# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) name: conntrack protocol: netlink-raw protonum: 12 doc: Netfilter connection tracking subsystem over nfnetlink definitions: - name: nfgenmsg type: struct members: - name: nfgen-family type: u8 - name: version type: u8 - name: res-id byte-order: big-endian type: u16 - name: nf-ct-tcp-flags-mask type: struct members: - name: flags type: u8 enum: nf-ct-tcp-flags enum-as-flags: true - name: mask type: u8 enum: nf-ct-tcp-flags enum-as-flags: true - name: nf-ct-tcp-flags type: flags entries: - window-scale - sack-perm - close-init - be-liberal - unacked - maxack - challenge-ack - simultaneous-open - name: nf-ct-tcp-state type: enum entries: - none - syn-sent - syn-recv - established - fin-wait - close-wait - last-ack - time-wait - close - syn-sent2 - max - ignore - retrans - unack - timeout-max - name: nf-ct-sctp-state type: enum entries: - none - cloned - cookie-wait - cookie-echoed - established - shutdown-sent - shutdown-received - shutdown-ack-sent - shutdown-heartbeat-sent - name: nf-ct-status type: flags entries: - expected - seen-reply - assured - confirmed - src-nat - dst-nat - seq-adj - src-nat-done - dst-nat-done - dying - fixed-timeout - template - nat-clash - helper - offload - hw-offload attribute-sets: - name: counter-attrs attributes: - name: packets type: u64 byte-order: big-endian - name: bytes type: u64 byte-order: big-endian - name: packets-old type: u32 - name: bytes-old type: u32 - name: pad type: pad - name: tuple-proto-attrs attributes: - name: proto-num type: u8 doc: l4 protocol number - name: proto-src-port type: u16 byte-order: big-endian doc: l4 source port - name: proto-dst-port type: u16 byte-order: big-endian doc: l4 source port - name: proto-icmp-id type: u16 byte-order: big-endian doc: l4 icmp id - name: proto-icmp-type type: u8 - name: proto-icmp-code type: u8 - name: proto-icmpv6-id type: u16 byte-order: big-endian doc: l4 icmp id - name: proto-icmpv6-type type: u8 - name: proto-icmpv6-code type: u8 - name: tuple-ip-attrs attributes: - name: ip-v4-src type: u32 byte-order: big-endian display-hint: ipv4 doc: ipv4 source address - name: ip-v4-dst type: u32 byte-order: big-endian display-hint: ipv4 doc: ipv4 destination address - name: ip-v6-src type: binary checks: min-len: 16 byte-order: big-endian display-hint: ipv6 doc: ipv6 source address - name: ip-v6-dst type: binary checks: min-len: 16 byte-order: big-endian display-hint: ipv6 doc: ipv6 destination address - name: tuple-attrs attributes: - name: tuple-ip type: nest nested-attributes: tuple-ip-attrs doc: conntrack l3 information - name: tuple-proto type: nest nested-attributes: tuple-proto-attrs doc: conntrack l4 information - name: tuple-zone type: u16 byte-order: big-endian doc: conntrack zone id - name: protoinfo-tcp-attrs attributes: - name: tcp-state type: u8 enum: nf-ct-tcp-state doc: tcp connection state - name: tcp-wscale-original type: u8 doc: window scaling factor in original direction - name: tcp-wscale-reply type: u8 doc: window scaling factor in reply direction - name: tcp-flags-original type: binary struct: nf-ct-tcp-flags-mask - name: tcp-flags-reply type: binary struct: nf-ct-tcp-flags-mask - name: protoinfo-dccp-attrs attributes: - name: dccp-state type: u8 doc: dccp connection state - name: dccp-role type: u8 - name: dccp-handshake-seq type: u64 byte-order: big-endian - name: dccp-pad type: pad - name: protoinfo-sctp-attrs attributes: - name: sctp-state type: u8 doc: sctp connection state enum: nf-ct-sctp-state - name: vtag-original type: u32 byte-order: big-endian - name: vtag-reply type: u32 byte-order: big-endian - name: protoinfo-attrs attributes: - name: protoinfo-tcp type: nest nested-attributes: protoinfo-tcp-attrs doc: conntrack tcp state information - name: protoinfo-dccp type: nest nested-attributes: protoinfo-dccp-attrs doc: conntrack dccp state information - name: protoinfo-sctp type: nest nested-attributes: protoinfo-sctp-attrs doc: conntrack sctp state information - name: help-attrs attributes: - name: help-name type: string doc: helper name - name: nat-proto-attrs attributes: - name: nat-port-min type: u16 byte-order: big-endian - name: nat-port-max type: u16 byte-order: big-endian - name: nat-attrs attributes: - name: nat-v4-minip type: u32 byte-order: big-endian - name: nat-v4-maxip type: u32 byte-order: big-endian - name: nat-v6-minip type: binary - name: nat-v6-maxip type: binary - name: nat-proto type: nest nested-attributes: nat-proto-attrs - name: seqadj-attrs attributes: - name: correction-pos type: u32 byte-order: big-endian - name: offset-before type: u32 byte-order: big-endian - name: offset-after type: u32 byte-order: big-endian - name: secctx-attrs attributes: - name: secctx-name type: string - name: synproxy-attrs attributes: - name: isn type: u32 byte-order: big-endian - name: its type: u32 byte-order: big-endian - name: tsoff type: u32 byte-order: big-endian - name: conntrack-attrs attributes: - name: tuple-orig type: nest nested-attributes: tuple-attrs doc: conntrack l3+l4 protocol information, original direction - name: tuple-reply type: nest nested-attributes: tuple-attrs doc: conntrack l3+l4 protocol information, reply direction - name: status type: u32 byte-order: big-endian enum: nf-ct-status enum-as-flags: true doc: conntrack flag bits - name: protoinfo type: nest nested-attributes: protoinfo-attrs - name: help type: nest nested-attributes: help-attrs - name: nat-src type: nest nested-attributes: nat-attrs - name: timeout type: u32 byte-order: big-endian - name: mark type: u32 byte-order: big-endian - name: counters-orig type: nest nested-attributes: counter-attrs - name: counters-reply type: nest nested-attributes: counter-attrs - name: use type: u32 byte-order: big-endian - name: id type: u32 byte-order: big-endian - name: nat-dst type: nest nested-attributes: nat-attrs - name: tuple-master type: nest nested-attributes: tuple-attrs - name: seq-adj-orig type: nest nested-attributes: seqadj-attrs - name: seq-adj-reply type: nest nested-attributes: seqadj-attrs - name: secmark type: binary doc: obsolete - name: zone type: u16 byte-order: big-endian doc: conntrack zone id - name: secctx type: nest nested-attributes: secctx-attrs - name: timestamp type: u64 byte-order: big-endian - name: mark-mask type: u32 byte-order: big-endian - name: labels type: binary - name: labels mask type: binary - name: synproxy type: nest nested-attributes: synproxy-attrs - name: filter type: nest nested-attributes: tuple-attrs - name: status-mask type: u32 byte-order: big-endian enum: nf-ct-status enum-as-flags: true doc: conntrack flag bits to change - name: timestamp-event type: u64 byte-order: big-endian - name: conntrack-stats-attrs attributes: - name: searched type: u32 byte-order: big-endian doc: obsolete - name: found type: u32 byte-order: big-endian - name: new type: u32 byte-order: big-endian doc: obsolete - name: invalid type: u32 byte-order: big-endian doc: obsolete - name: ignore type: u32 byte-order: big-endian doc: obsolete - name: delete type: u32 byte-order: big-endian doc: obsolete - name: delete-list type: u32 byte-order: big-endian doc: obsolete - name: insert type: u32 byte-order: big-endian - name: insert-failed type: u32 byte-order: big-endian - name: drop type: u32 byte-order: big-endian - name: early-drop type: u32 byte-order: big-endian - name: error type: u32 byte-order: big-endian - name: search-restart type: u32 byte-order: big-endian - name: clash-resolve type: u32 byte-order: big-endian - name: chain-toolong type: u32 byte-order: big-endian operations: enum-model: directional list: - name: get doc: get / dump entries attribute-set: conntrack-attrs fixed-header: nfgenmsg do: request: value: 0x101 attributes: - tuple-orig - tuple-reply - zone reply: value: 0x100 attributes: - tuple-orig - tuple-reply - status - protoinfo - help - nat-src - nat-dst - timeout - mark - counter-orig - counter-reply - use - id - nat-dst - tuple-master - seq-adj-orig - seq-adj-reply - zone - secctx - labels - synproxy dump: request: value: 0x101 attributes: - nfgen-family - mark - filter - status - zone reply: value: 0x100 attributes: - tuple-orig - tuple-reply - status - protoinfo - help - nat-src - nat-dst - timeout - mark - counter-orig - counter-reply - use - id - nat-dst - tuple-master - seq-adj-orig - seq-adj-reply - zone - secctx - labels - synproxy - name: get-stats doc: dump pcpu conntrack stats attribute-set: conntrack-stats-attrs fixed-header: nfgenmsg dump: request: value: 0x104 reply: value: 0x104 attributes: - searched - found - insert - insert-failed - drop - early-drop - error - search-restart - clash-resolve - chain-toolong