 byte-order: big-endian 171 display-hint: ipv4 172 doc: ipv4 source address 173 - 174 name: ip-v4-dst 175 type: u32 176 byte-order: big-endian 177 display-hint: ipv4 178 doc: ipv4 destination address 179 - 180 name: ip-v6-src 181 type: binary 182 checks: 183 min-len: 16 184 byte-order: big-endian 185 display-hint: ipv6 186 doc: ipv6 source address 187 - 188 name: ip-v6-dst 189 type: binary 190 checks: 191 min-len: 16 192 byte-order: big-endian 193 display-hint: ipv6 194 doc: ipv6 destination address 195 - 196 name: tuple-attrs 197 attributes: 198 - 199 name: tuple-ip 200 type: nest 201 nested-attributes: tuple-ip-attrs 202 doc: conntrack l3 information 203 - 204 name: tuple-proto 205 type: nest 206 nested-attributes: tuple-proto-attrs 207 doc: conntrack l4 information 208 - 209 name: tuple-zone 210 type: u16 211 byte-order: big-endian 212 doc: conntrack zone id 213 - 214 name: protoinfo-tcp-attrs 215 attributes: 216 - 217 name: tcp-state 218 type: u8 219 enum: nf-ct-tcp-state 220 doc: tcp connection state 221 - 222 name: tcp-wscale-original 223 type: u8 224 doc: window scaling factor in original direction 225 - 226 name: tcp-wscale-reply 227 type: u8 228 doc: window scaling factor in reply direction 229 - 230 name: tcp-flags-original 231 type: binary 232 struct: nf-ct-tcp-flags-mask 233 - 234 name: tcp-flags-reply 235 type: binary 236 struct: nf-ct-tcp-flags-mask 237 - 238 name: protoinfo-dccp-attrs 239 attributes: 240 - 241 name: dccp-state 242 type: u8 243 doc: dccp connection state 244 - 245 name: dccp-role 246 type: u8 247 - 248 name: dccp-handshake-seq 249 type: u64 250 byte-order: big-endian 251 - 252 name: dccp-pad 253 type: pad 254 - 255 name: protoinfo-sctp-attrs 256 attributes: 257 - 258 name: sctp-state 259 type: u8 260 doc: sctp connection state 261 enum: nf-ct-sctp-state 262 - 263 name: vtag-original 264 type: u32 265 byte-order: big-endian 266 - 267 name: vtag-reply 268 type: u32 269 byte-order: big-endian 270 - 271 name: protoinfo-attrs 272 attributes: 273 - 274 name: protoinfo-tcp 275 type: nest 276 nested-attributes: protoinfo-tcp-attrs 277 doc: conntrack tcp state information 278 - 279 name: protoinfo-dccp 280 type: nest 281 nested-attributes: protoinfo-dccp-attrs 282 doc: conntrack dccp state information 283 - 284 name: protoinfo-sctp 285 type: nest 286 nested-attributes: protoinfo-sctp-attrs 287 doc: conntrack sctp state information 288 - 289 name: help-attrs 290 attributes: 291 - 292 name: help-name 293 type: string 294 doc: helper name 295 - 296 name: nat-proto-attrs 297 attributes: 298 - 299 name: nat-port-min 300 type: u16 301 byte-order: big-endian 302 - 303 name: nat-port-max 304 type: u16 305 byte-order: big-endian 306 - 307 name: nat-attrs 308 attributes: 309 - 310 name: nat-v4-minip 311 type: u32 312 byte-order: big-endian 313 - 314 name: nat-v4-maxip 315 type: u32 316 byte-order: big-endian 317 - 318 name: nat-v6-minip 319 type: binary 320 - 321 name: nat-v6-maxip 322 type: binary 323 - 324 name: nat-proto 325 type: nest 326 nested-attributes: nat-proto-attrs 327 - 328 name: seqadj-attrs 329 attributes: 330 - 331 name: correction-pos 332 type: u32 333 byte-order: big-endian 334 - 335 name: offset-before 336 type: u32 337 byte-order: big-endian 338 - 339 name: offset-after 340 type: u32 341 byte-order: big-endian 342 - 343 name: secctx-attrs 344 attributes: 345 - 346 name: secctx-name 347 type: string 348 - 349 name: synproxy-attrs 350 attributes: 351 - 352 name: isn 353 type: u32 354 byte-order: big-endian 355 - 356 name: its 357 type: u32 358 byte-order: big-endian 359 - 360 name: tsoff 361 type: u32 362 byte-order: big-endian 363 - 364 name: conntrack-attrs 365 attributes: 366 - 367 name: tuple-orig 368 type: nest 369 nested-attributes: tuple-attrs 370 doc: conntrack l3+l4 protocol information, original direction 371 - 372 name: tuple-reply 373 type: nest 374 nested-attributes: tuple-attrs 375 doc: conntrack l3+l4 protocol information, reply direction 376 - 377 name: status 378 type: u32 379 byte-order: big-endian 380 enum: nf-ct-status 381 enum-as-flags: true 382 doc: conntrack flag bits 383 - 384 name: protoinfo 385 type: nest 386 nested-attributes: protoinfo-attrs 387 - 388 name: help 389 type: nest 390 nested-attributes: help-attrs 391 - 392 name: nat-src 393 type: nest 394 nested-attributes: nat-attrs 395 - 396 name: timeout 397 type: u32 398 byte-order: big-endian 399 - 400 name: mark 401 type: u32 402 byte-order: big-endian 403 - 404 name: counters-orig 405 type: nest 406 nested-attributes: counter-attrs 407 - 408 name: counters-reply 409 type: nest 410 nested-attributes: counter-attrs 411 - 412 name: use 413 type: u32 414 byte-order: big-endian 415 - 416 name: id 417 type: u32 418 byte-order: big-endian 419 - 420 name: nat-dst 421 type: nest 422 nested-attributes: nat-attrs 423 - 424 name: tuple-master 425 type: nest 426 nested-attributes: tuple-attrs 427 - 428 name: seq-adj-orig 429 type: nest 430 nested-attributes: seqadj-attrs 431 - 432 name: seq-adj-reply 433 type: nest 434 nested-attributes: seqadj-attrs 435 - 436 name: secmark 437 type: binary 438 doc: obsolete 439 - 440 name: zone 441 type: u16 442 byte-order: big-endian 443 doc: conntrack zone id 444 - 445 name: secctx 446 type: nest 447 nested-attributes: secctx-attrs 448 - 449 name: timestamp 450 type: u64 451 byte-order: big-endian 452 - 453 name: mark-mask 454 type: u32 455 byte-order: big-endian 456 - 457 name: labels 458 type: binary 459 - 460 name: labels mask 461 type: binary 462 - 463 name: synproxy 464 type: nest 465 nested-attributes: synproxy-attrs 466 - 467 name: filter 468 type: nest 469 nested-attributes: tuple-attrs 470 - 471 name: status-mask 472 type: u32 473 byte-order: big-endian 474 enum: nf-ct-status 475 enum-as-flags: true 476 doc: conntrack flag bits to change 477 - 478 name: timestamp-event 479 type: u64 480 byte-order: big-endian 481 - 482 name: conntrack-stats-attrs 483 attributes: 484 - 485 name: searched 486 type: u32 487 byte-order: big-endian 488 doc: obsolete 489 - 490 name: found 491 type: u32 492 byte-order: big-endian 493 - 494 name: new 495 type: u32 496 byte-order: big-endian 497 doc: obsolete 498 - 499 name: invalid 500 type: u32 501 byte-order: big-endian 502 doc: obsolete 503 - 504 name: ignore 505 type: u32 506 byte-order: big-endian 507 doc: obsolete 508 - 509 name: delete 510 type: u32 511 byte-order: big-endian 512 doc: obsolete 513 - 514 name: delete-list 515 type: u32 516 byte-order: big-endian 517 doc: obsolete 518 - 519 name: insert 520 type: u32 521 byte-order: big-endian 522 - 523 name: insert-failed 524 type: u32 525 byte-order: big-endian 526 - 527 name: drop 528 type: u32 529 byte-order: big-endian 530 - 531 name: early-drop 532 type: u32 533 byte-order: big-endian 534 - 535 name: error 536 type: u32 537 byte-order: big-endian 538 - 539 name: search-restart 540 type: u32 541 byte-order: big-endian 542 - 543 name: clash-resolve 544 type: u32 545 byte-order: big-endian 546 - 547 name: chain-toolong 548 type: u32 549 byte-order: big-endian 550 551operations: 552 enum-model: directional 553 list: 554 - 555 name: get 556 doc: get / dump entries 557 attribute-set: conntrack-attrs 558 fixed-header: nfgenmsg 559 do: 560 request: 561 value: 0x101 562 attributes: 563 - tuple-orig 564 - tuple-reply 565 - zone 566 reply: 567 value: 0x100 568 attributes: 569 - tuple-orig 570 - tuple-reply 571 - status 572 - protoinfo 573 - help 574 - nat-src 575 - nat-dst 576 - timeout 577 - mark 578 - counter-orig 579 - counter-reply 580 - use 581 - id 582 - nat-dst 583 - tuple-master 584 - seq-adj-orig 585 - seq-adj-reply 586 - zone 587 - secctx 588 - labels 589 - synproxy 590 dump: 591 request: 592 value: 0x101 593 attributes: 594 - nfgen-family 595 - mark 596 - filter 597 - status 598 - zone 599 reply: 600 value: 0x100 601 attributes: 602 - tuple-orig 603 - tuple-reply 604 - status 605 - protoinfo 606 - help 607 - nat-src 608 - nat-dst 609 - timeout 610 - mark 611 - counter-orig 612 - counter-reply 613 - use 614 - id 615 - nat-dst 616 - tuple-master 617 - seq-adj-orig 618 - seq-adj-reply 619 - zone 620 - secctx 621 - labels 622 - synproxy 623 - 624 name: get-stats 625 doc: dump pcpu conntrack stats 626 attribute-set: conntrack-stats-attrs 627 fixed-header: nfgenmsg 628 dump: 629 request: 630 value: 0x104 631 reply: 632 value: 0x104 633 attributes: 634 - searched 635 - found 636 - insert 637 - insert-failed 638 - drop 639 - early-drop 640 - error 641 - search-restart 642 - clash-resolve 643 - chain-toolong 644