[uapi] Restore all netfilter headers These headers were purged from this repo because they break git clients with case-insensitive file systems. These clients are no longer supported. The headers are needed to implement missing iptables features in starnix. Bug: 455585276, 450985132, 456796949, 450983723 Change-Id: I106a796a67d465e9e7a1b340f98d60d3a22f6820 Reviewed-on: https://fuchsia-review.googlesource.com/c/third_party/android.googlesource.com/platform/bionic/+/1409835 Reviewed-by: David Song <wintermelons@google.com>
diff --git a/libc/kernel/uapi/linux/netfilter/ipset/ip_set.h b/libc/kernel/uapi/linux/netfilter/ipset/ip_set.h new file mode 100644 index 0000000..0b0fac8 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/ipset/ip_set.h
@@ -0,0 +1,246 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _UAPI_IP_SET_H +#define _UAPI_IP_SET_H +#include <linux/types.h> +#define IPSET_PROTOCOL 7 +#define IPSET_PROTOCOL_MIN 6 +#define IPSET_MAXNAMELEN 32 +#define IPSET_MAX_COMMENT_SIZE 255 +enum ipset_cmd { + IPSET_CMD_NONE, + IPSET_CMD_PROTOCOL, + IPSET_CMD_CREATE, + IPSET_CMD_DESTROY, + IPSET_CMD_FLUSH, + IPSET_CMD_RENAME, + IPSET_CMD_SWAP, + IPSET_CMD_LIST, + IPSET_CMD_SAVE, + IPSET_CMD_ADD, + IPSET_CMD_DEL, + IPSET_CMD_TEST, + IPSET_CMD_HEADER, + IPSET_CMD_TYPE, + IPSET_CMD_GET_BYNAME, + IPSET_CMD_GET_BYINDEX, + IPSET_MSG_MAX, + IPSET_CMD_RESTORE = IPSET_MSG_MAX, + IPSET_CMD_HELP, + IPSET_CMD_VERSION, + IPSET_CMD_QUIT, + IPSET_CMD_MAX, + IPSET_CMD_COMMIT = IPSET_CMD_MAX, +}; +enum { + IPSET_ATTR_UNSPEC, + IPSET_ATTR_PROTOCOL, + IPSET_ATTR_SETNAME, + IPSET_ATTR_TYPENAME, + IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME, + IPSET_ATTR_REVISION, + IPSET_ATTR_FAMILY, + IPSET_ATTR_FLAGS, + IPSET_ATTR_DATA, + IPSET_ATTR_ADT, + IPSET_ATTR_LINENO, + IPSET_ATTR_PROTOCOL_MIN, + IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN, + IPSET_ATTR_INDEX, + __IPSET_ATTR_CMD_MAX, +}; +#define IPSET_ATTR_CMD_MAX (__IPSET_ATTR_CMD_MAX - 1) +enum { + IPSET_ATTR_IP = IPSET_ATTR_UNSPEC + 1, + IPSET_ATTR_IP_FROM = IPSET_ATTR_IP, + IPSET_ATTR_IP_TO, + IPSET_ATTR_CIDR, + IPSET_ATTR_PORT, + IPSET_ATTR_PORT_FROM = IPSET_ATTR_PORT, + IPSET_ATTR_PORT_TO, + IPSET_ATTR_TIMEOUT, + IPSET_ATTR_PROTO, + IPSET_ATTR_CADT_FLAGS, + IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO, + IPSET_ATTR_MARK, + IPSET_ATTR_MARKMASK, + IPSET_ATTR_BITMASK, + IPSET_ATTR_CADT_MAX = 16, + IPSET_ATTR_INITVAL, + IPSET_ATTR_HASHSIZE, + IPSET_ATTR_MAXELEM, + IPSET_ATTR_NETMASK, + IPSET_ATTR_BUCKETSIZE, + IPSET_ATTR_RESIZE, + IPSET_ATTR_SIZE, + IPSET_ATTR_ELEMENTS, + IPSET_ATTR_REFERENCES, + IPSET_ATTR_MEMSIZE, + __IPSET_ATTR_CREATE_MAX, +}; +#define IPSET_ATTR_CREATE_MAX (__IPSET_ATTR_CREATE_MAX - 1) +enum { + IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + 1, + IPSET_ATTR_NAME, + IPSET_ATTR_NAMEREF, + IPSET_ATTR_IP2, + IPSET_ATTR_CIDR2, + IPSET_ATTR_IP2_TO, + IPSET_ATTR_IFACE, + IPSET_ATTR_BYTES, + IPSET_ATTR_PACKETS, + IPSET_ATTR_COMMENT, + IPSET_ATTR_SKBMARK, + IPSET_ATTR_SKBPRIO, + IPSET_ATTR_SKBQUEUE, + IPSET_ATTR_PAD, + __IPSET_ATTR_ADT_MAX, +}; +#define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1) +enum { + IPSET_ATTR_IPADDR_IPV4 = IPSET_ATTR_UNSPEC + 1, + IPSET_ATTR_IPADDR_IPV6, + __IPSET_ATTR_IPADDR_MAX, +}; +#define IPSET_ATTR_IPADDR_MAX (__IPSET_ATTR_IPADDR_MAX - 1) +enum ipset_errno { + IPSET_ERR_PRIVATE = 4096, + IPSET_ERR_PROTOCOL, + IPSET_ERR_FIND_TYPE, + IPSET_ERR_MAX_SETS, + IPSET_ERR_BUSY, + IPSET_ERR_EXIST_SETNAME2, + IPSET_ERR_TYPE_MISMATCH, + IPSET_ERR_EXIST, + IPSET_ERR_INVALID_CIDR, + IPSET_ERR_INVALID_NETMASK, + IPSET_ERR_INVALID_FAMILY, + IPSET_ERR_TIMEOUT, + IPSET_ERR_REFERENCED, + IPSET_ERR_IPADDR_IPV4, + IPSET_ERR_IPADDR_IPV6, + IPSET_ERR_COUNTER, + IPSET_ERR_COMMENT, + IPSET_ERR_INVALID_MARKMASK, + IPSET_ERR_SKBINFO, + IPSET_ERR_BITMASK_NETMASK_EXCL, + IPSET_ERR_TYPE_SPECIFIC = 4352, +}; +enum ipset_cmd_flags { + IPSET_FLAG_BIT_EXIST = 0, + IPSET_FLAG_EXIST = (1 << IPSET_FLAG_BIT_EXIST), + IPSET_FLAG_BIT_LIST_SETNAME = 1, + IPSET_FLAG_LIST_SETNAME = (1 << IPSET_FLAG_BIT_LIST_SETNAME), + IPSET_FLAG_BIT_LIST_HEADER = 2, + IPSET_FLAG_LIST_HEADER = (1 << IPSET_FLAG_BIT_LIST_HEADER), + IPSET_FLAG_BIT_SKIP_COUNTER_UPDATE = 3, + IPSET_FLAG_SKIP_COUNTER_UPDATE = (1 << IPSET_FLAG_BIT_SKIP_COUNTER_UPDATE), + IPSET_FLAG_BIT_SKIP_SUBCOUNTER_UPDATE = 4, + IPSET_FLAG_SKIP_SUBCOUNTER_UPDATE = (1 << IPSET_FLAG_BIT_SKIP_SUBCOUNTER_UPDATE), + IPSET_FLAG_BIT_MATCH_COUNTERS = 5, + IPSET_FLAG_MATCH_COUNTERS = (1 << IPSET_FLAG_BIT_MATCH_COUNTERS), + IPSET_FLAG_BIT_RETURN_NOMATCH = 7, + IPSET_FLAG_RETURN_NOMATCH = (1 << IPSET_FLAG_BIT_RETURN_NOMATCH), + IPSET_FLAG_BIT_MAP_SKBMARK = 8, + IPSET_FLAG_MAP_SKBMARK = (1 << IPSET_FLAG_BIT_MAP_SKBMARK), + IPSET_FLAG_BIT_MAP_SKBPRIO = 9, + IPSET_FLAG_MAP_SKBPRIO = (1 << IPSET_FLAG_BIT_MAP_SKBPRIO), + IPSET_FLAG_BIT_MAP_SKBQUEUE = 10, + IPSET_FLAG_MAP_SKBQUEUE = (1 << IPSET_FLAG_BIT_MAP_SKBQUEUE), + IPSET_FLAG_CMD_MAX = 15, +}; +enum ipset_cadt_flags { + IPSET_FLAG_BIT_BEFORE = 0, + IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE), + IPSET_FLAG_BIT_PHYSDEV = 1, + IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV), + IPSET_FLAG_BIT_NOMATCH = 2, + IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH), + IPSET_FLAG_BIT_WITH_COUNTERS = 3, + IPSET_FLAG_WITH_COUNTERS = (1 << IPSET_FLAG_BIT_WITH_COUNTERS), + IPSET_FLAG_BIT_WITH_COMMENT = 4, + IPSET_FLAG_WITH_COMMENT = (1 << IPSET_FLAG_BIT_WITH_COMMENT), + IPSET_FLAG_BIT_WITH_FORCEADD = 5, + IPSET_FLAG_WITH_FORCEADD = (1 << IPSET_FLAG_BIT_WITH_FORCEADD), + IPSET_FLAG_BIT_WITH_SKBINFO = 6, + IPSET_FLAG_WITH_SKBINFO = (1 << IPSET_FLAG_BIT_WITH_SKBINFO), + IPSET_FLAG_BIT_IFACE_WILDCARD = 7, + IPSET_FLAG_IFACE_WILDCARD = (1 << IPSET_FLAG_BIT_IFACE_WILDCARD), + IPSET_FLAG_CADT_MAX = 15, +}; +enum ipset_create_flags { + IPSET_CREATE_FLAG_BIT_FORCEADD = 0, + IPSET_CREATE_FLAG_FORCEADD = (1 << IPSET_CREATE_FLAG_BIT_FORCEADD), + IPSET_CREATE_FLAG_BIT_BUCKETSIZE = 1, + IPSET_CREATE_FLAG_BUCKETSIZE = (1 << IPSET_CREATE_FLAG_BIT_BUCKETSIZE), + IPSET_CREATE_FLAG_BIT_MAX = 7, +}; +enum ipset_adt { + IPSET_ADD, + IPSET_DEL, + IPSET_TEST, + IPSET_ADT_MAX, + IPSET_CREATE = IPSET_ADT_MAX, + IPSET_CADT_MAX, +}; +typedef __u16 ip_set_id_t; +#define IPSET_INVALID_ID 65535 +enum ip_set_dim { + IPSET_DIM_ZERO = 0, + IPSET_DIM_ONE, + IPSET_DIM_TWO, + IPSET_DIM_THREE, + IPSET_DIM_MAX = 6, + IPSET_BIT_RETURN_NOMATCH = 7, +}; +enum ip_set_kopt { + IPSET_INV_MATCH = (1 << IPSET_DIM_ZERO), + IPSET_DIM_ONE_SRC = (1 << IPSET_DIM_ONE), + IPSET_DIM_TWO_SRC = (1 << IPSET_DIM_TWO), + IPSET_DIM_THREE_SRC = (1 << IPSET_DIM_THREE), + IPSET_RETURN_NOMATCH = (1 << IPSET_BIT_RETURN_NOMATCH), +}; +enum { + IPSET_COUNTER_NONE = 0, + IPSET_COUNTER_EQ, + IPSET_COUNTER_NE, + IPSET_COUNTER_LT, + IPSET_COUNTER_GT, +}; +struct ip_set_counter_match0 { + __u8 op; + __u64 value; +}; +struct ip_set_counter_match { + __aligned_u64 value; + __u8 op; +}; +#define SO_IP_SET 83 +union ip_set_name_index { + char name[IPSET_MAXNAMELEN]; + ip_set_id_t index; +}; +#define IP_SET_OP_GET_BYNAME 0x00000006 +struct ip_set_req_get_set { + unsigned int op; + unsigned int version; + union ip_set_name_index set; +}; +#define IP_SET_OP_GET_BYINDEX 0x00000007 +#define IP_SET_OP_GET_FNAME 0x00000008 +struct ip_set_req_get_set_family { + unsigned int op; + unsigned int version; + unsigned int family; + union ip_set_name_index set; +}; +#define IP_SET_OP_VERSION 0x00000100 +struct ip_set_req_version { + unsigned int op; + unsigned int version; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/ipset/ip_set_bitmap.h b/libc/kernel/uapi/linux/netfilter/ipset/ip_set_bitmap.h new file mode 100644 index 0000000..3188b93 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/ipset/ip_set_bitmap.h
@@ -0,0 +1,14 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _UAPI__IP_SET_BITMAP_H +#define _UAPI__IP_SET_BITMAP_H +#include <linux/netfilter/ipset/ip_set.h> +enum { + IPSET_ERR_BITMAP_RANGE = IPSET_ERR_TYPE_SPECIFIC, + IPSET_ERR_BITMAP_RANGE_SIZE, +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/ipset/ip_set_hash.h b/libc/kernel/uapi/linux/netfilter/ipset/ip_set_hash.h new file mode 100644 index 0000000..2e084cd --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/ipset/ip_set_hash.h
@@ -0,0 +1,18 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _UAPI__IP_SET_HASH_H +#define _UAPI__IP_SET_HASH_H +#include <linux/netfilter/ipset/ip_set.h> +enum { + IPSET_ERR_HASH_FULL = IPSET_ERR_TYPE_SPECIFIC, + IPSET_ERR_HASH_ELEM, + IPSET_ERR_INVALID_PROTO, + IPSET_ERR_MISSING_PROTO, + IPSET_ERR_HASH_RANGE_UNSUPPORTED, + IPSET_ERR_HASH_RANGE, +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/ipset/ip_set_list.h b/libc/kernel/uapi/linux/netfilter/ipset/ip_set_list.h new file mode 100644 index 0000000..d70a277 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/ipset/ip_set_list.h
@@ -0,0 +1,18 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _UAPI__IP_SET_LIST_H +#define _UAPI__IP_SET_LIST_H +#include <linux/netfilter/ipset/ip_set.h> +enum { + IPSET_ERR_NAME = IPSET_ERR_TYPE_SPECIFIC, + IPSET_ERR_LOOP, + IPSET_ERR_BEFORE, + IPSET_ERR_NAMEREF, + IPSET_ERR_LIST_FULL, + IPSET_ERR_REF_EXIST, +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nf_conntrack_ftp.h b/libc/kernel/uapi/linux/netfilter/nf_conntrack_ftp.h new file mode 100644 index 0000000..8961b9e --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nf_conntrack_ftp.h
@@ -0,0 +1,15 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _UAPI_NF_CONNTRACK_FTP_H +#define _UAPI_NF_CONNTRACK_FTP_H +enum nf_ct_ftp_type { + NF_CT_FTP_PORT, + NF_CT_FTP_PASV, + NF_CT_FTP_EPRT, + NF_CT_FTP_EPSV, +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nf_conntrack_sctp.h b/libc/kernel/uapi/linux/netfilter/nf_conntrack_sctp.h new file mode 100644 index 0000000..5f248ac --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nf_conntrack_sctp.h
@@ -0,0 +1,23 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _UAPI_NF_CONNTRACK_SCTP_H +#define _UAPI_NF_CONNTRACK_SCTP_H +#include <linux/netfilter/nf_conntrack_tuple_common.h> +enum sctp_conntrack { + SCTP_CONNTRACK_NONE, + SCTP_CONNTRACK_CLOSED, + SCTP_CONNTRACK_COOKIE_WAIT, + SCTP_CONNTRACK_COOKIE_ECHOED, + SCTP_CONNTRACK_ESTABLISHED, + SCTP_CONNTRACK_SHUTDOWN_SENT, + SCTP_CONNTRACK_SHUTDOWN_RECD, + SCTP_CONNTRACK_SHUTDOWN_ACK_SENT, + SCTP_CONNTRACK_HEARTBEAT_SENT, + SCTP_CONNTRACK_HEARTBEAT_ACKED, + SCTP_CONNTRACK_MAX +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nf_conntrack_tcp.h b/libc/kernel/uapi/linux/netfilter/nf_conntrack_tcp.h new file mode 100644 index 0000000..0995d5f --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nf_conntrack_tcp.h
@@ -0,0 +1,40 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _UAPI_NF_CONNTRACK_TCP_H +#define _UAPI_NF_CONNTRACK_TCP_H +#include <linux/types.h> +enum tcp_conntrack { + TCP_CONNTRACK_NONE, + TCP_CONNTRACK_SYN_SENT, + TCP_CONNTRACK_SYN_RECV, + TCP_CONNTRACK_ESTABLISHED, + TCP_CONNTRACK_FIN_WAIT, + TCP_CONNTRACK_CLOSE_WAIT, + TCP_CONNTRACK_LAST_ACK, + TCP_CONNTRACK_TIME_WAIT, + TCP_CONNTRACK_CLOSE, + TCP_CONNTRACK_LISTEN, +#define TCP_CONNTRACK_SYN_SENT2 TCP_CONNTRACK_LISTEN + TCP_CONNTRACK_MAX, + TCP_CONNTRACK_IGNORE, + TCP_CONNTRACK_RETRANS, + TCP_CONNTRACK_UNACK, + TCP_CONNTRACK_TIMEOUT_MAX +}; +#define IP_CT_TCP_FLAG_WINDOW_SCALE 0x01 +#define IP_CT_TCP_FLAG_SACK_PERM 0x02 +#define IP_CT_TCP_FLAG_CLOSE_INIT 0x04 +#define IP_CT_TCP_FLAG_BE_LIBERAL 0x08 +#define IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED 0x10 +#define IP_CT_TCP_FLAG_MAXACK_SET 0x20 +#define IP_CT_EXP_CHALLENGE_ACK 0x40 +#define IP_CT_TCP_SIMULTANEOUS_OPEN 0x80 +struct nf_ct_tcp_flags { + __u8 flags; + __u8 mask; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nf_log.h b/libc/kernel/uapi/linux/netfilter/nf_log.h new file mode 100644 index 0000000..2e5d90e --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nf_log.h
@@ -0,0 +1,17 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _NETFILTER_NF_LOG_H +#define _NETFILTER_NF_LOG_H +#define NF_LOG_TCPSEQ 0x01 +#define NF_LOG_TCPOPT 0x02 +#define NF_LOG_IPOPT 0x04 +#define NF_LOG_UID 0x08 +#define NF_LOG_NFLOG 0x10 +#define NF_LOG_MACDECODE 0x20 +#define NF_LOG_MASK 0x2f +#define NF_LOG_PREFIXLEN 128 +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nf_synproxy.h b/libc/kernel/uapi/linux/netfilter/nf_synproxy.h new file mode 100644 index 0000000..9311c56 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nf_synproxy.h
@@ -0,0 +1,21 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _NF_SYNPROXY_H +#define _NF_SYNPROXY_H +#include <linux/types.h> +#define NF_SYNPROXY_OPT_MSS 0x01 +#define NF_SYNPROXY_OPT_WSCALE 0x02 +#define NF_SYNPROXY_OPT_SACK_PERM 0x04 +#define NF_SYNPROXY_OPT_TIMESTAMP 0x08 +#define NF_SYNPROXY_OPT_ECN 0x10 +#define NF_SYNPROXY_OPT_MASK (NF_SYNPROXY_OPT_MSS | NF_SYNPROXY_OPT_WSCALE | NF_SYNPROXY_OPT_SACK_PERM | NF_SYNPROXY_OPT_TIMESTAMP) +struct nf_synproxy_info { + __u8 options; + __u8 wscale; + __u16 mss; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nf_tables.h b/libc/kernel/uapi/linux/netfilter/nf_tables.h new file mode 100644 index 0000000..2e93022 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nf_tables.h
@@ -0,0 +1,1084 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _LINUX_NF_TABLES_H +#define _LINUX_NF_TABLES_H +#define NFT_NAME_MAXLEN 256 +#define NFT_TABLE_MAXNAMELEN NFT_NAME_MAXLEN +#define NFT_CHAIN_MAXNAMELEN NFT_NAME_MAXLEN +#define NFT_SET_MAXNAMELEN NFT_NAME_MAXLEN +#define NFT_OBJ_MAXNAMELEN NFT_NAME_MAXLEN +#define NFT_USERDATA_MAXLEN 256 +#define NFT_OSF_MAXGENRELEN 16 +enum nft_registers { + NFT_REG_VERDICT, + NFT_REG_1, + NFT_REG_2, + NFT_REG_3, + NFT_REG_4, + __NFT_REG_MAX, + NFT_REG32_00 = 8, + NFT_REG32_01, + NFT_REG32_02, + NFT_REG32_03, + NFT_REG32_04, + NFT_REG32_05, + NFT_REG32_06, + NFT_REG32_07, + NFT_REG32_08, + NFT_REG32_09, + NFT_REG32_10, + NFT_REG32_11, + NFT_REG32_12, + NFT_REG32_13, + NFT_REG32_14, + NFT_REG32_15, +}; +#define NFT_REG_MAX (__NFT_REG_MAX - 1) +#define NFT_REG_SIZE 16 +#define NFT_REG32_SIZE 4 +#define NFT_REG32_COUNT (NFT_REG32_15 - NFT_REG32_00 + 1) +enum nft_verdicts { + NFT_CONTINUE = - 1, + NFT_BREAK = - 2, + NFT_JUMP = - 3, + NFT_GOTO = - 4, + NFT_RETURN = - 5, +}; +enum nf_tables_msg_types { + NFT_MSG_NEWTABLE, + NFT_MSG_GETTABLE, + NFT_MSG_DELTABLE, + NFT_MSG_NEWCHAIN, + NFT_MSG_GETCHAIN, + NFT_MSG_DELCHAIN, + NFT_MSG_NEWRULE, + NFT_MSG_GETRULE, + NFT_MSG_DELRULE, + NFT_MSG_NEWSET, + NFT_MSG_GETSET, + NFT_MSG_DELSET, + NFT_MSG_NEWSETELEM, + NFT_MSG_GETSETELEM, + NFT_MSG_DELSETELEM, + NFT_MSG_NEWGEN, + NFT_MSG_GETGEN, + NFT_MSG_TRACE, + NFT_MSG_NEWOBJ, + NFT_MSG_GETOBJ, + NFT_MSG_DELOBJ, + NFT_MSG_GETOBJ_RESET, + NFT_MSG_NEWFLOWTABLE, + NFT_MSG_GETFLOWTABLE, + NFT_MSG_DELFLOWTABLE, + NFT_MSG_GETRULE_RESET, + NFT_MSG_DESTROYTABLE, + NFT_MSG_DESTROYCHAIN, + NFT_MSG_DESTROYRULE, + NFT_MSG_DESTROYSET, + NFT_MSG_DESTROYSETELEM, + NFT_MSG_DESTROYOBJ, + NFT_MSG_DESTROYFLOWTABLE, + NFT_MSG_GETSETELEM_RESET, + NFT_MSG_MAX, +}; +enum nft_list_attributes { + NFTA_LIST_UNSPEC, + NFTA_LIST_ELEM, + __NFTA_LIST_MAX +}; +#define NFTA_LIST_MAX (__NFTA_LIST_MAX - 1) +enum nft_hook_attributes { + NFTA_HOOK_UNSPEC, + NFTA_HOOK_HOOKNUM, + NFTA_HOOK_PRIORITY, + NFTA_HOOK_DEV, + NFTA_HOOK_DEVS, + __NFTA_HOOK_MAX +}; +#define NFTA_HOOK_MAX (__NFTA_HOOK_MAX - 1) +enum nft_table_flags { + NFT_TABLE_F_DORMANT = 0x1, + NFT_TABLE_F_OWNER = 0x2, + NFT_TABLE_F_PERSIST = 0x4, +}; +#define NFT_TABLE_F_MASK (NFT_TABLE_F_DORMANT | NFT_TABLE_F_OWNER | NFT_TABLE_F_PERSIST) +enum nft_table_attributes { + NFTA_TABLE_UNSPEC, + NFTA_TABLE_NAME, + NFTA_TABLE_FLAGS, + NFTA_TABLE_USE, + NFTA_TABLE_HANDLE, + NFTA_TABLE_PAD, + NFTA_TABLE_USERDATA, + NFTA_TABLE_OWNER, + __NFTA_TABLE_MAX +}; +#define NFTA_TABLE_MAX (__NFTA_TABLE_MAX - 1) +enum nft_chain_flags { + NFT_CHAIN_BASE = (1 << 0), + NFT_CHAIN_HW_OFFLOAD = (1 << 1), + NFT_CHAIN_BINDING = (1 << 2), +}; +#define NFT_CHAIN_FLAGS (NFT_CHAIN_BASE | NFT_CHAIN_HW_OFFLOAD | NFT_CHAIN_BINDING) +enum nft_chain_attributes { + NFTA_CHAIN_UNSPEC, + NFTA_CHAIN_TABLE, + NFTA_CHAIN_HANDLE, + NFTA_CHAIN_NAME, + NFTA_CHAIN_HOOK, + NFTA_CHAIN_POLICY, + NFTA_CHAIN_USE, + NFTA_CHAIN_TYPE, + NFTA_CHAIN_COUNTERS, + NFTA_CHAIN_PAD, + NFTA_CHAIN_FLAGS, + NFTA_CHAIN_ID, + NFTA_CHAIN_USERDATA, + __NFTA_CHAIN_MAX +}; +#define NFTA_CHAIN_MAX (__NFTA_CHAIN_MAX - 1) +enum nft_rule_attributes { + NFTA_RULE_UNSPEC, + NFTA_RULE_TABLE, + NFTA_RULE_CHAIN, + NFTA_RULE_HANDLE, + NFTA_RULE_EXPRESSIONS, + NFTA_RULE_COMPAT, + NFTA_RULE_POSITION, + NFTA_RULE_USERDATA, + NFTA_RULE_PAD, + NFTA_RULE_ID, + NFTA_RULE_POSITION_ID, + NFTA_RULE_CHAIN_ID, + __NFTA_RULE_MAX +}; +#define NFTA_RULE_MAX (__NFTA_RULE_MAX - 1) +enum nft_rule_compat_flags { + NFT_RULE_COMPAT_F_UNUSED = (1 << 0), + NFT_RULE_COMPAT_F_INV = (1 << 1), + NFT_RULE_COMPAT_F_MASK = NFT_RULE_COMPAT_F_INV, +}; +enum nft_rule_compat_attributes { + NFTA_RULE_COMPAT_UNSPEC, + NFTA_RULE_COMPAT_PROTO, + NFTA_RULE_COMPAT_FLAGS, + __NFTA_RULE_COMPAT_MAX +}; +#define NFTA_RULE_COMPAT_MAX (__NFTA_RULE_COMPAT_MAX - 1) +enum nft_set_flags { + NFT_SET_ANONYMOUS = 0x1, + NFT_SET_CONSTANT = 0x2, + NFT_SET_INTERVAL = 0x4, + NFT_SET_MAP = 0x8, + NFT_SET_TIMEOUT = 0x10, + NFT_SET_EVAL = 0x20, + NFT_SET_OBJECT = 0x40, + NFT_SET_CONCAT = 0x80, + NFT_SET_EXPR = 0x100, +}; +enum nft_set_policies { + NFT_SET_POL_PERFORMANCE, + NFT_SET_POL_MEMORY, +}; +enum nft_set_desc_attributes { + NFTA_SET_DESC_UNSPEC, + NFTA_SET_DESC_SIZE, + NFTA_SET_DESC_CONCAT, + __NFTA_SET_DESC_MAX +}; +#define NFTA_SET_DESC_MAX (__NFTA_SET_DESC_MAX - 1) +enum nft_set_field_attributes { + NFTA_SET_FIELD_UNSPEC, + NFTA_SET_FIELD_LEN, + __NFTA_SET_FIELD_MAX +}; +#define NFTA_SET_FIELD_MAX (__NFTA_SET_FIELD_MAX - 1) +enum nft_set_attributes { + NFTA_SET_UNSPEC, + NFTA_SET_TABLE, + NFTA_SET_NAME, + NFTA_SET_FLAGS, + NFTA_SET_KEY_TYPE, + NFTA_SET_KEY_LEN, + NFTA_SET_DATA_TYPE, + NFTA_SET_DATA_LEN, + NFTA_SET_POLICY, + NFTA_SET_DESC, + NFTA_SET_ID, + NFTA_SET_TIMEOUT, + NFTA_SET_GC_INTERVAL, + NFTA_SET_USERDATA, + NFTA_SET_PAD, + NFTA_SET_OBJ_TYPE, + NFTA_SET_HANDLE, + NFTA_SET_EXPR, + NFTA_SET_EXPRESSIONS, + NFTA_SET_TYPE, + NFTA_SET_COUNT, + __NFTA_SET_MAX +}; +#define NFTA_SET_MAX (__NFTA_SET_MAX - 1) +enum nft_set_elem_flags { + NFT_SET_ELEM_INTERVAL_END = 0x1, + NFT_SET_ELEM_CATCHALL = 0x2, +}; +enum nft_set_elem_attributes { + NFTA_SET_ELEM_UNSPEC, + NFTA_SET_ELEM_KEY, + NFTA_SET_ELEM_DATA, + NFTA_SET_ELEM_FLAGS, + NFTA_SET_ELEM_TIMEOUT, + NFTA_SET_ELEM_EXPIRATION, + NFTA_SET_ELEM_USERDATA, + NFTA_SET_ELEM_EXPR, + NFTA_SET_ELEM_PAD, + NFTA_SET_ELEM_OBJREF, + NFTA_SET_ELEM_KEY_END, + NFTA_SET_ELEM_EXPRESSIONS, + __NFTA_SET_ELEM_MAX +}; +#define NFTA_SET_ELEM_MAX (__NFTA_SET_ELEM_MAX - 1) +enum nft_set_elem_list_attributes { + NFTA_SET_ELEM_LIST_UNSPEC, + NFTA_SET_ELEM_LIST_TABLE, + NFTA_SET_ELEM_LIST_SET, + NFTA_SET_ELEM_LIST_ELEMENTS, + NFTA_SET_ELEM_LIST_SET_ID, + __NFTA_SET_ELEM_LIST_MAX +}; +#define NFTA_SET_ELEM_LIST_MAX (__NFTA_SET_ELEM_LIST_MAX - 1) +enum nft_data_types { + NFT_DATA_VALUE, + NFT_DATA_VERDICT = 0xffffff00U, +}; +#define NFT_DATA_RESERVED_MASK 0xffffff00U +enum nft_data_attributes { + NFTA_DATA_UNSPEC, + NFTA_DATA_VALUE, + NFTA_DATA_VERDICT, + __NFTA_DATA_MAX +}; +#define NFTA_DATA_MAX (__NFTA_DATA_MAX - 1) +#define NFT_DATA_VALUE_MAXLEN 64 +enum nft_verdict_attributes { + NFTA_VERDICT_UNSPEC, + NFTA_VERDICT_CODE, + NFTA_VERDICT_CHAIN, + NFTA_VERDICT_CHAIN_ID, + __NFTA_VERDICT_MAX +}; +#define NFTA_VERDICT_MAX (__NFTA_VERDICT_MAX - 1) +enum nft_expr_attributes { + NFTA_EXPR_UNSPEC, + NFTA_EXPR_NAME, + NFTA_EXPR_DATA, + __NFTA_EXPR_MAX +}; +#define NFTA_EXPR_MAX (__NFTA_EXPR_MAX - 1) +enum nft_immediate_attributes { + NFTA_IMMEDIATE_UNSPEC, + NFTA_IMMEDIATE_DREG, + NFTA_IMMEDIATE_DATA, + __NFTA_IMMEDIATE_MAX +}; +#define NFTA_IMMEDIATE_MAX (__NFTA_IMMEDIATE_MAX - 1) +enum nft_bitwise_ops { + NFT_BITWISE_MASK_XOR, + NFT_BITWISE_LSHIFT, + NFT_BITWISE_RSHIFT, + NFT_BITWISE_AND, + NFT_BITWISE_OR, + NFT_BITWISE_XOR, +}; +#define NFT_BITWISE_BOOL NFT_BITWISE_MASK_XOR +enum nft_bitwise_attributes { + NFTA_BITWISE_UNSPEC, + NFTA_BITWISE_SREG, + NFTA_BITWISE_DREG, + NFTA_BITWISE_LEN, + NFTA_BITWISE_MASK, + NFTA_BITWISE_XOR, + NFTA_BITWISE_OP, + NFTA_BITWISE_DATA, + NFTA_BITWISE_SREG2, + __NFTA_BITWISE_MAX +}; +#define NFTA_BITWISE_MAX (__NFTA_BITWISE_MAX - 1) +enum nft_byteorder_ops { + NFT_BYTEORDER_NTOH, + NFT_BYTEORDER_HTON, +}; +enum nft_byteorder_attributes { + NFTA_BYTEORDER_UNSPEC, + NFTA_BYTEORDER_SREG, + NFTA_BYTEORDER_DREG, + NFTA_BYTEORDER_OP, + NFTA_BYTEORDER_LEN, + NFTA_BYTEORDER_SIZE, + __NFTA_BYTEORDER_MAX +}; +#define NFTA_BYTEORDER_MAX (__NFTA_BYTEORDER_MAX - 1) +enum nft_cmp_ops { + NFT_CMP_EQ, + NFT_CMP_NEQ, + NFT_CMP_LT, + NFT_CMP_LTE, + NFT_CMP_GT, + NFT_CMP_GTE, +}; +enum nft_cmp_attributes { + NFTA_CMP_UNSPEC, + NFTA_CMP_SREG, + NFTA_CMP_OP, + NFTA_CMP_DATA, + __NFTA_CMP_MAX +}; +#define NFTA_CMP_MAX (__NFTA_CMP_MAX - 1) +enum nft_range_ops { + NFT_RANGE_EQ, + NFT_RANGE_NEQ, +}; +enum nft_range_attributes { + NFTA_RANGE_UNSPEC, + NFTA_RANGE_SREG, + NFTA_RANGE_OP, + NFTA_RANGE_FROM_DATA, + NFTA_RANGE_TO_DATA, + __NFTA_RANGE_MAX +}; +#define NFTA_RANGE_MAX (__NFTA_RANGE_MAX - 1) +enum nft_lookup_flags { + NFT_LOOKUP_F_INV = (1 << 0), +}; +enum nft_lookup_attributes { + NFTA_LOOKUP_UNSPEC, + NFTA_LOOKUP_SET, + NFTA_LOOKUP_SREG, + NFTA_LOOKUP_DREG, + NFTA_LOOKUP_SET_ID, + NFTA_LOOKUP_FLAGS, + __NFTA_LOOKUP_MAX +}; +#define NFTA_LOOKUP_MAX (__NFTA_LOOKUP_MAX - 1) +enum nft_dynset_ops { + NFT_DYNSET_OP_ADD, + NFT_DYNSET_OP_UPDATE, + NFT_DYNSET_OP_DELETE, +}; +enum nft_dynset_flags { + NFT_DYNSET_F_INV = (1 << 0), + NFT_DYNSET_F_EXPR = (1 << 1), +}; +enum nft_dynset_attributes { + NFTA_DYNSET_UNSPEC, + NFTA_DYNSET_SET_NAME, + NFTA_DYNSET_SET_ID, + NFTA_DYNSET_OP, + NFTA_DYNSET_SREG_KEY, + NFTA_DYNSET_SREG_DATA, + NFTA_DYNSET_TIMEOUT, + NFTA_DYNSET_EXPR, + NFTA_DYNSET_PAD, + NFTA_DYNSET_FLAGS, + NFTA_DYNSET_EXPRESSIONS, + __NFTA_DYNSET_MAX, +}; +#define NFTA_DYNSET_MAX (__NFTA_DYNSET_MAX - 1) +enum nft_payload_bases { + NFT_PAYLOAD_LL_HEADER, + NFT_PAYLOAD_NETWORK_HEADER, + NFT_PAYLOAD_TRANSPORT_HEADER, + NFT_PAYLOAD_INNER_HEADER, + NFT_PAYLOAD_TUN_HEADER, +}; +enum nft_payload_csum_types { + NFT_PAYLOAD_CSUM_NONE, + NFT_PAYLOAD_CSUM_INET, + NFT_PAYLOAD_CSUM_SCTP, +}; +enum nft_payload_csum_flags { + NFT_PAYLOAD_L4CSUM_PSEUDOHDR = (1 << 0), +}; +enum nft_inner_type { + NFT_INNER_UNSPEC = 0, + NFT_INNER_VXLAN, + NFT_INNER_GENEVE, +}; +enum nft_inner_flags { + NFT_INNER_HDRSIZE = (1 << 0), + NFT_INNER_LL = (1 << 1), + NFT_INNER_NH = (1 << 2), + NFT_INNER_TH = (1 << 3), +}; +#define NFT_INNER_MASK (NFT_INNER_HDRSIZE | NFT_INNER_LL | NFT_INNER_NH | NFT_INNER_TH) +enum nft_inner_attributes { + NFTA_INNER_UNSPEC, + NFTA_INNER_NUM, + NFTA_INNER_TYPE, + NFTA_INNER_FLAGS, + NFTA_INNER_HDRSIZE, + NFTA_INNER_EXPR, + __NFTA_INNER_MAX +}; +#define NFTA_INNER_MAX (__NFTA_INNER_MAX - 1) +enum nft_payload_attributes { + NFTA_PAYLOAD_UNSPEC, + NFTA_PAYLOAD_DREG, + NFTA_PAYLOAD_BASE, + NFTA_PAYLOAD_OFFSET, + NFTA_PAYLOAD_LEN, + NFTA_PAYLOAD_SREG, + NFTA_PAYLOAD_CSUM_TYPE, + NFTA_PAYLOAD_CSUM_OFFSET, + NFTA_PAYLOAD_CSUM_FLAGS, + __NFTA_PAYLOAD_MAX +}; +#define NFTA_PAYLOAD_MAX (__NFTA_PAYLOAD_MAX - 1) +enum nft_exthdr_flags { + NFT_EXTHDR_F_PRESENT = (1 << 0), +}; +enum nft_exthdr_op { + NFT_EXTHDR_OP_IPV6, + NFT_EXTHDR_OP_TCPOPT, + NFT_EXTHDR_OP_IPV4, + NFT_EXTHDR_OP_SCTP, + NFT_EXTHDR_OP_DCCP, + __NFT_EXTHDR_OP_MAX +}; +#define NFT_EXTHDR_OP_MAX (__NFT_EXTHDR_OP_MAX - 1) +enum nft_exthdr_attributes { + NFTA_EXTHDR_UNSPEC, + NFTA_EXTHDR_DREG, + NFTA_EXTHDR_TYPE, + NFTA_EXTHDR_OFFSET, + NFTA_EXTHDR_LEN, + NFTA_EXTHDR_FLAGS, + NFTA_EXTHDR_OP, + NFTA_EXTHDR_SREG, + __NFTA_EXTHDR_MAX +}; +#define NFTA_EXTHDR_MAX (__NFTA_EXTHDR_MAX - 1) +enum nft_meta_keys { + NFT_META_LEN, + NFT_META_PROTOCOL, + NFT_META_PRIORITY, + NFT_META_MARK, + NFT_META_IIF, + NFT_META_OIF, + NFT_META_IIFNAME, + NFT_META_OIFNAME, + NFT_META_IFTYPE, +#define NFT_META_IIFTYPE NFT_META_IFTYPE + NFT_META_OIFTYPE, + NFT_META_SKUID, + NFT_META_SKGID, + NFT_META_NFTRACE, + NFT_META_RTCLASSID, + NFT_META_SECMARK, + NFT_META_NFPROTO, + NFT_META_L4PROTO, + NFT_META_BRI_IIFNAME, + NFT_META_BRI_OIFNAME, + NFT_META_PKTTYPE, + NFT_META_CPU, + NFT_META_IIFGROUP, + NFT_META_OIFGROUP, + NFT_META_CGROUP, + NFT_META_PRANDOM, + NFT_META_SECPATH, + NFT_META_IIFKIND, + NFT_META_OIFKIND, + NFT_META_BRI_IIFPVID, + NFT_META_BRI_IIFVPROTO, + NFT_META_TIME_NS, + NFT_META_TIME_DAY, + NFT_META_TIME_HOUR, + NFT_META_SDIF, + NFT_META_SDIFNAME, + NFT_META_BRI_BROUTE, + __NFT_META_IIFTYPE, +}; +enum nft_rt_keys { + NFT_RT_CLASSID, + NFT_RT_NEXTHOP4, + NFT_RT_NEXTHOP6, + NFT_RT_TCPMSS, + NFT_RT_XFRM, + __NFT_RT_MAX +}; +#define NFT_RT_MAX (__NFT_RT_MAX - 1) +enum nft_hash_types { + NFT_HASH_JENKINS, + NFT_HASH_SYM, +}; +enum nft_hash_attributes { + NFTA_HASH_UNSPEC, + NFTA_HASH_SREG, + NFTA_HASH_DREG, + NFTA_HASH_LEN, + NFTA_HASH_MODULUS, + NFTA_HASH_SEED, + NFTA_HASH_OFFSET, + NFTA_HASH_TYPE, + NFTA_HASH_SET_NAME, + NFTA_HASH_SET_ID, + __NFTA_HASH_MAX, +}; +#define NFTA_HASH_MAX (__NFTA_HASH_MAX - 1) +enum nft_meta_attributes { + NFTA_META_UNSPEC, + NFTA_META_DREG, + NFTA_META_KEY, + NFTA_META_SREG, + __NFTA_META_MAX +}; +#define NFTA_META_MAX (__NFTA_META_MAX - 1) +enum nft_rt_attributes { + NFTA_RT_UNSPEC, + NFTA_RT_DREG, + NFTA_RT_KEY, + __NFTA_RT_MAX +}; +#define NFTA_RT_MAX (__NFTA_RT_MAX - 1) +enum nft_socket_attributes { + NFTA_SOCKET_UNSPEC, + NFTA_SOCKET_KEY, + NFTA_SOCKET_DREG, + NFTA_SOCKET_LEVEL, + __NFTA_SOCKET_MAX +}; +#define NFTA_SOCKET_MAX (__NFTA_SOCKET_MAX - 1) +enum nft_socket_keys { + NFT_SOCKET_TRANSPARENT, + NFT_SOCKET_MARK, + NFT_SOCKET_WILDCARD, + NFT_SOCKET_CGROUPV2, + __NFT_SOCKET_MAX +}; +#define NFT_SOCKET_MAX (__NFT_SOCKET_MAX - 1) +enum nft_ct_keys { + NFT_CT_STATE, + NFT_CT_DIRECTION, + NFT_CT_STATUS, + NFT_CT_MARK, + NFT_CT_SECMARK, + NFT_CT_EXPIRATION, + NFT_CT_HELPER, + NFT_CT_L3PROTOCOL, + NFT_CT_SRC, + NFT_CT_DST, + NFT_CT_PROTOCOL, + NFT_CT_PROTO_SRC, + NFT_CT_PROTO_DST, + NFT_CT_LABELS, + NFT_CT_PKTS, + NFT_CT_BYTES, + NFT_CT_AVGPKT, + NFT_CT_ZONE, + NFT_CT_EVENTMASK, + NFT_CT_SRC_IP, + NFT_CT_DST_IP, + NFT_CT_SRC_IP6, + NFT_CT_DST_IP6, + NFT_CT_ID, + __NFT_CT_MAX +}; +#define NFT_CT_MAX (__NFT_CT_MAX - 1) +enum nft_ct_attributes { + NFTA_CT_UNSPEC, + NFTA_CT_DREG, + NFTA_CT_KEY, + NFTA_CT_DIRECTION, + NFTA_CT_SREG, + __NFTA_CT_MAX +}; +#define NFTA_CT_MAX (__NFTA_CT_MAX - 1) +enum nft_offload_attributes { + NFTA_FLOW_UNSPEC, + NFTA_FLOW_TABLE_NAME, + __NFTA_FLOW_MAX, +}; +#define NFTA_FLOW_MAX (__NFTA_FLOW_MAX - 1) +enum nft_limit_type { + NFT_LIMIT_PKTS, + NFT_LIMIT_PKT_BYTES +}; +enum nft_limit_flags { + NFT_LIMIT_F_INV = (1 << 0), +}; +enum nft_limit_attributes { + NFTA_LIMIT_UNSPEC, + NFTA_LIMIT_RATE, + NFTA_LIMIT_UNIT, + NFTA_LIMIT_BURST, + NFTA_LIMIT_TYPE, + NFTA_LIMIT_FLAGS, + NFTA_LIMIT_PAD, + __NFTA_LIMIT_MAX +}; +#define NFTA_LIMIT_MAX (__NFTA_LIMIT_MAX - 1) +enum nft_connlimit_flags { + NFT_CONNLIMIT_F_INV = (1 << 0), +}; +enum nft_connlimit_attributes { + NFTA_CONNLIMIT_UNSPEC, + NFTA_CONNLIMIT_COUNT, + NFTA_CONNLIMIT_FLAGS, + __NFTA_CONNLIMIT_MAX +}; +#define NFTA_CONNLIMIT_MAX (__NFTA_CONNLIMIT_MAX - 1) +enum nft_counter_attributes { + NFTA_COUNTER_UNSPEC, + NFTA_COUNTER_BYTES, + NFTA_COUNTER_PACKETS, + NFTA_COUNTER_PAD, + __NFTA_COUNTER_MAX +}; +#define NFTA_COUNTER_MAX (__NFTA_COUNTER_MAX - 1) +enum nft_last_attributes { + NFTA_LAST_UNSPEC, + NFTA_LAST_SET, + NFTA_LAST_MSECS, + NFTA_LAST_PAD, + __NFTA_LAST_MAX +}; +#define NFTA_LAST_MAX (__NFTA_LAST_MAX - 1) +enum nft_log_attributes { + NFTA_LOG_UNSPEC, + NFTA_LOG_GROUP, + NFTA_LOG_PREFIX, + NFTA_LOG_SNAPLEN, + NFTA_LOG_QTHRESHOLD, + NFTA_LOG_LEVEL, + NFTA_LOG_FLAGS, + __NFTA_LOG_MAX +}; +#define NFTA_LOG_MAX (__NFTA_LOG_MAX - 1) +enum nft_log_level { + NFT_LOGLEVEL_EMERG, + NFT_LOGLEVEL_ALERT, + NFT_LOGLEVEL_CRIT, + NFT_LOGLEVEL_ERR, + NFT_LOGLEVEL_WARNING, + NFT_LOGLEVEL_NOTICE, + NFT_LOGLEVEL_INFO, + NFT_LOGLEVEL_DEBUG, + NFT_LOGLEVEL_AUDIT, + __NFT_LOGLEVEL_MAX +}; +#define NFT_LOGLEVEL_MAX (__NFT_LOGLEVEL_MAX - 1) +enum nft_queue_attributes { + NFTA_QUEUE_UNSPEC, + NFTA_QUEUE_NUM, + NFTA_QUEUE_TOTAL, + NFTA_QUEUE_FLAGS, + NFTA_QUEUE_SREG_QNUM, + __NFTA_QUEUE_MAX +}; +#define NFTA_QUEUE_MAX (__NFTA_QUEUE_MAX - 1) +#define NFT_QUEUE_FLAG_BYPASS 0x01 +#define NFT_QUEUE_FLAG_CPU_FANOUT 0x02 +#define NFT_QUEUE_FLAG_MASK 0x03 +enum nft_quota_flags { + NFT_QUOTA_F_INV = (1 << 0), + NFT_QUOTA_F_DEPLETED = (1 << 1), +}; +enum nft_quota_attributes { + NFTA_QUOTA_UNSPEC, + NFTA_QUOTA_BYTES, + NFTA_QUOTA_FLAGS, + NFTA_QUOTA_PAD, + NFTA_QUOTA_CONSUMED, + __NFTA_QUOTA_MAX +}; +#define NFTA_QUOTA_MAX (__NFTA_QUOTA_MAX - 1) +enum nft_secmark_attributes { + NFTA_SECMARK_UNSPEC, + NFTA_SECMARK_CTX, + __NFTA_SECMARK_MAX, +}; +#define NFTA_SECMARK_MAX (__NFTA_SECMARK_MAX - 1) +#define NFT_SECMARK_CTX_MAXLEN 4096 +enum nft_reject_types { + NFT_REJECT_ICMP_UNREACH, + NFT_REJECT_TCP_RST, + NFT_REJECT_ICMPX_UNREACH, +}; +enum nft_reject_inet_code { + NFT_REJECT_ICMPX_NO_ROUTE = 0, + NFT_REJECT_ICMPX_PORT_UNREACH, + NFT_REJECT_ICMPX_HOST_UNREACH, + NFT_REJECT_ICMPX_ADMIN_PROHIBITED, + __NFT_REJECT_ICMPX_MAX +}; +#define NFT_REJECT_ICMPX_MAX (__NFT_REJECT_ICMPX_MAX - 1) +enum nft_reject_attributes { + NFTA_REJECT_UNSPEC, + NFTA_REJECT_TYPE, + NFTA_REJECT_ICMP_CODE, + __NFTA_REJECT_MAX +}; +#define NFTA_REJECT_MAX (__NFTA_REJECT_MAX - 1) +enum nft_nat_types { + NFT_NAT_SNAT, + NFT_NAT_DNAT, +}; +enum nft_nat_attributes { + NFTA_NAT_UNSPEC, + NFTA_NAT_TYPE, + NFTA_NAT_FAMILY, + NFTA_NAT_REG_ADDR_MIN, + NFTA_NAT_REG_ADDR_MAX, + NFTA_NAT_REG_PROTO_MIN, + NFTA_NAT_REG_PROTO_MAX, + NFTA_NAT_FLAGS, + __NFTA_NAT_MAX +}; +#define NFTA_NAT_MAX (__NFTA_NAT_MAX - 1) +enum nft_tproxy_attributes { + NFTA_TPROXY_UNSPEC, + NFTA_TPROXY_FAMILY, + NFTA_TPROXY_REG_ADDR, + NFTA_TPROXY_REG_PORT, + __NFTA_TPROXY_MAX +}; +#define NFTA_TPROXY_MAX (__NFTA_TPROXY_MAX - 1) +enum nft_masq_attributes { + NFTA_MASQ_UNSPEC, + NFTA_MASQ_FLAGS, + NFTA_MASQ_REG_PROTO_MIN, + NFTA_MASQ_REG_PROTO_MAX, + __NFTA_MASQ_MAX +}; +#define NFTA_MASQ_MAX (__NFTA_MASQ_MAX - 1) +enum nft_redir_attributes { + NFTA_REDIR_UNSPEC, + NFTA_REDIR_REG_PROTO_MIN, + NFTA_REDIR_REG_PROTO_MAX, + NFTA_REDIR_FLAGS, + __NFTA_REDIR_MAX +}; +#define NFTA_REDIR_MAX (__NFTA_REDIR_MAX - 1) +enum nft_dup_attributes { + NFTA_DUP_UNSPEC, + NFTA_DUP_SREG_ADDR, + NFTA_DUP_SREG_DEV, + __NFTA_DUP_MAX +}; +#define NFTA_DUP_MAX (__NFTA_DUP_MAX - 1) +enum nft_fwd_attributes { + NFTA_FWD_UNSPEC, + NFTA_FWD_SREG_DEV, + NFTA_FWD_SREG_ADDR, + NFTA_FWD_NFPROTO, + __NFTA_FWD_MAX +}; +#define NFTA_FWD_MAX (__NFTA_FWD_MAX - 1) +enum nft_objref_attributes { + NFTA_OBJREF_UNSPEC, + NFTA_OBJREF_IMM_TYPE, + NFTA_OBJREF_IMM_NAME, + NFTA_OBJREF_SET_SREG, + NFTA_OBJREF_SET_NAME, + NFTA_OBJREF_SET_ID, + __NFTA_OBJREF_MAX +}; +#define NFTA_OBJREF_MAX (__NFTA_OBJREF_MAX - 1) +enum nft_gen_attributes { + NFTA_GEN_UNSPEC, + NFTA_GEN_ID, + NFTA_GEN_PROC_PID, + NFTA_GEN_PROC_NAME, + __NFTA_GEN_MAX +}; +#define NFTA_GEN_MAX (__NFTA_GEN_MAX - 1) +enum nft_fib_attributes { + NFTA_FIB_UNSPEC, + NFTA_FIB_DREG, + NFTA_FIB_RESULT, + NFTA_FIB_FLAGS, + __NFTA_FIB_MAX +}; +#define NFTA_FIB_MAX (__NFTA_FIB_MAX - 1) +enum nft_fib_result { + NFT_FIB_RESULT_UNSPEC, + NFT_FIB_RESULT_OIF, + NFT_FIB_RESULT_OIFNAME, + NFT_FIB_RESULT_ADDRTYPE, + __NFT_FIB_RESULT_MAX +}; +#define NFT_FIB_RESULT_MAX (__NFT_FIB_RESULT_MAX - 1) +enum nft_fib_flags { + NFTA_FIB_F_SADDR = 1 << 0, + NFTA_FIB_F_DADDR = 1 << 1, + NFTA_FIB_F_MARK = 1 << 2, + NFTA_FIB_F_IIF = 1 << 3, + NFTA_FIB_F_OIF = 1 << 4, + NFTA_FIB_F_PRESENT = 1 << 5, +}; +enum nft_ct_helper_attributes { + NFTA_CT_HELPER_UNSPEC, + NFTA_CT_HELPER_NAME, + NFTA_CT_HELPER_L3PROTO, + NFTA_CT_HELPER_L4PROTO, + __NFTA_CT_HELPER_MAX, +}; +#define NFTA_CT_HELPER_MAX (__NFTA_CT_HELPER_MAX - 1) +enum nft_ct_timeout_timeout_attributes { + NFTA_CT_TIMEOUT_UNSPEC, + NFTA_CT_TIMEOUT_L3PROTO, + NFTA_CT_TIMEOUT_L4PROTO, + NFTA_CT_TIMEOUT_DATA, + __NFTA_CT_TIMEOUT_MAX, +}; +#define NFTA_CT_TIMEOUT_MAX (__NFTA_CT_TIMEOUT_MAX - 1) +enum nft_ct_expectation_attributes { + NFTA_CT_EXPECT_UNSPEC, + NFTA_CT_EXPECT_L3PROTO, + NFTA_CT_EXPECT_L4PROTO, + NFTA_CT_EXPECT_DPORT, + NFTA_CT_EXPECT_TIMEOUT, + NFTA_CT_EXPECT_SIZE, + __NFTA_CT_EXPECT_MAX, +}; +#define NFTA_CT_EXPECT_MAX (__NFTA_CT_EXPECT_MAX - 1) +#define NFT_OBJECT_UNSPEC 0 +#define NFT_OBJECT_COUNTER 1 +#define NFT_OBJECT_QUOTA 2 +#define NFT_OBJECT_CT_HELPER 3 +#define NFT_OBJECT_LIMIT 4 +#define NFT_OBJECT_CONNLIMIT 5 +#define NFT_OBJECT_TUNNEL 6 +#define NFT_OBJECT_CT_TIMEOUT 7 +#define NFT_OBJECT_SECMARK 8 +#define NFT_OBJECT_CT_EXPECT 9 +#define NFT_OBJECT_SYNPROXY 10 +#define __NFT_OBJECT_MAX 11 +#define NFT_OBJECT_MAX (__NFT_OBJECT_MAX - 1) +enum nft_object_attributes { + NFTA_OBJ_UNSPEC, + NFTA_OBJ_TABLE, + NFTA_OBJ_NAME, + NFTA_OBJ_TYPE, + NFTA_OBJ_DATA, + NFTA_OBJ_USE, + NFTA_OBJ_HANDLE, + NFTA_OBJ_PAD, + NFTA_OBJ_USERDATA, + __NFTA_OBJ_MAX +}; +#define NFTA_OBJ_MAX (__NFTA_OBJ_MAX - 1) +enum nft_flowtable_flags { + NFT_FLOWTABLE_HW_OFFLOAD = 0x1, + NFT_FLOWTABLE_COUNTER = 0x2, + NFT_FLOWTABLE_MASK = (NFT_FLOWTABLE_HW_OFFLOAD | NFT_FLOWTABLE_COUNTER) +}; +enum nft_flowtable_attributes { + NFTA_FLOWTABLE_UNSPEC, + NFTA_FLOWTABLE_TABLE, + NFTA_FLOWTABLE_NAME, + NFTA_FLOWTABLE_HOOK, + NFTA_FLOWTABLE_USE, + NFTA_FLOWTABLE_HANDLE, + NFTA_FLOWTABLE_PAD, + NFTA_FLOWTABLE_FLAGS, + __NFTA_FLOWTABLE_MAX +}; +#define NFTA_FLOWTABLE_MAX (__NFTA_FLOWTABLE_MAX - 1) +enum nft_flowtable_hook_attributes { + NFTA_FLOWTABLE_HOOK_UNSPEC, + NFTA_FLOWTABLE_HOOK_NUM, + NFTA_FLOWTABLE_HOOK_PRIORITY, + NFTA_FLOWTABLE_HOOK_DEVS, + __NFTA_FLOWTABLE_HOOK_MAX +}; +#define NFTA_FLOWTABLE_HOOK_MAX (__NFTA_FLOWTABLE_HOOK_MAX - 1) +enum nft_osf_attributes { + NFTA_OSF_UNSPEC, + NFTA_OSF_DREG, + NFTA_OSF_TTL, + NFTA_OSF_FLAGS, + __NFTA_OSF_MAX, +}; +#define NFTA_OSF_MAX (__NFTA_OSF_MAX - 1) +enum nft_osf_flags { + NFT_OSF_F_VERSION = (1 << 0), +}; +enum nft_synproxy_attributes { + NFTA_SYNPROXY_UNSPEC, + NFTA_SYNPROXY_MSS, + NFTA_SYNPROXY_WSCALE, + NFTA_SYNPROXY_FLAGS, + __NFTA_SYNPROXY_MAX, +}; +#define NFTA_SYNPROXY_MAX (__NFTA_SYNPROXY_MAX - 1) +enum nft_devices_attributes { + NFTA_DEVICE_UNSPEC, + NFTA_DEVICE_NAME, + NFTA_DEVICE_PREFIX, + __NFTA_DEVICE_MAX +}; +#define NFTA_DEVICE_MAX (__NFTA_DEVICE_MAX - 1) +enum nft_xfrm_attributes { + NFTA_XFRM_UNSPEC, + NFTA_XFRM_DREG, + NFTA_XFRM_KEY, + NFTA_XFRM_DIR, + NFTA_XFRM_SPNUM, + __NFTA_XFRM_MAX +}; +#define NFTA_XFRM_MAX (__NFTA_XFRM_MAX - 1) +enum nft_xfrm_keys { + NFT_XFRM_KEY_UNSPEC, + NFT_XFRM_KEY_DADDR_IP4, + NFT_XFRM_KEY_DADDR_IP6, + NFT_XFRM_KEY_SADDR_IP4, + NFT_XFRM_KEY_SADDR_IP6, + NFT_XFRM_KEY_REQID, + NFT_XFRM_KEY_SPI, + __NFT_XFRM_KEY_MAX, +}; +#define NFT_XFRM_KEY_MAX (__NFT_XFRM_KEY_MAX - 1) +enum nft_trace_attributes { + NFTA_TRACE_UNSPEC, + NFTA_TRACE_TABLE, + NFTA_TRACE_CHAIN, + NFTA_TRACE_RULE_HANDLE, + NFTA_TRACE_TYPE, + NFTA_TRACE_VERDICT, + NFTA_TRACE_ID, + NFTA_TRACE_LL_HEADER, + NFTA_TRACE_NETWORK_HEADER, + NFTA_TRACE_TRANSPORT_HEADER, + NFTA_TRACE_IIF, + NFTA_TRACE_IIFTYPE, + NFTA_TRACE_OIF, + NFTA_TRACE_OIFTYPE, + NFTA_TRACE_MARK, + NFTA_TRACE_NFPROTO, + NFTA_TRACE_POLICY, + NFTA_TRACE_PAD, + NFTA_TRACE_CT_ID, + NFTA_TRACE_CT_DIRECTION, + NFTA_TRACE_CT_STATUS, + NFTA_TRACE_CT_STATE, + __NFTA_TRACE_MAX +}; +#define NFTA_TRACE_MAX (__NFTA_TRACE_MAX - 1) +enum nft_trace_types { + NFT_TRACETYPE_UNSPEC, + NFT_TRACETYPE_POLICY, + NFT_TRACETYPE_RETURN, + NFT_TRACETYPE_RULE, + __NFT_TRACETYPE_MAX +}; +#define NFT_TRACETYPE_MAX (__NFT_TRACETYPE_MAX - 1) +enum nft_ng_attributes { + NFTA_NG_UNSPEC, + NFTA_NG_DREG, + NFTA_NG_MODULUS, + NFTA_NG_TYPE, + NFTA_NG_OFFSET, + NFTA_NG_SET_NAME, + NFTA_NG_SET_ID, + __NFTA_NG_MAX +}; +#define NFTA_NG_MAX (__NFTA_NG_MAX - 1) +enum nft_ng_types { + NFT_NG_INCREMENTAL, + NFT_NG_RANDOM, + __NFT_NG_MAX +}; +#define NFT_NG_MAX (__NFT_NG_MAX - 1) +enum nft_tunnel_key_ip_attributes { + NFTA_TUNNEL_KEY_IP_UNSPEC, + NFTA_TUNNEL_KEY_IP_SRC, + NFTA_TUNNEL_KEY_IP_DST, + __NFTA_TUNNEL_KEY_IP_MAX +}; +#define NFTA_TUNNEL_KEY_IP_MAX (__NFTA_TUNNEL_KEY_IP_MAX - 1) +enum nft_tunnel_ip6_attributes { + NFTA_TUNNEL_KEY_IP6_UNSPEC, + NFTA_TUNNEL_KEY_IP6_SRC, + NFTA_TUNNEL_KEY_IP6_DST, + NFTA_TUNNEL_KEY_IP6_FLOWLABEL, + __NFTA_TUNNEL_KEY_IP6_MAX +}; +#define NFTA_TUNNEL_KEY_IP6_MAX (__NFTA_TUNNEL_KEY_IP6_MAX - 1) +enum nft_tunnel_opts_attributes { + NFTA_TUNNEL_KEY_OPTS_UNSPEC, + NFTA_TUNNEL_KEY_OPTS_VXLAN, + NFTA_TUNNEL_KEY_OPTS_ERSPAN, + NFTA_TUNNEL_KEY_OPTS_GENEVE, + __NFTA_TUNNEL_KEY_OPTS_MAX +}; +#define NFTA_TUNNEL_KEY_OPTS_MAX (__NFTA_TUNNEL_KEY_OPTS_MAX - 1) +enum nft_tunnel_opts_vxlan_attributes { + NFTA_TUNNEL_KEY_VXLAN_UNSPEC, + NFTA_TUNNEL_KEY_VXLAN_GBP, + __NFTA_TUNNEL_KEY_VXLAN_MAX +}; +#define NFTA_TUNNEL_KEY_VXLAN_MAX (__NFTA_TUNNEL_KEY_VXLAN_MAX - 1) +enum nft_tunnel_opts_erspan_attributes { + NFTA_TUNNEL_KEY_ERSPAN_UNSPEC, + NFTA_TUNNEL_KEY_ERSPAN_VERSION, + NFTA_TUNNEL_KEY_ERSPAN_V1_INDEX, + NFTA_TUNNEL_KEY_ERSPAN_V2_HWID, + NFTA_TUNNEL_KEY_ERSPAN_V2_DIR, + __NFTA_TUNNEL_KEY_ERSPAN_MAX +}; +#define NFTA_TUNNEL_KEY_ERSPAN_MAX (__NFTA_TUNNEL_KEY_ERSPAN_MAX - 1) +enum nft_tunnel_opts_geneve_attributes { + NFTA_TUNNEL_KEY_GENEVE_UNSPEC, + NFTA_TUNNEL_KEY_GENEVE_CLASS, + NFTA_TUNNEL_KEY_GENEVE_TYPE, + NFTA_TUNNEL_KEY_GENEVE_DATA, + __NFTA_TUNNEL_KEY_GENEVE_MAX +}; +#define NFTA_TUNNEL_KEY_GENEVE_MAX (__NFTA_TUNNEL_KEY_GENEVE_MAX - 1) +enum nft_tunnel_flags { + NFT_TUNNEL_F_ZERO_CSUM_TX = (1 << 0), + NFT_TUNNEL_F_DONT_FRAGMENT = (1 << 1), + NFT_TUNNEL_F_SEQ_NUMBER = (1 << 2), +}; +#define NFT_TUNNEL_F_MASK (NFT_TUNNEL_F_ZERO_CSUM_TX | NFT_TUNNEL_F_DONT_FRAGMENT | NFT_TUNNEL_F_SEQ_NUMBER) +enum nft_tunnel_key_attributes { + NFTA_TUNNEL_KEY_UNSPEC, + NFTA_TUNNEL_KEY_ID, + NFTA_TUNNEL_KEY_IP, + NFTA_TUNNEL_KEY_IP6, + NFTA_TUNNEL_KEY_FLAGS, + NFTA_TUNNEL_KEY_TOS, + NFTA_TUNNEL_KEY_TTL, + NFTA_TUNNEL_KEY_SPORT, + NFTA_TUNNEL_KEY_DPORT, + NFTA_TUNNEL_KEY_OPTS, + __NFTA_TUNNEL_KEY_MAX +}; +#define NFTA_TUNNEL_KEY_MAX (__NFTA_TUNNEL_KEY_MAX - 1) +enum nft_tunnel_keys { + NFT_TUNNEL_PATH, + NFT_TUNNEL_ID, + __NFT_TUNNEL_MAX +}; +#define NFT_TUNNEL_MAX (__NFT_TUNNEL_MAX - 1) +enum nft_tunnel_mode { + NFT_TUNNEL_MODE_NONE, + NFT_TUNNEL_MODE_RX, + NFT_TUNNEL_MODE_TX, + __NFT_TUNNEL_MODE_MAX +}; +#define NFT_TUNNEL_MODE_MAX (__NFT_TUNNEL_MODE_MAX - 1) +enum nft_tunnel_attributes { + NFTA_TUNNEL_UNSPEC, + NFTA_TUNNEL_KEY, + NFTA_TUNNEL_DREG, + NFTA_TUNNEL_MODE, + __NFTA_TUNNEL_MAX +}; +#define NFTA_TUNNEL_MAX (__NFTA_TUNNEL_MAX - 1) +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nf_tables_compat.h b/libc/kernel/uapi/linux/netfilter/nf_tables_compat.h new file mode 100644 index 0000000..0359196 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nf_tables_compat.h
@@ -0,0 +1,38 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _NFT_COMPAT_NFNETLINK_H_ +#define _NFT_COMPAT_NFNETLINK_H_ +enum nft_target_attributes { + NFTA_TARGET_UNSPEC, + NFTA_TARGET_NAME, + NFTA_TARGET_REV, + NFTA_TARGET_INFO, + __NFTA_TARGET_MAX +}; +#define NFTA_TARGET_MAX (__NFTA_TARGET_MAX - 1) +enum nft_match_attributes { + NFTA_MATCH_UNSPEC, + NFTA_MATCH_NAME, + NFTA_MATCH_REV, + NFTA_MATCH_INFO, + __NFTA_MATCH_MAX +}; +#define NFTA_MATCH_MAX (__NFTA_MATCH_MAX - 1) +#define NFT_COMPAT_NAME_MAX 32 +enum { + NFNL_MSG_COMPAT_GET, + NFNL_MSG_COMPAT_MAX +}; +enum { + NFTA_COMPAT_UNSPEC = 0, + NFTA_COMPAT_NAME, + NFTA_COMPAT_REV, + NFTA_COMPAT_TYPE, + __NFTA_COMPAT_MAX, +}; +#define NFTA_COMPAT_MAX (__NFTA_COMPAT_MAX - 1) +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nfnetlink.h b/libc/kernel/uapi/linux/netfilter/nfnetlink.h new file mode 100644 index 0000000..38696db --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nfnetlink.h
@@ -0,0 +1,65 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _UAPI_NFNETLINK_H +#define _UAPI_NFNETLINK_H +#include <linux/types.h> +#include <linux/netfilter/nfnetlink_compat.h> +enum nfnetlink_groups { + NFNLGRP_NONE, +#define NFNLGRP_NONE NFNLGRP_NONE + NFNLGRP_CONNTRACK_NEW, +#define NFNLGRP_CONNTRACK_NEW NFNLGRP_CONNTRACK_NEW + NFNLGRP_CONNTRACK_UPDATE, +#define NFNLGRP_CONNTRACK_UPDATE NFNLGRP_CONNTRACK_UPDATE + NFNLGRP_CONNTRACK_DESTROY, +#define NFNLGRP_CONNTRACK_DESTROY NFNLGRP_CONNTRACK_DESTROY + NFNLGRP_CONNTRACK_EXP_NEW, +#define NFNLGRP_CONNTRACK_EXP_NEW NFNLGRP_CONNTRACK_EXP_NEW + NFNLGRP_CONNTRACK_EXP_UPDATE, +#define NFNLGRP_CONNTRACK_EXP_UPDATE NFNLGRP_CONNTRACK_EXP_UPDATE + NFNLGRP_CONNTRACK_EXP_DESTROY, +#define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY + NFNLGRP_NFTABLES, +#define NFNLGRP_NFTABLES NFNLGRP_NFTABLES + NFNLGRP_ACCT_QUOTA, +#define NFNLGRP_ACCT_QUOTA NFNLGRP_ACCT_QUOTA + NFNLGRP_NFTRACE, +#define NFNLGRP_NFTRACE NFNLGRP_NFTRACE + __NFNLGRP_MAX, +}; +#define NFNLGRP_MAX (__NFNLGRP_MAX - 1) +struct nfgenmsg { + __u8 nfgen_family; + __u8 version; + __be16 res_id; +}; +#define NFNETLINK_V0 0 +#define NFNL_SUBSYS_ID(x) ((x & 0xff00) >> 8) +#define NFNL_MSG_TYPE(x) (x & 0x00ff) +#define NFNL_SUBSYS_NONE 0 +#define NFNL_SUBSYS_CTNETLINK 1 +#define NFNL_SUBSYS_CTNETLINK_EXP 2 +#define NFNL_SUBSYS_QUEUE 3 +#define NFNL_SUBSYS_ULOG 4 +#define NFNL_SUBSYS_OSF 5 +#define NFNL_SUBSYS_IPSET 6 +#define NFNL_SUBSYS_ACCT 7 +#define NFNL_SUBSYS_CTNETLINK_TIMEOUT 8 +#define NFNL_SUBSYS_CTHELPER 9 +#define NFNL_SUBSYS_NFTABLES 10 +#define NFNL_SUBSYS_NFT_COMPAT 11 +#define NFNL_SUBSYS_HOOK 12 +#define NFNL_SUBSYS_COUNT 13 +#define NFNL_MSG_BATCH_BEGIN NLMSG_MIN_TYPE +#define NFNL_MSG_BATCH_END NLMSG_MIN_TYPE + 1 +enum nfnl_batch_attributes { + NFNL_BATCH_UNSPEC, + NFNL_BATCH_GENID, + __NFNL_BATCH_MAX +}; +#define NFNL_BATCH_MAX (__NFNL_BATCH_MAX - 1) +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nfnetlink_acct.h b/libc/kernel/uapi/linux/netfilter/nfnetlink_acct.h new file mode 100644 index 0000000..4089e6f --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nfnetlink_acct.h
@@ -0,0 +1,45 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _UAPI_NFNL_ACCT_H_ +#define _UAPI_NFNL_ACCT_H_ +#ifndef NFACCT_NAME_MAX +#define NFACCT_NAME_MAX 32 +#endif +enum nfnl_acct_msg_types { + NFNL_MSG_ACCT_NEW, + NFNL_MSG_ACCT_GET, + NFNL_MSG_ACCT_GET_CTRZERO, + NFNL_MSG_ACCT_DEL, + NFNL_MSG_ACCT_OVERQUOTA, + NFNL_MSG_ACCT_MAX +}; +enum nfnl_acct_flags { + NFACCT_F_QUOTA_PKTS = (1 << 0), + NFACCT_F_QUOTA_BYTES = (1 << 1), + NFACCT_F_OVERQUOTA = (1 << 2), +}; +enum nfnl_acct_type { + NFACCT_UNSPEC, + NFACCT_NAME, + NFACCT_PKTS, + NFACCT_BYTES, + NFACCT_USE, + NFACCT_FLAGS, + NFACCT_QUOTA, + NFACCT_FILTER, + NFACCT_PAD, + __NFACCT_MAX +}; +#define NFACCT_MAX (__NFACCT_MAX - 1) +enum nfnl_attr_filter_type { + NFACCT_FILTER_UNSPEC, + NFACCT_FILTER_MASK, + NFACCT_FILTER_VALUE, + __NFACCT_FILTER_MAX +}; +#define NFACCT_FILTER_MAX (__NFACCT_FILTER_MAX - 1) +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nfnetlink_compat.h b/libc/kernel/uapi/linux/netfilter/nfnetlink_compat.h new file mode 100644 index 0000000..93cb511 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nfnetlink_compat.h
@@ -0,0 +1,38 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _NFNETLINK_COMPAT_H +#define _NFNETLINK_COMPAT_H +#include <linux/types.h> +#define NF_NETLINK_CONNTRACK_NEW 0x00000001 +#define NF_NETLINK_CONNTRACK_UPDATE 0x00000002 +#define NF_NETLINK_CONNTRACK_DESTROY 0x00000004 +#define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008 +#define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010 +#define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020 +struct nfattr { + __u16 nfa_len; + __u16 nfa_type; +}; +#define NFNL_NFA_NEST 0x8000 +#define NFA_TYPE(attr) ((attr)->nfa_type & 0x7fff) +#define NFA_ALIGNTO 4 +#define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1)) +#define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) && (nfa)->nfa_len <= (len)) +#define NFA_NEXT(nfa,attrlen) ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), (struct nfattr *) (((char *) (nfa)) + NFA_ALIGN((nfa)->nfa_len))) +#define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len)) +#define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len)) +#define NFA_DATA(nfa) ((void *) (((char *) (nfa)) + NFA_LENGTH(0))) +#define NFA_PAYLOAD(nfa) ((int) ((nfa)->nfa_len) - NFA_LENGTH(0)) +#define NFA_NEST(skb,type) \ +({ struct nfattr * __start = (struct nfattr *) skb_tail_pointer(skb); NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); __start; }) +#define NFA_NEST_END(skb,start) \ +({ (start)->nfa_len = skb_tail_pointer(skb) - (unsigned char *) (start); (skb)->len; }) +#define NFA_NEST_CANCEL(skb,start) \ +({ if(start) skb_trim(skb, (unsigned char *) (start) - (skb)->data); - 1; }) +#define NFM_NFA(n) ((struct nfattr *) (((char *) (n)) + NLMSG_ALIGN(sizeof(struct nfgenmsg)))) +#define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg)) +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nfnetlink_conntrack.h b/libc/kernel/uapi/linux/netfilter/nfnetlink_conntrack.h new file mode 100644 index 0000000..a0e0d10 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nfnetlink_conntrack.h
@@ -0,0 +1,268 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _IPCONNTRACK_NETLINK_H +#define _IPCONNTRACK_NETLINK_H +#include <linux/netfilter/nfnetlink.h> +enum cntl_msg_types { + IPCTNL_MSG_CT_NEW, + IPCTNL_MSG_CT_GET, + IPCTNL_MSG_CT_DELETE, + IPCTNL_MSG_CT_GET_CTRZERO, + IPCTNL_MSG_CT_GET_STATS_CPU, + IPCTNL_MSG_CT_GET_STATS, + IPCTNL_MSG_CT_GET_DYING, + IPCTNL_MSG_CT_GET_UNCONFIRMED, + IPCTNL_MSG_MAX +}; +enum ctnl_exp_msg_types { + IPCTNL_MSG_EXP_NEW, + IPCTNL_MSG_EXP_GET, + IPCTNL_MSG_EXP_DELETE, + IPCTNL_MSG_EXP_GET_STATS_CPU, + IPCTNL_MSG_EXP_MAX +}; +enum ctattr_type { + CTA_UNSPEC, + CTA_TUPLE_ORIG, + CTA_TUPLE_REPLY, + CTA_STATUS, + CTA_PROTOINFO, + CTA_HELP, + CTA_NAT_SRC, +#define CTA_NAT CTA_NAT_SRC + CTA_TIMEOUT, + CTA_MARK, + CTA_COUNTERS_ORIG, + CTA_COUNTERS_REPLY, + CTA_USE, + CTA_ID, + CTA_NAT_DST, + CTA_TUPLE_MASTER, + CTA_SEQ_ADJ_ORIG, + CTA_NAT_SEQ_ADJ_ORIG = CTA_SEQ_ADJ_ORIG, + CTA_SEQ_ADJ_REPLY, + CTA_NAT_SEQ_ADJ_REPLY = CTA_SEQ_ADJ_REPLY, + CTA_SECMARK, + CTA_ZONE, + CTA_SECCTX, + CTA_TIMESTAMP, + CTA_MARK_MASK, + CTA_LABELS, + CTA_LABELS_MASK, + CTA_SYNPROXY, + CTA_FILTER, + CTA_STATUS_MASK, + CTA_TIMESTAMP_EVENT, + __CTA_MAX +}; +#define CTA_MAX (__CTA_MAX - 1) +enum ctattr_tuple { + CTA_TUPLE_UNSPEC, + CTA_TUPLE_IP, + CTA_TUPLE_PROTO, + CTA_TUPLE_ZONE, + __CTA_TUPLE_MAX +}; +#define CTA_TUPLE_MAX (__CTA_TUPLE_MAX - 1) +enum ctattr_ip { + CTA_IP_UNSPEC, + CTA_IP_V4_SRC, + CTA_IP_V4_DST, + CTA_IP_V6_SRC, + CTA_IP_V6_DST, + __CTA_IP_MAX +}; +#define CTA_IP_MAX (__CTA_IP_MAX - 1) +enum ctattr_l4proto { + CTA_PROTO_UNSPEC, + CTA_PROTO_NUM, + CTA_PROTO_SRC_PORT, + CTA_PROTO_DST_PORT, + CTA_PROTO_ICMP_ID, + CTA_PROTO_ICMP_TYPE, + CTA_PROTO_ICMP_CODE, + CTA_PROTO_ICMPV6_ID, + CTA_PROTO_ICMPV6_TYPE, + CTA_PROTO_ICMPV6_CODE, + __CTA_PROTO_MAX +}; +#define CTA_PROTO_MAX (__CTA_PROTO_MAX - 1) +enum ctattr_protoinfo { + CTA_PROTOINFO_UNSPEC, + CTA_PROTOINFO_TCP, + CTA_PROTOINFO_DCCP, + CTA_PROTOINFO_SCTP, + __CTA_PROTOINFO_MAX +}; +#define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1) +enum ctattr_protoinfo_tcp { + CTA_PROTOINFO_TCP_UNSPEC, + CTA_PROTOINFO_TCP_STATE, + CTA_PROTOINFO_TCP_WSCALE_ORIGINAL, + CTA_PROTOINFO_TCP_WSCALE_REPLY, + CTA_PROTOINFO_TCP_FLAGS_ORIGINAL, + CTA_PROTOINFO_TCP_FLAGS_REPLY, + __CTA_PROTOINFO_TCP_MAX +}; +#define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1) +enum ctattr_protoinfo_dccp { + CTA_PROTOINFO_DCCP_UNSPEC, + CTA_PROTOINFO_DCCP_STATE, + CTA_PROTOINFO_DCCP_ROLE, + CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ, + CTA_PROTOINFO_DCCP_PAD, + __CTA_PROTOINFO_DCCP_MAX, +}; +#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1) +enum ctattr_protoinfo_sctp { + CTA_PROTOINFO_SCTP_UNSPEC, + CTA_PROTOINFO_SCTP_STATE, + CTA_PROTOINFO_SCTP_VTAG_ORIGINAL, + CTA_PROTOINFO_SCTP_VTAG_REPLY, + __CTA_PROTOINFO_SCTP_MAX +}; +#define CTA_PROTOINFO_SCTP_MAX (__CTA_PROTOINFO_SCTP_MAX - 1) +enum ctattr_counters { + CTA_COUNTERS_UNSPEC, + CTA_COUNTERS_PACKETS, + CTA_COUNTERS_BYTES, + CTA_COUNTERS32_PACKETS, + CTA_COUNTERS32_BYTES, + CTA_COUNTERS_PAD, + __CTA_COUNTERS_MAX +}; +#define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1) +enum ctattr_tstamp { + CTA_TIMESTAMP_UNSPEC, + CTA_TIMESTAMP_START, + CTA_TIMESTAMP_STOP, + CTA_TIMESTAMP_PAD, + __CTA_TIMESTAMP_MAX +}; +#define CTA_TIMESTAMP_MAX (__CTA_TIMESTAMP_MAX - 1) +enum ctattr_nat { + CTA_NAT_UNSPEC, + CTA_NAT_V4_MINIP, +#define CTA_NAT_MINIP CTA_NAT_V4_MINIP + CTA_NAT_V4_MAXIP, +#define CTA_NAT_MAXIP CTA_NAT_V4_MAXIP + CTA_NAT_PROTO, + CTA_NAT_V6_MINIP, + CTA_NAT_V6_MAXIP, + __CTA_NAT_MAX +}; +#define CTA_NAT_MAX (__CTA_NAT_MAX - 1) +enum ctattr_protonat { + CTA_PROTONAT_UNSPEC, + CTA_PROTONAT_PORT_MIN, + CTA_PROTONAT_PORT_MAX, + __CTA_PROTONAT_MAX +}; +#define CTA_PROTONAT_MAX (__CTA_PROTONAT_MAX - 1) +enum ctattr_seqadj { + CTA_SEQADJ_UNSPEC, + CTA_SEQADJ_CORRECTION_POS, + CTA_SEQADJ_OFFSET_BEFORE, + CTA_SEQADJ_OFFSET_AFTER, + __CTA_SEQADJ_MAX +}; +#define CTA_SEQADJ_MAX (__CTA_SEQADJ_MAX - 1) +enum ctattr_natseq { + CTA_NAT_SEQ_UNSPEC, + CTA_NAT_SEQ_CORRECTION_POS, + CTA_NAT_SEQ_OFFSET_BEFORE, + CTA_NAT_SEQ_OFFSET_AFTER, + __CTA_NAT_SEQ_MAX +}; +#define CTA_NAT_SEQ_MAX (__CTA_NAT_SEQ_MAX - 1) +enum ctattr_synproxy { + CTA_SYNPROXY_UNSPEC, + CTA_SYNPROXY_ISN, + CTA_SYNPROXY_ITS, + CTA_SYNPROXY_TSOFF, + __CTA_SYNPROXY_MAX, +}; +#define CTA_SYNPROXY_MAX (__CTA_SYNPROXY_MAX - 1) +enum ctattr_expect { + CTA_EXPECT_UNSPEC, + CTA_EXPECT_MASTER, + CTA_EXPECT_TUPLE, + CTA_EXPECT_MASK, + CTA_EXPECT_TIMEOUT, + CTA_EXPECT_ID, + CTA_EXPECT_HELP_NAME, + CTA_EXPECT_ZONE, + CTA_EXPECT_FLAGS, + CTA_EXPECT_CLASS, + CTA_EXPECT_NAT, + CTA_EXPECT_FN, + __CTA_EXPECT_MAX +}; +#define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1) +enum ctattr_expect_nat { + CTA_EXPECT_NAT_UNSPEC, + CTA_EXPECT_NAT_DIR, + CTA_EXPECT_NAT_TUPLE, + __CTA_EXPECT_NAT_MAX +}; +#define CTA_EXPECT_NAT_MAX (__CTA_EXPECT_NAT_MAX - 1) +enum ctattr_help { + CTA_HELP_UNSPEC, + CTA_HELP_NAME, + CTA_HELP_INFO, + __CTA_HELP_MAX +}; +#define CTA_HELP_MAX (__CTA_HELP_MAX - 1) +enum ctattr_secctx { + CTA_SECCTX_UNSPEC, + CTA_SECCTX_NAME, + __CTA_SECCTX_MAX +}; +#define CTA_SECCTX_MAX (__CTA_SECCTX_MAX - 1) +enum ctattr_stats_cpu { + CTA_STATS_UNSPEC, + CTA_STATS_SEARCHED, + CTA_STATS_FOUND, + CTA_STATS_NEW, + CTA_STATS_INVALID, + CTA_STATS_IGNORE, + CTA_STATS_DELETE, + CTA_STATS_DELETE_LIST, + CTA_STATS_INSERT, + CTA_STATS_INSERT_FAILED, + CTA_STATS_DROP, + CTA_STATS_EARLY_DROP, + CTA_STATS_ERROR, + CTA_STATS_SEARCH_RESTART, + CTA_STATS_CLASH_RESOLVE, + CTA_STATS_CHAIN_TOOLONG, + __CTA_STATS_MAX, +}; +#define CTA_STATS_MAX (__CTA_STATS_MAX - 1) +enum ctattr_stats_global { + CTA_STATS_GLOBAL_UNSPEC, + CTA_STATS_GLOBAL_ENTRIES, + CTA_STATS_GLOBAL_MAX_ENTRIES, + __CTA_STATS_GLOBAL_MAX, +}; +#define CTA_STATS_GLOBAL_MAX (__CTA_STATS_GLOBAL_MAX - 1) +enum ctattr_expect_stats { + CTA_STATS_EXP_UNSPEC, + CTA_STATS_EXP_NEW, + CTA_STATS_EXP_CREATE, + CTA_STATS_EXP_DELETE, + __CTA_STATS_EXP_MAX, +}; +#define CTA_STATS_EXP_MAX (__CTA_STATS_EXP_MAX - 1) +enum ctattr_filter { + CTA_FILTER_UNSPEC, + CTA_FILTER_ORIG_FLAGS, + CTA_FILTER_REPLY_FLAGS, + __CTA_FILTER_MAX +}; +#define CTA_FILTER_MAX (__CTA_FILTER_MAX - 1) +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nfnetlink_cthelper.h b/libc/kernel/uapi/linux/netfilter/nfnetlink_cthelper.h new file mode 100644 index 0000000..3145793 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nfnetlink_cthelper.h
@@ -0,0 +1,54 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _NFNL_CTHELPER_H_ +#define _NFNL_CTHELPER_H_ +#define NFCT_HELPER_STATUS_DISABLED 0 +#define NFCT_HELPER_STATUS_ENABLED 1 +enum nfnl_cthelper_msg_types { + NFNL_MSG_CTHELPER_NEW, + NFNL_MSG_CTHELPER_GET, + NFNL_MSG_CTHELPER_DEL, + NFNL_MSG_CTHELPER_MAX +}; +enum nfnl_cthelper_type { + NFCTH_UNSPEC, + NFCTH_NAME, + NFCTH_TUPLE, + NFCTH_QUEUE_NUM, + NFCTH_POLICY, + NFCTH_PRIV_DATA_LEN, + NFCTH_STATUS, + __NFCTH_MAX +}; +#define NFCTH_MAX (__NFCTH_MAX - 1) +enum nfnl_cthelper_policy_type { + NFCTH_POLICY_SET_UNSPEC, + NFCTH_POLICY_SET_NUM, + NFCTH_POLICY_SET, + NFCTH_POLICY_SET1 = NFCTH_POLICY_SET, + NFCTH_POLICY_SET2, + NFCTH_POLICY_SET3, + NFCTH_POLICY_SET4, + __NFCTH_POLICY_SET_MAX +}; +#define NFCTH_POLICY_SET_MAX (__NFCTH_POLICY_SET_MAX - 1) +enum nfnl_cthelper_pol_type { + NFCTH_POLICY_UNSPEC, + NFCTH_POLICY_NAME, + NFCTH_POLICY_EXPECT_MAX, + NFCTH_POLICY_EXPECT_TIMEOUT, + __NFCTH_POLICY_MAX +}; +#define NFCTH_POLICY_MAX (__NFCTH_POLICY_MAX - 1) +enum nfnl_cthelper_tuple_type { + NFCTH_TUPLE_UNSPEC, + NFCTH_TUPLE_L3PROTONUM, + NFCTH_TUPLE_L4PROTONUM, + __NFCTH_TUPLE_MAX, +}; +#define NFCTH_TUPLE_MAX (__NFCTH_TUPLE_MAX - 1) +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nfnetlink_cttimeout.h b/libc/kernel/uapi/linux/netfilter/nfnetlink_cttimeout.h new file mode 100644 index 0000000..b8bfd31 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nfnetlink_cttimeout.h
@@ -0,0 +1,110 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _CTTIMEOUT_NETLINK_H +#define _CTTIMEOUT_NETLINK_H +#include <linux/netfilter/nfnetlink.h> +enum ctnl_timeout_msg_types { + IPCTNL_MSG_TIMEOUT_NEW, + IPCTNL_MSG_TIMEOUT_GET, + IPCTNL_MSG_TIMEOUT_DELETE, + IPCTNL_MSG_TIMEOUT_DEFAULT_SET, + IPCTNL_MSG_TIMEOUT_DEFAULT_GET, + IPCTNL_MSG_TIMEOUT_MAX +}; +enum ctattr_timeout { + CTA_TIMEOUT_UNSPEC, + CTA_TIMEOUT_NAME, + CTA_TIMEOUT_L3PROTO, + CTA_TIMEOUT_L4PROTO, + CTA_TIMEOUT_DATA, + CTA_TIMEOUT_USE, + __CTA_TIMEOUT_MAX +}; +#define CTA_TIMEOUT_MAX (__CTA_TIMEOUT_MAX - 1) +enum ctattr_timeout_generic { + CTA_TIMEOUT_GENERIC_UNSPEC, + CTA_TIMEOUT_GENERIC_TIMEOUT, + __CTA_TIMEOUT_GENERIC_MAX +}; +#define CTA_TIMEOUT_GENERIC_MAX (__CTA_TIMEOUT_GENERIC_MAX - 1) +enum ctattr_timeout_tcp { + CTA_TIMEOUT_TCP_UNSPEC, + CTA_TIMEOUT_TCP_SYN_SENT, + CTA_TIMEOUT_TCP_SYN_RECV, + CTA_TIMEOUT_TCP_ESTABLISHED, + CTA_TIMEOUT_TCP_FIN_WAIT, + CTA_TIMEOUT_TCP_CLOSE_WAIT, + CTA_TIMEOUT_TCP_LAST_ACK, + CTA_TIMEOUT_TCP_TIME_WAIT, + CTA_TIMEOUT_TCP_CLOSE, + CTA_TIMEOUT_TCP_SYN_SENT2, + CTA_TIMEOUT_TCP_RETRANS, + CTA_TIMEOUT_TCP_UNACK, + __CTA_TIMEOUT_TCP_MAX +}; +#define CTA_TIMEOUT_TCP_MAX (__CTA_TIMEOUT_TCP_MAX - 1) +enum ctattr_timeout_udp { + CTA_TIMEOUT_UDP_UNSPEC, + CTA_TIMEOUT_UDP_UNREPLIED, + CTA_TIMEOUT_UDP_REPLIED, + __CTA_TIMEOUT_UDP_MAX +}; +#define CTA_TIMEOUT_UDP_MAX (__CTA_TIMEOUT_UDP_MAX - 1) +enum ctattr_timeout_udplite { + CTA_TIMEOUT_UDPLITE_UNSPEC, + CTA_TIMEOUT_UDPLITE_UNREPLIED, + CTA_TIMEOUT_UDPLITE_REPLIED, + __CTA_TIMEOUT_UDPLITE_MAX +}; +#define CTA_TIMEOUT_UDPLITE_MAX (__CTA_TIMEOUT_UDPLITE_MAX - 1) +enum ctattr_timeout_icmp { + CTA_TIMEOUT_ICMP_UNSPEC, + CTA_TIMEOUT_ICMP_TIMEOUT, + __CTA_TIMEOUT_ICMP_MAX +}; +#define CTA_TIMEOUT_ICMP_MAX (__CTA_TIMEOUT_ICMP_MAX - 1) +enum ctattr_timeout_dccp { + CTA_TIMEOUT_DCCP_UNSPEC, + CTA_TIMEOUT_DCCP_REQUEST, + CTA_TIMEOUT_DCCP_RESPOND, + CTA_TIMEOUT_DCCP_PARTOPEN, + CTA_TIMEOUT_DCCP_OPEN, + CTA_TIMEOUT_DCCP_CLOSEREQ, + CTA_TIMEOUT_DCCP_CLOSING, + CTA_TIMEOUT_DCCP_TIMEWAIT, + __CTA_TIMEOUT_DCCP_MAX +}; +#define CTA_TIMEOUT_DCCP_MAX (__CTA_TIMEOUT_DCCP_MAX - 1) +enum ctattr_timeout_sctp { + CTA_TIMEOUT_SCTP_UNSPEC, + CTA_TIMEOUT_SCTP_CLOSED, + CTA_TIMEOUT_SCTP_COOKIE_WAIT, + CTA_TIMEOUT_SCTP_COOKIE_ECHOED, + CTA_TIMEOUT_SCTP_ESTABLISHED, + CTA_TIMEOUT_SCTP_SHUTDOWN_SENT, + CTA_TIMEOUT_SCTP_SHUTDOWN_RECD, + CTA_TIMEOUT_SCTP_SHUTDOWN_ACK_SENT, + CTA_TIMEOUT_SCTP_HEARTBEAT_SENT, + CTA_TIMEOUT_SCTP_HEARTBEAT_ACKED, + __CTA_TIMEOUT_SCTP_MAX +}; +#define CTA_TIMEOUT_SCTP_MAX (__CTA_TIMEOUT_SCTP_MAX - 1) +enum ctattr_timeout_icmpv6 { + CTA_TIMEOUT_ICMPV6_UNSPEC, + CTA_TIMEOUT_ICMPV6_TIMEOUT, + __CTA_TIMEOUT_ICMPV6_MAX +}; +#define CTA_TIMEOUT_ICMPV6_MAX (__CTA_TIMEOUT_ICMPV6_MAX - 1) +enum ctattr_timeout_gre { + CTA_TIMEOUT_GRE_UNSPEC, + CTA_TIMEOUT_GRE_UNREPLIED, + CTA_TIMEOUT_GRE_REPLIED, + __CTA_TIMEOUT_GRE_MAX +}; +#define CTA_TIMEOUT_GRE_MAX (__CTA_TIMEOUT_GRE_MAX - 1) +#define CTNL_TIMEOUT_NAME_MAX 32 +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nfnetlink_hook.h b/libc/kernel/uapi/linux/netfilter/nfnetlink_hook.h new file mode 100644 index 0000000..83eb968 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nfnetlink_hook.h
@@ -0,0 +1,50 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _NFNL_HOOK_H_ +#define _NFNL_HOOK_H_ +enum nfnl_hook_msg_types { + NFNL_MSG_HOOK_GET, + NFNL_MSG_HOOK_MAX, +}; +enum nfnl_hook_attributes { + NFNLA_HOOK_UNSPEC, + NFNLA_HOOK_HOOKNUM, + NFNLA_HOOK_PRIORITY, + NFNLA_HOOK_DEV, + NFNLA_HOOK_FUNCTION_NAME, + NFNLA_HOOK_MODULE_NAME, + NFNLA_HOOK_CHAIN_INFO, + __NFNLA_HOOK_MAX +}; +#define NFNLA_HOOK_MAX (__NFNLA_HOOK_MAX - 1) +enum nfnl_hook_chain_info_attributes { + NFNLA_HOOK_INFO_UNSPEC, + NFNLA_HOOK_INFO_DESC, + NFNLA_HOOK_INFO_TYPE, + __NFNLA_HOOK_INFO_MAX, +}; +#define NFNLA_HOOK_INFO_MAX (__NFNLA_HOOK_INFO_MAX - 1) +enum nfnl_hook_chain_desc_attributes { + NFNLA_CHAIN_UNSPEC, + NFNLA_CHAIN_TABLE, + NFNLA_CHAIN_FAMILY, + NFNLA_CHAIN_NAME, + __NFNLA_CHAIN_MAX, +}; +#define NFNLA_CHAIN_MAX (__NFNLA_CHAIN_MAX - 1) +enum nfnl_hook_chaintype { + NFNL_HOOK_TYPE_NFTABLES = 0x1, + NFNL_HOOK_TYPE_BPF, + NFNL_HOOK_TYPE_NFT_FLOWTABLE, +}; +enum nfnl_hook_bpf_attributes { + NFNLA_HOOK_BPF_UNSPEC, + NFNLA_HOOK_BPF_ID, + __NFNLA_HOOK_BPF_MAX, +}; +#define NFNLA_HOOK_BPF_MAX (__NFNLA_HOOK_BPF_MAX - 1) +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nfnetlink_log.h b/libc/kernel/uapi/linux/netfilter/nfnetlink_log.h new file mode 100644 index 0000000..08babdc --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nfnetlink_log.h
@@ -0,0 +1,95 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _NFNETLINK_LOG_H +#define _NFNETLINK_LOG_H +#include <linux/types.h> +#include <linux/netfilter/nfnetlink.h> +enum nfulnl_msg_types { + NFULNL_MSG_PACKET, + NFULNL_MSG_CONFIG, + NFULNL_MSG_MAX +}; +struct nfulnl_msg_packet_hdr { + __be16 hw_protocol; + __u8 hook; + __u8 _pad; +}; +struct nfulnl_msg_packet_hw { + __be16 hw_addrlen; + __u16 _pad; + __u8 hw_addr[8]; +}; +struct nfulnl_msg_packet_timestamp { + __aligned_be64 sec; + __aligned_be64 usec; +}; +enum nfulnl_vlan_attr { + NFULA_VLAN_UNSPEC, + NFULA_VLAN_PROTO, + NFULA_VLAN_TCI, + __NFULA_VLAN_MAX, +}; +#define NFULA_VLAN_MAX (__NFULA_VLAN_MAX + 1) +enum nfulnl_attr_type { + NFULA_UNSPEC, + NFULA_PACKET_HDR, + NFULA_MARK, + NFULA_TIMESTAMP, + NFULA_IFINDEX_INDEV, + NFULA_IFINDEX_OUTDEV, + NFULA_IFINDEX_PHYSINDEV, + NFULA_IFINDEX_PHYSOUTDEV, + NFULA_HWADDR, + NFULA_PAYLOAD, + NFULA_PREFIX, + NFULA_UID, + NFULA_SEQ, + NFULA_SEQ_GLOBAL, + NFULA_GID, + NFULA_HWTYPE, + NFULA_HWHEADER, + NFULA_HWLEN, + NFULA_CT, + NFULA_CT_INFO, + NFULA_VLAN, + NFULA_L2HDR, + __NFULA_MAX +}; +#define NFULA_MAX (__NFULA_MAX - 1) +enum nfulnl_msg_config_cmds { + NFULNL_CFG_CMD_NONE, + NFULNL_CFG_CMD_BIND, + NFULNL_CFG_CMD_UNBIND, + NFULNL_CFG_CMD_PF_BIND, + NFULNL_CFG_CMD_PF_UNBIND, +}; +struct nfulnl_msg_config_cmd { + __u8 command; +} __attribute__((packed)); +struct nfulnl_msg_config_mode { + __be32 copy_range; + __u8 copy_mode; + __u8 _pad; +} __attribute__((packed)); +enum nfulnl_attr_config { + NFULA_CFG_UNSPEC, + NFULA_CFG_CMD, + NFULA_CFG_MODE, + NFULA_CFG_NLBUFSIZ, + NFULA_CFG_TIMEOUT, + NFULA_CFG_QTHRESH, + NFULA_CFG_FLAGS, + __NFULA_CFG_MAX +}; +#define NFULA_CFG_MAX (__NFULA_CFG_MAX - 1) +#define NFULNL_COPY_NONE 0x00 +#define NFULNL_COPY_META 0x01 +#define NFULNL_COPY_PACKET 0x02 +#define NFULNL_CFG_F_SEQ 0x0001 +#define NFULNL_CFG_F_SEQ_GLOBAL 0x0002 +#define NFULNL_CFG_F_CONNTRACK 0x0004 +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nfnetlink_osf.h b/libc/kernel/uapi/linux/netfilter/nfnetlink_osf.h new file mode 100644 index 0000000..ad6867e --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nfnetlink_osf.h
@@ -0,0 +1,85 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _NF_OSF_H +#define _NF_OSF_H +#include <linux/types.h> +#include <linux/ip.h> +#include <linux/tcp.h> +#define MAXGENRELEN 32 +#define NF_OSF_GENRE (1 << 0) +#define NF_OSF_TTL (1 << 1) +#define NF_OSF_LOG (1 << 2) +#define NF_OSF_INVERT (1 << 3) +#define NF_OSF_LOGLEVEL_ALL 0 +#define NF_OSF_LOGLEVEL_FIRST 1 +#define NF_OSF_LOGLEVEL_ALL_KNOWN 2 +#define NF_OSF_TTL_TRUE 0 +#define NF_OSF_TTL_LESS 1 +#define NF_OSF_TTL_NOCHECK 2 +#define NF_OSF_FLAGMASK (NF_OSF_GENRE | NF_OSF_TTL | NF_OSF_LOG | NF_OSF_INVERT) +struct nf_osf_wc { + __u32 wc; + __u32 val; +}; +struct nf_osf_opt { + __u16 kind, length; + struct nf_osf_wc wc; +}; +struct nf_osf_info { + char genre[MAXGENRELEN]; + __u32 len; + __u32 flags; + __u32 loglevel; + __u32 ttl; +}; +struct nf_osf_user_finger { + struct nf_osf_wc wss; + __u8 ttl, df; + __u16 ss, mss; + __u16 opt_num; + char genre[MAXGENRELEN]; + char version[MAXGENRELEN]; + char subtype[MAXGENRELEN]; + struct nf_osf_opt opt[MAX_IPOPTLEN]; +}; +struct nf_osf_nlmsg { + struct nf_osf_user_finger f; + struct iphdr ip; + struct tcphdr tcp; +}; +enum iana_options { + OSFOPT_EOL = 0, + OSFOPT_NOP, + OSFOPT_MSS, + OSFOPT_WSO, + OSFOPT_SACKP, + OSFOPT_SACK, + OSFOPT_ECHO, + OSFOPT_ECHOREPLY, + OSFOPT_TS, + OSFOPT_POCP, + OSFOPT_POSP, + OSFOPT_EMPTY = 255, +}; +enum nf_osf_window_size_options { + OSF_WSS_PLAIN = 0, + OSF_WSS_MSS, + OSF_WSS_MTU, + OSF_WSS_MODULO, + OSF_WSS_MAX, +}; +enum nf_osf_attr_type { + OSF_ATTR_UNSPEC, + OSF_ATTR_FINGER, + OSF_ATTR_MAX, +}; +enum nf_osf_msg_types { + OSF_MSG_ADD, + OSF_MSG_REMOVE, + OSF_MSG_MAX, +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/nfnetlink_queue.h b/libc/kernel/uapi/linux/netfilter/nfnetlink_queue.h new file mode 100644 index 0000000..314788d --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/nfnetlink_queue.h
@@ -0,0 +1,110 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _NFNETLINK_QUEUE_H +#define _NFNETLINK_QUEUE_H +#include <linux/types.h> +#include <linux/netfilter/nfnetlink.h> +enum nfqnl_msg_types { + NFQNL_MSG_PACKET, + NFQNL_MSG_VERDICT, + NFQNL_MSG_CONFIG, + NFQNL_MSG_VERDICT_BATCH, + NFQNL_MSG_MAX +}; +struct nfqnl_msg_packet_hdr { + __be32 packet_id; + __be16 hw_protocol; + __u8 hook; +} __attribute__((packed)); +struct nfqnl_msg_packet_hw { + __be16 hw_addrlen; + __u16 _pad; + __u8 hw_addr[8]; +}; +struct nfqnl_msg_packet_timestamp { + __aligned_be64 sec; + __aligned_be64 usec; +}; +enum nfqnl_vlan_attr { + NFQA_VLAN_UNSPEC, + NFQA_VLAN_PROTO, + NFQA_VLAN_TCI, + __NFQA_VLAN_MAX, +}; +#define NFQA_VLAN_MAX (__NFQA_VLAN_MAX - 1) +enum nfqnl_attr_type { + NFQA_UNSPEC, + NFQA_PACKET_HDR, + NFQA_VERDICT_HDR, + NFQA_MARK, + NFQA_TIMESTAMP, + NFQA_IFINDEX_INDEV, + NFQA_IFINDEX_OUTDEV, + NFQA_IFINDEX_PHYSINDEV, + NFQA_IFINDEX_PHYSOUTDEV, + NFQA_HWADDR, + NFQA_PAYLOAD, + NFQA_CT, + NFQA_CT_INFO, + NFQA_CAP_LEN, + NFQA_SKB_INFO, + NFQA_EXP, + NFQA_UID, + NFQA_GID, + NFQA_SECCTX, + NFQA_VLAN, + NFQA_L2HDR, + NFQA_PRIORITY, + NFQA_CGROUP_CLASSID, + __NFQA_MAX +}; +#define NFQA_MAX (__NFQA_MAX - 1) +struct nfqnl_msg_verdict_hdr { + __be32 verdict; + __be32 id; +}; +enum nfqnl_msg_config_cmds { + NFQNL_CFG_CMD_NONE, + NFQNL_CFG_CMD_BIND, + NFQNL_CFG_CMD_UNBIND, + NFQNL_CFG_CMD_PF_BIND, + NFQNL_CFG_CMD_PF_UNBIND, +}; +struct nfqnl_msg_config_cmd { + __u8 command; + __u8 _pad; + __be16 pf; +}; +enum nfqnl_config_mode { + NFQNL_COPY_NONE, + NFQNL_COPY_META, + NFQNL_COPY_PACKET, +}; +struct nfqnl_msg_config_params { + __be32 copy_range; + __u8 copy_mode; +} __attribute__((packed)); +enum nfqnl_attr_config { + NFQA_CFG_UNSPEC, + NFQA_CFG_CMD, + NFQA_CFG_PARAMS, + NFQA_CFG_QUEUE_MAXLEN, + NFQA_CFG_MASK, + NFQA_CFG_FLAGS, + __NFQA_CFG_MAX +}; +#define NFQA_CFG_MAX (__NFQA_CFG_MAX - 1) +#define NFQA_CFG_F_FAIL_OPEN (1 << 0) +#define NFQA_CFG_F_CONNTRACK (1 << 1) +#define NFQA_CFG_F_GSO (1 << 2) +#define NFQA_CFG_F_UID_GID (1 << 3) +#define NFQA_CFG_F_SECCTX (1 << 4) +#define NFQA_CFG_F_MAX (1 << 5) +#define NFQA_SKB_CSUMNOTREADY (1 << 0) +#define NFQA_SKB_GSO (1 << 1) +#define NFQA_SKB_CSUM_NOTVERIFIED (1 << 2) +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/x_tables.h b/libc/kernel/uapi/linux/netfilter/x_tables.h index 110fa90..b22440a 100644 --- a/libc/kernel/uapi/linux/netfilter/x_tables.h +++ b/libc/kernel/uapi/linux/netfilter/x_tables.h
@@ -87,4 +87,4 @@ #define XT_ENTRY_ITERATE(type,entries,size,fn,args...) XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args) #define xt_entry_foreach(pos,ehead,esize) for((pos) = (typeof(pos)) (ehead); (pos) < (typeof(pos)) ((char *) (ehead) + (esize)); (pos) = (typeof(pos)) ((char *) (pos) + (pos)->next_offset)) #define xt_ematch_foreach(pos,entry) for((pos) = (struct xt_entry_match *) entry->elems; (pos) < (struct xt_entry_match *) ((char *) (entry) + (entry)->target_offset); (pos) = (struct xt_entry_match *) ((char *) (pos) + (pos)->u.match_size)) -#endif \ No newline at end of file +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_AUDIT.h b/libc/kernel/uapi/linux/netfilter/xt_AUDIT.h new file mode 100644 index 0000000..5b64a32 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_AUDIT.h
@@ -0,0 +1,20 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_AUDIT_TARGET_H +#define _XT_AUDIT_TARGET_H +#include <linux/types.h> +enum { + XT_AUDIT_TYPE_ACCEPT = 0, + XT_AUDIT_TYPE_DROP, + XT_AUDIT_TYPE_REJECT, + __XT_AUDIT_TYPE_MAX, +}; +#define XT_AUDIT_TYPE_MAX (__XT_AUDIT_TYPE_MAX - 1) +struct xt_audit_info { + __u8 type; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_CHECKSUM.h b/libc/kernel/uapi/linux/netfilter/xt_CHECKSUM.h new file mode 100644 index 0000000..06f9628 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_CHECKSUM.h
@@ -0,0 +1,14 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_CHECKSUM_TARGET_H +#define _XT_CHECKSUM_TARGET_H +#include <linux/types.h> +#define XT_CHECKSUM_OP_FILL 0x01 +struct xt_CHECKSUM_info { + __u8 operation; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_CLASSIFY.h b/libc/kernel/uapi/linux/netfilter/xt_CLASSIFY.h new file mode 100644 index 0000000..e53bd4b --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_CLASSIFY.h
@@ -0,0 +1,13 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_CLASSIFY_H +#define _XT_CLASSIFY_H +#include <linux/types.h> +struct xt_classify_target_info { + __u32 priority; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_CONNMARK.h b/libc/kernel/uapi/linux/netfilter/xt_CONNMARK.h new file mode 100644 index 0000000..9816e4b --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_CONNMARK.h
@@ -0,0 +1,10 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_CONNMARK_H_target +#define _XT_CONNMARK_H_target +#include <linux/netfilter/xt_connmark.h> +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_CONNSECMARK.h b/libc/kernel/uapi/linux/netfilter/xt_CONNSECMARK.h new file mode 100644 index 0000000..9384bf9 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_CONNSECMARK.h
@@ -0,0 +1,17 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_CONNSECMARK_H_target +#define _XT_CONNSECMARK_H_target +#include <linux/types.h> +enum { + CONNSECMARK_SAVE = 1, + CONNSECMARK_RESTORE, +}; +struct xt_connsecmark_target_info { + __u8 mode; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_CT.h b/libc/kernel/uapi/linux/netfilter/xt_CT.h new file mode 100644 index 0000000..9425156 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_CT.h
@@ -0,0 +1,35 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_CT_H +#define _XT_CT_H +#include <linux/types.h> +enum { + XT_CT_NOTRACK = 1 << 0, + XT_CT_NOTRACK_ALIAS = 1 << 1, + XT_CT_ZONE_DIR_ORIG = 1 << 2, + XT_CT_ZONE_DIR_REPL = 1 << 3, + XT_CT_ZONE_MARK = 1 << 4, + XT_CT_MASK = XT_CT_NOTRACK | XT_CT_NOTRACK_ALIAS | XT_CT_ZONE_DIR_ORIG | XT_CT_ZONE_DIR_REPL | XT_CT_ZONE_MARK, +}; +struct xt_ct_target_info { + __u16 flags; + __u16 zone; + __u32 ct_events; + __u32 exp_events; + char helper[16]; + struct nf_conn * ct __attribute__((aligned(8))); +}; +struct xt_ct_target_info_v1 { + __u16 flags; + __u16 zone; + __u32 ct_events; + __u32 exp_events; + char helper[16]; + char timeout[32]; + struct nf_conn * ct __attribute__((aligned(8))); +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_DSCP.h b/libc/kernel/uapi/linux/netfilter/xt_DSCP.h new file mode 100644 index 0000000..ab786a8 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_DSCP.h
@@ -0,0 +1,18 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_DSCP_TARGET_H +#define _XT_DSCP_TARGET_H +#include <linux/netfilter/xt_dscp.h> +#include <linux/types.h> +struct xt_DSCP_info { + __u8 dscp; +}; +struct xt_tos_target_info { + __u8 tos_value; + __u8 tos_mask; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_HMARK.h b/libc/kernel/uapi/linux/netfilter/xt_HMARK.h new file mode 100644 index 0000000..7c411d6 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_HMARK.h
@@ -0,0 +1,52 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef XT_HMARK_H_ +#define XT_HMARK_H_ +#include <linux/types.h> +#include <linux/netfilter.h> +enum { + XT_HMARK_SADDR_MASK, + XT_HMARK_DADDR_MASK, + XT_HMARK_SPI, + XT_HMARK_SPI_MASK, + XT_HMARK_SPORT, + XT_HMARK_DPORT, + XT_HMARK_SPORT_MASK, + XT_HMARK_DPORT_MASK, + XT_HMARK_PROTO_MASK, + XT_HMARK_RND, + XT_HMARK_MODULUS, + XT_HMARK_OFFSET, + XT_HMARK_CT, + XT_HMARK_METHOD_L3, + XT_HMARK_METHOD_L3_4, +}; +#define XT_HMARK_FLAG(flag) (1 << flag) +union hmark_ports { + struct { + __u16 src; + __u16 dst; + } p16; + struct { + __be16 src; + __be16 dst; + } b16; + __u32 v32; + __be32 b32; +}; +struct xt_hmark_info { + union nf_inet_addr src_mask; + union nf_inet_addr dst_mask; + union hmark_ports port_mask; + union hmark_ports port_set; + __u32 flags; + __u16 proto_mask; + __u32 hashrnd; + __u32 hmodulus; + __u32 hoffset; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_IDLETIMER.h b/libc/kernel/uapi/linux/netfilter/xt_IDLETIMER.h new file mode 100644 index 0000000..7fd1ec1 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_IDLETIMER.h
@@ -0,0 +1,24 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_IDLETIMER_H +#define _XT_IDLETIMER_H +#include <linux/types.h> +#define MAX_IDLETIMER_LABEL_SIZE 28 +#define XT_IDLETIMER_ALARM 0x01 +struct idletimer_tg_info { + __u32 timeout; + char label[MAX_IDLETIMER_LABEL_SIZE]; + struct idletimer_tg * timer __attribute__((aligned(8))); +}; +struct idletimer_tg_info_v1 { + __u32 timeout; + char label[MAX_IDLETIMER_LABEL_SIZE]; + __u8 send_nl_msg; + __u8 timer_type; + struct idletimer_tg * timer __attribute__((aligned(8))); +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_LED.h b/libc/kernel/uapi/linux/netfilter/xt_LED.h new file mode 100644 index 0000000..c43debe --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_LED.h
@@ -0,0 +1,16 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_LED_H +#define _XT_LED_H +#include <linux/types.h> +struct xt_led_info { + char id[27]; + __u8 always_blink; + __u32 delay; + void * internal_data __attribute__((aligned(8))); +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_LOG.h b/libc/kernel/uapi/linux/netfilter/xt_LOG.h new file mode 100644 index 0000000..b19a190 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_LOG.h
@@ -0,0 +1,21 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_LOG_H +#define _XT_LOG_H +#define XT_LOG_TCPSEQ 0x01 +#define XT_LOG_TCPOPT 0x02 +#define XT_LOG_IPOPT 0x04 +#define XT_LOG_UID 0x08 +#define XT_LOG_NFLOG 0x10 +#define XT_LOG_MACDECODE 0x20 +#define XT_LOG_MASK 0x2f +struct xt_log_info { + unsigned char level; + unsigned char logflags; + char prefix[30]; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_MARK.h b/libc/kernel/uapi/linux/netfilter/xt_MARK.h new file mode 100644 index 0000000..c309c28 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_MARK.h
@@ -0,0 +1,10 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_MARK_H_target +#define _XT_MARK_H_target +#include <linux/netfilter/xt_mark.h> +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_NFLOG.h b/libc/kernel/uapi/linux/netfilter/xt_NFLOG.h new file mode 100644 index 0000000..c05b8bf --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_NFLOG.h
@@ -0,0 +1,22 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_NFLOG_TARGET +#define _XT_NFLOG_TARGET +#include <linux/types.h> +#define XT_NFLOG_DEFAULT_GROUP 0x1 +#define XT_NFLOG_DEFAULT_THRESHOLD 0 +#define XT_NFLOG_MASK 0x1 +#define XT_NFLOG_F_COPY_LEN 0x1 +struct xt_nflog_info { + __u32 len; + __u16 group; + __u16 threshold; + __u16 flags; + __u16 pad; + char prefix[64]; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_NFQUEUE.h b/libc/kernel/uapi/linux/netfilter/xt_NFQUEUE.h new file mode 100644 index 0000000..51ecd9c --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_NFQUEUE.h
@@ -0,0 +1,30 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_NFQ_TARGET_H +#define _XT_NFQ_TARGET_H +#include <linux/types.h> +struct xt_NFQ_info { + __u16 queuenum; +}; +struct xt_NFQ_info_v1 { + __u16 queuenum; + __u16 queues_total; +}; +struct xt_NFQ_info_v2 { + __u16 queuenum; + __u16 queues_total; + __u16 bypass; +}; +struct xt_NFQ_info_v3 { + __u16 queuenum; + __u16 queues_total; + __u16 flags; +#define NFQ_FLAG_BYPASS 0x01 +#define NFQ_FLAG_CPU_FANOUT 0x02 +#define NFQ_FLAG_MASK 0x03 +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_RATEEST.h b/libc/kernel/uapi/linux/netfilter/xt_RATEEST.h new file mode 100644 index 0000000..2f4ade3 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_RATEEST.h
@@ -0,0 +1,17 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_RATEEST_TARGET_H +#define _XT_RATEEST_TARGET_H +#include <linux/types.h> +#include <linux/if.h> +struct xt_rateest_target_info { + char name[IFNAMSIZ]; + __s8 interval; + __u8 ewma_log; + struct xt_rateest * est __attribute__((aligned(8))); +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_SECMARK.h b/libc/kernel/uapi/linux/netfilter/xt_SECMARK.h new file mode 100644 index 0000000..a26c486 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_SECMARK.h
@@ -0,0 +1,22 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_SECMARK_H_target +#define _XT_SECMARK_H_target +#include <linux/types.h> +#define SECMARK_MODE_SEL 0x01 +#define SECMARK_SECCTX_MAX 256 +struct xt_secmark_target_info { + __u8 mode; + __u32 secid; + char secctx[SECMARK_SECCTX_MAX]; +}; +struct xt_secmark_target_info_v1 { + __u8 mode; + char secctx[SECMARK_SECCTX_MAX]; + __u32 secid; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_SYNPROXY.h b/libc/kernel/uapi/linux/netfilter/xt_SYNPROXY.h new file mode 100644 index 0000000..1178dcb --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_SYNPROXY.h
@@ -0,0 +1,16 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_SYNPROXY_H +#define _XT_SYNPROXY_H +#include <linux/netfilter/nf_synproxy.h> +#define XT_SYNPROXY_OPT_MSS NF_SYNPROXY_OPT_MSS +#define XT_SYNPROXY_OPT_WSCALE NF_SYNPROXY_OPT_WSCALE +#define XT_SYNPROXY_OPT_SACK_PERM NF_SYNPROXY_OPT_SACK_PERM +#define XT_SYNPROXY_OPT_TIMESTAMP NF_SYNPROXY_OPT_TIMESTAMP +#define XT_SYNPROXY_OPT_ECN NF_SYNPROXY_OPT_ECN +#define xt_synproxy_info nf_synproxy_info +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_TCPMSS.h b/libc/kernel/uapi/linux/netfilter/xt_TCPMSS.h new file mode 100644 index 0000000..3c3093a --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_TCPMSS.h
@@ -0,0 +1,14 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_TCPMSS_H +#define _XT_TCPMSS_H +#include <linux/types.h> +struct xt_tcpmss_info { + __u16 mss; +}; +#define XT_TCPMSS_CLAMP_PMTU 0xffff +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_TCPOPTSTRIP.h b/libc/kernel/uapi/linux/netfilter/xt_TCPOPTSTRIP.h new file mode 100644 index 0000000..0c1d715 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_TCPOPTSTRIP.h
@@ -0,0 +1,15 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_TCPOPTSTRIP_H +#define _XT_TCPOPTSTRIP_H +#include <linux/types.h> +#define tcpoptstrip_set_bit(bmap,idx) (bmap[(idx) >> 5] |= 1U << (idx & 31)) +#define tcpoptstrip_test_bit(bmap,idx) (((1U << (idx & 31)) & bmap[(idx) >> 5]) != 0) +struct xt_tcpoptstrip_target_info { + __u32 strip_bmap[8]; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_TEE.h b/libc/kernel/uapi/linux/netfilter/xt_TEE.h new file mode 100644 index 0000000..94a9572 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_TEE.h
@@ -0,0 +1,15 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_TEE_TARGET_H +#define _XT_TEE_TARGET_H +#include <linux/netfilter.h> +struct xt_tee_tginfo { + union nf_inet_addr gw; + char oif[16]; + struct xt_tee_priv * priv __attribute__((aligned(8))); +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_addrtype.h b/libc/kernel/uapi/linux/netfilter/xt_addrtype.h new file mode 100644 index 0000000..f5eefd6 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_addrtype.h
@@ -0,0 +1,41 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_ADDRTYPE_H +#define _XT_ADDRTYPE_H +#include <linux/types.h> +enum { + XT_ADDRTYPE_INVERT_SOURCE = 0x0001, + XT_ADDRTYPE_INVERT_DEST = 0x0002, + XT_ADDRTYPE_LIMIT_IFACE_IN = 0x0004, + XT_ADDRTYPE_LIMIT_IFACE_OUT = 0x0008, +}; +enum { + XT_ADDRTYPE_UNSPEC = 1 << 0, + XT_ADDRTYPE_UNICAST = 1 << 1, + XT_ADDRTYPE_LOCAL = 1 << 2, + XT_ADDRTYPE_BROADCAST = 1 << 3, + XT_ADDRTYPE_ANYCAST = 1 << 4, + XT_ADDRTYPE_MULTICAST = 1 << 5, + XT_ADDRTYPE_BLACKHOLE = 1 << 6, + XT_ADDRTYPE_UNREACHABLE = 1 << 7, + XT_ADDRTYPE_PROHIBIT = 1 << 8, + XT_ADDRTYPE_THROW = 1 << 9, + XT_ADDRTYPE_NAT = 1 << 10, + XT_ADDRTYPE_XRESOLVE = 1 << 11, +}; +struct xt_addrtype_info_v1 { + __u16 source; + __u16 dest; + __u32 flags; +}; +struct xt_addrtype_info { + __u16 source; + __u16 dest; + __u32 invert_source; + __u32 invert_dest; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_bpf.h b/libc/kernel/uapi/linux/netfilter/xt_bpf.h new file mode 100644 index 0000000..b91c2af --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_bpf.h
@@ -0,0 +1,36 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_BPF_H +#define _XT_BPF_H +#include <linux/filter.h> +#include <linux/limits.h> +#include <linux/types.h> +#define XT_BPF_MAX_NUM_INSTR 64 +#define XT_BPF_PATH_MAX (XT_BPF_MAX_NUM_INSTR * sizeof(struct sock_filter)) +struct bpf_prog; +struct xt_bpf_info { + __u16 bpf_program_num_elem; + struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR]; + struct bpf_prog * filter __attribute__((aligned(8))); +}; +enum xt_bpf_modes { + XT_BPF_MODE_BYTECODE, + XT_BPF_MODE_FD_PINNED, + XT_BPF_MODE_FD_ELF, +}; +#define XT_BPF_MODE_PATH_PINNED XT_BPF_MODE_FD_PINNED +struct xt_bpf_info_v1 { + __u16 mode; + __u16 bpf_program_num_elem; + __s32 fd; + union { + struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR]; + char path[XT_BPF_PATH_MAX]; + }; + struct bpf_prog * filter __attribute__((aligned(8))); +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_cgroup.h b/libc/kernel/uapi/linux/netfilter/xt_cgroup.h new file mode 100644 index 0000000..1386d1e --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_cgroup.h
@@ -0,0 +1,36 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _UAPI_XT_CGROUP_H +#define _UAPI_XT_CGROUP_H +#include <linux/types.h> +#include <linux/limits.h> +struct xt_cgroup_info_v0 { + __u32 id; + __u32 invert; +}; +struct xt_cgroup_info_v1 { + __u8 has_path; + __u8 has_classid; + __u8 invert_path; + __u8 invert_classid; + char path[PATH_MAX]; + __u32 classid; + void * priv __attribute__((aligned(8))); +}; +#define XT_CGROUP_PATH_MAX 512 +struct xt_cgroup_info_v2 { + __u8 has_path; + __u8 has_classid; + __u8 invert_path; + __u8 invert_classid; + union { + char path[XT_CGROUP_PATH_MAX]; + __u32 classid; + }; + void * priv __attribute__((aligned(8))); +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_cluster.h b/libc/kernel/uapi/linux/netfilter/xt_cluster.h new file mode 100644 index 0000000..3a2a3ed --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_cluster.h
@@ -0,0 +1,20 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_CLUSTER_MATCH_H +#define _XT_CLUSTER_MATCH_H +#include <linux/types.h> +enum xt_cluster_flags { + XT_CLUSTER_F_INV = (1 << 0) +}; +struct xt_cluster_match_info { + __u32 total_nodes; + __u32 node_mask; + __u32 hash_seed; + __u32 flags; +}; +#define XT_CLUSTER_NODES_MAX 32 +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_comment.h b/libc/kernel/uapi/linux/netfilter/xt_comment.h new file mode 100644 index 0000000..39c268f --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_comment.h
@@ -0,0 +1,13 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_COMMENT_H +#define _XT_COMMENT_H +#define XT_MAX_COMMENT_LEN 256 +struct xt_comment_info { + char comment[XT_MAX_COMMENT_LEN]; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_connbytes.h b/libc/kernel/uapi/linux/netfilter/xt_connbytes.h new file mode 100644 index 0000000..df51bb6 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_connbytes.h
@@ -0,0 +1,28 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_CONNBYTES_H +#define _XT_CONNBYTES_H +#include <linux/types.h> +enum xt_connbytes_what { + XT_CONNBYTES_PKTS, + XT_CONNBYTES_BYTES, + XT_CONNBYTES_AVGPKT, +}; +enum xt_connbytes_direction { + XT_CONNBYTES_DIR_ORIGINAL, + XT_CONNBYTES_DIR_REPLY, + XT_CONNBYTES_DIR_BOTH, +}; +struct xt_connbytes_info { + struct { + __aligned_u64 from; + __aligned_u64 to; + } count; + __u8 what; + __u8 direction; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_connlabel.h b/libc/kernel/uapi/linux/netfilter/xt_connlabel.h new file mode 100644 index 0000000..9c27f98 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_connlabel.h
@@ -0,0 +1,19 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _UAPI_XT_CONNLABEL_H +#define _UAPI_XT_CONNLABEL_H +#include <linux/types.h> +#define XT_CONNLABEL_MAXBIT 127 +enum xt_connlabel_mtopts { + XT_CONNLABEL_OP_INVERT = 1 << 0, + XT_CONNLABEL_OP_SET = 1 << 1, +}; +struct xt_connlabel_mtinfo { + __u16 bit; + __u16 options; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_connlimit.h b/libc/kernel/uapi/linux/netfilter/xt_connlimit.h new file mode 100644 index 0000000..43603a7 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_connlimit.h
@@ -0,0 +1,28 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_CONNLIMIT_H +#define _XT_CONNLIMIT_H +#include <linux/types.h> +#include <linux/netfilter.h> +struct xt_connlimit_data; +enum { + XT_CONNLIMIT_INVERT = 1 << 0, + XT_CONNLIMIT_DADDR = 1 << 1, +}; +struct xt_connlimit_info { + union { + union nf_inet_addr mask; + union { + __be32 v4_mask; + __be32 v6_mask[4]; + }; + }; + unsigned int limit; + __u32 flags; + struct nf_conncount_data * data __attribute__((aligned(8))); +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_connmark.h b/libc/kernel/uapi/linux/netfilter/xt_connmark.h new file mode 100644 index 0000000..95bedf5 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_connmark.h
@@ -0,0 +1,31 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_CONNMARK_H +#define _XT_CONNMARK_H +#include <linux/types.h> +enum { + XT_CONNMARK_SET = 0, + XT_CONNMARK_SAVE, + XT_CONNMARK_RESTORE +}; +enum { + D_SHIFT_LEFT = 0, + D_SHIFT_RIGHT, +}; +struct xt_connmark_tginfo1 { + __u32 ctmark, ctmask, nfmask; + __u8 mode; +}; +struct xt_connmark_tginfo2 { + __u32 ctmark, ctmask, nfmask; + __u8 shift_dir, shift_bits, mode; +}; +struct xt_connmark_mtinfo1 { + __u32 mark, mask; + __u8 invert; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_conntrack.h b/libc/kernel/uapi/linux/netfilter/xt_conntrack.h new file mode 100644 index 0000000..dafa665 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_conntrack.h
@@ -0,0 +1,71 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_CONNTRACK_H +#define _XT_CONNTRACK_H +#include <linux/types.h> +#include <linux/netfilter.h> +#include <linux/netfilter/nf_conntrack_tuple_common.h> +#define XT_CONNTRACK_STATE_BIT(ctinfo) (1 << ((ctinfo) % IP_CT_IS_REPLY + 1)) +#define XT_CONNTRACK_STATE_INVALID (1 << 0) +#define XT_CONNTRACK_STATE_SNAT (1 << (IP_CT_NUMBER + 1)) +#define XT_CONNTRACK_STATE_DNAT (1 << (IP_CT_NUMBER + 2)) +#define XT_CONNTRACK_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 3)) +enum { + XT_CONNTRACK_STATE = 1 << 0, + XT_CONNTRACK_PROTO = 1 << 1, + XT_CONNTRACK_ORIGSRC = 1 << 2, + XT_CONNTRACK_ORIGDST = 1 << 3, + XT_CONNTRACK_REPLSRC = 1 << 4, + XT_CONNTRACK_REPLDST = 1 << 5, + XT_CONNTRACK_STATUS = 1 << 6, + XT_CONNTRACK_EXPIRES = 1 << 7, + XT_CONNTRACK_ORIGSRC_PORT = 1 << 8, + XT_CONNTRACK_ORIGDST_PORT = 1 << 9, + XT_CONNTRACK_REPLSRC_PORT = 1 << 10, + XT_CONNTRACK_REPLDST_PORT = 1 << 11, + XT_CONNTRACK_DIRECTION = 1 << 12, + XT_CONNTRACK_STATE_ALIAS = 1 << 13, +}; +struct xt_conntrack_mtinfo1 { + union nf_inet_addr origsrc_addr, origsrc_mask; + union nf_inet_addr origdst_addr, origdst_mask; + union nf_inet_addr replsrc_addr, replsrc_mask; + union nf_inet_addr repldst_addr, repldst_mask; + __u32 expires_min, expires_max; + __u16 l4proto; + __be16 origsrc_port, origdst_port; + __be16 replsrc_port, repldst_port; + __u16 match_flags, invert_flags; + __u8 state_mask, status_mask; +}; +struct xt_conntrack_mtinfo2 { + union nf_inet_addr origsrc_addr, origsrc_mask; + union nf_inet_addr origdst_addr, origdst_mask; + union nf_inet_addr replsrc_addr, replsrc_mask; + union nf_inet_addr repldst_addr, repldst_mask; + __u32 expires_min, expires_max; + __u16 l4proto; + __be16 origsrc_port, origdst_port; + __be16 replsrc_port, repldst_port; + __u16 match_flags, invert_flags; + __u16 state_mask, status_mask; +}; +struct xt_conntrack_mtinfo3 { + union nf_inet_addr origsrc_addr, origsrc_mask; + union nf_inet_addr origdst_addr, origdst_mask; + union nf_inet_addr replsrc_addr, replsrc_mask; + union nf_inet_addr repldst_addr, repldst_mask; + __u32 expires_min, expires_max; + __u16 l4proto; + __u16 origsrc_port, origdst_port; + __u16 replsrc_port, repldst_port; + __u16 match_flags, invert_flags; + __u16 state_mask, status_mask; + __u16 origsrc_port_high, origdst_port_high; + __u16 replsrc_port_high, repldst_port_high; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_cpu.h b/libc/kernel/uapi/linux/netfilter/xt_cpu.h new file mode 100644 index 0000000..800134c --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_cpu.h
@@ -0,0 +1,14 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_CPU_H +#define _XT_CPU_H +#include <linux/types.h> +struct xt_cpu_info { + __u32 cpu; + __u32 invert; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_dccp.h b/libc/kernel/uapi/linux/netfilter/xt_dccp.h new file mode 100644 index 0000000..dff62d8 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_dccp.h
@@ -0,0 +1,23 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_DCCP_H_ +#define _XT_DCCP_H_ +#include <linux/types.h> +#define XT_DCCP_SRC_PORTS 0x01 +#define XT_DCCP_DEST_PORTS 0x02 +#define XT_DCCP_TYPE 0x04 +#define XT_DCCP_OPTION 0x08 +#define XT_DCCP_VALID_FLAGS 0x0f +struct xt_dccp_info { + __u16 dpts[2]; + __u16 spts[2]; + __u16 flags; + __u16 invflags; + __u16 typemask; + __u8 option; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_devgroup.h b/libc/kernel/uapi/linux/netfilter/xt_devgroup.h new file mode 100644 index 0000000..7566c72 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_devgroup.h
@@ -0,0 +1,23 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_DEVGROUP_H +#define _XT_DEVGROUP_H +#include <linux/types.h> +enum xt_devgroup_flags { + XT_DEVGROUP_MATCH_SRC = 0x1, + XT_DEVGROUP_INVERT_SRC = 0x2, + XT_DEVGROUP_MATCH_DST = 0x4, + XT_DEVGROUP_INVERT_DST = 0x8, +}; +struct xt_devgroup_info { + __u32 flags; + __u32 src_group; + __u32 src_mask; + __u32 dst_group; + __u32 dst_mask; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_dscp.h b/libc/kernel/uapi/linux/netfilter/xt_dscp.h new file mode 100644 index 0000000..8050e12 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_dscp.h
@@ -0,0 +1,22 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_DSCP_H +#define _XT_DSCP_H +#include <linux/types.h> +#define XT_DSCP_MASK 0xfc +#define XT_DSCP_SHIFT 2 +#define XT_DSCP_MAX 0x3f +struct xt_dscp_info { + __u8 dscp; + __u8 invert; +}; +struct xt_tos_match_info { + __u8 tos_mask; + __u8 tos_value; + __u8 invert; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_ecn.h b/libc/kernel/uapi/linux/netfilter/xt_ecn.h new file mode 100644 index 0000000..9a5cc0e --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_ecn.h
@@ -0,0 +1,26 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_ECN_H +#define _XT_ECN_H +#include <linux/types.h> +#include <linux/netfilter/xt_dscp.h> +#define XT_ECN_IP_MASK (~XT_DSCP_MASK) +#define XT_ECN_OP_MATCH_IP 0x01 +#define XT_ECN_OP_MATCH_ECE 0x10 +#define XT_ECN_OP_MATCH_CWR 0x20 +#define XT_ECN_OP_MATCH_MASK 0xce +struct xt_ecn_info { + __u8 operation; + __u8 invert; + __u8 ip_ect; + union { + struct { + __u8 ect; + } tcp; + } proto; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_esp.h b/libc/kernel/uapi/linux/netfilter/xt_esp.h new file mode 100644 index 0000000..b565858 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_esp.h
@@ -0,0 +1,16 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_ESP_H +#define _XT_ESP_H +#include <linux/types.h> +struct xt_esp { + __u32 spis[2]; + __u8 invflags; +}; +#define XT_ESP_INV_SPI 0x01 +#define XT_ESP_INV_MASK 0x01 +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_hashlimit.h b/libc/kernel/uapi/linux/netfilter/xt_hashlimit.h new file mode 100644 index 0000000..4f2ab6a --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_hashlimit.h
@@ -0,0 +1,89 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _UAPI_XT_HASHLIMIT_H +#define _UAPI_XT_HASHLIMIT_H +#include <linux/types.h> +#include <linux/limits.h> +#include <linux/if.h> +#define XT_HASHLIMIT_SCALE 10000 +#define XT_HASHLIMIT_SCALE_v2 1000000llu +#define XT_HASHLIMIT_BYTE_SHIFT 4 +struct xt_hashlimit_htable; +enum { + XT_HASHLIMIT_HASH_DIP = 1 << 0, + XT_HASHLIMIT_HASH_DPT = 1 << 1, + XT_HASHLIMIT_HASH_SIP = 1 << 2, + XT_HASHLIMIT_HASH_SPT = 1 << 3, + XT_HASHLIMIT_INVERT = 1 << 4, + XT_HASHLIMIT_BYTES = 1 << 5, + XT_HASHLIMIT_RATE_MATCH = 1 << 6, +}; +struct hashlimit_cfg { + __u32 mode; + __u32 avg; + __u32 burst; + __u32 size; + __u32 max; + __u32 gc_interval; + __u32 expire; +}; +struct xt_hashlimit_info { + char name[IFNAMSIZ]; + struct hashlimit_cfg cfg; + struct xt_hashlimit_htable * hinfo; + union { + void * ptr; + struct xt_hashlimit_info * master; + } u; +}; +struct hashlimit_cfg1 { + __u32 mode; + __u32 avg; + __u32 burst; + __u32 size; + __u32 max; + __u32 gc_interval; + __u32 expire; + __u8 srcmask, dstmask; +}; +struct hashlimit_cfg2 { + __u64 avg; + __u64 burst; + __u32 mode; + __u32 size; + __u32 max; + __u32 gc_interval; + __u32 expire; + __u8 srcmask, dstmask; +}; +struct hashlimit_cfg3 { + __u64 avg; + __u64 burst; + __u32 mode; + __u32 size; + __u32 max; + __u32 gc_interval; + __u32 expire; + __u32 interval; + __u8 srcmask, dstmask; +}; +struct xt_hashlimit_mtinfo1 { + char name[IFNAMSIZ]; + struct hashlimit_cfg1 cfg; + struct xt_hashlimit_htable * hinfo __attribute__((aligned(8))); +}; +struct xt_hashlimit_mtinfo2 { + char name[NAME_MAX]; + struct hashlimit_cfg2 cfg; + struct xt_hashlimit_htable * hinfo __attribute__((aligned(8))); +}; +struct xt_hashlimit_mtinfo3 { + char name[NAME_MAX]; + struct hashlimit_cfg3 cfg; + struct xt_hashlimit_htable * hinfo __attribute__((aligned(8))); +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_helper.h b/libc/kernel/uapi/linux/netfilter/xt_helper.h new file mode 100644 index 0000000..8051382 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_helper.h
@@ -0,0 +1,13 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_HELPER_H +#define _XT_HELPER_H +struct xt_helper_info { + int invert; + char name[30]; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_ipcomp.h b/libc/kernel/uapi/linux/netfilter/xt_ipcomp.h new file mode 100644 index 0000000..a654f1c --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_ipcomp.h
@@ -0,0 +1,17 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_IPCOMP_H +#define _XT_IPCOMP_H +#include <linux/types.h> +struct xt_ipcomp { + __u32 spis[2]; + __u8 invflags; + __u8 hdrres; +}; +#define XT_IPCOMP_INV_SPI 0x01 +#define XT_IPCOMP_INV_MASK 0x01 +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_iprange.h b/libc/kernel/uapi/linux/netfilter/xt_iprange.h new file mode 100644 index 0000000..8e73458 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_iprange.h
@@ -0,0 +1,22 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _LINUX_NETFILTER_XT_IPRANGE_H +#define _LINUX_NETFILTER_XT_IPRANGE_H 1 +#include <linux/types.h> +#include <linux/netfilter.h> +enum { + IPRANGE_SRC = 1 << 0, + IPRANGE_DST = 1 << 1, + IPRANGE_SRC_INV = 1 << 4, + IPRANGE_DST_INV = 1 << 5, +}; +struct xt_iprange_mtinfo { + union nf_inet_addr src_min, src_max; + union nf_inet_addr dst_min, dst_max; + __u8 flags; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_ipvs.h b/libc/kernel/uapi/linux/netfilter/xt_ipvs.h new file mode 100644 index 0000000..414f427 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_ipvs.h
@@ -0,0 +1,31 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_IPVS_H +#define _XT_IPVS_H +#include <linux/types.h> +#include <linux/netfilter.h> +enum { + XT_IPVS_IPVS_PROPERTY = 1 << 0, + XT_IPVS_PROTO = 1 << 1, + XT_IPVS_VADDR = 1 << 2, + XT_IPVS_VPORT = 1 << 3, + XT_IPVS_DIR = 1 << 4, + XT_IPVS_METHOD = 1 << 5, + XT_IPVS_VPORTCTL = 1 << 6, + XT_IPVS_MASK = (1 << 7) - 1, + XT_IPVS_ONCE_MASK = XT_IPVS_MASK & ~XT_IPVS_IPVS_PROPERTY +}; +struct xt_ipvs_mtinfo { + union nf_inet_addr vaddr, vmask; + __be16 vport; + __u8 l4proto; + __u8 fwd_method; + __be16 vportctl; + __u8 invert; + __u8 bitmask; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_l2tp.h b/libc/kernel/uapi/linux/netfilter/xt_l2tp.h new file mode 100644 index 0000000..93d0721 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_l2tp.h
@@ -0,0 +1,27 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _LINUX_NETFILTER_XT_L2TP_H +#define _LINUX_NETFILTER_XT_L2TP_H +#include <linux/types.h> +enum xt_l2tp_type { + XT_L2TP_TYPE_CONTROL, + XT_L2TP_TYPE_DATA, +}; +struct xt_l2tp_info { + __u32 tid; + __u32 sid; + __u8 version; + __u8 type; + __u8 flags; +}; +enum { + XT_L2TP_TID = (1 << 0), + XT_L2TP_SID = (1 << 1), + XT_L2TP_VERSION = (1 << 2), + XT_L2TP_TYPE = (1 << 3), +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_length.h b/libc/kernel/uapi/linux/netfilter/xt_length.h new file mode 100644 index 0000000..4394d06 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_length.h
@@ -0,0 +1,14 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_LENGTH_H +#define _XT_LENGTH_H +#include <linux/types.h> +struct xt_length_info { + __u16 min, max; + __u8 invert; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_limit.h b/libc/kernel/uapi/linux/netfilter/xt_limit.h new file mode 100644 index 0000000..05f3329 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_limit.h
@@ -0,0 +1,20 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_RATE_H +#define _XT_RATE_H +#include <linux/types.h> +#define XT_LIMIT_SCALE 10000 +struct xt_limit_priv; +struct xt_rateinfo { + __u32 avg; + __u32 burst; + unsigned long prev; + __u32 credit; + __u32 credit_cap, cost; + struct xt_limit_priv * master; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_mac.h b/libc/kernel/uapi/linux/netfilter/xt_mac.h new file mode 100644 index 0000000..bbc9980 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_mac.h
@@ -0,0 +1,14 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_MAC_H +#define _XT_MAC_H +#include <linux/if_ether.h> +struct xt_mac_info { + unsigned char srcaddr[ETH_ALEN]; + int invert; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_multiport.h b/libc/kernel/uapi/linux/netfilter/xt_multiport.h new file mode 100644 index 0000000..b70b0f5 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_multiport.h
@@ -0,0 +1,28 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_MULTIPORT_H +#define _XT_MULTIPORT_H +#include <linux/types.h> +enum xt_multiport_flags { + XT_MULTIPORT_SOURCE, + XT_MULTIPORT_DESTINATION, + XT_MULTIPORT_EITHER +}; +#define XT_MULTI_PORTS 15 +struct xt_multiport { + __u8 flags; + __u8 count; + __u16 ports[XT_MULTI_PORTS]; +}; +struct xt_multiport_v1 { + __u8 flags; + __u8 count; + __u16 ports[XT_MULTI_PORTS]; + __u8 pflags[XT_MULTI_PORTS]; + __u8 invert; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_nfacct.h b/libc/kernel/uapi/linux/netfilter/xt_nfacct.h new file mode 100644 index 0000000..8686c43 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_nfacct.h
@@ -0,0 +1,19 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_NFACCT_MATCH_H +#define _XT_NFACCT_MATCH_H +#include <linux/netfilter/nfnetlink_acct.h> +struct nf_acct; +struct xt_nfacct_match_info { + char name[NFACCT_NAME_MAX]; + struct nf_acct * nfacct; +}; +struct xt_nfacct_match_info_v1 { + char name[NFACCT_NAME_MAX]; + struct nf_acct * nfacct __attribute__((aligned(8))); +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_osf.h b/libc/kernel/uapi/linux/netfilter/xt_osf.h new file mode 100644 index 0000000..8149ed3 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_osf.h
@@ -0,0 +1,30 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_OSF_H +#define _XT_OSF_H +#include <linux/types.h> +#include <linux/netfilter/nfnetlink_osf.h> +#define XT_OSF_GENRE NF_OSF_GENRE +#define XT_OSF_INVERT NF_OSF_INVERT +#define XT_OSF_TTL NF_OSF_TTL +#define XT_OSF_LOG NF_OSF_LOG +#define XT_OSF_LOGLEVEL_ALL NF_OSF_LOGLEVEL_ALL +#define XT_OSF_LOGLEVEL_FIRST NF_OSF_LOGLEVEL_FIRST +#define XT_OSF_LOGLEVEL_ALL_KNOWN NF_OSF_LOGLEVEL_ALL_KNOWN +#define XT_OSF_TTL_TRUE NF_OSF_TTL_TRUE +#define XT_OSF_TTL_NOCHECK NF_OSF_TTL_NOCHECK +#define XT_OSF_TTL_LESS NF_OSF_TTL_LESS +#define xt_osf_wc nf_osf_wc +#define xt_osf_opt nf_osf_opt +#define xt_osf_info nf_osf_info +#define xt_osf_user_finger nf_osf_user_finger +#define xt_osf_finger nf_osf_finger +#define xt_osf_nlmsg nf_osf_nlmsg +#define xt_osf_window_size_options nf_osf_window_size_options +#define xt_osf_attr_type nf_osf_attr_type +#define xt_osf_msg_types nf_osf_msg_types +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_owner.h b/libc/kernel/uapi/linux/netfilter/xt_owner.h new file mode 100644 index 0000000..259f288 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_owner.h
@@ -0,0 +1,22 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_OWNER_MATCH_H +#define _XT_OWNER_MATCH_H +#include <linux/types.h> +enum { + XT_OWNER_UID = 1 << 0, + XT_OWNER_GID = 1 << 1, + XT_OWNER_SOCKET = 1 << 2, + XT_OWNER_SUPPL_GROUPS = 1 << 3, +}; +#define XT_OWNER_MASK (XT_OWNER_UID | XT_OWNER_GID | XT_OWNER_SOCKET | XT_OWNER_SUPPL_GROUPS) +struct xt_owner_match_info { + __u32 uid_min, uid_max; + __u32 gid_min, gid_max; + __u8 match, invert; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_physdev.h b/libc/kernel/uapi/linux/netfilter/xt_physdev.h new file mode 100644 index 0000000..2c0746c --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_physdev.h
@@ -0,0 +1,25 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _UAPI_XT_PHYSDEV_H +#define _UAPI_XT_PHYSDEV_H +#include <linux/types.h> +#include <linux/if.h> +#define XT_PHYSDEV_OP_IN 0x01 +#define XT_PHYSDEV_OP_OUT 0x02 +#define XT_PHYSDEV_OP_BRIDGED 0x04 +#define XT_PHYSDEV_OP_ISIN 0x08 +#define XT_PHYSDEV_OP_ISOUT 0x10 +#define XT_PHYSDEV_OP_MASK (0x20 - 1) +struct xt_physdev_info { + char physindev[IFNAMSIZ]; + char in_mask[IFNAMSIZ]; + char physoutdev[IFNAMSIZ]; + char out_mask[IFNAMSIZ]; + __u8 invert; + __u8 bitmask; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_pkttype.h b/libc/kernel/uapi/linux/netfilter/xt_pkttype.h new file mode 100644 index 0000000..dee4b04 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_pkttype.h
@@ -0,0 +1,13 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_PKTTYPE_H +#define _XT_PKTTYPE_H +struct xt_pkttype_info { + int pkttype; + int invert; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_policy.h b/libc/kernel/uapi/linux/netfilter/xt_policy.h new file mode 100644 index 0000000..5d36ee6 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_policy.h
@@ -0,0 +1,52 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_POLICY_H +#define _XT_POLICY_H +#include <linux/netfilter.h> +#include <linux/types.h> +#include <linux/in.h> +#include <linux/in6.h> +#define XT_POLICY_MAX_ELEM 4 +enum xt_policy_flags { + XT_POLICY_MATCH_IN = 0x1, + XT_POLICY_MATCH_OUT = 0x2, + XT_POLICY_MATCH_NONE = 0x4, + XT_POLICY_MATCH_STRICT = 0x8, +}; +enum xt_policy_modes { + XT_POLICY_MODE_TRANSPORT, + XT_POLICY_MODE_TUNNEL +}; +struct xt_policy_spec { + __u8 saddr : 1, daddr : 1, proto : 1, mode : 1, spi : 1, reqid : 1; +}; +union xt_policy_addr { + struct in_addr a4; + struct in6_addr a6; +}; +struct xt_policy_elem { + union { + struct { + union xt_policy_addr saddr; + union xt_policy_addr smask; + union xt_policy_addr daddr; + union xt_policy_addr dmask; + }; + }; + __be32 spi; + __u32 reqid; + __u8 proto; + __u8 mode; + struct xt_policy_spec match; + struct xt_policy_spec invert; +}; +struct xt_policy_info { + struct xt_policy_elem pol[XT_POLICY_MAX_ELEM]; + __u16 flags; + __u16 len; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_quota.h b/libc/kernel/uapi/linux/netfilter/xt_quota.h new file mode 100644 index 0000000..51322ec --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_quota.h
@@ -0,0 +1,21 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_QUOTA_H +#define _XT_QUOTA_H +#include <linux/types.h> +enum xt_quota_flags { + XT_QUOTA_INVERT = 0x1, +}; +#define XT_QUOTA_MASK 0x1 +struct xt_quota_priv; +struct xt_quota_info { + __u32 flags; + __u32 pad; + __aligned_u64 quota; + struct xt_quota_priv * master; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_rateest.h b/libc/kernel/uapi/linux/netfilter/xt_rateest.h new file mode 100644 index 0000000..d020f23 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_rateest.h
@@ -0,0 +1,37 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_RATEEST_MATCH_H +#define _XT_RATEEST_MATCH_H +#include <linux/types.h> +#include <linux/if.h> +enum xt_rateest_match_flags { + XT_RATEEST_MATCH_INVERT = 1 << 0, + XT_RATEEST_MATCH_ABS = 1 << 1, + XT_RATEEST_MATCH_REL = 1 << 2, + XT_RATEEST_MATCH_DELTA = 1 << 3, + XT_RATEEST_MATCH_BPS = 1 << 4, + XT_RATEEST_MATCH_PPS = 1 << 5, +}; +enum xt_rateest_match_mode { + XT_RATEEST_MATCH_NONE, + XT_RATEEST_MATCH_EQ, + XT_RATEEST_MATCH_LT, + XT_RATEEST_MATCH_GT, +}; +struct xt_rateest_match_info { + char name1[IFNAMSIZ]; + char name2[IFNAMSIZ]; + __u16 flags; + __u16 mode; + __u32 bps1; + __u32 pps1; + __u32 bps2; + __u32 pps2; + struct xt_rateest * est1 __attribute__((aligned(8))); + struct xt_rateest * est2 __attribute__((aligned(8))); +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_realm.h b/libc/kernel/uapi/linux/netfilter/xt_realm.h new file mode 100644 index 0000000..cb408eb --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_realm.h
@@ -0,0 +1,15 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_REALM_H +#define _XT_REALM_H +#include <linux/types.h> +struct xt_realm_info { + __u32 id; + __u32 mask; + __u8 invert; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_recent.h b/libc/kernel/uapi/linux/netfilter/xt_recent.h new file mode 100644 index 0000000..f3b98ef --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_recent.h
@@ -0,0 +1,41 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _LINUX_NETFILTER_XT_RECENT_H +#define _LINUX_NETFILTER_XT_RECENT_H 1 +#include <linux/types.h> +#include <linux/netfilter.h> +enum { + XT_RECENT_CHECK = 1 << 0, + XT_RECENT_SET = 1 << 1, + XT_RECENT_UPDATE = 1 << 2, + XT_RECENT_REMOVE = 1 << 3, + XT_RECENT_TTL = 1 << 4, + XT_RECENT_REAP = 1 << 5, + XT_RECENT_SOURCE = 0, + XT_RECENT_DEST = 1, + XT_RECENT_NAME_LEN = 200, +}; +#define XT_RECENT_MODIFIERS (XT_RECENT_TTL | XT_RECENT_REAP) +#define XT_RECENT_VALID_FLAGS (XT_RECENT_CHECK | XT_RECENT_SET | XT_RECENT_UPDATE | XT_RECENT_REMOVE | XT_RECENT_TTL | XT_RECENT_REAP) +struct xt_recent_mtinfo { + __u32 seconds; + __u32 hit_count; + __u8 check_set; + __u8 invert; + char name[XT_RECENT_NAME_LEN]; + __u8 side; +}; +struct xt_recent_mtinfo_v1 { + __u32 seconds; + __u32 hit_count; + __u8 check_set; + __u8 invert; + char name[XT_RECENT_NAME_LEN]; + __u8 side; + union nf_inet_addr mask; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_rpfilter.h b/libc/kernel/uapi/linux/netfilter/xt_rpfilter.h new file mode 100644 index 0000000..1751fa9 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_rpfilter.h
@@ -0,0 +1,19 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_RPATH_H +#define _XT_RPATH_H +#include <linux/types.h> +enum { + XT_RPFILTER_LOOSE = 1 << 0, + XT_RPFILTER_VALID_MARK = 1 << 1, + XT_RPFILTER_ACCEPT_LOCAL = 1 << 2, + XT_RPFILTER_INVERT = 1 << 3, +}; +struct xt_rpfilter_info { + __u8 flags; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_sctp.h b/libc/kernel/uapi/linux/netfilter/xt_sctp.h new file mode 100644 index 0000000..91ef326 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_sctp.h
@@ -0,0 +1,44 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_SCTP_H_ +#define _XT_SCTP_H_ +#include <linux/types.h> +#define XT_SCTP_SRC_PORTS 0x01 +#define XT_SCTP_DEST_PORTS 0x02 +#define XT_SCTP_CHUNK_TYPES 0x04 +#define XT_SCTP_VALID_FLAGS 0x07 +struct xt_sctp_flag_info { + __u8 chunktype; + __u8 flag; + __u8 flag_mask; +}; +#define XT_NUM_SCTP_FLAGS 4 +struct xt_sctp_info { + __u16 dpts[2]; + __u16 spts[2]; + __u32 chunkmap[256 / sizeof(__u32)]; +#define SCTP_CHUNK_MATCH_ANY 0x01 +#define SCTP_CHUNK_MATCH_ALL 0x02 +#define SCTP_CHUNK_MATCH_ONLY 0x04 + __u32 chunk_match_type; + struct xt_sctp_flag_info flag_info[XT_NUM_SCTP_FLAGS]; + int flag_count; + __u32 flags; + __u32 invflags; +}; +#define bytes(type) (sizeof(type) * 8) +#define SCTP_CHUNKMAP_SET(chunkmap,type) do { (chunkmap)[type / bytes(__u32)] |= 1u << (type % bytes(__u32)); } while(0) +#define SCTP_CHUNKMAP_CLEAR(chunkmap,type) do { (chunkmap)[type / bytes(__u32)] &= ~(1u << (type % bytes(__u32))); } while(0) +#define SCTP_CHUNKMAP_IS_SET(chunkmap,type) \ +({ ((chunkmap)[type / bytes(__u32)] & (1u << (type % bytes(__u32)))) ? 1 : 0; \ +}) +#define SCTP_CHUNKMAP_RESET(chunkmap) memset((chunkmap), 0, sizeof(chunkmap)) +#define SCTP_CHUNKMAP_SET_ALL(chunkmap) memset((chunkmap), ~0U, sizeof(chunkmap)) +#define SCTP_CHUNKMAP_COPY(destmap,srcmap) memcpy((destmap), (srcmap), sizeof(srcmap)) +#define SCTP_CHUNKMAP_IS_CLEAR(chunkmap) __sctp_chunkmap_is_clear((chunkmap), ARRAY_SIZE(chunkmap)) +#define SCTP_CHUNKMAP_IS_ALL_SET(chunkmap) __sctp_chunkmap_is_all_set((chunkmap), ARRAY_SIZE(chunkmap)) +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_set.h b/libc/kernel/uapi/linux/netfilter/xt_set.h new file mode 100644 index 0000000..c55fff7 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_set.h
@@ -0,0 +1,69 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_SET_H +#define _XT_SET_H +#include <linux/types.h> +#include <linux/netfilter/ipset/ip_set.h> +#define IPSET_SRC 0x01 +#define IPSET_DST 0x02 +#define IPSET_MATCH_INV 0x04 +struct xt_set_info_v0 { + ip_set_id_t index; + union { + __u32 flags[IPSET_DIM_MAX + 1]; + struct { + __u32 __flags[IPSET_DIM_MAX]; + __u8 dim; + __u8 flags; + } compat; + } u; +}; +struct xt_set_info_match_v0 { + struct xt_set_info_v0 match_set; +}; +struct xt_set_info_target_v0 { + struct xt_set_info_v0 add_set; + struct xt_set_info_v0 del_set; +}; +struct xt_set_info { + ip_set_id_t index; + __u8 dim; + __u8 flags; +}; +struct xt_set_info_match_v1 { + struct xt_set_info match_set; +}; +struct xt_set_info_target_v1 { + struct xt_set_info add_set; + struct xt_set_info del_set; +}; +struct xt_set_info_target_v2 { + struct xt_set_info add_set; + struct xt_set_info del_set; + __u32 flags; + __u32 timeout; +}; +struct xt_set_info_match_v3 { + struct xt_set_info match_set; + struct ip_set_counter_match0 packets; + struct ip_set_counter_match0 bytes; + __u32 flags; +}; +struct xt_set_info_target_v3 { + struct xt_set_info add_set; + struct xt_set_info del_set; + struct xt_set_info map_set; + __u32 flags; + __u32 timeout; +}; +struct xt_set_info_match_v4 { + struct xt_set_info match_set; + struct ip_set_counter_match packets; + struct ip_set_counter_match bytes; + __u32 flags; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_socket.h b/libc/kernel/uapi/linux/netfilter/xt_socket.h new file mode 100644 index 0000000..eff17cb --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_socket.h
@@ -0,0 +1,27 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_SOCKET_H +#define _XT_SOCKET_H +#include <linux/types.h> +enum { + XT_SOCKET_TRANSPARENT = 1 << 0, + XT_SOCKET_NOWILDCARD = 1 << 1, + XT_SOCKET_RESTORESKMARK = 1 << 2, +}; +struct xt_socket_mtinfo1 { + __u8 flags; +}; +#define XT_SOCKET_FLAGS_V1 XT_SOCKET_TRANSPARENT +struct xt_socket_mtinfo2 { + __u8 flags; +}; +#define XT_SOCKET_FLAGS_V2 (XT_SOCKET_TRANSPARENT | XT_SOCKET_NOWILDCARD) +struct xt_socket_mtinfo3 { + __u8 flags; +}; +#define XT_SOCKET_FLAGS_V3 (XT_SOCKET_TRANSPARENT | XT_SOCKET_NOWILDCARD | XT_SOCKET_RESTORESKMARK) +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_state.h b/libc/kernel/uapi/linux/netfilter/xt_state.h new file mode 100644 index 0000000..5f40f8b --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_state.h
@@ -0,0 +1,15 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_STATE_H +#define _XT_STATE_H +#define XT_STATE_BIT(ctinfo) (1 << ((ctinfo) % IP_CT_IS_REPLY + 1)) +#define XT_STATE_INVALID (1 << 0) +#define XT_STATE_UNTRACKED (1 << (IP_CT_NUMBER + 1)) +struct xt_state_info { + unsigned int statemask; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_statistic.h b/libc/kernel/uapi/linux/netfilter/xt_statistic.h new file mode 100644 index 0000000..19f9e3c --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_statistic.h
@@ -0,0 +1,36 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_STATISTIC_H +#define _XT_STATISTIC_H +#include <linux/types.h> +enum xt_statistic_mode { + XT_STATISTIC_MODE_RANDOM, + XT_STATISTIC_MODE_NTH, + __XT_STATISTIC_MODE_MAX +}; +#define XT_STATISTIC_MODE_MAX (__XT_STATISTIC_MODE_MAX - 1) +enum xt_statistic_flags { + XT_STATISTIC_INVERT = 0x1, +}; +#define XT_STATISTIC_MASK 0x1 +struct xt_statistic_priv; +struct xt_statistic_info { + __u16 mode; + __u16 flags; + union { + struct { + __u32 probability; + } random; + struct { + __u32 every; + __u32 packet; + __u32 count; + } nth; + } u; + struct xt_statistic_priv * master __attribute__((aligned(8))); +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_string.h b/libc/kernel/uapi/linux/netfilter/xt_string.h new file mode 100644 index 0000000..ee7ef74 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_string.h
@@ -0,0 +1,32 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_STRING_H +#define _XT_STRING_H +#include <linux/types.h> +#define XT_STRING_MAX_PATTERN_SIZE 128 +#define XT_STRING_MAX_ALGO_NAME_SIZE 16 +enum { + XT_STRING_FLAG_INVERT = 0x01, + XT_STRING_FLAG_IGNORECASE = 0x02 +}; +struct xt_string_info { + __u16 from_offset; + __u16 to_offset; + char algo[XT_STRING_MAX_ALGO_NAME_SIZE]; + char pattern[XT_STRING_MAX_PATTERN_SIZE]; + __u8 patlen; + union { + struct { + __u8 invert; + } v0; + struct { + __u8 flags; + } v1; + } u; + struct ts_config __attribute__((aligned(8))) * config; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_tcpmss.h b/libc/kernel/uapi/linux/netfilter/xt_tcpmss.h new file mode 100644 index 0000000..b256ca2 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_tcpmss.h
@@ -0,0 +1,14 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_TCPMSS_MATCH_H +#define _XT_TCPMSS_MATCH_H +#include <linux/types.h> +struct xt_tcpmss_match_info { + __u16 mss_min, mss_max; + __u8 invert; +}; +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_tcpudp.h b/libc/kernel/uapi/linux/netfilter/xt_tcpudp.h index f317646..8408c48 100644 --- a/libc/kernel/uapi/linux/netfilter/xt_tcpudp.h +++ b/libc/kernel/uapi/linux/netfilter/xt_tcpudp.h
@@ -28,4 +28,4 @@ #define XT_UDP_INV_SRCPT 0x01 #define XT_UDP_INV_DSTPT 0x02 #define XT_UDP_INV_MASK 0x03 -#endif \ No newline at end of file +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_time.h b/libc/kernel/uapi/linux/netfilter/xt_time.h new file mode 100644 index 0000000..81161a8 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_time.h
@@ -0,0 +1,28 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_TIME_H +#define _XT_TIME_H 1 +#include <linux/types.h> +struct xt_time_info { + __u32 date_start; + __u32 date_stop; + __u32 daytime_start; + __u32 daytime_stop; + __u32 monthdays_match; + __u8 weekdays_match; + __u8 flags; +}; +enum { + XT_TIME_LOCAL_TZ = 1 << 0, + XT_TIME_CONTIGUOUS = 1 << 1, + XT_TIME_ALL_MONTHDAYS = 0xFFFFFFFE, + XT_TIME_ALL_WEEKDAYS = 0xFE, + XT_TIME_MIN_DAYTIME = 0, + XT_TIME_MAX_DAYTIME = 24 * 60 * 60 - 1, +}; +#define XT_TIME_ALL_FLAGS (XT_TIME_LOCAL_TZ | XT_TIME_CONTIGUOUS) +#endif
diff --git a/libc/kernel/uapi/linux/netfilter/xt_u32.h b/libc/kernel/uapi/linux/netfilter/xt_u32.h new file mode 100644 index 0000000..1af1748 --- /dev/null +++ b/libc/kernel/uapi/linux/netfilter/xt_u32.h
@@ -0,0 +1,36 @@ +/* + * This file is auto-generated. Modifications will be lost. + * + * See https://android.googlesource.com/platform/bionic/+/master/libc/kernel/ + * for more information. + */ +#ifndef _XT_U32_H +#define _XT_U32_H 1 +#include <linux/types.h> +enum xt_u32_ops { + XT_U32_AND, + XT_U32_LEFTSH, + XT_U32_RIGHTSH, + XT_U32_AT, +}; +struct xt_u32_location_element { + __u32 number; + __u8 nextop; +}; +struct xt_u32_value_element { + __u32 min; + __u32 max; +}; +#define XT_U32_MAXSIZE 10 +struct xt_u32_test { + struct xt_u32_location_element location[XT_U32_MAXSIZE + 1]; + struct xt_u32_value_element value[XT_U32_MAXSIZE + 1]; + __u8 nnums; + __u8 nvalues; +}; +struct xt_u32 { + struct xt_u32_test tests[XT_U32_MAXSIZE + 1]; + __u8 ntests; + __u8 invert; +}; +#endif