Mirrors/DPITunnel-cli
3
0
Fork 0
mirror of https://github.com/nomoresat/DPITunnel-cli.git synced 2025-04-11 20:58:47 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

initial commit

Browse source
This commit is contained in:
nomoresat 2022-01-03 18:27:15 +00:00
commit 624389417f
338 changed files with 106711 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
.github/workflows/cd.yml vendored Normal file
View file

@ -0,0 +1,45 @@
name: CD
on:
release:
types: [created]
push:
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
include:
- arch: amd64
- arch: x86
- arch: armhf
- arch: arm64
name: Build on ${{ matrix.arch }}
steps:
- name: Git Checkout
uses: actions/checkout@v2
- name: Setup Docker
run: |
docker run --rm --privileged multiarch/qemu-user-static:register --reset
- name: Build
run: |
docker run --workdir /github/workspace --rm --entrypoint "./build_static_alpine.sh" -v "$(pwd)":"/github/workspace" multiarch/alpine:${{ matrix.arch }}-v3.14
- name: Upload Binary
if: github.event_name != 'release'
uses: actions/upload-artifact@v2
with:
name: dpitunnel-cli-${{ matrix.arch }}
path: build/DPITunnel-cli-exec
- name: Upload Binary to Release
if: github.event_name == 'release'
uses: svenstaro/upload-release-action@2.2.1
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
file: build/DPITunnel-cli-exec
asset_name: dpitunnel-cli-${{ matrix.arch }}
tag: ${{ github.ref }}

25
.github/workflows/ci.yml vendored Normal file
View file

@ -0,0 +1,25 @@
name: CI
on:
pull_request:
types: [opened, edited]
jobs:
build:
runs-on: ubuntu-latest
strategy:
matrix:
include:
- arch: amd64
name: Build on ${{ matrix.arch }}
steps:
- name: Git Checkout
uses: actions/checkout@v2
- name: Setup Docker
run: |
docker run --rm --privileged multiarch/qemu-user-static:register --reset
- name: Build
run: |
docker run --workdir /github/workspace --rm --entrypoint "./build_static_alpine.sh" -v "$(pwd)":"/github/workspace" multiarch/alpine:${{ matrix.arch }}-v3.14

11
.gitignore vendored Normal file
View file

@ -0,0 +1,11 @@
CMakeLists.txt.user
CMakeCache.txt
CMakeFiles
CMakeScripts
Testing
Makefile
cmake_install.cmake
install_manifest.txt
compile_commands.json
CTestTestfile.cmake
_deps

72
CMakeLists.txt Normal file
View file

@ -0,0 +1,72 @@
# Set the minimum version of CMake that can be used
cmake_minimum_required(VERSION 3.5)
set(CMAKE_CXX_STANDARD 14)
cmake_policy(SET CMP0065 NEW)
if (STATIC_BINARY)
message("Building static portable binary with small size")
endif ()
# Set the project name
project(DPITunnel-cli)
# Add dependencies
add_subdirectory(RawSocket)
add_subdirectory(cpp-httplib)
add_subdirectory(dnslib)
add_subdirectory(libnl)
# Add an executable
add_executable(DPITunnel-cli-exec
autoconf.cpp
desync.cpp
dns.cpp
dpitunnel-cli.cpp
netiface.cpp
packet.cpp
profiles.cpp
socket.cpp
ssl.cpp
utils.cpp
)
if (STATIC_BINARY)
target_link_libraries(DPITunnel-cli-exec -static)
target_link_options(DPITunnel-cli-exec PRIVATE "LINKER:--gc-sections")
target_link_options(DPITunnel-cli-exec PRIVATE "LINKER:-s")
target_compile_options(DPITunnel-cli-exec PRIVATE -ffunction-sections)
endif ()
# Set the directories that should be included in the build command for this target
target_include_directories(DPITunnel-cli-exec
PRIVATE
${PROJECT_SOURCE_DIR}/include
${PROJECT_SOURCE_DIR}/RawSocket/include
${PROJECT_SOURCE_DIR}/cpp-httplib/include
${PROJECT_SOURCE_DIR}/dnslib/include
${PROJECT_SOURCE_DIR}/libnl/include
)
set(THREADS_PREFER_PTHREAD_FLAG ON)
find_package(Threads REQUIRED)
if (STATIC_BINARY)
set(OPENSSL_USE_STATIC_LIBS TRUE)
endif ()
find_package(OpenSSL REQUIRED)
target_link_libraries(DPITunnel-cli-exec
RawSocket
cpp-httplib
dnslib
libnl
Threads::Threads
OpenSSL::SSL
OpenSSL::Crypto
)
if (STATIC_BINARY)
target_link_libraries(DPITunnel-cli-exec ${CMAKE_DL_LIBS})
endif ()

674
LICENSE Normal file
View file

@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<https://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<https://www.gnu.org/licenses/why-not-lgpl.html>.

105
README.md Normal file
View file

@ -0,0 +1,105 @@
<div align="center">
<img src="assets/logo.webp" alt="DPI Tunnel logo" width="200">
<br><h1>DPI Tunnel for Linux</h1>
Free, simple and serverless solution against censorship for Linux PCs and routers
<a href="https://t.me/DPITunnelOFFICIAL">Telegram chat</a>
<br>
<a href="https://github.com/nomoresat/DPITunnel-android">Want version for Android?</a>
<a href="https://github.com/nomoresat/DPITunnel-cli/blob/master/LICENSE"><img src="https://img.shields.io/github/license/nomoresat/DPITunnel-cli?style=flat-square" alt="License"/></a>
<a href="https://github.com/nomoresat/DPITunnel-cli/releases/latest"><img src="https://img.shields.io/github/v/release/nomoresat/DPITunnel-cli?style=flat-square" alt="Latest release"/></a>
<a href="https://github.com/nomoresat/DPITunnel-cli/releases"><img src="https://img.shields.io/github/downloads/nomoresat/DPITunnel-cli/total?style=flat-square" alt="Downloads"/></a>
</div>
### What is it
DPI Tunnel is a proxy server, that allows you to bypass censorship
It is NOT VPN and won't change your IP
DPI Tunnel uses desync attacks to fool DPI filters
RUN IT AS ROOT
### Features
* Bypass many restrictions: blocked or throttled resources
* Create profiles for different ISP and automatically change them when switch connection
* Easily auto configure for your ISP
* Has HTTP and transparent proxy modes
## Configuring
#### For the most of ISPs one of the these 2 profiles will be enough:
```
--ca-bundle-path=<path_to_cabundle> --desync-attacks=fake,disorder_fake --split-position=2 --auto-ttl=1-4-10 --min-ttl=3 --doh --doh-server=https://dns.google/dns-query --wsize=1 --wsfactor=6
```
```
--ca-bundle-path=<path_to_cabundle> --desync-attacks=fake,disorder_fake --split-position=2 --wrong-seq --doh --doh-server=https://dns.google/dns-query --wsize=1 --wsfactor=6
```
*CA Bundle is a file that contains root and intermediate SSL certificates. Required for DoH and autoconfig to work. You can get it for example from [curl](https://curl.se/ca/cacert.pem) site*
#### For other ISPs program has ```--auto``` key to automatically find proper settings
## Running
### HTTP mode (default)
This mode is good for PC or any other device which will only use the proxy for itself.
Run executable with options either from autoconfig or from one of the suggested profiles. The program will tell IP and port on which the proxy server is running. 0.0.0.0 IP means any of IPs this machine has.
Set this proxy in browser or system settings
### Transparent mode
This mode is good for router which will use the proxy for the entire local network.
Run executable with ```--mode transparent``` and append options either from autoconfig or from one of the suggested profiles. The program will tell IP and port on which the proxy server is running. 0.0.0.0 IP means any of IPs this machine has.
#### If proxy running on router:
##### 1. Enable IP forwarding
```
sysctl -w net.ipv4.ip_forward=1
```
##### 2. Disable ICMP redirects
```
sysctl -w net.ipv4.conf.all.send_redirects=0
```
##### 3. Enter something like the following ```iptables``` rules:
```
iptables -t nat -A PREROUTING -i <iface> -p tcp --dport 80 -j REDIRECT --to-port <proxy_port>
iptables -t nat -A PREROUTING -i <iface> -p tcp --dport 443 -j REDIRECT --to-port <proxy_port>
```
#### If proxy running on machine in local network (Raspberry PI for example):
##### 1. On router:
```
iptables -t mangle -A PREROUTING -j ACCEPT -p tcp -m multiport --dports 80,443 -s <proxy_machine_ip>
iptables -t mangle -A PREROUTING -j MARK --set-mark 3 -p tcp -m multiport --dports 80,443
ip rule add fwmark 3 table 2
ip route add default via <proxy_machine_ip> dev <iface> table 2
```
##### 2. On proxy machine:
1. Enable IP forwarding
```
sysctl -w net.ipv4.ip_forward=1
```
2. Disable ICMP redirects
```
sysctl -w net.ipv4.conf.all.send_redirects=0
```
3. Enter something like the following ```iptables``` rules:
```
iptables -t nat -A PREROUTING -i <iface> -p tcp --dport 80 -j REDIRECT --to-port <proxy_port>
iptables -t nat -A PREROUTING -i <iface> -p tcp --dport 443 -j REDIRECT --to-port <proxy_port>
```
## Links
[Telegram chat](https://t.me/DPITunnelOFFICIAL)
[4PDA](https://4pda.to/forum/index.php?showtopic=1043778)
## Thanks
* [ValdikSS (GoodbyeDPI)](https://github.com/ValdikSS/GoodbyeDPI)
## Dependencies
* [RawSocket](https://github.com/chkpk/RawSocket)
* [cpp-httplib](https://github.com/yhirose/cpp-httplib)
* [dnslib](https://github.com/mnezerka/dnslib)
* [libnl](https://www.infradead.org/~tgr/libnl)

7
RawSocket/CMakeLists.txt Normal file
View file

@ -0,0 +1,7 @@
# Set the project name
project(RawSocket)
add_library(${PROJECT_NAME} CheckSum.cpp)
target_include_directories(${PROJECT_NAME}
PUBLIC ${PROJECT_SOURCE_DIR}/include
)

51
RawSocket/CheckSum.cpp Normal file
View file

@ -0,0 +1,51 @@
#include <RawSocket/CheckSum.h>
#include <stdio.h>
struct PseudoHead{
uint8_t zero;
uint8_t type;
uint16_t len;
uint32_t src_ip;
uint32_t dst_ip;
};
static uint32_t CalSum(const uint8_t* buf, int len) {
uint32_t sum = 0;
const uint8_t* p = buf;
for(; len > 1; len -= 2) {
sum += (*p << 8)+ *(p + 1);
p += 2;
}
if (len == 1)
sum += *p << 8; //
//sum += *p; //
return sum;
}
static uint32_t CalPseudoHeadSum(const iphdr* pIpHead, uint8_t type) {
PseudoHead head;
head.zero = 0;
head.type = type;
head.len = htons(static_cast<uint16_t>(ntohs(pIpHead->tot_len) - pIpHead->ihl * 4));
head.src_ip = pIpHead->saddr;
head.dst_ip = pIpHead->daddr;
return CalSum((uint8_t*)&head, sizeof(PseudoHead));
}
uint16_t cksumIp(iphdr* pIpHead){
pIpHead->check = 0;
uint32_t ckSum = CalSum((uint8_t*)pIpHead, pIpHead->ihl * 4);
ckSum = (ckSum >> 16) + (ckSum & 0xffff);
ckSum += ckSum >> 16;
return htons((uint16_t)~ckSum);
}
uint16_t cksumTcp(iphdr* pIpHead, tcphdr* pTcpHead){
pTcpHead->check = 0;
uint32_t ckSum = CalPseudoHeadSum(pIpHead, 0x06);
ckSum += CalSum((uint8_t*)pTcpHead,
ntohs(pIpHead->tot_len) - pIpHead->ihl * 4);
ckSum = (ckSum >> 16) + (ckSum & 0xffff);
ckSum += ckSum >> 16;
return htons((uint16_t)~ckSum);
}

20
RawSocket/include/RawSocket/CheckSum.h Normal file
View file

@ -0,0 +1,20 @@
#ifndef CHECKSUM_H
#define CHECKSUM_H
#ifdef __cplusplus
extern "C" {
#endif
#include <stdint.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
uint16_t cksumIp(iphdr* pIpHead);
uint16_t cksumTcp(iphdr* pIpHead, tcphdr* pTcpHead);
#ifdef __cplusplus
}
#endif
#endif // CHECKSUM_H

BIN
assets/logo.webp Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 3.4 KiB

572
autoconf.cpp Normal file
View file

@ -0,0 +1,572 @@
#include "dpitunnel-cli.h"
#include "autoconf.h"
#include "dns.h"
#include "desync.h"
#include "socket.h"
#include "ssl.h"
#include "utils.h"
#include <algorithm>
#include <atomic>
#include <arpa/inet.h>
#include <cerrno>
#include <chrono>
#include <cstring>
#include <iostream>
#include <vector>
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/x509v3.h>
#include <sys/socket.h>
#include <thread>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <unistd.h>
extern struct Profile_s Profile;
extern struct Settings_perst_s Settings_perst;
bool verify_cert_common_name(X509 *server_cert, std::string host) {
const auto subject_name = X509_get_subject_name(server_cert);
if (subject_name != nullptr) {
char name[254];
auto name_len = X509_NAME_get_text_by_NID(subject_name, NID_commonName,
name, sizeof(name));
if (name_len != -1)
return check_host_name(name, static_cast<size_t>(name_len), host);
}
return false;
}
bool verify_cert_subject_alt_name(X509 *server_cert, std::string host) {
auto ret = false;
auto alt_names = static_cast<const struct stack_st_GENERAL_NAME *>(
X509_get_ext_d2i(server_cert, NID_subject_alt_name, NULL, NULL));
if (alt_names) {
auto dns_matched = false;
auto count = sk_GENERAL_NAME_num(alt_names);
for (decltype(count) i = 0; i < count && !dns_matched; i++) {
auto val = sk_GENERAL_NAME_value(alt_names, i);
if (val->type == GEN_DNS) {
auto name = (const char *) ASN1_STRING_get0_data(val->d.ia5);
auto name_len = (size_t) ASN1_STRING_length(val->d.ia5);
dns_matched = check_host_name(name, name_len, host);
}
}
ret = dns_matched;
}
GENERAL_NAMES_free((STACK_OF(GENERAL_NAME) *) alt_names);
return ret;
}
bool verify_cert(X509 *server_cert, std::string host) {
return verify_cert_subject_alt_name(server_cert, host) ||
verify_cert_common_name(server_cert, host);
}
int check_https_response(int socket, std::string host, std::string ip, int port, int local_port,
const std::string &sniffed_packet, SSL_CTX *ctx, X509_STORE *store) {
BIO *rbio = BIO_new(BIO_s_mem());
BIO *wbio = BIO_new(BIO_s_mem());
SSL *ssl = SSL_new(ctx);
SSL_set_connect_state(ssl);
SSL_set_bio(ssl, rbio, wbio);
SSL_set_tlsext_host_name(ssl, host.c_str());
SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
int res = 0;
unsigned int last_char;
size_t offset = 0;
bool is_first_time = true; // apply desync attack only on ClientHello
bool is_failure = false;
std::string buffer(Profile.buffer_size, ' ');
auto start = std::chrono::high_resolution_clock::now();
while (SSL_do_handshake(ssl) == -1) {
res = BIO_read(wbio, &buffer[0], buffer.size());
if (res > 0) {
if (is_first_time) {
// Split packet at the middle of SNI or at user specified position
unsigned int sni_start, sni_len;
unsigned int split_pos;
// If it's https connection
if (Profile.split_at_sni) {
get_tls_sni(buffer, res, sni_start, sni_len);
if (sni_start + sni_len > res || sni_start == 0 || sni_len == 0)
split_pos = Profile.split_position;
else
split_pos = sni_start + sni_len / 2;
} else
split_pos = std::min((int) Profile.split_position, res);
if (do_desync_attack(socket, ip, port, local_port,
true, sniffed_packet,
buffer, res, split_pos) == -1) {
SSL_free(ssl);
close(socket);
return -1;
}
// Send packet to synchronize SEQ/ACK
std::string data_empty(res, '\x00');
if (Profile.desync_first_attack == DESYNC_FIRST_NONE) {
if (send_string(socket, data_empty, res) == -1) {
SSL_free(ssl);
close(socket);
return -1;
}
} else {
if (send_string(socket, data_empty, split_pos) == -1 ||
send_string(socket, data_empty, res - split_pos) == -1) {
SSL_free(ssl);
close(socket);
return -1;
}
}
is_first_time = false;
} else {
if (send_string(socket, buffer, res) == -1) {
SSL_free(ssl);
close(socket);
return -1;
}
}
} else {
if (recv_string(socket, buffer, last_char) == -1) {
SSL_free(ssl);
close(socket);
return -1;
}
offset = 0;
while (last_char - offset != 0) {
res = BIO_write(rbio, &buffer[0] + offset, last_char);
if (res <= 0) {
std::cerr << "BIO write failure" << std::endl;
SSL_free(ssl);
close(socket);
return -1;
}
offset += res;
}
}
// Check timeout
auto stop = std::chrono::high_resolution_clock::now();
if (std::chrono::duration_cast<std::chrono::seconds>(stop - start).count() >
Settings_perst.test_ssl_handshake_timeout) {
std::cout << "SSL handshake timeout" << std::endl;
SSL_free(ssl);
close(socket);
return -1;
}
}
// Verify certificate
if (SSL_get_verify_result(ssl) != X509_V_OK) {
std::cout << "Failed to verify server certificate" << std::endl;
SSL_free(ssl);
close(socket);
return -1;
}
auto server_cert = SSL_get_peer_certificate(ssl);
if (server_cert == NULL) {
std::cout << "Failed to verify server certificate" << std::endl;
SSL_free(ssl);
close(socket);
return -1;
}
if (!verify_cert(server_cert, host)) {
X509_free(server_cert);
std::cout << "Failed to verify server certificate" << std::endl;
SSL_free(ssl);
close(socket);
return -1;
}
X509_free(server_cert);
SSL_free(ssl);
close(socket);
return 0;
}
int check_http_response(int socket, std::string host, std::string ip, int port, int local_port,
const std::string &sniffed_packet, unsigned int connect_time) {
unsigned int last_char;
std::string buffer(Profile.buffer_size, ' ');
// Receive with timeout
struct timeval timeout_recv;
timeout_recv.tv_sec = 5;
timeout_recv.tv_usec = 0;
std::string request;
request += "GET / HTTP/1.1\r\nHost: ";
request += host;
request += "\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0\r\n"
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*" "/" "*;q=0.8\r\n"
"Accept-Encoding: gzip, deflate\r\n\r\n";
unsigned int split_pos = std::min(Profile.split_position, (unsigned int) request.size());
if (do_desync_attack(socket, ip, port, local_port,
true, sniffed_packet, request, request.size(), split_pos) == -1) {
close(socket);
return -1;
}
unsigned int receive_time;
if (recv_string(socket, buffer, last_char, &timeout_recv, &receive_time) == -1) {
close(socket);
return -1;
}
close(socket);
if (last_char == 0)
return -1;
// Count factors indicating that packet was send by DPI
unsigned short factors = 0;
// Check time
if (receive_time < connect_time * 2 / 3)
factors++;
// Check status code
size_t status_start_position = buffer.find(' ');
if (status_start_position == std::string::npos || status_start_position == buffer.size() - 1) {
std::cout << "Failed to parse server response" << std::endl;
return -1;
}
size_t status_end_position = buffer.find(' ', status_start_position + 1);
if (status_end_position == std::string::npos) {
std::cout << "Failed to parse server response" << std::endl;
return -1;
}
std::string code = buffer.substr(status_start_position + 1,
status_end_position - status_start_position - 1);
if (code == "301" || code == "302" || code == "303" || code == "307" || code == "308")
factors++;
// Check location
size_t location_start_position = buffer.find("Location: ");
if (location_start_position != std::string::npos ||
location_start_position == buffer.size() - 1) {
size_t location_end_position = buffer.find("\r\n", location_start_position + 1);
if (location_end_position != std::string::npos) {
std::string redirect_url = buffer.substr(location_start_position + 10,
location_end_position -
location_start_position - 10);
if (redirect_url.rfind("http://", 0) == 0)
redirect_url.erase(0, 7);
size_t slash_position = redirect_url.find('/');
redirect_url.erase(slash_position);
if (redirect_url.rfind(host, 0) != 0)
factors++;
}
}
if (factors >= 2)
return -1;
else
return 0;
}
int test_desync_attack(std::string host, std::string ip, int port, bool is_https, SSL_CTX *ctx,
X509_STORE *store) {
// Connect to server to check is it blocked by ip and get SYN, ACK packet need for desync attacks
int socket;
std::atomic<bool> flag(true);
std::atomic<int> local_port(-1);
std::atomic<int> status;
std::thread sniff_thread;
std::promise<void> sniff_thread_ready = std::promise<void>();
std::string sniffed_packet;
sniff_thread = std::thread(sniff_handshake_packet, &sniffed_packet,
ip, port, &local_port, &flag, &status, &sniff_thread_ready);
// Wait for sniff thread to init
sniff_thread_ready.get_future().wait();
auto start = std::chrono::high_resolution_clock::now();
if (init_remote_server_socket(socket, ip, port) == -1) {
std::cout << "Resource blocked by IP. I can't help. Use VPN or proxy :((" << std::endl;
// Stop sniff thread
flag.store(false);
if (sniff_thread.joinable()) sniff_thread.join();
close(socket);
return -1;
}
auto stop = std::chrono::high_resolution_clock::now();
unsigned int connect_time = std::chrono::duration_cast<std::chrono::milliseconds>(
stop - start).count();
// Disable TCP Nagle's algorithm
int yes = 1;
if (setsockopt(socket, IPPROTO_TCP, TCP_NODELAY, (char *) &yes, sizeof(yes)) < 0) {
std::cerr << "Can't disable TCP Nagle's algorithm with setsockopt(). Errno: "
<< std::strerror(errno) << std::endl;
// Stop sniff thread
flag.store(false);
if (sniff_thread.joinable()) sniff_thread.join();
close(socket);
return -1;
}
// Get local port to choose proper SYN, ACK packet
struct sockaddr_in local_addr;
socklen_t len = sizeof(local_addr);
if (getsockname(socket, (struct sockaddr *) &local_addr, &len) == -1) {
std::cerr << "Failed to get local port. Errno: " << std::strerror(errno) << std::endl;
// Stop sniff thread
flag.store(false);
if (sniff_thread.joinable()) sniff_thread.join();
close(socket);
return -1;
}
local_port.store(ntohs(local_addr.sin_port));
// Get received ACK packet
if (sniff_thread.joinable()) sniff_thread.join();
if (status.load() == -1) {
std::cerr << "Failed to capture handshake packet" << std::endl;
close(socket);
return -1;
}
return is_https ?
check_https_response(socket, host, ip, port, local_port, sniffed_packet, ctx, store) :
check_http_response(socket, host, ip, port, local_port, sniffed_packet, connect_time);
}
void
show_configured_options(std::string host, std::string ip, int port, bool is_https, SSL_CTX *ctx,
X509_STORE *store) {
// Find minimum working ttl for fake packets
if (Profile.fake_packets_ttl) {
std::cout << "Calculating minimum working ttl..." << std::endl;
short result = -1;
int fake_packets_ttl = Profile.fake_packets_ttl;
Profile.fake_packets_ttl = 1;
while (Profile.fake_packets_ttl <= fake_packets_ttl && result == -1) {
result = test_desync_attack(host, ip, port, is_https, ctx, store);
// Test attack 3 times to ensure it work all times
if (result != -1)
for (short i = 1; i <= 3; i++)
result = std::min(result,
(short) test_desync_attack(host, ip, port, is_https, ctx,
store));
Profile.fake_packets_ttl++;
}
Profile.fake_packets_ttl--;
std::cout << std::endl;
}
std::cout << "Configuration successful! Apply these options when run program:" << std::endl;
if (Profile.builtin_dns) {
std::cout << "-builtin-dns ";
std::cout << "-builtin-dns-ip " << Profile.builtin_dns_ip << ' ';
std::cout << "-builtin-dns-port " << Profile.builtin_dns_port << ' ';
}
std::cout << "-doh ";
std::cout << "-doh-server " << Profile.doh_server << ' ';
if (Profile.split_at_sni)
std::cout << "-split-at-sni ";
if (Profile.window_size != 0)
std::cout << "-wsize " << Profile.window_size << ' ';
if (Profile.window_scale_factor != -1)
std::cout << "-wsfactor " << Profile.window_scale_factor << ' ';
if (Profile.fake_packets_ttl)
std::cout << "-ttl " << Profile.fake_packets_ttl << ' ';
if (Profile.wrong_seq)
std::cout << "-wrong-seq ";
if (is_https)
std::cout << "-ca-bundle-path \"" << Settings_perst.ca_bundle_path << "\" ";
if (Profile.desync_zero_attack != DESYNC_ZERO_NONE ||
Profile.desync_first_attack != DESYNC_FIRST_NONE)
std::cout << "-desync-attacks ";
if (Profile.desync_zero_attack != DESYNC_ZERO_NONE) {
std::cout << ZERO_ATTACKS_NAMES.at(Profile.desync_zero_attack);
if (Profile.desync_first_attack != DESYNC_FIRST_NONE)
std::cout << ",";
}
if (Profile.desync_first_attack != DESYNC_FIRST_NONE)
std::cout << FIRST_ATTACKS_NAMES.at(Profile.desync_first_attack);
std::cout << std::endl;
}
int
test_desync_attack_wrapper(std::string host, std::string ip, int port, bool is_https, SSL_CTX *ctx,
X509_STORE *store) {
if (test_desync_attack(host, ip, port, is_https, ctx, store) == -1)
std::cout << "\tFail" << std::endl << std::endl;
else {
// Check does attack work all times
short res = 0;
for (short i = 1; i <= 3; i++)
res = std::min(res, (short) test_desync_attack(host, ip, port, is_https, ctx, store));
if (res == -1)
std::cout << "\tFail. Attack don't work all times" << std::endl << std::endl;
else {
std::cout << "\tSuccess" << std::endl << std::endl;
show_configured_options(host, ip, port, is_https, ctx, store);
if (is_https)
SSL_CTX_free(ctx);
return 0;
}
}
return -1;
}
void set_profile(const std::string &doh_server, bool builtin_dns, Desync_zero_attacks zero_attack,
Desync_first_attacks first_attack,
const std::string &fake_type, short ttl, bool win_size_scale) {
Profile_s default_profile;
default_profile.doh = true;
default_profile.doh_server = doh_server;
if (builtin_dns)
default_profile.builtin_dns = true;
default_profile.desync_zero_attack = zero_attack;
default_profile.desync_first_attack = first_attack;
if (fake_type == "ttl")
default_profile.fake_packets_ttl = ttl;
else if (fake_type == "wrong-seq")
default_profile.wrong_seq = true;
if (win_size_scale) {
default_profile.window_size = 1;
default_profile.window_scale_factor = 6;
}
Profile = default_profile;
}
int run_autoconf() {
bool is_https;
int port;
std::string host;
std::string tmp;
std::cout << "Site domain you want to unblock " << std::endl
<< "(http://example.com or https://example.com or example.com. Can contain port): ";
std::getline(std::cin, host);
std::cout << "DoH server (press enter to use default " << Profile.doh_server << "): ";
std::getline(std::cin, tmp);
if (!tmp.empty())
Profile.doh_server = tmp;
if (host.rfind("http://", 0) == 0) {
is_https = false;
port = 80;
host.erase(0, 7);
} else if (host.rfind("https://", 0) == 0) {
is_https = true;
port = 443;
host.erase(0, 8);
} else {
is_https = true;
port = 443;
}
// Extract port
size_t port_start_position = host.find(':');
if (port_start_position != std::string::npos) {
port = std::stoi(host.substr(port_start_position + 1, host.size() - port_start_position));
host.erase(port_start_position, host.size() - port_start_position + 1);
}
// Load CA store to validate SSL certificates and connect to DoH server
X509_STORE *store;
SSL_CTX *ctx;
std::cout << "CA bundle path (press enter to use default location "
<< Settings_perst.ca_bundle_path << "): ";
std::getline(std::cin, tmp);
if (!tmp.empty())
Settings_perst.ca_bundle_path = tmp;
if (load_ca_bundle() == -1)
return -1;
if (is_https) {
// Init openssl
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
ERR_load_BIO_strings();
ERR_load_crypto_strings();
store = gen_x509_store();
if (store == NULL) {
std::cout << "Failed to parse CA Bundle" << std::endl;
return -1;
}
ctx = SSL_CTX_new(SSLv23_method());
if (!ctx) {
std::cout << "Failed to init SSL context" << std::endl;
return -1;
}
SSL_CTX_set_cert_store(ctx, store);
}
// Resolve over DoH
std::cout << "Resolving host over DoH server " << Profile.doh_server << std::endl;
Profile.doh = true;
std::string ip;
bool builtin_dns = false;
if (resolve_host(host, ip) == -1) {
// Try with builtin DNS
std::cout << "DNS server (press enter to use default " << Profile.builtin_dns_ip
<< ". Can contain port): ";
std::getline(std::cin, tmp);
Profile.builtin_dns = builtin_dns = true;
if (!tmp.empty()) {
// Check if port exists
size_t port_start_position = tmp.find(':');
if (port_start_position != std::string::npos) {
Profile.builtin_dns_ip = tmp.substr(0, port_start_position);
Profile.builtin_dns_port = std::stoi(
tmp.substr(port_start_position + 1, tmp.size() - port_start_position));
} else Profile.builtin_dns_ip = tmp;
}
if (resolve_host(host, ip) == -1) {
std::cout << "Failed to resolve host " << host << std::endl;
if (is_https)
SSL_CTX_free(ctx);
return -1;
}
}
std::cout << host << " IP is " << ip << std::endl << std::endl;
std::cout << "\tCalculating network distance to server..." << std::endl;
short fakes_ttl = count_hops(ip, port);
if (fakes_ttl == -1) {
std::cout << "\tFail" << std::endl;
if (is_https)
SSL_CTX_free(ctx);
return -1;
}
std::cout << "\tHops to site: " << fakes_ttl << std::endl << std::endl;
fakes_ttl--;
// Iterate through all combinations
const std::vector<Desync_zero_attacks> zero_attacks = {DESYNC_ZERO_NONE, DESYNC_ZERO_FAKE,
DESYNC_ZERO_RST, DESYNC_ZERO_RSTACK};
const std::vector<Desync_first_attacks> first_attacks = {DESYNC_FIRST_DISORDER_FAKE,
DESYNC_FIRST_SPLIT_FAKE};
const std::vector<std::string> fake_types = {"ttl", "wrong-seq"};
const std::vector<bool> win_size_scales = {false, true};
unsigned int comb_all =
zero_attacks.size() * first_attacks.size() * fake_types.size() * win_size_scales.size();
unsigned int comb_curr = 1;
for (const Desync_zero_attacks &zero_attack: zero_attacks)
for (const Desync_first_attacks &first_attack: first_attacks)
for (const std::string &fake_type: fake_types)
for (const bool win_size_scale: win_size_scales) {
std::cout << "\tTrying " << comb_curr << '/' << comb_all << "..." << std::endl;
set_profile(Profile.doh_server, builtin_dns, zero_attack, first_attack, fake_type,
fakes_ttl, win_size_scale);
if (test_desync_attack_wrapper(host, ip, port, is_https, ctx, store) ==
0)
return 0;
comb_curr++;
}
std::cout << "Failed to find any working attack!" << std::endl;
if (is_https)
SSL_CTX_free(ctx);
return 0;
}

6
build_static_alpine.sh Executable file
View file

@ -0,0 +1,6 @@
#!/bin/ash
apk update
apk add build-base cmake openssl openssl-dev openssl-libs-static linux-headers
cmake -B./build -DCMAKE_BUILD_TYPE=RELEASE -DSTATIC_BINARY=true .
make -C ./build -j $(nproc)

9
cpp-httplib/CMakeLists.txt Normal file
View file

@ -0,0 +1,9 @@
# Set the project name
project(cpp-httplib)
add_library(${PROJECT_NAME} INTERFACE)
target_include_directories(${PROJECT_NAME}
INTERFACE
${PROJECT_SOURCE_DIR}/include
)

7979
cpp-httplib/include/cpp-httplib/httplib.h Normal file
View file

File diff suppressed because it is too large Load diff

589
desync.cpp Normal file
View file

@ -0,0 +1,589 @@
#include "dpitunnel-cli.h"
#include "desync.h"
#include "socket.h"
#include "utils.h"
#include <arpa/inet.h>
#include <cerrno>
#include <chrono>
#include <cstring>
#include <iostream>
#include <future>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <poll.h>
#include <unistd.h>
#include <RawSocket/CheckSum.h>
extern struct Settings_perst_s Settings_perst;
extern struct Profile_s Profile;
const std::string FAKE_TLS_PACKET(
"\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\x9a\x8f\xa7\x6a\x5d"
"\x57\xf3\x62\x19\xbe\x46\x82\x45\xe2\x59\x5c\xb4\x48\x31\x12\x15"
"\x14\x79\x2c\xaa\xcd\xea\xda\xf0\xe1\xfd\xbb\x20\xf4\x83\x2a\x94"
"\xf1\x48\x3b\x9d\xb6\x74\xba\x3c\x81\x63\xbc\x18\xcc\x14\x45\x57"
"\x6c\x80\xf9\x25\xcf\x9c\x86\x60\x50\x31\x2e\xe9\x00\x22\x13\x01"
"\x13\x03\x13\x02\xc0\x2b\xc0\x2f\xcc\xa9\xcc\xa8\xc0\x2c\xc0\x30"
"\xc0\x0a\xc0\x09\xc0\x13\xc0\x14\x00\x33\x00\x39\x00\x2f\x00\x35"
"\x01\x00\x01\x91\x00\x00\x00\x0f\x00\x0d\x00\x00\x0a\x77\x77\x77"
"\x2e\x77\x33\x2e\x6f\x72\x67\x00\x17\x00\x00\xff\x01\x00\x01\x00"
"\x00\x0a\x00\x0e\x00\x0c\x00\x1d\x00\x17\x00\x18\x00\x19\x01\x00"
"\x01\x01\x00\x0b\x00\x02\x01\x00\x00\x23\x00\x00\x00\x10\x00\x0e"
"\x00\x0c\x02\x68\x32\x08\x68\x74\x74\x70\x2f\x31\x2e\x31\x00\x05"
"\x00\x05\x01\x00\x00\x00\x00\x00\x33\x00\x6b\x00\x69\x00\x1d\x00"
"\x20\xb0\xe4\xda\x34\xb4\x29\x8d\xd3\x5c\x70\xd3\xbe\xe8\xa7\x2a"
"\x6b\xe4\x11\x19\x8b\x18\x9d\x83\x9a\x49\x7c\x83\x7f\xa9\x03\x8c"
"\x3c\x00\x17\x00\x41\x04\x4c\x04\xa4\x71\x4c\x49\x75\x55\xd1\x18"
"\x1e\x22\x62\x19\x53\x00\xde\x74\x2f\xb3\xde\x13\x54\xe6\x78\x07"
"\x94\x55\x0e\xb2\x6c\xb0\x03\xee\x79\xa9\x96\x1e\x0e\x98\x17\x78"
"\x24\x44\x0c\x88\x80\x06\x8b\xd4\x80\xbf\x67\x7c\x37\x6a\x5b\x46"
"\x4c\xa7\x98\x6f\xb9\x22\x00\x2b\x00\x09\x08\x03\x04\x03\x03\x03"
"\x02\x03\x01\x00\x0d\x00\x18\x00\x16\x04\x03\x05\x03\x06\x03\x08"
"\x04\x08\x05\x08\x06\x04\x01\x05\x01\x06\x01\x02\x03\x02\x01\x00"
"\x2d\x00\x02\x01\x01\x00\x1c\x00\x02\x40\x01\x00\x15\x00\x96\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00",
517
);
const std::string FAKE_HTTP_PACKET(
"GET / HTTP/1.1\r\nHost: www.w3.org\r\n"
"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0\r\n"
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*" "/" "*;q=0.8\r\n"
"Accept-Encoding: gzip, deflate\r\n\r\n"
);
int sniff_ack_packet(std::string *packet, std::string ip_srv, int port_srv,
int port_local, std::atomic<bool> *flag) {
if (packet == NULL || flag == NULL) return -1;
// Create raw socket to sniff packet
int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
if (sockfd == -1) {
std::cerr << "Sniff raw socket creation failure. Errno: " << std::strerror(errno)
<< std::endl;
return -1;
}
struct pollfd fds[1];
// fds[0] is sniff socket
fds[0].fd = sockfd;
fds[0].events = POLLIN;
// Set poll() timeout
int timeout = 100;
std::string buffer(100, ' ');
struct sockaddr_in ip_srv_sockaddr;
inet_aton(ip_srv.c_str(), &ip_srv_sockaddr.sin_addr);
while ((*flag).load()) {
int ret = poll(fds, 1, timeout);
// Check state
if (ret == -1) {
std::cerr << "Poll error. Errno:" << std::strerror(errno) << std::endl;
break;
} else if (ret == 0)
continue; // Timeout happened
else {
if (fds[0].revents & POLLERR ||
fds[0].revents & POLLHUP ||
fds[0].revents & POLLNVAL)
break;
// Get data
if (fds[0].revents & POLLIN) {
ssize_t read_size = recv(sockfd, &buffer[0], buffer.size(), 0);
if (read_size < 0) {
std::cerr << "ACK packet read error. Errno: "
<< std::strerror(errno) << std::endl;
break;
}
// Get IP header of received packet
iphdr *ip_h = (iphdr *) &buffer[0];
// Get TCP header of received packet
tcphdr *tcp_h = (tcphdr *) (&buffer[0] + ip_h->ihl * 4);
// Get source port (server port)
int port_src_recv = ntohs(tcp_h->source);
// Get dest port (client port)
int port_dst_recv = ntohs(tcp_h->dest);
// Compare received IP/port and IP/port we waiting for
if (ip_h->saddr == ip_srv_sockaddr.sin_addr.s_addr &&
port_srv == port_src_recv && port_local == port_dst_recv) {
*packet = buffer;
(*flag).store(false);
}
}
fds[0].revents = 0;
}
}
close(sockfd);
return 0;
}
int sniff_handshake_packet(std::string *packet, std::string ip_srv,
int port_srv, std::atomic<int> *local_port_atom, std::atomic<bool> *flag,
std::atomic<int> *status,
std::promise<void> *ready) {
if (packet == NULL || flag == NULL) return -1;
std::map<int, std::string> packets;
// Create raw socket to sniff packet
int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
if (sockfd == -1) {
std::cerr << "Sniff raw socket creation failure. Errno: " << std::strerror(errno)
<< std::endl;
return -1;
}
struct pollfd fds[1];
// fds[0] is sniff socket
fds[0].fd = sockfd;
fds[0].events = POLLIN;
// Set poll() timeout
int timeout = 100;
std::string buffer(100, ' ');
struct sockaddr_in ip_srv_sockaddr;
inet_aton(ip_srv.c_str(), &ip_srv_sockaddr.sin_addr);
int local_port = (*local_port_atom).load();
bool is_searched = false;
// Sniff thread ready
(*ready).set_value();
// Handle timeout
auto start = std::chrono::high_resolution_clock::now();
while ((*flag).load()) {
if (!is_searched && (local_port = (*local_port_atom).load()) != -1) {
auto search = packets.find(local_port);
if (search != packets.end()) {
// Found correct packet
*packet = search->second;
break;
}
is_searched = true;
}
int ret = poll(fds, 1, timeout);
// Check timeout
auto stop = std::chrono::high_resolution_clock::now();
if (std::chrono::duration_cast<std::chrono::milliseconds>(stop - start).count() >
Settings_perst.packet_capture_timeout) {
close(sockfd);
(*status).store(-1);
return -1;
}
// Check state
if (ret == -1) {
std::cerr << "Poll error. Errno:" << std::strerror(errno) << std::endl;
break;
} else if (ret == 0)
continue; // Timeout happened
else {
if (fds[0].revents & POLLERR ||
fds[0].revents & POLLHUP ||
fds[0].revents & POLLNVAL)
break;
// Get data
if (fds[0].revents & POLLIN) {
ssize_t read_size = recv(sockfd, &buffer[0], buffer.size(), 0);
if (read_size < 0) {
std::cerr << "ACK packet read error. Errno: "
<< std::strerror(errno) << std::endl;
break;
}
// Get IP header of received packet
iphdr *ip_h = (iphdr *) &buffer[0];
// Get TCP header of received packet
tcphdr *tcp_h = (tcphdr *) (&buffer[0] + ip_h->ihl * 4);
// Get source port (server port)
int port_src_recv = ntohs(tcp_h->source);
// Get dest port (client port)
int port_dst_recv = ntohs(tcp_h->dest);
// Compare received IP/port and IP/port we waiting for
if (ip_h->saddr == ip_srv_sockaddr.sin_addr.s_addr &&
port_srv == port_src_recv) {
if (!is_searched)
packets[port_dst_recv] = buffer;
else if (local_port == port_dst_recv) {
// Found correct packet
*packet = buffer;
break;
}
}
}
fds[0].revents = 0;
}
}
close(sockfd);
(*status).store(0);
return 0;
}
std::string
form_packet(std::string packet_raw, const char *packet_data, unsigned int packet_data_size,
unsigned short id,
unsigned short ttl, unsigned int seq, unsigned int ack_seq,
unsigned int window_size, bool is_swap_addr, uint8_t *flags /*= NULL*/) {
// Save only headers
packet_raw.resize(sizeof(struct iphdr) + sizeof(struct tcphdr));
// Append data
if (packet_data != NULL && packet_data_size != 0)
packet_raw.append(packet_data, packet_data_size);
// Get IP header
iphdr *ip_h = (iphdr *) &packet_raw[0];
// Get TCP header
tcphdr *tcp_h = (tcphdr *) (&packet_raw[0] + ip_h->ihl * 4);
// Fill proper data in IP header
ip_h->tos = 0;
ip_h->tot_len = htons(sizeof(struct iphdr) + sizeof(struct tcphdr) + packet_data_size);
ip_h->id = htons(id);
ip_h->frag_off = htons(0x4000); // Don't fragment
ip_h->ttl = ttl;
ip_h->check = 0;
if (is_swap_addr)
std::swap(ip_h->saddr, ip_h->daddr);
// Check sum IP
ip_h->check = cksumIp(ip_h);
// Fill proper data in TCP header
if (is_swap_addr) {
std::swap(tcp_h->source, tcp_h->dest);
std::swap(tcp_h->seq, tcp_h->ack_seq);
}
tcp_h->ack_seq = htonl(ntohl(tcp_h->ack_seq) + ack_seq);
tcp_h->seq = htonl(ntohl(tcp_h->seq) + seq);
tcp_h->window = htons(window_size);
tcp_h->doff = 5;
if (flags == NULL) {
tcp_h->fin = 0;
tcp_h->syn = 0;
tcp_h->rst = 0;
tcp_h->psh = 1;
tcp_h->ack = 1;
} else
*((uint8_t *) tcp_h + 13) = *flags;
tcp_h->urg = 0;
tcp_h->check = 0;
tcp_h->urg_ptr = 0;
// Check sum TCP
tcp_h->check = cksumTcp(ip_h, tcp_h);
ip_h = NULL;
tcp_h = NULL;
return packet_raw;
}
int set_ttl(int socket, int ttl) {
if (setsockopt(socket, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl)) < 0) {
std::cerr << "Failed to set TTL on socket. Errno: " << std::strerror(errno) << std::endl;
return -1;
}
return 0;
}
int do_desync_attack(int socket_srv, const std::string &ip_srv, int port_srv, int port_local,
bool is_https,
const std::string &packet_raw, const std::string &packet_data,
unsigned int last_char, unsigned int split_pos) {
// Map IP header of server SYN, ACK packet
iphdr *srv_pack_ip_h = (iphdr *) &packet_raw[0];
// Create raw socket to send fake packets
int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
if (sockfd == -1) {
std::cerr << "Fake raw socket creation failure. Errno: " << std::strerror(errno)
<< std::endl;
return -1;
}
// Disable send buffer to send packets immediately
int sndbuf_size = 0;
if (setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, &sndbuf_size, sizeof(sndbuf_size)) < 0) {
std::cerr << "Failed to set raw socket buffer size to 0. Errno: "
<< std::strerror(errno) << std::endl;
close(sockfd);
return -1;
}
// Tell system we will include IP header in packet
int yes = 1;
if (setsockopt(sockfd, IPPROTO_IP, IP_HDRINCL, &yes, sizeof(yes)) < 0) {
std::cerr << "Failed to enable IP_HDRINCL. Errno: " << std::strerror(errno) << std::endl;
close(sockfd);
return -1;
}
// Store default TTL
int default_ttl;
socklen_t size = sizeof(default_ttl);
if (getsockopt(socket_srv, IPPROTO_IP, IP_TTL, &default_ttl, &size) < 0) {
std::cerr << "Failed to get default ttl from remote server socket. Errno: "
<< std::strerror(errno) << std::endl;
close(sockfd);
return -1;
}
// Store window
int window_size;
size = sizeof(window_size);
if (getsockopt(socket_srv, IPPROTO_TCP, TCP_MAXSEG, &window_size, &size) < 0) {
std::cerr << "Failed to get default MSS from remote server socket. Errno: "
<< std::strerror(errno) << std::endl;
close(sockfd);
return -1;
}
// Fill server address
struct sockaddr_in serv_addr;
serv_addr.sin_family = AF_INET;
serv_addr.sin_addr.s_addr = inet_addr(ip_srv.c_str());
serv_addr.sin_port = htons(port_srv);
memset(serv_addr.sin_zero, '\0', sizeof(serv_addr.sin_zero));
// Fill local address
struct sockaddr_in local_addr;
local_addr.sin_family = AF_INET;
local_addr.sin_addr.s_addr = inet_addr("127.0.0.1");
local_addr.sin_port = htons(port_local);
memset(local_addr.sin_zero, '\0', sizeof(local_addr.sin_zero));
uint8_t fake_ttl = Profile.fake_packets_ttl != 0 ? Profile.fake_packets_ttl : default_ttl;
std::string packet_fake;
uint8_t flags;
std::string packet_mod;
std::string data_empty(last_char, '\x00');
unsigned short ip_id_first = rand() % 65535;
if (Profile.auto_ttl) {
fake_ttl = tcp_get_auto_ttl(srv_pack_ip_h->ttl, Profile.auto_ttl_a1, Profile.auto_ttl_a2,
Profile.min_ttl, Profile.auto_ttl_max);
} else if (Profile.min_ttl) {
if (tcp_get_auto_ttl(srv_pack_ip_h->ttl, 0, 0, Profile.min_ttl, 0)) {
// DON'T send fakes
// Send data packet
packet_mod = form_packet(packet_raw, packet_data.c_str(), last_char,
rand() % 65535, default_ttl, 0, 1,
Profile.window_size == 0 ? window_size : Profile.window_size,
true);
if (send_string_raw(sockfd, packet_mod, packet_mod.size(),
(struct sockaddr *) &serv_addr, sizeof(serv_addr)) == -1) {
close(sockfd);
return -1;
}
close(sockfd);
return -1;
}
}
// Do zero type attacks (fake, rst)
switch (Profile.desync_zero_attack) {
case DESYNC_ZERO_FAKE:
// If it's https connection send TLS ClientHello
if (is_https)
packet_fake = form_packet(packet_raw, FAKE_TLS_PACKET.c_str(),
FAKE_TLS_PACKET.size(),
rand() % 65535, fake_ttl,
Profile.wrong_seq ? Profile.wrong_seq_drift_seq : 0,
Profile.wrong_seq ? Profile.wrong_seq_drift_ack : 1,
window_size, true);
// If http send GET request
else
packet_fake = form_packet(packet_raw, FAKE_HTTP_PACKET.c_str(),
FAKE_HTTP_PACKET.size(),
rand() % 65535, fake_ttl,
Profile.wrong_seq ? Profile.wrong_seq_drift_seq : 0,
Profile.wrong_seq ? Profile.wrong_seq_drift_ack : 1,
window_size, true);
if (send_string_raw(sockfd, packet_fake, packet_fake.size(),
(struct sockaddr *) &serv_addr, sizeof(serv_addr)) == -1) {
close(sockfd);
return -1;
}
break;
case DESYNC_ZERO_RST:
case DESYNC_ZERO_RSTACK:
flags = TH_RST;
if (Profile.desync_zero_attack == DESYNC_ZERO_RSTACK)
flags |= TH_ACK;
packet_fake = form_packet(packet_raw, NULL, 0, rand() % 65535,
fake_ttl, Profile.wrong_seq ? Profile.wrong_seq_drift_seq : 0,
Profile.wrong_seq ? Profile.wrong_seq_drift_ack : 1,
window_size, true, &flags);
if (send_string_raw(sockfd, packet_fake, packet_fake.size(),
(struct sockaddr *) &serv_addr, sizeof(serv_addr)) == -1) {
close(sockfd);
return -1;
}
break;
case DESYNC_ZERO_NONE:
break;
default:
std::cerr << "Non valid zero desync attack type" << std::endl;
break;
}
// Do first type attacks (disorder, split)
switch (Profile.desync_first_attack) {
case DESYNC_FIRST_DISORDER:
case DESYNC_FIRST_DISORDER_FAKE:
// Send second data packet(out-of-order)
packet_mod = form_packet(packet_raw, packet_data.c_str() + split_pos,
last_char - split_pos,
rand() % 65535, default_ttl, split_pos, 1,
Profile.window_size == 0 ? window_size : Profile.window_size,
true);
if (send_string_raw(sockfd, packet_mod, packet_mod.size(),
(struct sockaddr *) &serv_addr, sizeof(serv_addr)) == -1) {
close(sockfd);
return -1;
}
// Send first fake packet
if (Profile.desync_first_attack == DESYNC_FIRST_DISORDER_FAKE) {
packet_fake = form_packet(packet_raw, data_empty.c_str(), split_pos,
ip_id_first, fake_ttl,
Profile.wrong_seq ? Profile.wrong_seq_drift_seq : 0,
Profile.wrong_seq ? Profile.wrong_seq_drift_ack : 1,
window_size, true);
if (send_string_raw(sockfd, packet_fake, packet_fake.size(),
(struct sockaddr *) &serv_addr, sizeof(serv_addr)) == -1) {
close(sockfd);
return -1;
}
}
// Send first data packet
packet_mod = form_packet(packet_raw, packet_data.c_str(), split_pos,
ip_id_first, default_ttl, 0, 1,
Profile.window_size == 0 ? window_size : Profile.window_size,
true);
if (send_string_raw(sockfd, packet_mod, packet_mod.size(),
(struct sockaddr *) &serv_addr, sizeof(serv_addr)) == -1) {
close(sockfd);
return -1;
}
// Send first fake packet (again)
if (Profile.desync_first_attack == DESYNC_FIRST_DISORDER_FAKE)
if (send_string_raw(sockfd, packet_fake, packet_fake.size(),
(struct sockaddr *) &serv_addr, sizeof(serv_addr)) == -1) {
close(sockfd);
return -1;
}
break;
case DESYNC_FIRST_SPLIT:
case DESYNC_FIRST_SPLIT_FAKE:
// Send first fake packet
if (Profile.desync_first_attack == DESYNC_FIRST_SPLIT_FAKE) {
packet_fake = form_packet(packet_raw, data_empty.c_str(), split_pos,
ip_id_first, fake_ttl,
Profile.wrong_seq ? Profile.wrong_seq_drift_seq : 0,
Profile.wrong_seq ? Profile.wrong_seq_drift_ack : 1,
window_size, true);
if (send_string_raw(sockfd, packet_fake, packet_fake.size(),
(struct sockaddr *) &serv_addr, sizeof(serv_addr)) == -1) {
close(sockfd);
return -1;
}
}
// Send first data packet
packet_mod = form_packet(packet_raw, packet_data.c_str(), split_pos,
ip_id_first, default_ttl, 0, 1,
Profile.window_size == 0 ? window_size : Profile.window_size,
true);
if (send_string_raw(sockfd, packet_mod, packet_mod.size(),
(struct sockaddr *) &serv_addr, sizeof(serv_addr)) == -1) {
close(sockfd);
return -1;
}
// Send first fake packet (again)
if (Profile.desync_first_attack == DESYNC_FIRST_SPLIT_FAKE)
if (send_string_raw(sockfd, packet_fake, packet_fake.size(),
(struct sockaddr *) &serv_addr, sizeof(serv_addr)) == -1) {
close(sockfd);
return -1;
}
// Send second data packet
packet_mod = form_packet(packet_raw, packet_data.c_str() + split_pos,
last_char - split_pos,
rand() % 65535, default_ttl, split_pos, 1,
Profile.window_size == 0 ? window_size : Profile.window_size,
true);
if (send_string_raw(sockfd, packet_mod, packet_mod.size(),
(struct sockaddr *) &serv_addr, sizeof(serv_addr)) == -1) {
close(sockfd);
return -1;
}
break;
case DESYNC_FIRST_NONE:
// Just send packet without bypass techniques
// Send data packet
packet_mod = form_packet(packet_raw, packet_data.c_str(), last_char,
rand() % 65535, default_ttl, 0, 1,
Profile.window_size == 0 ? window_size : Profile.window_size,
true);
if (send_string_raw(sockfd, packet_mod, packet_mod.size(),
(struct sockaddr *) &serv_addr, sizeof(serv_addr)) == -1) {
close(sockfd);
return -1;
}
break;
default:
std::cerr << "Non valid first desync attack type" << std::endl;
break;
}
close(sockfd);
return 0;
}

331
dns.cpp Normal file
View file

@ -0,0 +1,331 @@
#include "dpitunnel-cli.h"
#include "dns.h"
#include "ssl.h"
#include "utils.h"
#include <arpa/inet.h>
#include <cerrno>
#include <cstring>
#include <iostream>
#include <sys/types.h>
#include <sys/socket.h>
#include <vector>
#include <netdb.h>
#include <poll.h>
#include <dnslib/exception.h>
#include <dnslib/message.h>
#include <dnslib/rr.h>
#define CPPHTTPLIB_OPENSSL_SUPPORT
#include <cpp-httplib/httplib.h>
#include <base64.h>
extern struct Settings_perst_s Settings_perst;
extern struct Profile_s Profile;
int resolve_host_over_system(const std::string &host, std::string &ip) {
ip.resize(50, ' ');
struct addrinfo hints, *res;
std::memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
int err = getaddrinfo(host.c_str(), NULL, &hints, &res);
if (err != 0) {
std::cerr << "Failed to get host address. Error: " << std::strerror(errno) << std::endl;
return -1;
}
while (res) {
char addrstr[100];
inet_ntop(res->ai_family, res->ai_addr->sa_data, addrstr, sizeof(addrstr));
if (res->ai_family == AF_INET) {// If current address is ipv4 address
void *ptr = &((struct sockaddr_in *) res->ai_addr)->sin_addr;
inet_ntop(res->ai_family, ptr, &ip[0], ip.size());
size_t first_zero_char = ip.find(' ');
ip = ip.substr(0, first_zero_char);
// Free memory
freeaddrinfo(res);
return 0;
}
res = res->ai_next;
}
// Free memory
freeaddrinfo(res);
return -1;
}
std::string form_dns_request(const std::string &host, unsigned short req_id) {
// Build DNS query
dns::Message dns_msg;
dns_msg.setQr(dns::Message::typeQuery);
// Add A query to find ipv4 address
std::string host_full = host;
if (host_full.back() != '.') host_full.push_back('.');
dns::QuerySection *qs = new dns::QuerySection(host_full);
qs->setType(dns::RDATA_A);
qs->setClass(dns::QCLASS_IN);
dns_msg.addQuery(qs);
dns_msg.setId(req_id);
dns_msg.setRD(1);
// Encode message
uint dns_msg_size;
std::string dns_buf(2048, ' ');
dns_msg.encode(&dns_buf[0], dns_buf.size(), dns_msg_size);
dns_buf.resize(dns_msg_size);
return dns_buf;
}
int resolve_host_over_udp(const std::string &host, std::string &ip) {
unsigned short dns_req_id = rand() % 65535;
std::string dns_req = form_dns_request(host, dns_req_id);
int sock;
if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
std::cerr << "Failed to create DNS client socket. Errno: " << std::strerror(errno)
<< std::endl;
return -1;
}
// Fill server address
struct sockaddr_in server_address;
server_address.sin_family = AF_INET;
server_address.sin_port = htons(Profile.builtin_dns_port);
if (inet_pton(AF_INET, Profile.builtin_dns_ip.c_str(), &server_address.sin_addr) <= 0) {
std::cerr << "Invalid DNS server ip address" << std::endl;
close(sock);
return -1;
}
socklen_t server_address_len = sizeof(server_address);
if (sendto(sock, dns_req.c_str(), dns_req.size(), 0, (const struct sockaddr *) &server_address,
server_address_len) < 0) {
std::cerr << "Failed to send DNS request. Errno: " << std::strerror(errno) << std::endl;
close(sock);
return -1;
}
std::string response(512, '\x00');
int bytes_read;
struct pollfd fds[1];
fds[0].fd = sock;
fds[0].events = POLLIN;
// Wait for response with same id as we sent in request
dns::Message dns_msg_resp;
auto start = std::chrono::high_resolution_clock::now();
for (;;) {
auto stop = std::chrono::high_resolution_clock::now();
if (std::chrono::duration_cast<std::chrono::milliseconds>(stop - start).count() >=
Settings_perst.builtin_dns_req_timeout) {
std::cerr << "DNS request timeout" << std::endl;
close(sock);
return -1;
}
int ret = poll(fds, 1, Settings_perst.builtin_dns_req_timeout -
std::chrono::duration_cast<std::chrono::milliseconds>(
stop - start).count());
if (ret == -1) {
std::cerr << "Poll error. Errno:" << std::strerror(errno) << std::endl;
close(sock);
return -1;
} else if (ret == 0)
continue;
else {
if (fds[0].revents & POLLERR ||
fds[0].revents & POLLHUP ||
fds[0].revents & POLLNVAL) {
std::cerr << "POLLERR|POLLHUP|POLLNVAL while making DNS request" << std::endl;
close(sock);
return -1;
}
if (fds[0].revents & POLLIN) {
if ((bytes_read = recvfrom(sock, &response[0], response.size(), 0,
(struct sockaddr *) &server_address,
&server_address_len)) <= 0) {
std::cerr << "Failed to get response from DNS server. Errno: "
<< std::strerror(errno) << std::endl;
close(sock);
return -1;
}
// Parse response
try {
dns_msg_resp.decode(response.c_str(), bytes_read);
} catch (dns::Exception &e) {
std::cerr << "Exception occured while parsing DNS response: " << e.what()
<< std::endl;
close(sock);
return -1;
}
// Found proper response
if (dns_msg_resp.getId() == dns_req_id)
break;
}
fds[0].revents = 0;
}
}
close(sock);
std::vector<dns::ResourceRecord *> answers = dns_msg_resp.getAnswers();
for (dns::ResourceRecord *rr: answers) {
if (rr->getType() != dns::RDATA_A) continue;
dns::RDataA *rdata = (dns::RDataA *) rr->getRData();
unsigned char *addr = rdata->getAddress();
std::ostringstream addr_str;
addr_str << (unsigned int) addr[0] << '.' << (unsigned int) addr[1]
<< '.' << (unsigned int) addr[2] << '.' << (unsigned int) addr[3];
ip = addr_str.str();
return 0;
}
return -1;
}
size_t writeFunction(void *ptr, size_t size, size_t nmemb, std::string *data) {
data->append((char *) ptr, size * nmemb);
return size * nmemb;
}
int resolve_host_over_doh(const std::string &host, std::string &ip) {
unsigned short dns_req_id = rand() % 65535;
std::string dns_req = form_dns_request(host, dns_req_id);
// Encode with base64
dns_req = base64_encode(dns_req);
std::string serv_host = Profile.doh_server;
std::string path;
// Remove scheme (https://)
if (serv_host.size() >= 8 && serv_host.substr(0, 8) == "https://")
serv_host.erase(0, 8);
// Properly process test.com and test.com/dns-query urls
if (serv_host.back() == '/') serv_host.pop_back();
size_t host_path_split_pos = serv_host.find('/');
if (host_path_split_pos != std::string::npos) {
std::string tmp = serv_host.substr(host_path_split_pos);
serv_host.resize(serv_host.size() - tmp.size());
path = tmp + "?dns=";
} else {
path = "/dns-query?dns=";
}
path += dns_req;
// Make request
httplib::SSLClient cli(serv_host);
if (Profile.builtin_dns) {
std::string serv_ip;
// Check if host is IP
struct sockaddr_in sa;
int result = inet_pton(AF_INET, serv_host.c_str(), &sa.sin_addr);
if (result <= 0) {
if (resolve_host_over_udp(serv_host, serv_ip) != 0) {
std::cerr << "Failed to get DoH IP address" << std::endl;
return -1;
}
} else
serv_ip = serv_host;
cli.set_hostname_addr_map({{serv_host, serv_ip}});
}
// Load CA store
X509_STORE *store = gen_x509_store();
if (store == NULL) {
std::cerr << "Failed to parse CA Bundle" << std::endl;
return -1;
}
cli.set_ca_cert_store(store);
cli.enable_server_certificate_verification(true);
// Add header
httplib::Headers headers = {
{"Accept", "application/dns-message"}
};
std::string response_string;
httplib::Result res = cli.Get(path.c_str());
if (res && res->status == 200)
response_string = res->body;
else {
std::cerr << "Failed to make DoH request. Errno: " << res.error() << std::endl;
return -1;
}
// Parse response
dns::Message dns_msg_resp;
try {
dns_msg_resp.decode(response_string.c_str(), response_string.size());
} catch (dns::Exception &e) {
std::cerr << "Exception occured while parsing DNS response: " << e.what() << std::endl;
return -1;
}
std::vector<dns::ResourceRecord *> answers = dns_msg_resp.getAnswers();
for (dns::ResourceRecord *rr: answers) {
if (rr->getType() != dns::RDATA_A) continue;
dns::RDataA *rdata = (dns::RDataA *) rr->getRData();
unsigned char *addr = rdata->getAddress();
std::ostringstream addr_str;
addr_str << (unsigned int) addr[0] << '.' << (unsigned int) addr[1]
<< '.' << (unsigned int) addr[2] << '.' << (unsigned int) addr[3];
ip = addr_str.str();
return 0;
}
return -1;
}
int resolve_host(const std::string &host, std::string &ip) {
if (host.empty())
return -1;
// Check if host is IP
struct sockaddr_in sa;
int result = inet_pton(AF_INET, host.c_str(), &sa.sin_addr);
if (result > 0) {
ip = host;
return 0;
}
std::string custom_ip = find_custom_ip(host);
if (!custom_ip.empty()) {
ip = custom_ip;
return 0;
}
if (Profile.doh)
return resolve_host_over_doh(host, ip);
else if (Profile.builtin_dns)
return resolve_host_over_udp(host, ip);
else
return resolve_host_over_system(host, ip);
}

14
dnslib/CMakeLists.txt Normal file
View file

@ -0,0 +1,14 @@
# Set the project name
project(dnslib)
# Add a library with the above sources
add_library(${PROJECT_NAME}
buffer.cpp
message.cpp
qs.cpp
rr.cpp
)
target_include_directories(${PROJECT_NAME}
PUBLIC ${PROJECT_SOURCE_DIR}/include
)

486
dnslib/buffer.cpp Normal file
View file

@ -0,0 +1,486 @@
/**
* DNS Buffer
*
* Copyright (c) 2014 Michal Nezerka
* All rights reserved.
*
* Developed by: Michal Nezerka
* https://github.com/mnezerka/
* mailto:michal.nezerka@gmail.com
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
* (the "Software"), to deal with the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
 * * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimers.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimers in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of Michal Nezerka, nor the names of its contributors
* may be used to endorse or promote products derived from this Software
* without specific prior written permission. 
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
* ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
*
* Message compression used by getDomainName and putDomainName:
*
* In order to reduce the size of messages, the domain system utilizes a
* compression scheme which eliminates the repetition of domain names in a
* message. In this scheme, an entire domain name or a list of labels at
* the end of a domain name is replaced with a pointer to a prior occurance
* of the same name.
*
* The pointer takes the form of a two octet sequence:
*
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* | 1 1| OFFSET |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
*
* The first two bits are ones. This allows a pointer to be distinguished
* from a label, since the label must begin with two zero bits because
* labels are restricted to 63 octets or less. (The 10 and 01 combinations
* are reserved for future use.) The OFFSET field specifies an offset from
* the start of the message (i.e., the first octet of the ID field in the
* domain header). A zero offset specifies the first byte of the ID field,
* etc.
*
* The compression scheme allows a domain name in a message to be
* represented as either:
*
* - a sequence of labels ending in a zero octet
*
* - a pointer
*
* - a sequence of labels ending with a pointer
*
* Pointers can only be used for occurances of a domain name where the
* format is not class specific. If this were not the case, a name server
* or resolver would be required to know the format of all RRs it handled.
* As yet, there are no such cases, but they may occur in future RDATA
* formats.
*
* If a domain name is contained in a part of the message subject to a
* length field (such as the RDATA section of an RR), and compression is
* used, the length of the compressed name is used in the length
* calculation, rather than the length of the expanded name.
*
* Programs are free to avoid using pointers in messages they generate,
* although this will reduce datagram capacity, and may cause truncation.
* However all programs are required to understand arriving messages that
* contain pointers.
*
* For example, a datagram might need to use the domain names F.ISI.ARPA,
* FOO.F.ISI.ARPA, ARPA, and the root. Ignoring the other fields of the
* message, these domain names might be represented as:
*
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* 20 | 1 | F |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* 22 | 3 | I |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* 24 | S | I |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* 26 | 4 | A |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* 28 | R | P |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* 30 | A | 0 |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
*
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* 40 | 3 | F |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* 42 | O | O |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* 44 | 1 1| 20 |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
*
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* 64 | 1 1| 26 |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
*
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* 92 | 0 | |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
*
* The domain name for F.ISI.ARPA is shown at offset 20. The domain name
* FOO.F.ISI.ARPA is shown at offset 40; this definition uses a pointer to
* concatenate a label for FOO to the previously defined F.ISI.ARPA. The
* domain name ARPA is defined at offset 64 using a pointer to the ARPA
* component of the name F.ISI.ARPA at 20; note that this pointer relies on
* ARPA being the last label in the string at 20. The root domain name is
* defined by a single octet of zeros at 92; the root domain name has no
* labels.
*/
#include <iostream>
#include <string>
#include <iomanip>
#include <algorithm>
#include <string.h>
#include <dnslib/buffer.h>
#include <dnslib/exception.h>
using namespace dns;
using namespace std;
uchar Buffer::get8bits()
{
// check if we are inside buffer
checkAvailableSpace(1);
uchar value = static_cast<uchar> (mBufferPtr[0]);
mBufferPtr += 1;
return value;
}
void Buffer::put8bits(const uchar value)
{
// check if we are inside buffer
checkAvailableSpace(1);
*mBufferPtr = value & 0xFF;
mBufferPtr++;
}
dns::uint Buffer::get16bits()
{
// check if we are inside buffer
checkAvailableSpace(2);
uint value = static_cast<uchar> (mBufferPtr[0]);
value = value << 8;
value += static_cast<uchar> (mBufferPtr[1]);
mBufferPtr += 2;
return value;
}
void Buffer::put16bits(const uint value)
{
// check if we are inside buffer
checkAvailableSpace(2);
*mBufferPtr = (value & 0xFF00) >> 8;
mBufferPtr++;
*mBufferPtr = value & 0xFF;
mBufferPtr++;
}
dns::uint Buffer::get32bits()
{
// check if we are inside buffer
checkAvailableSpace(4);
uint value = 0;
value += (static_cast<uchar> (mBufferPtr[0])) << 24;
value += (static_cast<uchar> (mBufferPtr[1])) << 16;
value += (static_cast<uchar> (mBufferPtr[2])) << 8;
value += static_cast<uchar> (mBufferPtr[3]);
mBufferPtr += 4;
return value;
}
void Buffer::put32bits(const uint value)
{
// check if we are inside buffer
checkAvailableSpace(4);
*mBufferPtr = (value & 0xFF000000) >> 24;
mBufferPtr++;
*mBufferPtr = (value & 0x00FF0000) >> 16;
mBufferPtr++;
*mBufferPtr = (value & 0x0000FF00) >> 8;
mBufferPtr++;
*mBufferPtr = value & 0x000000FF;
mBufferPtr++;
}
void Buffer::setPos(const uint pos)
{
// check if we are inside buffer
if (pos >= mBufferSize)
throw(Exception("Try to set pos behind buffer"));
mBufferPtr = mBuffer + pos;
}
char* Buffer::getBytes(const uint count)
{
checkAvailableSpace(count);
char *result = mBufferPtr;
mBufferPtr += count;
return result;
}
void Buffer::putBytes(const char* data, const uint count)
{
if (count == 0)
return;
// check if we are inside buffer
checkAvailableSpace(count);
memcpy(mBufferPtr, data, sizeof(char) * count);
mBufferPtr += count;
}
std::string Buffer::getDnsCharacterString()
{
std::string result("");
// read first octet (byte) to know length of string
uint stringLen = get8bits();
if (stringLen > 0)
result.append(getBytes(stringLen), stringLen); // read label
return result;
}
void Buffer::putDnsCharacterString(const std::string& value)
{
put8bits(value.length());
putBytes(value.c_str(), value.length());
}
std::string Buffer::getDnsDomainName(const bool compressionAllowed)
{
std::string domain;
// store current position to avoid of endless recursion for "bad link addresses"
if (std::find(mLinkPos.begin(), mLinkPos.end(), getPos()) == mLinkPos.end())
mLinkPos.push_back(getPos());
else
{
mLinkPos.clear();
throw (Exception("Decoding of domain failed because labels compression contains endless loop of links"));
}
// read domain name from buffer
while (true)
{
// get first byte to decide if we are reading link, empty string or string of nonzero length
uint ctrlCode = get8bits();
// if we are on the end of the string
if (ctrlCode == 0)
{
break;
}
// if we are on the link
else if (ctrlCode >> 6 == 3)
{
// check if compression is allowed
if (!compressionAllowed)
throw(Exception("Decoding of domain failed because compression link found where links are not allowed"));
// read second byte and get link address
uint ctrlCode2 = get8bits();
uint linkAddr = ((ctrlCode & 63) << 8) + ctrlCode2;
// change buffer position
uint saveBuffPos = getPos();
setPos(linkAddr);
std::string linkDomain = getDnsDomainName();
setPos(saveBuffPos);
if (domain.size() > 0)
domain.append(".");
domain.append(linkDomain);
// link always terminates the domain name (no zero at the end in this case)
break;
}
// we are reading label
else
{
if (ctrlCode > MAX_LABEL_LEN)
throw(Exception("Decoding failed because of too long domain label (max length is 63 characters)"));
if (domain.size() > 0)
domain.append(".");
domain.append(getBytes(ctrlCode), ctrlCode); // read label
}
}
// check if domain contains only [A-Za-z0-9-] characters
/*
for (uint i = 0; i < domain.length(); i++)
{
if (!((domain[i] >= 'a' && domain[i] <= 'z') ||
(domain[i] >= 'A' && domain[i] <= 'Z') ||
(domain[i] >= '0' && domain[i] <= '9') ||
(domain[i] == '0') || (domain[i] == '.')))
{
cout << "Invalid char: " << domain[i] << endl;
throw (Exception("Decoding failed because domain name contains invalid characters (only [A-Za-z0-9-] are allowed)."));
}
}
*/
mLinkPos.pop_back();
if (domain.length() > MAX_DOMAIN_LEN)
throw(Exception("Decoding of domain name failed - domain name is too long."));
return domain;
}
void Buffer::putDnsDomainName(const std::string& value, const bool compressionAllowed)
{
char domain[MAX_DOMAIN_LEN + 1]; // one additional byte for teminating zero byte
uint domainLabelIndexes[MAX_DOMAIN_LEN + 1]; // one additional byte for teminating zero byte
if (value.length() > MAX_DOMAIN_LEN)
throw(Exception("Domain name too long to be stored in dns message"));
// write empty domain
if (value.length() == 0)
{
put8bits(0);
return;
}
// convert value to <domain> without links as defined in RFC
// blue.ims.cz -> |4|b|l|u|e|3|i|m|s|2|c|z|0|
uint labelLen = 0;
uint labelLenPos = 0;
uint domainPos = 1;
uint ix = 0;
uint domainLabelIndexesCount = 0;
while (true)
{
if (value[ix] == '.' || ix == value.length())
{
if (labelLen > MAX_LABEL_LEN)
throw(Exception("Encoding failed because of too long domain label (max length is 63 characters)"));
domain[labelLenPos] = labelLen;
domainLabelIndexes[domainLabelIndexesCount++] = labelLenPos;
// ignore dot at the end since we do not want to encode
// empty label (which will produce one extra 0x00 byte)
if (value[ix] == '.' && ix == value.length() - 1)
{
break;
}
// finish at the end of the string value
if (ix == value.length())
{
// terminating zero byte
domain[domainPos] = 0;
domainPos++;
break;
}
labelLenPos = domainPos;
labelLen = 0;
}
else
{
labelLen++;
domain[domainPos] = value[ix];
}
domainPos++;
ix++;
}
if (compressionAllowed)
{
// look for domain name parts in buffer and look for fragments for compression
// loop over all domain labels
bool compressionTipFound = false;
uint compressionTipPos = 0;
for (uint i = 0; i < domainLabelIndexesCount; i++)
{
// position of current label in domain buffer
uint domainLabelPos = (uint)domainLabelIndexes[i];
// pointer to subdomain (including initial byte for first label length)
char* subDomain = domain + domainLabelPos;
// length of subdomain (e.g. |3|i|m|s|2|c|z|0| for blue.ims.cz)
uint subDomainLen = domainPos - domainLabelPos;
// find buffer range that makes sense to search in
uint buffLen = mBufferPtr - mBuffer;
// search if buffer is large enough for searching
if (buffLen > subDomainLen)
{
// modify buffer length
buffLen -= subDomainLen;
// go through buffer from beginning and try to find occurence of compression tip
for (uint buffPos = 0; buffPos < buffLen ; buffPos++)
{
// compare compression tip and content at current position in buffer
compressionTipFound = (memcmp(mBuffer + buffPos, subDomain, subDomainLen) == 0);
if (compressionTipFound)
{
compressionTipPos = buffPos;
break;
}
}
}
if (compressionTipFound)
{
// link starts with value bin(1100000000000000)
uint linkValue = 0xc000;
linkValue += compressionTipPos;
put16bits(linkValue);
break;
}
else
{
// write label
uint labelLen = subDomain[0];
putBytes(subDomain, labelLen + 1);
}
}
// write terminating zero if no compression tip was found and all labels are writtten to buffer
if (!compressionTipFound)
put8bits(0);
}
else
{
// compression is disabled, domain is written as it is
putBytes(domain, domainPos);
}
}
void Buffer::dump(const uint count)
{
cout << "Buffer dump" << endl;
cout << "size: " << mBufferSize << " bytes" << endl;
cout << "---------------------------------" << setfill('0');
uint dumpCount = count > 0 ? count : mBufferSize;
for (uint i = 0; i < dumpCount; i++) {
if ((i % 10) == 0) {
cout << endl << setw(2) << i << ": ";
}
uchar c = mBuffer[i];
cout << hex << setw(2) << int(c) << " " << dec;
}
cout << endl << setfill(' ');
cout << "---------------------------------" << endl;
}
void Buffer::checkAvailableSpace(const uint additionalSpace)
{
// check if buffer pointer is valid
if (mBufferPtr < mBuffer)
throw(Exception("Buffer pointer is invalid"));
// get position in buffer
uint bufferPos = (mBufferPtr - mBuffer);
// check if we are inside buffer
if ((bufferPos + additionalSpace) > mBufferSize)
throw(Exception("Try to read behind buffer"));
}

118
dnslib/include/dnslib/buffer.h Normal file
View file

@ -0,0 +1,118 @@
/**
* DNS Buffer
*
* Copyright (c) 2014 Michal Nezerka
* All rights reserved.
*
* Developed by: Michal Nezerka
* https://github.com/mnezerka/
* mailto:michal.nezerka@gmail.com
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
* (the "Software"), to deal with the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
 * * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimers.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimers in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of Michal Nezerka, nor the names of its contributors
* may be used to endorse or promote products derived from this Software
* without specific prior written permission. 
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
* ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
*
*/
#ifndef _DNS_BUFFER_H
#define _DNS_BUFFER_H
#include <string>
#include <vector>
#include "dns.h"
namespace dns
{
/**
* Buffer for DNS protocol parsing and serialization
*
* <domain-name> is a domain name represented as a series of labels, and
* terminated by a label with zero length.
*
* <character-string> is a single length octet followed by that number
* of characters. <character-string> is treated as binary information,
* and can be up to 256 characters in length (including the length octet).
*
*/
class Buffer
{
public:
Buffer(char* buffer, uint bufferSize) : mBuffer(buffer), mBufferSize(bufferSize), mBufferPtr(buffer) { }
// get current position in buffer
uint getPos() { return mBufferPtr - mBuffer; }
// set current position in buffer
void setPos(const uint pos);
// get buffer size in bytes
uint getSize() { return mBufferSize; }
// Helper function that get 8 bits from the buffer and keeps it an int.
uchar get8bits();
void put8bits(const uchar value);
// Helper function that get 16 bits from the buffer and keeps it an int.
uint get16bits();
void put16bits(const uint value);
// Helper function that get 32 bits from the buffer and keeps it an int.
uint get32bits();
void put32bits(const uint value);
// Helper function that gets number of bytes from the buffer
char* getBytes(uint count);
void putBytes(const char* data, uint count);
// Helper function that gets <character-string> (according to RFC 1035) from buffer
std::string getDnsCharacterString();
void putDnsCharacterString(const std::string& value);
// Helper function that gets <domain> (according to RFC 1035) from buffer
std::string getDnsDomainName(const bool compressionAllowed = true);
// Helper function that puts <domain> (according to RFC 1035) to buffer
void putDnsDomainName(const std::string& value, const bool compressionAllowed = true);
// Check if there is enough space in buffer
void checkAvailableSpace(const uint additionalSpace);
// Function that dumps the whole buffer
void dump(const uint count = 0);
private:
// buffer content
char* mBuffer;
// buffer content size
const uint mBufferSize;
// current position in buffer
char* mBufferPtr;
// list of link positions visited when decoding domain name
std::vector<uint> mLinkPos;
};
} // namespace
#endif /* _DNS_BUFFER_H */

126
dnslib/include/dnslib/dns.h Normal file
View file

@ -0,0 +1,126 @@
/**
* DNS LIB Globals
*
* Copyright (c) 2014 Michal Nezerka
* All rights reserved.
*
* Developed by: Michal Nezerka
* https://github.com/mnezerka/
* mailto:michal.nezerka@gmail.com
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
* (the "Software"), to deal with the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
 * * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimers.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimers in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of Michal Nezerka, nor the names of its contributors
* may be used to endorse or promote products derived from this Software
* without specific prior written permission. 
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
* ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
*
*/
#ifndef _DNS_DNS_H
#define _DNS_DNS_H
namespace dns {
typedef unsigned char uchar;
typedef unsigned int uint;
typedef unsigned long ulong;
typedef unsigned char byte;
// maximal length of domain label name
const uint MAX_MSG_LEN = 512;
const uint MAX_LABEL_LEN = 63;
const uint MAX_DOMAIN_LEN = 255;
// CLASS types
enum eClass {
// the Internet
CLASS_IN = 1,
// the CSNET class (Obsolete)
CLASS_CS,
// the CHAOS class
CLASS_CH,
// Hesiod
CLASS_HS
};
// QCLASS types
enum eQClass {
// the Internet
QCLASS_IN = 1,
// the CSNET class (Obsolete)
QCLASS_CS,
// the CHAOS class
QCLASS_CH,
// Hesiod
QCLASS_HS,
// Any class - *
QCLASS_ASTERISK = 255
};
// RData types
enum eRDataType {
// a host address
RDATA_A = 1,
// an authoritative name server
RDATA_NS = 2,
// a mail destination (Obsolete - use MX)
RDATA_MD = 3,
// a mail forwarder (Obsolete - use MX)
RDATA_MF = 4,
// the canonical name for an alias
RDATA_CNAME = 5,
// marks the start of a zone of authority
RDATA_SOA = 6,
// a mailbox domain name (EXPERIMENTAL)
RDATA_MB = 7,
// a mail group member (EXPERIMENTAL)
RDATA_MG = 8,
// a mail rename domain name (EXPERIMENTAL)
RDATA_MR = 9,
// a null RR (EXPERIMENTAL)
RDATA_NULL = 10,
// a well known service description
RDATA_WKS = 11,
// a domain name pointer
RDATA_PTR = 12,
// host information
RDATA_HINFO = 13,
// mailbox or mail list information
RDATA_MINFO = 14,
// mail exchange
RDATA_MX = 15,
// text strings
RDATA_TXT = 16,
// IPv6 address
RDATA_AAAA = 28,
// naming authority pointer
RDATA_NAPTR = 35,
RDATA_SRV = 0x0021,
RDATA_A6 = 0x0026,
RDATA_OPT = 0x0029,
RDATA_ANY = 0x00ff
};
} // namespace
#endif /* _DNS_DNS_H */

69
dnslib/include/dnslib/exception.h Normal file
View file

@ -0,0 +1,69 @@
/**
* DNS Exception
*
* Copyright (c) 2014 Michal Nezerka
* All rights reserved.
*
* Developed by: Michal Nezerka
* https://github.com/mnezerka/
* mailto:michal.nezerka@gmail.com
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
* (the "Software"), to deal with the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
 * * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimers.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimers in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of Michal Nezerka, nor the names of its contributors
* may be used to endorse or promote products derived from this Software
* without specific prior written permission. 
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
* ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
*
*/
#ifndef _DNS_EXCEPTION_H
#define _DNS_EXCEPTION_H
#include <exception>
#include <string>
namespace dns {
/**
* Exception class extends standard exception funtionality and adds it the text
* message to inform about the reason of the exception thrown.
*/
class Exception : public std::exception {
public:
// Constructor
// @param text Information text to be filled with the reasons of the exception
Exception(const std::string& text) : m_text(text) { }
Exception(const char *text) : m_text(text) { }
virtual ~Exception() throw() { }
// Returns the information text string
virtual const char* what() const throw()
{
return m_text.data();
}
private:
std::string m_text;
};
}
#endif /* _DNS_EXCEPTION_H */

235
dnslib/include/dnslib/message.h Normal file
View file

@ -0,0 +1,235 @@
/**
* DNS Message
*
* Copyright (c) 2014 Michal Nezerka
* All rights reserved.
*
* Developed by: Michal Nezerka
* https://github.com/mnezerka/
* mailto:michal.nezerka@gmail.com
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
* (the "Software"), to deal with the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
 * * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimers.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimers in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of Michal Nezerka, nor the names of its contributors
* may be used to endorse or promote products derived from this Software
* without specific prior written permission. 
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
* ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
*
*/
#ifndef _DNS_MESSAGE_H
#define _DNS_MESSAGE_H
#include <string>
#include <vector>
#include "dns.h"
#include "rr.h"
#include "qs.h"
#include "buffer.h"
namespace dns {
/**
* Class represents the DNS Message.
*
* All communications inside of the domain protocol are carried in a single
* format called a message. The top level format of message is divided
* into 5 sections (some of which are empty in certain cases) shown below:
*
* +---------------------+
* | Header |
* +---------------------+
* | Question | the question for the name server
* +---------------------+
* | Answer | RRs answering the question
* +---------------------+
* | Authority | RRs pointing toward an authority
* +---------------------+
* | Additional | RRs holding additional information
* +---------------------+
*
* The header section is always present. The header includes fields that
* specify which of the remaining sections are present, and also specify
* whether the message is a query or a response, a standard query or some
* other opcode, etc.
*
* Header section format
*
* The header contains the following fields:
*
* 1 1 1 1 1 1
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* | ID |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* |QR| Opcode |AA|TC|RD|RA| Z | RCODE |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* | QDCOUNT |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* | ANCOUNT |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* | NSCOUNT |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* | ARCOUNT |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
*
* where:
*
* ID A 16 bit identifier assigned by the program that generates any kind of query. This identifier is copied
* the corresponding reply and can be used by the requester to match up replies to outstanding queries.
*
* QR A one bit field that specifies whether this message is a query (0), or a response (1).
*
* OPCODE A four bit field that specifies kind of query in this message. This value is set by the originator of a query
* and copied into the response. The values are:
*
* 0 a standard query (QUERY)
* 1 an inverse query (IQUERY)
* 2 a server status request (STATUS)
* 3-15 reserved for future use
*
* AA Authoritative Answer - this bit is valid in responses, and specifies that the responding name server is an
* authority for the domain name in question section.
*
* Note that the contents of the answer section may have multiple owner names because of aliases. The AA bit
* corresponds to the name which matches the query name, or the first owner name in the answer section.
*
* TC TrunCation - specifies that this message was truncated due to length greater than that permitted on the
* transmission channel.
*
* RD Recursion Desired - this bit may be set in a query and is copied into the response. If RD is set, it directs
* the name server to pursue the query recursively. Recursive query support is optional.
*
* RA Recursion Available - this be is set or cleared in a response, and denotes whether recursive query support is
* available in the name server.
*
* Z Reserved for future use. Must be zero in all queries and responses.
*
* RCODE Response code - this 4 bit field is set as part of
* responses. The values have the following
* interpretation:
*
* 0 No error condition
* 1 Format error - The name server was unable to interpret the query.
* 2 Server failure - The name server was unable to process this query due to a problem with
* the name server.
* 3 Name Error - Meaningful only for responses from an authoritative name
* server, this code signifies that the domain name referenced in the query does not exist.
* 4 Not Implemented - The name server does not support the requested kind of query.
* 5 Refused - The name server refuses to perform the specified operation for
* policy reasons. For example, a name server may not wish to provide the
* information to the particular requester, or a name server may not wish to perform
* a particular operation (e.g., zone transfer) for particular data.
* 6-15 Reserved for future use.
*
* QDCOUNT an unsigned 16 bit integer specifying the number of entries in the question section.
* ANCOUNT an unsigned 16 bit integer specifying the number of resource records in the answer section.
* NSCOUNT an unsigned 16 bit integer specifying the number of name server resource records in the authority records section.
* ARCOUNT an unsigned 16 bit integer specifying the number of resource records in the additional records section.
*/
class Message {
public:
static const uint typeQuery = 0;
static const uint typeResponse = 1;
// Constructor.
Message() : mId(0), mQr(typeQuery), mOpCode(0), mAA(0), mTC(0), mRD(0), mRA(0), mRCode(0) { }
// Virtual desctructor
~Message();
// Decode DNS message from buffer
// @param buffer The buffer to code the message header into.
// @param size - size of buffer
void decode(const char* buffer, const uint size);
// Function that codes the DNS message
// @param buffer The buffer to code the message header into.
// @param size - size of buffer
// @param validSize - number of bytes that contain encoded message
void encode(char* buffer, const uint size, uint &validSize);
uint getId() const throw() { return mId; }
void setId(uint id) { mId = id; }
void setQr(const uint newQr) { mQr = newQr & 1; }
uint getQr() { return mQr; }
void setOpCode(const uint newOpCode) { mOpCode = newOpCode & 15; }
uint getOpCode() { return mOpCode; }
void setAA(const uint newAA) { mAA = newAA & 1; }
uint getAA() { return mAA; }
void setTC(const uint newTC) { mTC = newTC & 1; }
uint getTC() { return mTC; }
void setRD(const uint newRD) { mRD = newRD & 1; }
uint getRD() { return mRD; }
void setRA(const uint newRA) { mRA = newRA & 1; }
uint getRA() { return mRA; }
void setRCode(const uint newRCode) { mRCode = newRCode & 15; }
uint getRCode() { return mRCode; }
uint getQdCount() { return mQueries.size(); }
uint getAnCount() { return mAnswers.size(); }
uint getNsCount() { return mAuthorities.size(); }
uint getArCount() { return mAdditional.size(); }
void addQuery(QuerySection* qs) { mQueries.push_back(qs); };
std::vector<QuerySection*> getQueries() { return mQueries; };
void addAnswer(ResourceRecord* rr) { mAnswers.push_back(rr); };
std::vector<ResourceRecord*> getAnswers() { return mAnswers; };
void addAuthority(ResourceRecord* rr) { mAuthorities.push_back(rr); };
std::vector<ResourceRecord*> getAuthorities() { return mAuthorities; };
void addAdditional(ResourceRecord* rr) { mAdditional.push_back(rr); };
std::vector<ResourceRecord*> getAdditional() { return mAdditional; };
// Returns the DNS message header as a string text.
std::string asString();
private:
static const uint HDR_OFFSET = 12;
uint mId;
uint mQr;
uint mOpCode;
uint mAA;
uint mTC;
uint mRD;
uint mRA;
uint mRCode;
std::vector<QuerySection*> mQueries;
std::vector<ResourceRecord*> mAnswers;
std::vector<ResourceRecord*> mAuthorities;
std::vector<ResourceRecord*> mAdditional;
void decodeResourceRecords(Buffer &buffer, uint count, std::vector<ResourceRecord*> &list);
void removeAllRecords();
};
} // namespace
#endif /* _DNS_MESSAGE_H */

125
dnslib/include/dnslib/qs.h Normal file
View file

@ -0,0 +1,125 @@
/**
* DNS Question Section
*
* Copyright (c) 2014 Michal Nezerka
* All rights reserved.
*
* Developed by: Michal Nezerka
* https://github.com/mnezerka/
* mailto:michal.nezerka@gmail.com
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
* (the "Software"), to deal with the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
 * * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimers.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimers in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of Michal Nezerka, nor the names of its contributors
* may be used to endorse or promote products derived from this Software
* without specific prior written permission. 
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
* ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
*
*/
#ifndef _DNS_QS_H
#define _DNS_QS_H
#include <string>
#include <vector>
#include "dns.h"
#include "buffer.h"
namespace dns {
/* Class represents a DNS Question Section Entry
*
* The DNS Question section entry has the following format:
*
* 1 1 1 1 1 1
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* | |
* / QNAME /
* / /
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* | QTYPE |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* | QCLASS |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
*
* where:
*
* QNAME a domain name represented as a sequence of labels, where
* each label consists of a length octet followed by that
* number of octets. The domain name terminates with the
* zero length octet for the null label of the root. Note
* that this field may be an odd number of octets; no
* padding is used.
*
* QTYPE a two octet code which specifies the type of the query.
* The values for this field include all codes valid for a
* TYPE field, together with some more general codes which
* can match more than one type of RR.
*
* QCLASS a two octet code that specifies the class of the query.
* For example, the QCLASS field is IN for the Internet.
*/
class QuerySection
{
public:
/* Constructor */
QuerySection(const std::string& qName = "") : mQName(qName), mQType(0), mQClass(QCLASS_IN) { };
/* Set type of the query */
void setType(uint qType) { mQType = qType; };
/* Set type class of the query */
void setClass(eQClass qClass) { mQClass = qClass; };
/* Set name field from a string */
void setName(const std::string& qName) { mQName = qName; } ;
/* Get name filed of the query */
std::string getName() const { return mQName; } ;
/* Get the type of the query */
uint getType() const { return mQType; };
/* Get the class of the query */
eQClass getClass() const { return mQClass; } ;
void encode(Buffer &buffer);
std::string asString();
private:
// Name of the query
std::string mQName;
// Type field
uint mQType;
// Class of the query
eQClass mQClass;
};
} // namespace
#endif /* _DNS_QS_H */

571
dnslib/include/dnslib/rr.h Normal file
View file

@ -0,0 +1,571 @@
/**
* DNS Resource Record
*
* Copyright (c) 2014 Michal Nezerka
* All rights reserved.
*
* Developed by: Michal Nezerka
* https://github.com/mnezerka/
* mailto:michal.nezerka@gmail.com
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
* (the "Software"), to deal with the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
 * * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimers.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimers in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of Michal Nezerka, nor the names of its contributors
* may be used to endorse or promote products derived from this Software
* without specific prior written permission. 
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
* ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
*/
#ifndef _DNS_RR_H
#define _DNS_RR_H
#include <string>
#include <vector>
#include <arpa/inet.h>
#include "dns.h"
#include "buffer.h"
namespace dns {
/** Abstract class that act as base for all Resource Record RData types */
class RData {
public:
virtual ~RData() { };
virtual eRDataType getType() = 0;
virtual void decode(Buffer &buffer, const uint size) = 0;
virtual void encode(Buffer &buffer) = 0;
virtual std::string asString() = 0;
};
/**
* RData with name of type dns domain
*/
class RDataWithName: public RData {
public:
RDataWithName() : mName("") { };
virtual ~RDataWithName() { };
virtual void decode(Buffer &buffer, const uint size);
virtual void encode(Buffer &buffer);
virtual void setName(const std::string& newName) { mName = newName; };
virtual std::string getName() { return mName; };
private:
// <domain-name> as defined in DNS RFC (sequence of labels)
std::string mName;
};
/**
* CName Representation
*/
class RDataCNAME: public RDataWithName {
public:
virtual eRDataType getType() { return RDATA_CNAME; };
virtual std::string asString();
};
/**
* HINFO Record Representation
*/
class RDataHINFO: public RData {
public:
RDataHINFO() : mCpu(""), mOs("") { };
virtual ~RDataHINFO() { };
virtual eRDataType getType() { return RDATA_HINFO; };
void setCpu(const std::string& newCpu) { mCpu = newCpu; };
std::string getCpu() { return mCpu; };
void setOs(const std::string& newOs) { mOs = newOs; };
std::string getOs() { return mOs; };
virtual void decode(Buffer &buffer, const uint size);
virtual void encode(Buffer &buffer);
virtual std::string asString();
private:
// CPU type
std::string mCpu;
// Operating system type
std::string mOs;
};
/**
* MB RData Representation
*
* A name specifies <domain-name> of host which has the specified mailbox.
*/
class RDataMB: public RDataWithName {
public:
virtual eRDataType getType() { return RDATA_MB; };
virtual std::string asString();
};
/**
* MD RData Representation
*
* A <domain-name> specifies a host which has a mail agent for the domain
* which should be able to deliver mail for the domain.
*/
class RDataMD: public RDataWithName {
public:
virtual eRDataType getType() { return RDATA_MD; };
virtual std::string asString();
};
/**
* MF RData Representation
*
* A <domain-name> which specifies a host which has a mail agent for the domain
* which will accept mail for forwarding to the domain.
*/
class RDataMF: public RDataWithName {
public:
virtual eRDataType getType() { return RDATA_MF; };
virtual std::string asString();
};
/**
* MG RData Representation
*
* A <domain-name> which specifies a mailbox which is a member of the mail group
* specified by the domain name.
*/
class RDataMG: public RDataWithName {
public:
virtual eRDataType getType() { return RDATA_MG; };
virtual std::string asString();
};
/**
* MINFO Record Representation
*/
class RDataMINFO: public RData {
public:
RDataMINFO() : mRMailBx(""), mMailBx("") { };
virtual ~RDataMINFO() { };
virtual eRDataType getType() { return RDATA_MINFO; };
void setRMailBx(const std::string& newRMailBx) { mRMailBx = newRMailBx; };
std::string getRMailBx() { return mRMailBx; };
void setMailBx(const std::string& newMailBx) { mMailBx = newMailBx; };
std::string getMailBx() { return mMailBx; };
virtual void decode(Buffer &buffer, const uint size);
virtual void encode(Buffer &buffer);
virtual std::string asString();
private:
// A <domain-name> which specifies a mailbox which is
// responsible for the mailing list or mailbox.
std::string mRMailBx;
// A <domain-name> which specifies a mailbox which is to
// receive error messages related to the mailing list or
// mailbox specified by the owner of the MINFO RR.
std::string mMailBx;
};
/**
* MR RData Representation
*
* A <domain-name> which specifies a mailbox which is the
* proper rename of the specified mailbox.
*/
class RDataMR: public RDataWithName {
public:
virtual eRDataType getType() { return RDATA_MR; };
virtual std::string asString();
};
/**
* MX Record Representation
*/
class RDataMX: public RData {
public:
RDataMX() : mPreference(0), mExchange("") { };
virtual ~RDataMX() { };
virtual eRDataType getType() { return RDATA_MX; };
void setPreference(const uint newPreference) { mPreference = newPreference; };
uint getPreference() { return mPreference; };
void setExchange(const std::string& newExchange) { mExchange = newExchange; };
std::string getExchange() { return mExchange; };
virtual void decode(Buffer &buffer, const uint size);
virtual void encode(Buffer &buffer);
virtual std::string asString();
private:
// A 16 bit integer which specifies the preference given to
// this RR among others at the same owner. Lower values are preferred.
uint mPreference;
// A <domain-name> which specifies a host willing to act
// as a mail exchange for the owner name
std::string mExchange;
};
/** Generic RData field which stores raw RData bytes.
*
* This class is used for cases when RData type is not known or
* class for appropriate type is not implemented. */
class RDataNULL : public RData {
public:
RDataNULL() : mDataSize(0), mData(NULL) { };
virtual ~RDataNULL();
virtual eRDataType getType() { return RDATA_NULL; };
virtual void decode(Buffer &buffer, const uint size);
virtual void encode(Buffer &buffer);
virtual std::string asString();
private:
// raw data
uint mDataSize;
char* mData;
};
/**
* NS RData Representation
*
* A <domain-name> which specifies a host which should be
* authoritative for the specified class and domain.
*/
class RDataNS: public RDataWithName {
public:
virtual eRDataType getType() { return RDATA_NS; };
virtual std::string asString();
};
/**
* PTR RData Representation
*
* A <domain-name> which points to some location in the
* domain name space.
*/
class RDataPTR: public RDataWithName {
public:
virtual eRDataType getType() { return RDATA_PTR; };
virtual std::string asString();
};
/**
* SOA Record Representation
*/
class RDataSOA: public RData {
public:
RDataSOA() : mMName(""), mRName(""), mSerial(0), mRefresh(0), mRetry(0), mExpire(0), mMinimum(0) { };
virtual ~RDataSOA() { };
virtual eRDataType getType() { return RDATA_SOA; };
void setMName(const std::string& newMName) { mMName = newMName; };
std::string getMName() { return mMName; };
void setRName(const std::string& newRName) { mRName = newRName; };
std::string getRName() { return mRName; };
void setSerial(const uint newSerial) { mSerial = newSerial; };
uint getSerial() { return mSerial; };
void setRefresh(const uint newRefresh) { mRefresh = newRefresh; };
uint getRefresh() { return mRefresh; };
void setRetry(const uint newRetry) { mRetry = newRetry; };
uint getRetry() { return mRetry; };
void setExpire(const uint newExpire) { mExpire = newExpire; };
uint getExpire() { return mExpire; };
void setMinimum(const uint newMinimum) { mMinimum = newMinimum; };
uint getMinimum() { return mMinimum; };
virtual void decode(Buffer &buffer, const uint size);
virtual void encode(Buffer &buffer);
virtual std::string asString();
private:
// The <domain-name> of the name server that was the
// original or primary source of data for this zone.
std::string mMName;
// A <domain-name> which specifies the mailbox of the
// person responsible for this zone.
std::string mRName;
// The unsigned 32 bit version number of the original copy
// of the zone. Zone transfers preserve this value. This
// value wraps and should be compared using sequence space
// arithmetic.
uint mSerial;
// A 32 bit time interval before the zone should be refreshed.
uint mRefresh;
// A 32 bit time interval that should elapse before a
// failed refresh should be retried.
uint mRetry;
// A 32 bit time value that specifies the upper limit on
// the time interval that can elapse before the zone is no
// longer authoritative.
uint mExpire;
// The unsigned 32 bit minimum TTL field that should be
// exported with any RR from this zone.
uint mMinimum;
};
/**
* TXT Record Representation
*
* TXT RRs are used to hold descriptive text. The semantics of the text
* depends on the domain where it is found.
*/
class RDataTXT: public RData {
public:
RDataTXT() { };
virtual ~RDataTXT() { };
virtual eRDataType getType() { return RDATA_TXT; };
virtual void decode(Buffer &buffer, const uint size);
virtual void encode(Buffer &buffer);
virtual std::string asString();
virtual void addTxt(const std::string& newTxt) { mTexts.push_back(newTxt); };
//virtual std::string getTxt() { return mTxt; };
private:
// One or more <character-string>s.
std::vector<std::string> mTexts;
};
/**
* A Record Representation (IPv4 address)
*/
class RDataA: public RData {
public:
RDataA() { for (uint i = 0; i < 4; i++) mAddr[i] = 0; };
virtual ~RDataA() { };
virtual eRDataType getType() { return RDATA_A; };
void setAddress(const uchar *addr) { for (uint i = 0; i < 4; i++) mAddr[i] = addr[i]; };
void setAddress(const std::string &addr) { inet_pton(AF_INET, addr.c_str(), &mAddr); };
uchar* getAddress() { return mAddr; };
virtual void decode(Buffer &buffer, const uint size);
virtual void encode(Buffer &buffer);
virtual std::string asString();
private:
// 32 bit internet address.
uchar mAddr[4];
};
/**
* WKS Record Representation
*/
class RDataWKS: public RData {
public:
RDataWKS() : mProtocol(0), mBitmap(NULL), mBitmapSize(0) { for (uint i = 0; i < 4; i++) mAddr[i] = 0; };
virtual ~RDataWKS();
virtual eRDataType getType() { return RDATA_WKS; };
void setAddress(const uchar *addr) { for (uint i = 0; i < 4; i++) mAddr[i] = addr[i]; };
uchar* getAddress() { return mAddr; };
void setProtocol(const uint newProtocol) { mProtocol = newProtocol; };
uint getProtocol() { return mProtocol; };
uint getBitmapSize() { return mBitmapSize; }
virtual void decode(Buffer &buffer, const uint size);
virtual void encode(Buffer &buffer);
virtual std::string asString();
private:
// 32 bit internet address.
uchar mAddr[4];
// An 8 bit IP protocol number
uint mProtocol;
// A variable length bit map. The bit map must be a
// multiple of 8 bits long.
char *mBitmap;
// Size of bitmap
uint mBitmapSize;
};
/**
* AAAA Record Representation (IPv6 address)
*/
class RDataAAAA: public RData {
public:
RDataAAAA() { for (uint i = 0; i < 16; i++) mAddr[i] = 0; };
virtual ~RDataAAAA() { };
virtual eRDataType getType() { return RDATA_AAAA; };
void setAddress(const uchar *addr) { for (uint i = 0; i < 16; i++) mAddr[i] = addr[i]; };
uchar* getAddress() { return mAddr; };
virtual void decode(Buffer &buffer, const uint size);
virtual void encode(Buffer &buffer);
virtual std::string asString();
private:
// 128 bit IPv6 address.
uchar mAddr[16];
};
// http://www.ietf.org/rfc/rfc2915.txt - NAPTR
class RDataNAPTR : public RData {
public:
RDataNAPTR() : mOrder(0), mPreference(0), mFlags(""), mServices(""), mRegExp(""), mReplacement("") { };
virtual ~RDataNAPTR() { };
virtual eRDataType getType() { return RDATA_NAPTR; };
void setOrder(uint newOrder) { mOrder = newOrder; };
uint getOrder() { return mOrder; };
void setPreference(uint newPreference) { mPreference = newPreference; };
uint getPreference() { return mPreference; };
void setFlags (std::string newFlags) { mFlags = newFlags; };
std::string getFlags () { return mFlags; };
void setServices (std::string newServices) { mServices = newServices; };
std::string getServices () { return mServices; };
void setRegExp (std::string newRegExp) { mRegExp = newRegExp; };
std::string getRegExp () { return mRegExp; };
void setReplacement (std::string newReplacement) { mReplacement = newReplacement; };
std::string getReplacement () { return mReplacement; };
virtual void decode(Buffer &buffer, const uint size);
virtual void encode(Buffer &buffer);
virtual std::string asString();
private:
uint mOrder;
uint mPreference;
std::string mFlags;
std::string mServices;
std::string mRegExp;
std::string mReplacement;
};
/** Represents DNS Resource Record
*
* Each resource record has the following format:
*
* 1 1 1 1 1 1
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* | |
* / /
* / NAME /
* | |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* | TYPE |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* | CLASS |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* | TTL |
* | |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
* | RDLENGTH |
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
* / RDATA /
* / /
* +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
*
* where:
*
* NAME a domain name to which this resource record pertains.
*
* TYPE two octets containing one of the RR type codes. This
* field specifies the meaning of the data in the RDATA
* field.
*
* CLASS two octets which specify the class of the data in the
* RDATA field.
*
* TTL a 32 bit unsigned integer that specifies the time
* interval (in seconds) that the resource record may be
* cached before it should be discarded. Zero values are
* interpreted to mean that the RR can only be used for the
* transaction in progress, and should not be cached.
*
* RDLENGTH an unsigned 16 bit integer that specifies the length in
* octets of the RDATA field.
*
* RDATA a variable length string of octets that describes the
* resource. The format of this information varies
* according to the TYPE and CLASS of the resource record.
* For example, the if the TYPE is A and the CLASS is IN,
* the RDATA field is a 4 octet ARPA Internet address.
*/
class ResourceRecord
{
public:
/* Constructor */
ResourceRecord() : mName(""), mType (RDATA_NULL), mClass(CLASS_IN), mTtl(0), mRDataSize(0), mRData(NULL) { };
~ResourceRecord();
void setName(std::string newName) { mName = newName; };
uint getName() const;
void setType(const eRDataType type) { mType = type; };
eRDataType getType() { return mType; };
void setClass(eClass newClass) { mClass = newClass; };
eClass getClass() const;
void setTtl(uint newTtl) { mTtl = newTtl; };
uint getTtl() const;
void setRData(RData *newRData) { mRData = newRData; mType = newRData->getType(); };
RData *getRData() { return mRData; };
void decode(Buffer &buffer);
void encode(Buffer &buffer);
std::string asString();
private:
/* Domain name to which this resource record pertains */
std::string mName;
/* Type field */
eRDataType mType;
/* Class field */
eClass mClass;
/* TTL field */
uint mTtl;
/* size of RData */
uint mRDataSize;
/* rdata */
RData *mRData;
};
} // namespace
#endif /* _DNS_RR_H */

221
dnslib/message.cpp Normal file
View file

@ -0,0 +1,221 @@
/**
* DNS Message
*
* Copyright (c) 2014 Michal Nezerka
* All rights reserved.
*
* Developed by: Michal Nezerka
* https://github.com/mnezerka/
* mailto:michal.nezerka@gmail.com
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
* (the "Software"), to deal with the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
 * * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimers.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimers in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of Michal Nezerka, nor the names of its contributors
* may be used to endorse or promote products derived from this Software
* without specific prior written permission. 
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
* ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
*
*/
#include <iostream>
#include <sstream>
#include <cstring>
#include <iomanip>
#ifdef _WIN32
#include <Winsock2.h>
#else
#include <netinet/in.h>
#endif
#include <dnslib/message.h>
#include <dnslib/exception.h>
using namespace dns;
using namespace std;
Message::~Message()
{
removeAllRecords();
}
void Message::removeAllRecords()
{
// delete all queries
for(std::vector<QuerySection*>::iterator it = mQueries.begin(); it != mQueries.end(); ++it)
delete(*it);
mQueries.clear();
// delete answers
for(std::vector<ResourceRecord*>::iterator it = mAnswers.begin(); it != mAnswers.end(); ++it)
delete(*it);
mAnswers.clear();
// delete authorities
for(std::vector<ResourceRecord*>::iterator it = mAuthorities.begin(); it != mAuthorities.end(); ++it)
delete(*it);
mAuthorities.clear();
// delete additional
for(std::vector<ResourceRecord*>::iterator it = mAdditional.begin(); it != mAdditional.end(); ++it)
delete(*it);
mAdditional.clear();
}
void Message::decode(const char* buffer, const uint bufferSize)
{
if (bufferSize > MAX_MSG_LEN)
throw (Exception("Aborting parse of message which exceedes maximal DNS message length."));
Buffer buff(const_cast<char*>(buffer), bufferSize);
// 1. delete all items in lists of message records (queries, resource records)
removeAllRecords();
// 2. read header
mId = buff.get16bits();
uint fields = buff.get16bits();
mQr = (fields >> 15) & 1;
mOpCode = (fields >> 11) & 15;
mAA = (fields >> 10) & 1;
mTC = (fields >> 9) & 1;
mRD = (fields >> 8) & 1;
mRA = (fields >> 7) & 1;
uint qdCount = buff.get16bits();
uint anCount = buff.get16bits();
uint nsCount = buff.get16bits();
uint arCount = buff.get16bits();
// 3. read Question Sections
for (uint i = 0; i < qdCount; i++)
{
std::string qName = buff.getDnsDomainName();
uint qType = buff.get16bits();
eQClass qClass = static_cast<eQClass>(buff.get16bits());
QuerySection *qs = new QuerySection(qName);
qs->setType(qType);
qs->setClass(qClass);
mQueries.push_back(qs);
}
// 4. read Answer Resource Records
Message::decodeResourceRecords(buff, anCount, mAnswers);
Message::decodeResourceRecords(buff, nsCount, mAuthorities);
Message::decodeResourceRecords(buff, arCount, mAdditional);
// 5. check that buffer is consumed
if (buff.getPos() != buff.getSize())
throw(Exception("Message buffer not empty after parsing"));
}
void Message::decodeResourceRecords(Buffer &buffer, uint count, std::vector<ResourceRecord*> &list)
{
for (uint i = 0; i < count; i++)
{
ResourceRecord *rr = new ResourceRecord();
list.push_back(rr);
rr->decode(buffer);
}
}
void Message::encode(char* buffer, const uint bufferSize, uint &validSize)
{
validSize = 0;
Buffer buff(buffer, bufferSize);
// encode header
buff.put16bits(mId);
uint fields = ((mQr & 1) << 15);
fields += ((mOpCode & 15) << 11);
fields += ((mAA & 1) << 10);
fields += ((mTC & 1) << 9);
fields += ((mRD & 1) << 8);
fields += ((mRA & 1) << 7);
fields += ((mRCode & 15));
buff.put16bits(fields);
buff.put16bits(mQueries.size());
buff.put16bits(mAnswers.size());
buff.put16bits(mAuthorities.size());
buff.put16bits(mAdditional.size());
// encode queries
for(std::vector<QuerySection*>::iterator it = mQueries.begin(); it != mQueries.end(); ++it)
(*it)->encode(buff);
// encode answers
for(std::vector<ResourceRecord*>::iterator it = mAnswers.begin(); it != mAnswers.end(); ++it)
(*it)->encode(buff);
// encode authorities
for(std::vector<ResourceRecord*>::iterator it = mAuthorities.begin(); it != mAuthorities.end(); ++it)
(*it)->encode(buff);
// encode additional
for(std::vector<ResourceRecord*>::iterator it = mAdditional.begin(); it != mAdditional.end(); ++it)
(*it)->encode(buff);
validSize = buff.getPos();
}
string Message::asString()
{
ostringstream text;
text << "Header:" << endl;
text << "ID: " << showbase << hex << mId << endl << noshowbase;
text << " fields: [ QR: " << mQr << " opCode: " << mOpCode << " ]" << endl;
text << " QDcount: " << mQueries.size() << endl;
text << " ANcount: " << mAnswers.size() << endl;
text << " NScount: " << mAuthorities.size() << endl;
text << " ARcount: " << mAdditional.size() << endl;
if (mQueries.size() > 0)
{
text << "Queries:" << endl;
for(std::vector<QuerySection*>::iterator it = mQueries.begin(); it != mQueries.end(); ++it)
text << " " << (*it)->asString();
}
if (mAnswers.size() > 0)
{
text << "Answers:" << endl;
for(std::vector<ResourceRecord*>::iterator it = mAnswers.begin(); it != mAnswers.end(); ++it)
text << " " << (*it)->asString();
}
if (mAuthorities.size() > 0)
{
text << "Authorities:" << endl;
for(std::vector<ResourceRecord*>::iterator it = mAuthorities.begin(); it != mAuthorities.end(); ++it)
text << " " << (*it)->asString();
}
if (mAdditional.size() > 0)
{
text << "Additional:" << endl;
for(std::vector<ResourceRecord*>::iterator it = mAdditional.begin(); it != mAdditional.end(); ++it)
text << " " << (*it)->asString();
}
return text.str();
}

62
dnslib/qs.cpp Normal file
View file

@ -0,0 +1,62 @@
/**
* DNS Question Section
*
* Copyright (c) 2014 Michal Nezerka
* All rights reserved.
*
* Developed by: Michal Nezerka
* https://github.com/mnezerka/
* mailto:michal.nezerka@gmail.com
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
* (the "Software"), to deal with the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
 * * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimers.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimers in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of Michal Nezerka, nor the names of its contributors
* may be used to endorse or promote products derived from this Software
* without specific prior written permission. 
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
* ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
*
*/
#include <iostream>
#include <sstream>
#include <dnslib/exception.h>
#include <dnslib/buffer.h>
#include <dnslib/qs.h>
using namespace dns;
using namespace std;
string QuerySection::asString()
{
ostringstream text;
text << "<DNS Question: " << mQName << " qtype=" << mQType << " qclass=" << mQClass << endl;
return text.str();
}
void QuerySection::encode(Buffer &buffer)
{
buffer.putDnsDomainName(mQName);
buffer.put16bits(mQType);
buffer.put16bits(mQClass);
}

545
dnslib/rr.cpp Normal file
View file

@ -0,0 +1,545 @@
/**
* DNS Resource Record
*
* Copyright (c) 2014 Michal Nezerka
* All rights reserved.
*
* Developed by: Michal Nezerka
* https://github.com/mnezerka/
* mailto:michal.nezerka@gmail.com
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files
* (the "Software"), to deal with the Software without restriction,
* including without limitation the rights to use, copy, modify, merge,
* publish, distribute, sublicense, and/or sell copies of the Software,
* and to permit persons to whom the Software is furnished to do so,
* subject to the following conditions:
*
 * * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimers.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimers in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of Michal Nezerka, nor the names of its contributors
* may be used to endorse or promote products derived from this Software
* without specific prior written permission. 
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE CONTRIBUTORS OR COPYRIGHT HOLDERS BE LIABLE FOR
* ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS WITH THE SOFTWARE.
*
*/
#include <iostream>
#include <sstream>
#include <cstring>
#include <iomanip>
#include <dnslib/exception.h>
#include <dnslib/buffer.h>
#include <dnslib/rr.h>
using namespace dns;
using namespace std;
/////////// RDataWithName ///////////
void RDataWithName::decode(Buffer &buffer, const uint size)
{
mName = buffer.getDnsDomainName();
}
void RDataWithName::encode(Buffer &buffer)
{
buffer.putDnsDomainName(mName);
}
/////////// RDataCNAME /////////////////
std::string RDataCNAME::asString()
{
ostringstream text;
text << "<<CNAME domainName=" << getName();
return text.str();
}
/////////// RDataHINFO /////////////////
void RDataHINFO::decode(Buffer &buffer, const uint size)
{
mCpu = buffer.getDnsCharacterString();
mOs = buffer.getDnsCharacterString();
}
void RDataHINFO::encode(Buffer &buffer)
{
buffer.putDnsCharacterString(mCpu);
buffer.putDnsCharacterString(mOs);
}
std::string RDataHINFO::asString()
{
ostringstream text;
text << "<<HINFO cpu=" << mCpu << " os=" << mOs;
return text.str();
}
/////////// RDataMB /////////////////
std::string RDataMB::asString()
{
ostringstream text;
text << "<<MB madname=" << getName();
return text.str();
}
/////////// RDataMD /////////////////
std::string RDataMD::asString()
{
ostringstream text;
text << "<<MD madname=" << getName();
return text.str();
}
/////////// RDataMF /////////////////
std::string RDataMF::asString()
{
ostringstream text;
text << "<<MF madname=" << getName();
return text.str();
}
/////////// RDataMG /////////////////
std::string RDataMG::asString()
{
ostringstream text;
text << "<<MG madname=" << getName();
return text.str();
}
/////////// RDataMINFO /////////////////
void RDataMINFO::decode(Buffer &buffer, const uint size)
{
mRMailBx = buffer.getDnsDomainName();
mMailBx = buffer.getDnsDomainName();
}
void RDataMINFO::encode(Buffer &buffer)
{
buffer.putDnsDomainName(mRMailBx);
buffer.putDnsDomainName(mMailBx);
}
std::string RDataMINFO::asString()
{
ostringstream text;
text << "<<MINFO rmailbx=" << mRMailBx << " mailbx=" << mMailBx;
return text.str();
}
/////////// RDataMR /////////////////
std::string RDataMR::asString()
{
ostringstream text;
text << "<<MR newname=" << getName();
return text.str();
}
/////////// RDataMX /////////////////
void RDataMX::decode(Buffer &buffer, const uint size)
{
mPreference = buffer.get16bits();
mExchange = buffer.getDnsDomainName();
}
void RDataMX::encode(Buffer &buffer)
{
buffer.put16bits(mPreference);
buffer.putDnsDomainName(mExchange);
}
std::string RDataMX::asString()
{
ostringstream text;
text << "<<MX preference=" << mPreference << " exchange=" << mExchange;
return text.str();
}
/////////// RDataNULL /////////////////
RDataNULL::~RDataNULL()
{
delete[] mData;
mData = NULL;
}
void RDataNULL::decode(Buffer &buffer, const uint size)
{
// get data from buffer
const char *data = buffer.getBytes(size);
// allocate new memory
mData = new char[size];
// copy rdata
std::memcpy(mData, data, size);
// set new size
mDataSize = size;
}
void RDataNULL::encode(Buffer &buffer)
{
buffer.putBytes(mData, mDataSize);
}
std::string RDataNULL::asString()
{
ostringstream text;
text << "<<NULL size=" << mDataSize;
return text.str();
}
/////////// RDataNS /////////////////
std::string RDataNS::asString()
{
ostringstream text;
text << "<<NS nsdname=" << getName();
return text.str();
}
/////////// RDataPTR /////////////////
std::string RDataPTR::asString()
{
ostringstream text;
text << "<<PTR ptrdname=" << getName();
return text.str();
}
/////////// RDataSOA /////////////////
void RDataSOA::decode(Buffer &buffer, const uint size)
{
mMName = buffer.getDnsDomainName();
mRName = buffer.getDnsDomainName();
mSerial = buffer.get32bits();
mRefresh = buffer.get32bits();
mRetry = buffer.get32bits();
mExpire = buffer.get32bits();
mMinimum = buffer.get32bits();
}
void RDataSOA::encode(Buffer &buffer)
{
buffer.putDnsDomainName(mMName);
buffer.putDnsDomainName(mRName);
buffer.put32bits(mSerial);
buffer.put32bits(mRefresh);
buffer.put32bits(mRetry);
buffer.put32bits(mExpire);
buffer.put32bits(mMinimum);
}
std::string RDataSOA::asString()
{
ostringstream text;
text << "<<SOA mname=" << mMName << " rname=" << mRName << " serial=" << mSerial;
text << " refresh=" << mRefresh << " retry=" << mRefresh << " retry=" << mRetry;
text << " expire=" << mExpire << " minimum=" << mMinimum;
return text.str();
}
/////////// RDataTXT /////////////////
void RDataTXT::decode(Buffer &buffer, const uint size)
{
mTexts.clear();
uint posStart = buffer.getPos();
while (buffer.getPos() - posStart < size)
mTexts.push_back(buffer.getDnsCharacterString());
}
void RDataTXT::encode(Buffer &buffer)
{
for(std::vector<std::string>::iterator it = mTexts.begin(); it != mTexts.end(); ++it)
buffer.putDnsCharacterString(*it);
}
std::string RDataTXT::asString()
{
ostringstream text;
text << "<<TXT items=" << mTexts.size() ;
for(std::vector<std::string>::iterator it = mTexts.begin(); it != mTexts.end(); ++it)
text << " '" << (*it) << "'";
return text.str();
}
/////////// RDataA /////////////////
void RDataA::decode(Buffer &buffer, const uint size)
{
// get data from buffer
const char *data = buffer.getBytes(4);
for (uint i = 0; i < 4; i++)
mAddr[i] = data[i];
}
void RDataA::encode(Buffer &buffer)
{
for (uint i = 0; i < 4; i++)
buffer.put8bits(mAddr[i]);
}
std::string RDataA::asString()
{
ostringstream text;
text << "<<RData A addr=" << static_cast<uint>(mAddr[0]) << '.' << static_cast<uint>(mAddr[1]) << '.' << static_cast<uint>(mAddr[2]) << '.' << static_cast<uint>(mAddr[3]);
return text.str();
}
/////////// RDataWKS /////////////////
RDataWKS::~RDataWKS()
{
delete[] mBitmap;
mBitmap = NULL;
}
void RDataWKS::decode(Buffer &buffer, const uint size)
{
// get ip address
const char *data = buffer.getBytes(4);
for (uint i = 0; i < 4; i++)
mAddr[i] = data[i];
// get protocol
mProtocol = buffer.get8bits();
// get bitmap
mBitmapSize = size - 5;
data = buffer.getBytes(mBitmapSize);
// allocate new memory
mBitmap = new char[size];
// copy rdata
std::memcpy(mBitmap, data, mBitmapSize);
}
void RDataWKS::encode(Buffer &buffer)
{
// put ip address
for (uint i = 0; i < 4; i++)
buffer.put8bits(mAddr[i]);
// put protocol
buffer.put8bits(mProtocol);
// put bitmap
if (mBitmapSize > 0)
buffer.putBytes(mBitmap, mBitmapSize);
}
std::string RDataWKS::asString()
{
ostringstream text;
text << "<<RData WKS addr=";
for (unsigned int i = 0; i < 4; i++)
{
if (i > 0)
text << '.';
text << static_cast<uint>(mAddr[i]);
}
text << " protocol=" << mProtocol;
text << " bitmap-size=" << mBitmapSize;
return text.str();
}
/////////// RDataAAAA /////////////////
void RDataAAAA::decode(Buffer &buffer, const uint size)
{
// get data from buffer
const char *data = buffer.getBytes(16);
for (uint i = 0; i < 16; i++)
mAddr[i] = data[i];
}
void RDataAAAA::encode(Buffer &buffer)
{
for (uint i = 0; i < 16; i++)
buffer.put8bits(mAddr[i]);
}
std::string RDataAAAA::asString()
{
ostringstream text;
text << "<<RData AAAA addr=";
for (unsigned int i = 0; i < 16; i += 2)
{
if (i > 0)
text << ':';
text << hex << setw(2) << setfill('0') << static_cast<uint>(mAddr[i]);
text << hex << setw(2) << setfill('0') << static_cast<uint>(mAddr[i + 1]);
}
return text.str();
}
/////////// RDataNAPTR /////////////////
void RDataNAPTR::decode(Buffer &buffer, const uint size)
{
mOrder = buffer.get16bits();
mPreference = buffer.get16bits();
mFlags = buffer.getDnsCharacterString();
mServices = buffer.getDnsCharacterString();
mRegExp = buffer.getDnsCharacterString();
mReplacement = buffer.getDnsDomainName(false);
}
void RDataNAPTR::encode(Buffer &buffer)
{
buffer.put16bits(mOrder);
buffer.put16bits(mPreference);
buffer.putDnsCharacterString(mFlags);
buffer.putDnsCharacterString(mServices);
buffer.putDnsCharacterString(mRegExp);
buffer.putDnsDomainName(mReplacement, false);
}
std::string RDataNAPTR::asString()
{
ostringstream text;
text << "<<NAPTR order=" << mOrder << " preference=" << mPreference << " flags=" << mFlags << " services=" << mServices << " regexp=" << mRegExp << " replacement=" << mReplacement;
return text.str();
}
/////////// ResourceRecord ////////////
ResourceRecord::~ResourceRecord()
{
delete(mRData);
mRData = NULL;
}
void ResourceRecord::decode(Buffer &buffer)
{
mName = buffer.getDnsDomainName();
mType = static_cast<eRDataType>(buffer.get16bits());
mClass = static_cast<eClass>(buffer.get16bits());
mTtl = buffer.get32bits();
mRDataSize = buffer.get16bits();
if (mRDataSize > 0)
{
switch (mType) {
case RDATA_CNAME:
mRData = new RDataCNAME();
break;
case RDATA_HINFO:
mRData = new RDataHINFO();
break;
case RDATA_MB:
mRData = new RDataMB();
break;
case RDATA_MD:
mRData = new RDataMD();
break;
case RDATA_MF:
mRData = new RDataMF();
break;
case RDATA_MG:
mRData = new RDataMG();
break;
case RDATA_MINFO:
mRData = new RDataMINFO();
break;
case RDATA_MR:
mRData = new RDataMR();
break;
case RDATA_MX:
mRData = new RDataMX();
break;
case RDATA_NS:
mRData = new RDataNS();
break;
case RDATA_PTR:
mRData = new RDataPTR();
break;
case RDATA_SOA:
mRData = new RDataSOA();
break;
case RDATA_TXT:
mRData = new RDataTXT();
break;
case RDATA_A:
mRData = new RDataA();
break;
case RDATA_WKS:
mRData = new RDataA();
break;
case RDATA_AAAA:
mRData = new RDataAAAA();
break;
case RDATA_NAPTR:
mRData = new RDataNAPTR();
break;
default:
mRData = new RDataNULL();
}
uint bPos = buffer.getPos();
mRData->decode(buffer, mRDataSize);
if (buffer.getPos() - bPos != mRDataSize)
throw (Exception("Number of decoded bytes are different than expected size"));
}
}
void ResourceRecord::encode(Buffer &buffer)
{
buffer.putDnsDomainName(mName);
buffer.put16bits(mType);
buffer.put16bits(mClass);
buffer.put32bits(mTtl);
// save position of buffer for later use (write length of RData part)
uint bufferPosRDataLength = buffer.getPos();
buffer.put16bits(0); // this value could be later overwritten
// encode RData if present
if (mRData)
{
mRData->encode(buffer);
mRDataSize = buffer.getPos() - bufferPosRDataLength - 2; // 2 because two bytes for RData length are not part of RData block
uint bufferLastPos = buffer.getPos();
buffer.setPos(bufferPosRDataLength);
buffer.put16bits(mRDataSize); // overwritte 0 with actual size of RData
buffer.setPos(bufferLastPos);
}
}
std::string ResourceRecord::asString()
{
ostringstream text;
//text << "<DNS RR: " << mName << " rtype=" << mType << " rclass=" << mClass << " ttl=" << mTtl << " rdata=" << mRDataSize << " bytes ";
if (mRData)
text << mRData->asString();
text << endl;
return text.str();
}

885
dpitunnel-cli.cpp Normal file
View file

@ -0,0 +1,885 @@
#include "dpitunnel-cli.h"
#include "autoconf.h"
#include "desync.h"
#include "dns.h"
#include "netiface.h"
#include "packet.h"
#include "profiles.h"
#include "ssl.h"
#include "socket.h"
#include "utils.h"
#include <arpa/inet.h>
#include <cerrno>
#include <cstring>
#include <fcntl.h>
#include <iostream>
#include <fstream>
#include <future>
#include <mutex>
#include <thread>
#include <signal.h>
#include <unordered_map>
#include <sys/prctl.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/tcp.h>
#include <getopt.h>
#include <poll.h>
#include <unistd.h>
const std::string CONNECTION_ESTABLISHED_RESPONSE("HTTP/1.1 200 Connection established\r\n\r\n");
const std::string CONNECTION_ERROR_RESPONSE(
"HTTP/1.1 0 Connection establish problem (read logs)\r\n\r\n");
const std::string PROCESS_NAME("DPITunnel-cli");
const std::string HELP_PAGE(
"DPITunnel-cli, program for bypassing internet censorship without a proxy server.\n"
"\n"
"Usage:\n"
" dpitunnel-cli [options]\n"
" dpitunnel-cli [--pid <file>][--ip <bind_ip>][--port <bind_port>][--mode <mode>][--ca-bundle-path <path>][--daemon] <--profile [<net_interface_name>[:<wifi_name>]]|[default] [options]>...\n"
" dpitunnel-cli --auto\n"
"\n"
"Options:\n"
" --auto\t\t\t\t\tchoose the settings for current ISP automatically\n"
" --profile=[<net_interface_name>\n"
" \t[:<wifi_name>]]|[default]\t\tsettings for a specific connection\n"
" --help\t\t\t\t\tshow this message\n"
" --pid=<file>\t\t\t\t\twrite pid to file in daemon mode\n"
" --ip=<ip>\t\t\t\t\tIP to bind the http proxy. Default: 0.0.0.0\n"
" --port=<port>\t\t\t\t\tport to bind http proxy. Default: 8080\n"
" --whitelist=<filename>\t\t\tdon't apply circumvention tricks to IPs and domains from supplied text file\n"
" \t\t\t\t\t\teach line is entry that contains type (ip or domain) and after a space entry value\n"
" \t\t\t\t\t\tExamples: \'ip 192.0.2.0\', \'domain example.com\'\n"
" --mode=<mode>\t\t\t\t\tproxy mode. mode: proxy, transparent. Default: proxy\n"
" --ca-bundle-path=<path>\t\t\tpath to CA certificates bundle in PEM format. Default: ./ca.bundle\n"
" --daemon\t\t\t\t\tdaemonize program\n"
" --buffer-size=<size_in_bytes>\t\t\tsize of buffers. Default: 512\n"
" --desync-attacks=[<mode0>][,<mode1>]\t\tmode0: fake rst rstack. mode1: disorder disorder_fake split split_fake\n"
" --split-at-sni\t\t\t\tsplit Client Hello at SNI\n"
" --split-position=<offset_in_bytes>\t\tsplit Client Hello at <offset_in_bytes>. Default: 3\n"
" --wrong-seq\t\t\t\t\tsend fakes with TCP SEQ/ACK from past\n"
" --ttl=<number>\t\t\t\tTTL for fake packets\n"
" --auto-ttl=<a1>-<a2>-<m>\t\t\tautomatically detect TTL and decrease\n"
" \t\t\t\t\t\tit based on a distance. If the distance is shorter than a2, TTL is decreased\n"
" \t\t\t\t\t\tby a2. If it's longer, (a1; a2) scale is used with the distance as a weight.\n"
" \t\t\t\t\t\tIf the resulting TTL is more than m(ax), set it to m. Default: 1-4-10. And --min-ttl 3\n"
" --min-ttl=<number>\t\t\t\tminimum TTL for which send fake packets\n"
" --doh\t\t\t\t\t\tresolve hosts over DoH server\n"
" --doh-server=<url>\t\t\t\tDoH server URL. Default: https://dns.google/dns-query\n"
" --builtin-dns\t\t\t\t\tindependently resolve hostnames, don't use getaddrinfo. You must enable it on Android\n"
" \t\t\t\t\t\tand other systems that don't have /etc/resolv.conf\n"
" --builtin-dns-ip=<ip>\t\t\t\tDNS server IP used by builtin resolver. Default: 8.8.8.8\n"
" --builtin-dns-port=<port>\t\t\tDNS server port used by builtin resolver. Default: 53\n"
" --custom-ips=<filename>\t\t\tallows to set custom IPs for specific domains, ignoring DNS/DoH response\n"
" --wsize=<number>\t\t\t\tTCP window size. Used to ask server to split Server Hello\n"
" --wsfactor=<number>\t\t\t\tTCP window scale factor. Used with wsize option"
);
int Interrupt_pipe[2];
std::atomic<bool> stop_flag;
struct Settings_perst_s Settings_perst;
struct Profile_s Profile;
extern std::map<std::string, struct Profile_s> Profiles;
std::mutex Threads_map_mutex;
std::unordered_map<std::thread::id, std::thread> Threads;
void process_client_cycle(int client_socket) {
// last_char indicates position of string end
unsigned int last_char;
// Set timeouts
struct timeval timeout_sock;
timeout_sock.tv_sec = 0;
timeout_sock.tv_usec = 10;
if (setsockopt(client_socket, SOL_SOCKET, SO_SNDTIMEO, (char *) &timeout_sock,
sizeof(timeout_sock)) < 0 ||
setsockopt(client_socket, SOL_SOCKET, SO_RCVTIMEO, (char *) &timeout_sock,
sizeof(timeout_sock)) < 0) {
std::cerr << "Can't setsockopt on socket. Errno: " << std::strerror(errno) << std::endl;
close(client_socket);
return;
}
// Receive with timeout
struct timeval timeout_recv;
timeout_recv.tv_sec = 5;
timeout_recv.tv_usec = 0;
std::string buffer(Profile.buffer_size, ' ');
if (recv_string(client_socket, buffer, last_char, &timeout_recv) == -1 ||
last_char == 0) {
close(client_socket);
return;
}
bool is_https;
std::string server_host;
std::string server_ip;
int server_port;
std::string server_method;
bool in_whitelist;
int res;
if ((res = parse_request(buffer, server_method, server_host, server_port,
Settings_perst.proxy_mode == MODE_PROXY)) == -1) {
std::cerr << "Can't parse first request" << std::endl;
send_string(client_socket, CONNECTION_ERROR_RESPONSE, CONNECTION_ERROR_RESPONSE.size());
close(client_socket);
return;
}
#ifndef SO_ORIGINAL_DST
#define SO_ORIGINAL_DST 80
#endif
if (Settings_perst.proxy_mode == MODE_TRANSPARENT) {
is_https = res == -2;
// Get original destination address
struct sockaddr_in server_address;
socklen_t server_address_len = sizeof server_address;
if (getsockopt(client_socket, SOL_IP, SO_ORIGINAL_DST, (struct sockaddr *) &server_address,
&server_address_len) != 0) {
std::cerr << "Can't get original address. Errno: " << std::strerror(errno) << std::endl;
close(client_socket);
return;
}
if (is_https) {
// Get server domain from SNI
unsigned int sni_start, sni_len;
get_tls_sni(buffer, last_char, sni_start, sni_len);
if (sni_start + sni_len > last_char || sni_start == 0 ||
sni_len == 0) { // failed to find sni
// Use original IP as server domain
char str[INET_ADDRSTRLEN];
inet_ntop(AF_INET, &(server_address.sin_addr), str, INET_ADDRSTRLEN);
server_host = std::string(str);
} else {
server_host = buffer.substr(sni_start, sni_len);
}
}
// Use original TCP port as server port
server_port = ntohs(server_address.sin_port);
} else
is_https = server_method == "CONNECT";
// Remove proxy connection specific parts
if (!is_https && Settings_perst.proxy_mode == MODE_PROXY)
remove_proxy_strings(buffer, last_char);
// Resolve server ip
if (resolve_host(server_host, server_ip) == -1) {
send_string(client_socket, CONNECTION_ERROR_RESPONSE, CONNECTION_ERROR_RESPONSE.size());
close(client_socket);
return;
}
in_whitelist = match_whitelist_ip(server_ip) || match_whitelist_domain(server_host);
// If need get SYN, ACK packet sent by server during handshake
std::atomic<bool> flag(true);
std::atomic<int> local_port(-1);
std::atomic<int> status;
std::thread sniff_thread;
std::promise<void> sniff_thread_ready;
std::string sniffed_packet;
if (Profile.desync_attacks && !in_whitelist) {
sniff_thread_ready = std::promise<void>();
sniff_thread = std::thread(sniff_handshake_packet, &sniffed_packet,
server_ip, server_port, &local_port, &flag, &status,
&sniff_thread_ready);
// Wait for sniff thread to init
sniff_thread_ready.get_future().wait();
}
// Connect to remote server
int server_socket;
if (init_remote_server_socket(server_socket, server_ip, server_port) == -1) {
if (Profile.desync_attacks && !in_whitelist) {
// Stop sniff thread
flag.store(false);
if (sniff_thread.joinable()) sniff_thread.join();
}
send_string(client_socket, CONNECTION_ERROR_RESPONSE, CONNECTION_ERROR_RESPONSE.size());
close(server_socket);
close(client_socket);
return;
}
// Disable TCP Nagle's algorithm
int yes = 1;
if (setsockopt(client_socket, IPPROTO_TCP, TCP_NODELAY, (char *) &yes, sizeof(yes)) < 0
|| setsockopt(server_socket, IPPROTO_TCP, TCP_NODELAY, (char *) &yes, sizeof(yes)) < 0) {
std::cerr << "Can't disable TCP Nagle's algorithm with setsockopt(). Errno: "
<< std::strerror(errno) << std::endl;
if (Profile.desync_attacks && !in_whitelist) {
// Stop sniff thread
flag.store(false);
if (sniff_thread.joinable()) sniff_thread.join();
}
send_string(client_socket, CONNECTION_ERROR_RESPONSE, CONNECTION_ERROR_RESPONSE.size());
close(server_socket);
close(client_socket);
return;
}
// Get local port to choose proper SYN, ACK packet
struct sockaddr_in local_addr;
socklen_t len = sizeof(local_addr);
if (getsockname(server_socket, (struct sockaddr *) &local_addr, &len) == -1) {
std::cerr << "Failed to get local port. Errno: " << std::strerror(errno) << std::endl;
if (Profile.desync_attacks && !in_whitelist) {
// Stop sniff thread
flag.store(false);
if (sniff_thread.joinable()) sniff_thread.join();
}
send_string(client_socket, CONNECTION_ERROR_RESPONSE, CONNECTION_ERROR_RESPONSE.size());
close(server_socket);
close(client_socket);
return;
}
local_port.store(ntohs(local_addr.sin_port));
if (is_https && Settings_perst.proxy_mode == MODE_PROXY)
if (send_string(client_socket, CONNECTION_ESTABLISHED_RESPONSE,
CONNECTION_ESTABLISHED_RESPONSE.size()) == -1) {
close(server_socket);
close(client_socket);
return;
}
if (Profile.desync_attacks && !in_whitelist) {
// Get received SYN, ACK packet
if (sniff_thread.joinable()) sniff_thread.join();
if (status.load() == -1) {
std::cerr << "Failed to capture handshake packet" << std::endl;
send_string(client_socket, CONNECTION_ERROR_RESPONSE, CONNECTION_ERROR_RESPONSE.size());
close(server_socket);
close(client_socket);
return;
}
// Get first client packet
if (is_https && Settings_perst.proxy_mode == MODE_PROXY) {
if (recv_string(client_socket, buffer, last_char, &timeout_recv) == -1 ||
last_char == 0) {
close(server_socket);
close(client_socket);
return;
}
}
// Split packet at the middle of SNI or at user specified position
unsigned int sni_start, sni_len;
unsigned int split_pos;
// If it's https connection
if (is_https && Profile.split_at_sni) {
get_tls_sni(buffer, last_char, sni_start, sni_len);
if (sni_start + sni_len > last_char || sni_start == 0 || sni_len == 0)
split_pos = std::min(Profile.split_position, last_char);
else
split_pos = sni_start + sni_len / 2;
} else
split_pos = std::min(Profile.split_position, last_char);
do_desync_attack(server_socket, server_ip, server_port, local_port,
is_https, sniffed_packet, buffer, last_char, split_pos);
// Send packet to synchronize SEQ/ACK
std::string data_empty(last_char, '\x00');
if (Profile.desync_first_attack == DESYNC_FIRST_NONE) {
if (send_string(server_socket, data_empty, last_char) == -1) {
send_string(client_socket, CONNECTION_ERROR_RESPONSE,
CONNECTION_ERROR_RESPONSE.size());
close(server_socket);
close(client_socket);
return;
}
} else {
if (send_string(server_socket, data_empty, split_pos) == -1 ||
send_string(server_socket, data_empty, last_char - split_pos) == -1) {
send_string(client_socket, CONNECTION_ERROR_RESPONSE,
CONNECTION_ERROR_RESPONSE.size());
close(server_socket);
close(client_socket);
return;
}
}
// Send packet we received previously if it's http connection
} else if (!is_https || Settings_perst.proxy_mode == MODE_TRANSPARENT) {
if (send_string(server_socket, buffer, last_char) == -1) {
send_string(client_socket, CONNECTION_ERROR_RESPONSE, CONNECTION_ERROR_RESPONSE.size());
close(server_socket);
close(client_socket);
return;
}
}
// Make sockets non-blocking
if (fcntl(client_socket, F_SETFL, fcntl(client_socket, F_GETFL, 0) | O_NONBLOCK) == -1 ||
fcntl(server_socket, F_SETFL, fcntl(server_socket, F_GETFL, 0) | O_NONBLOCK) == -1) {
std::cerr << "Failed to make sockets non-blocking. Errno: " << std::strerror(errno)
<< std::endl;
}
// Client process loop
struct pollfd fds[3];
// fds[0] is client socket
fds[0].fd = client_socket;
fds[0].events = POLLIN;
// fds[1] is remote server socket
fds[1].fd = server_socket;
fds[1].events = POLLIN;
// fds[2] is interrupt pipe
fds[2].fd = Interrupt_pipe[0];
fds[2].events = POLLIN;
// Set poll() timeout
int timeout = -1;
bool is_transfer_failure = false;
while (!stop_flag.load() && !is_transfer_failure) {
int ret = poll(fds, 3, timeout);
// Check state
if (ret == -1) {
std::cerr << "Poll error. Errno:" << std::strerror(errno) << std::endl;
break;
} else if (ret == 0)
continue;
else {
if (fds[0].revents & POLLERR || fds[1].revents & POLLERR ||
fds[0].revents & POLLHUP || fds[1].revents & POLLHUP ||
fds[0].revents & POLLNVAL || fds[1].revents & POLLNVAL)
break;
// Process client socket
if (fds[0].revents & POLLIN) {
// Transfer data
if (recv_string(client_socket, buffer, last_char) == -1)
is_transfer_failure = true;
if (!is_https && Settings_perst.proxy_mode == MODE_PROXY)
remove_proxy_strings(buffer, last_char);
if (send_string(server_socket, buffer, last_char) == -1)
is_transfer_failure = true;
}
// Process server socket
if (fds[1].revents & POLLIN) {
// Transfer data
if (recv_string(server_socket, buffer, last_char) == -1)
is_transfer_failure = true;
if (send_string(client_socket, buffer, last_char) == -1)
is_transfer_failure = true;
}
fds[0].revents = 0;
fds[1].revents = 0;
fds[2].revents = 0;
}
}
close(server_socket);
close(client_socket);
}
void accept_client_cycle(int server_socket) {
struct pollfd fds[2];
// fds[0] is a server socket
fds[0].fd = server_socket;
fds[0].events = POLLIN;
// fds[1] is an interrupt pipe
fds[1].fd = Interrupt_pipe[0];
fds[1].events = POLLIN;
// Set poll() timeout
int timeout = -1;
while (!stop_flag.load()) {
int ret = poll(fds, 2, timeout);
// Check state
if (ret == -1) {
std::cerr << "Poll error. Errno:" << std::strerror(errno) << std::endl;
break;
} else if (ret == 0)
continue; // Timeout happened
else {
if (fds[0].revents & POLLERR ||
fds[0].revents & POLLHUP ||
fds[0].revents & POLLNVAL)
break;
//Accept client
if (fds[0].revents & POLLIN) {
int client_socket;
struct sockaddr_in client_address;
socklen_t client_address_size = sizeof(client_address);
client_socket = accept(server_socket,
(sockaddr *) &client_address,
&client_address_size);
if (client_socket == -1) {
std::cerr << "Can't accept client socket. Error: "
<< std::strerror(errno) << std::endl;
break;
}
// Create new thread
auto thread_starter = std::promise<void>();
std::thread t1(
[starter_future = thread_starter.get_future(), socket = client_socket]() mutable {
starter_future.wait();
process_client_cycle(socket);
// Remove thread from map, contains all running threads
{
std::lock_guard<std::mutex> lock(Threads_map_mutex);
if (!stop_flag.load()) {
auto found = Threads.find(std::this_thread::get_id());
if (found != Threads.end()) {
found->second.detach();
Threads.erase(std::this_thread::get_id());
}
}
}
});
// Add thread to map, contains all running threads
{
std::lock_guard<std::mutex> lock(Threads_map_mutex);
Threads.emplace(t1.get_id(), std::move(t1));
}
thread_starter.set_value();
}
fds[0].revents = 0;
fds[1].revents = 0;
}
}
// Wait for all threads to finish
for (auto &imap: Threads)
if (imap.second.joinable()) imap.second.join();
}
int parse_cmdline(int argc, char *argv[]) {
const struct option options[] = {
{"ip", required_argument, 0, 0}, // id 0
{"port", required_argument, 0, 0}, // id 1
{"buffer-size", required_argument, 0, 0}, // id 2
{"split-position", required_argument, 0, 0}, // id 3
{"ttl", required_argument, 0, 0}, // id 4
{"doh", no_argument, 0, 0}, // id 5
{"doh-server", required_argument, 0, 0}, //id 6
{"ca-bundle-path", required_argument, 0, 0}, // id 7
{"split-at-sni", no_argument, 0, 0}, // id 8
{"desync-attacks", required_argument, 0, 0}, // id 9
{"auto", no_argument, 0, 0}, // id 10
{"help", no_argument, 0, 0}, // id 11
{"daemon", no_argument, 0, 0}, // id 12
{"wsize", required_argument, 0, 0}, // id 13
{"wsfactor", required_argument, 0, 0}, // id 14
{"profile", required_argument, 0, 0}, // id 15
{"builtin-dns", no_argument, 0, 0}, // id 16
{"builtin-dns-ip", required_argument, 0, 0}, // id 17
{"builtin-dns-port", required_argument, 0, 0}, // id 18
{"pid", required_argument, 0, 0}, // id 19
{"min-ttl", required_argument, 0, 0}, // id 20
{"auto-ttl", required_argument, 0, 0}, // id 21
{"wrong-seq", no_argument, 0, 0}, // id 22
{"mode", required_argument, 0, 0}, // id 23
{"whitelist", required_argument, 0, 0}, // id 24
{"custom-ips", required_argument, 0, 0}, // id 25
{NULL, 0, NULL, 0}
};
int res, opt_id = 0;
std::string curr_profile_name = "";
struct Profile_s profile;
while ((res = getopt_long_only(argc, argv, "", options, &opt_id)) != -1) {
if (res) return -1;
switch (opt_id) {
case 0: // ip
Settings_perst.server_address = std::string(optarg);
break;
case 1: // port
Settings_perst.server_port = atoi(optarg);
if (Settings_perst.server_port < 1 || Settings_perst.server_port > 65535) {
std::cerr << "-port invalid argument" << std::endl;
return -1;
}
break;
case 2: // buffer-size
profile.buffer_size = atoi(optarg);
if (profile.buffer_size < 128 || profile.buffer_size > 65535) {
std::cerr << "-buffer-size invalid argument" << std::endl;
return -1;
}
break;
case 3: // split-position
profile.split_position = atoi(optarg);
if (profile.split_position > 65535) {
std::cerr << "-split-position invalid argument" << std::endl;
return -1;
}
break;
case 4: // ttl
profile.fake_packets_ttl = atoi(optarg);
if (profile.fake_packets_ttl < 1 || profile.fake_packets_ttl > 255) {
std::cerr << "-ttl invalid argument" << std::endl;
return -1;
}
break;
case 5: // doh
profile.doh = true;
break;
case 6: // doh-server
profile.doh_server = optarg;
break;
case 7: // ca-bundle-path
Settings_perst.ca_bundle_path = optarg;
break;
case 8: // split-at-sni
profile.split_at_sni = true;
break;
case 9: // desync-attacks
{
profile.desync_attacks = true;
char *e, *p = optarg;
while (p) {
e = strchr(p, ',');
if (e) *e++ = 0;
if (!strcmp(p, ZERO_ATTACKS_NAMES.at(DESYNC_ZERO_FAKE).c_str()))
profile.desync_zero_attack = DESYNC_ZERO_FAKE;
else if (!strcmp(p, ZERO_ATTACKS_NAMES.at(DESYNC_ZERO_RST).c_str()))
profile.desync_zero_attack = DESYNC_ZERO_RST;
else if (!strcmp(p, ZERO_ATTACKS_NAMES.at(DESYNC_ZERO_RSTACK).c_str()))
profile.desync_zero_attack = DESYNC_ZERO_RSTACK;
else if (!strcmp(p, FIRST_ATTACKS_NAMES.at(DESYNC_FIRST_DISORDER).c_str()))
profile.desync_first_attack = DESYNC_FIRST_DISORDER;
else if (!strcmp(p, FIRST_ATTACKS_NAMES.at(DESYNC_FIRST_DISORDER_FAKE).c_str()))
profile.desync_first_attack = DESYNC_FIRST_DISORDER_FAKE;
else if (!strcmp(p, FIRST_ATTACKS_NAMES.at(DESYNC_FIRST_SPLIT).c_str()))
profile.desync_first_attack = DESYNC_FIRST_SPLIT;
else if (!strcmp(p, FIRST_ATTACKS_NAMES.at(DESYNC_FIRST_SPLIT_FAKE).c_str()))
profile.desync_first_attack = DESYNC_FIRST_SPLIT_FAKE;
else {
std::cerr << "-desync-attacks invalid argument" << std::endl;
return -1;
}
p = e;
}
}
break;
case 10: // auto
run_autoconf();
return -2;
case 11: // help
return -1;
case 12: // daemon
Settings_perst.daemon = true;
break;
case 13: // wsize
profile.window_size = atoi(optarg);
if (profile.window_size < 1 || profile.window_size > 65535) {
std::cerr << "-wsize invalid argument" << std::endl;
return -1;
}
break;
case 14: // wsfactor
profile.window_scale_factor = atoi(optarg);
if (profile.window_scale_factor < 0 || profile.window_scale_factor > 14) {
std::cerr << "-wsfactor invalid argument" << std::endl;
return -1;
}
break;
case 15: // profile
{
std::string temp = optarg;
if (!curr_profile_name.empty())
add_profile(curr_profile_name, profile);
curr_profile_name = temp;
profile = {};
}
break;
case 16: // builtin-dns
profile.builtin_dns = true;
break;
case 17: // builtin-dns-ip
profile.builtin_dns_ip = optarg;
break;
case 18: // builtin-dns-port
profile.builtin_dns_port = atoi(optarg);
if (profile.builtin_dns_port < 1 || profile.builtin_dns_port > 65535) {
std::cerr << "-builtin-dns-port invalid argument" << std::endl;
return -1;
}
break;
case 19: // pid
Settings_perst.pid_file = optarg;
break;
case 20: // min-ttl
profile.min_ttl = atoi(optarg);
if (profile.min_ttl < 1 || profile.min_ttl > 255) {
std::cerr << "-min-ttl invalid argument" << std::endl;
return -1;
}
break;
case 21: // auto-ttl
{
profile.auto_ttl = true;
char *autottl_copy = strdup(optarg);
char *pch = strtok(autottl_copy, "-");
int i;
for (i = 0; pch != NULL; i++) {
if (i == 0)
profile.auto_ttl_a1 = atoi(pch);
else if (i == 1)
profile.auto_ttl_a2 = atoi(pch);
else if (i == 2)
profile.auto_ttl_max = atoi(pch);
pch = strtok(NULL, "-");
}
free(autottl_copy);
if (i != 3) {
std::cerr << "-auto-ttl invalid argument" << std::endl;
return -1;
}
// Set default min ttl
if (profile.min_ttl == 0)
profile.min_ttl = 3;
}
break;
case 22: // wrong-seq
profile.wrong_seq = true;
break;
case 23: // mode
if (!strcmp(optarg, PROXY_MODE_NAMES.at(MODE_PROXY).c_str()))
Settings_perst.proxy_mode = MODE_PROXY;
else if (!strcmp(optarg, PROXY_MODE_NAMES.at(MODE_TRANSPARENT).c_str()))
Settings_perst.proxy_mode = MODE_TRANSPARENT;
else {
std::cerr << "-mode invalid argument" << std::endl;
return -1;
}
break;
case 24: // whitelist
Settings_perst.whitelist_path = optarg;
break;
case 25: // custom-ips
Settings_perst.custom_ips_path = optarg;
break;
}
}
if (!curr_profile_name.empty())
add_profile(curr_profile_name, profile);
else
Profile = profile;
return 0;
}
void print_help() {
std::cout << HELP_PAGE << std::endl;
}
void print_info() {
std::cout << "Proxy running on " << Settings_perst.server_address << ':'
<< Settings_perst.server_port << "..." << std::endl
<< "To get help run program with --help argument." << std::endl
<< "To auto configure run program with --auto argument" << std::endl;
}
void sig_int_handler(int signum) {
// Stop program
stop_flag.store(true);
// Interrupt poll()
close(Interrupt_pipe[0]);
close(Interrupt_pipe[1]);
}
int main(int argc, char *argv[]) {
// Set process name
prctl(PR_SET_NAME, PROCESS_NAME.c_str(), NULL, NULL, NULL);
std::strcpy(argv[0], PROCESS_NAME.c_str());
// Init
stop_flag.store(false);
std::srand(std::time(nullptr));
int res = parse_cmdline(argc, argv);
if (res == -1) {
print_help();
return -1; //exit_failure();
} else if (res == -2)
return 0;
if (!Settings_perst.whitelist_path.empty())
if (load_whitelist() == -1)
return -1;
if (!Settings_perst.custom_ips_path.empty())
if (load_custom_ips() == -1)
return -1;
ignore_sigpipe();
// Init interrupt pipe (used to interrupt poll() calls)
pipe(Interrupt_pipe);
// If we have profiles, choose profile
if (!Profiles.empty()) {
std::string iface = get_current_iface_name();
std::string wifi_ap = get_current_wifi_name(iface);
if (!iface.empty()) {
std::cout << "Netiface: " << iface;
if (!wifi_ap.empty())
std::cout << ", Wi-Fi point name: " << wifi_ap;
std::cout << std::endl;
} else
std::cout << "Try to set default profile" << std::endl;
if (change_profile(iface, wifi_ap) == -1)
return -1; //exit_failure();
}
if (Profile.doh)
if (load_ca_bundle() == -1)
return -1; //exit_failure();
// Create server socket
int server_socket = socket(AF_INET, SOCK_STREAM, 0);
if (server_socket == -1) {
std::cerr << "Server socket creation failure. Errno: " << std::strerror(errno) << std::endl;
return -1; //exit_failure();
}
// Make address/port reusable
int opt = 1;
if (setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1) {
std::cerr << "Can't setsockopt on server socket. Errno: " << std::strerror(errno)
<< std::endl;
close(server_socket);
return -1; //exit_failure();
}
// Server address options
struct sockaddr_in server_address;
server_address.sin_family = AF_INET;
inet_pton(AF_INET, Settings_perst.server_address.c_str(), &(server_address.sin_addr));
server_address.sin_port = htons(Settings_perst.server_port);
// Bind socket
if (bind(server_socket, (struct sockaddr *) &server_address, sizeof(server_address)) == -1) {
std::cerr << "Can't bind server socket. Errno: " << std::strerror(errno) << std::endl;
close(server_socket);
return -1; //exit_failure();
}
// Listen to socket
if (listen(server_socket, 4096) == -1) {
std::cerr << "Can't listen to server socket. Errno: " << std::strerror(errno) << std::endl;
close(server_socket);
return -1; //exit_failure();
}
// Show info
print_info();
if (Settings_perst.daemon) {
daemonize();
if (!Settings_perst.pid_file.empty()) {
std::ofstream file(Settings_perst.pid_file);
if (file) {
file << getpid();
file.close();
}
}
}
// Start route monitor thread to correctly change profiles
std::thread t1;
if (!Profiles.empty())
t1 = std::thread(route_monitor_thread);
// Register ctrl-c and terminate handlers
struct sigaction signalAction;
signalAction.sa_handler = sig_int_handler;
sigemptyset(&signalAction.sa_mask);
signalAction.sa_flags = 0;
sigaction(SIGINT, &signalAction, NULL);
sigaction(SIGTERM, &signalAction, NULL);
// Start accepting clients
std::thread t2(accept_client_cycle, server_socket);
t2.join();
// Oops, seems user asked program to exit or accept_client_cycle crashed
// Deinit
std::cout << "Quitting..." << std::endl;
if (t1.joinable()) t1.join();
close(server_socket);
return 0;
}

10
include/autoconf.h Normal file
View file

@ -0,0 +1,10 @@
#ifndef AUTOTEST_H
#define AUTOTEST_H
#include <string>
int run_autoconf();
void generate_client_hello(const std::string &sni, std::string &buffer);
#endif //AUTOTEST_H

46
include/base64.h Normal file
View file

@ -0,0 +1,46 @@
#ifndef BASE64_H
#define BASE64_H
static std::string base64_encode(const std::string &in) {
std::string out;
int val = 0, valb = -6;
for (unsigned char c: in) {
val = (val << 8) + c;
valb += 8;
while (valb >= 0) {
out.push_back("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"[
(val >> valb) & 0x3F]);
valb -= 6;
}
}
if (valb > -6)
out.push_back("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"[
((val << 8) >> (valb + 8)) & 0x3F]);
//while (out.size()%4) out.push_back('=');
return out;
}
static std::string base64_decode(const std::string &in) {
std::string out;
std::vector<int> T(256, -1);
for (int i = 0; i < 64; i++)
T["ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"[i]] = i;
int val = 0, valb = -8;
for (unsigned char c: in) {
if (T[c] == -1) break;
val = (val << 6) + T[c];
valb += 6;
if (valb >= 0) {
out.push_back(char((val >> valb) & 0xFF));
valb -= 8;
}
}
return out;
}
#endif //BASE64_H

26
include/desync.h Normal file
View file

@ -0,0 +1,26 @@
#ifndef DESYNC_H
#define DESYNC_H
#include <atomic>
#include <future>
#include <string>
int sniff_ack_packet(std::string *packet, std::string ip_srv, int port_srv,
int port_local, std::atomic<bool> *flag);
int sniff_handshake_packet(std::string *packet, std::string ip_srv,
int port_srv, std::atomic<int> *local_port_atom, std::atomic<bool> *flag,
std::atomic<int> *status, std::promise<void> *ready);
std::string
form_packet(std::string packet_raw, const char *packet_data, unsigned int packet_data_size,
unsigned short id,
unsigned short ttl, unsigned int seq, unsigned int ack_seq,
unsigned int window_size, bool is_swap_addr, uint8_t *flags = NULL);
int do_desync_attack(int socket_srv, const std::string &ip_srv, int port_srv, int port_local,
bool is_https,
const std::string &packet_raw, const std::string &packet_data,
unsigned int last_char, unsigned int split_pos);
#endif //DESYNC_H

8
include/dns.h Normal file
View file

@ -0,0 +1,8 @@
#ifndef DNS_H
#define DNS_H
#include <string>
int resolve_host(const std::string &host, std::string &ip);
#endif //DNS_H

105
include/dpitunnel-cli.h Normal file
View file

@ -0,0 +1,105 @@
#ifndef DPITUNNEL_CLI_H
#define DPITUNNEL_CLI_H
#include <map>
#include <set>
#include <string>
enum Desync_zero_attacks {
DESYNC_ZERO_FAKE,
DESYNC_ZERO_RST,
DESYNC_ZERO_RSTACK,
DESYNC_ZERO_NONE
};
enum Desync_first_attacks {
DESYNC_FIRST_DISORDER,
DESYNC_FIRST_DISORDER_FAKE,
DESYNC_FIRST_SPLIT,
DESYNC_FIRST_SPLIT_FAKE,
DESYNC_FIRST_NONE
};
enum Proxy_mode {
MODE_PROXY,
MODE_TRANSPARENT
};
static const std::map<Desync_zero_attacks, std::string> ZERO_ATTACKS_NAMES = {
{DESYNC_ZERO_FAKE, "fake"},
{DESYNC_ZERO_RST, "rst"},
{DESYNC_ZERO_RSTACK, "rstack"}
};
static const std::map<Desync_first_attacks, std::string> FIRST_ATTACKS_NAMES = {
{DESYNC_FIRST_DISORDER, "disorder"},
{DESYNC_FIRST_DISORDER_FAKE, "disorder_fake"},
{DESYNC_FIRST_SPLIT, "split"},
{DESYNC_FIRST_SPLIT_FAKE, "split_fake"}
};
static const std::map<Proxy_mode, std::string> PROXY_MODE_NAMES = {
{MODE_PROXY, "proxy"},
{MODE_TRANSPARENT, "transparent"}
};
struct Profile_s {
unsigned int buffer_size = 512;
unsigned int split_position = 3;
unsigned short fake_packets_ttl = 0;
unsigned short window_size = 0;
short window_scale_factor = -1;
bool wrong_seq = false;
// This is the smallest ACK drift Linux can't handle already, since at least v2.6.18.
// https://github.com/torvalds/linux/blob/v2.6.18/net/netfilter/nf_conntrack_proto_tcp.c#L395
int wrong_seq_drift_ack = -66000;
// This is just random, no specifics about this value.
int wrong_seq_drift_seq = -10000;
unsigned short min_ttl = 0;
bool auto_ttl = false;
unsigned short auto_ttl_a1 = 1;
unsigned short auto_ttl_a2 = 4;
unsigned short auto_ttl_max = 10;
std::string doh_server = "https://dns.google/dns-query";
bool builtin_dns = false;
std::string builtin_dns_ip = "8.8.8.8";
int builtin_dns_port = 53;
bool split_at_sni = false;
bool desync_attacks = false;
bool doh = false;
Desync_zero_attacks desync_zero_attack = DESYNC_ZERO_NONE;
Desync_first_attacks desync_first_attack = DESYNC_FIRST_NONE;
};
struct Settings_perst_s {
unsigned short test_ssl_handshake_timeout = 5;
unsigned short packet_capture_timeout = 5000;
unsigned int builtin_dns_req_timeout = 10000;
unsigned int count_hops_connect_timeout = 1000;
int server_port = 8080;
std::string server_address = "0.0.0.0";
Proxy_mode proxy_mode = MODE_PROXY;
std::string ca_bundle_path = "./ca.bundle";
std::string ca_bundle;
std::string whitelist_path;
std::set<std::string> whitelist_domains;
std::set<std::string> whitelist_ips;
std::string custom_ips_path;
std::map<std::string, std::string> custom_ips;
std::string pid_file;
bool daemon = false;
};
#endif //DPITUNNEL_CLI_H

10
include/netiface.h Normal file
View file

@ -0,0 +1,10 @@
#ifndef NETIFACE_H
#define NETIFACE_H
void route_monitor_thread();
std::string get_current_iface_name();
std::string get_current_wifi_name(std::string iface_name);
#endif //NETIFACE_H

11
include/packet.h Normal file
View file

@ -0,0 +1,11 @@
#ifndef PACKET_H
#define PACKET_H
#include <string>
int parse_request(const std::string &request, std::string &method, std::string &host, int &port,
bool is_proxy);
void remove_proxy_strings(std::string &request, unsigned int &last_char);
#endif //PACKET_H

9
include/profiles.h Normal file
View file

@ -0,0 +1,9 @@
#ifndef PROFILES_H
#define PROFILES_H
void add_profile(std::string name, Profile_s profile);
int change_profile(const std::string &iface, const std::string &wifi_ap,
std::string *choosen_profile_name = NULL);
#endif //PROFILES_H

21
include/socket.h Normal file
View file

@ -0,0 +1,21 @@
#ifndef SOCKET_H
#define SOCKET_H
#include <cstddef>
#include <string>
int count_hops(std::string server_ip, int server_port);
int recv_string(int socket, std::string &message, unsigned int &last_char,
struct timeval *timeout = NULL, unsigned int *recv_time = NULL);
int send_string(int socket, const std::string &string_to_send, unsigned int last_char,
unsigned int split_position = 0);
int init_remote_server_socket(int &server_socket, std::string server_ip, int server_port);
int send_string_raw(int socket, const std::string &string_to_send,
unsigned int last_char, struct sockaddr *serv_addr,
unsigned int serv_addr_size);
#endif //SOCKET_H

10
include/ssl.h Normal file
View file

@ -0,0 +1,10 @@
#ifndef SSL_H
#define SSL_H
#include <openssl/ssl.h>
int load_ca_bundle();
X509_STORE *gen_x509_store();
#endif //SSL_H

36
include/utils.h Normal file
View file

@ -0,0 +1,36 @@
#ifndef UTILS_H
#define UTILS_H
#include <cstddef>
#include <string>
bool wildcard_match(char const *needle, char const *haystack);
bool check_host_name(const char *pattern, size_t pattern_len, std::string host);
std::string last_n_chars(const std::string &input, unsigned int n);
void get_tls_sni(const std::string &bytes, unsigned int last_char, unsigned int &start_pos,
unsigned int &len);
bool validate_http_method(std::string method);
void daemonize();
int ignore_sigpipe();
int tcp_get_auto_ttl(const uint8_t ttl, const uint8_t autottl1,
const uint8_t autottl2, const uint8_t minhops,
const uint8_t maxttl);
bool match_whitelist_domain(const std::string &domain);
bool match_whitelist_ip(const std::string &ip);
int load_whitelist();
std::string find_custom_ip(const std::string &domain);
int load_custom_ips();
#endif //UTILS_H

125
libnl/CMakeLists.txt Normal file
View file

@ -0,0 +1,125 @@
# Set the project name
project(libnl)
# Add a library with the above sources
add_library(${PROJECT_NAME}
lib/addr.c
lib/attr.c
lib/cache.c
lib/cache_mngr.c
lib/cache_mngt.c
lib/data.c
lib/error.c
lib/handlers.c
lib/hash.c
lib/hashtable.c
lib/mpls.c
lib/msg.c
lib/nl.c
lib/object.c
lib/socket.c
lib/utils.c
lib/version.c
lib/genl/ctrl.c
lib/genl/family.c
lib/genl/genl.c
lib/genl/mngt.c
lib/idiag/idiag.c
lib/idiag/idiag_meminfo_obj.c
lib/idiag/idiag_msg_obj.c
lib/idiag/idiag_req_obj.c
lib/idiag/idiag_vegasinfo_obj.c
lib/netfilter/ct.c
lib/netfilter/ct_obj.c
lib/netfilter/exp.c
lib/netfilter/exp_obj.c
lib/netfilter/log.c
lib/netfilter/log_msg.c
lib/netfilter/log_msg_obj.c
lib/netfilter/log_obj.c
lib/netfilter/netfilter.c
lib/netfilter/nfnl.c
lib/netfilter/queue.c
lib/netfilter/queue_msg.c
lib/netfilter/queue_msg_obj.c
lib/netfilter/queue_obj.c
lib/route/act.c
lib/route/addr.c
lib/route/class.c
lib/route/classid.c
lib/route/cls.c
lib/route/link.c
lib/route/neigh.c
lib/route/neightbl.c
lib/route/netconf.c
lib/route/nexthop.c
lib/route/nexthop_encap.c
lib/route/nh_encap_mpls.c
lib/route/pktloc.c
lib/route/qdisc.c
lib/route/route.c
lib/route/route_obj.c
lib/route/route_utils.c
lib/route/rtnl.c
lib/route/rule.c
lib/route/tc.c
lib/route/act/gact.c
lib/route/act/mirred.c
lib/route/act/skbedit.c
lib/route/act/vlan.c
lib/route/cls/basic.c
lib/route/cls/cgroup.c
lib/route/cls/ematch.c
lib/route/cls/fw.c
lib/route/cls/mall.c
lib/route/cls/police.c
lib/route/cls/u32.c
lib/route/cls/ematch/cmp.c
lib/route/cls/ematch/container.c
lib/route/cls/ematch/meta.c
lib/route/cls/ematch/nbyte.c
lib/route/cls/ematch/text.c
lib/route/link/api.c
lib/route/link/bonding.c
lib/route/link/bridge.c
lib/route/link/can.c
lib/route/link/dummy.c
lib/route/link/geneve.c
lib/route/link/ifb.c
lib/route/link/inet.c
lib/route/link/inet6.c
lib/route/link/ip6tnl.c
lib/route/link/ipgre.c
lib/route/link/ipip.c
lib/route/link/ipvlan.c
lib/route/link/ipvti.c
lib/route/link/macsec.c
lib/route/link/macvlan.c
lib/route/link/ppp.c
lib/route/link/sit.c
lib/route/link/sriov.c
lib/route/link/veth.c
lib/route/link/vlan.c
lib/route/link/vrf.c
lib/route/link/vxlan.c
lib/route/link/xfrmi.c
lib/route/qdisc/blackhole.c
lib/route/qdisc/cbq.c
lib/route/qdisc/dsmark.c
lib/route/qdisc/fifo.c
lib/route/qdisc/fq_codel.c
lib/route/qdisc/hfsc.c
lib/route/qdisc/htb.c
lib/route/qdisc/ingress.c
lib/route/qdisc/mqprio.c
lib/route/qdisc/netem.c
lib/route/qdisc/plug.c
lib/route/qdisc/prio.c
lib/route/qdisc/red.c
lib/route/qdisc/sfq.c
lib/route/qdisc/tbf.c
)
target_include_directories(${PROJECT_NAME}
PUBLIC ${PROJECT_SOURCE_DIR}/include
)

144
libnl/include/linux-private/linux/can/netlink.h Normal file
View file

@ -0,0 +1,144 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* linux/can/netlink.h
*
* Definitions for the CAN netlink interface
*
* Copyright (c) 2009 Wolfgang Grandegger <wg@grandegger.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the version 2 of the GNU General Public License
* as published by the Free Software Foundation
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
#ifndef _CAN_NETLINK_H
#define _CAN_NETLINK_H
#include <linux/types.h>
/*
* CAN bit-timing parameters
*
* For further information, please read chapter "8 BIT TIMING
* REQUIREMENTS" of the "Bosch CAN Specification version 2.0"
* at http://www.semiconductors.bosch.de/pdf/can2spec.pdf.
*/
struct can_bittiming {
__u32 bitrate; /* Bit-rate in bits/second */
__u32 sample_point; /* Sample point in one-tenth of a percent */
__u32 tq; /* Time quanta (TQ) in nanoseconds */
__u32 prop_seg; /* Propagation segment in TQs */
__u32 phase_seg1; /* Phase buffer segment 1 in TQs */
__u32 phase_seg2; /* Phase buffer segment 2 in TQs */
__u32 sjw; /* Synchronisation jump width in TQs */
__u32 brp; /* Bit-rate prescaler */
};
/*
* CAN harware-dependent bit-timing constant
*
* Used for calculating and checking bit-timing parameters
*/
struct can_bittiming_const {
char name[16]; /* Name of the CAN controller hardware */
__u32 tseg1_min; /* Time segement 1 = prop_seg + phase_seg1 */
__u32 tseg1_max;
__u32 tseg2_min; /* Time segement 2 = phase_seg2 */
__u32 tseg2_max;
__u32 sjw_max; /* Synchronisation jump width */
__u32 brp_min; /* Bit-rate prescaler */
__u32 brp_max;
__u32 brp_inc;
};
/*
* CAN clock parameters
*/
struct can_clock {
__u32 freq; /* CAN system clock frequency in Hz */
};
/*
* CAN operational and error states
*/
enum can_state {
CAN_STATE_ERROR_ACTIVE = 0, /* RX/TX error count < 96 */
CAN_STATE_ERROR_WARNING, /* RX/TX error count < 128 */
CAN_STATE_ERROR_PASSIVE, /* RX/TX error count < 256 */
CAN_STATE_BUS_OFF, /* RX/TX error count >= 256 */
CAN_STATE_STOPPED, /* Device is stopped */
CAN_STATE_SLEEPING, /* Device is sleeping */
CAN_STATE_MAX
};
/*
* CAN bus error counters
*/
struct can_berr_counter {
__u16 txerr;
__u16 rxerr;
};
/*
* CAN controller mode
*/
struct can_ctrlmode {
__u32 mask;
__u32 flags;
};
#define CAN_CTRLMODE_LOOPBACK 0x01 /* Loopback mode */
#define CAN_CTRLMODE_LISTENONLY 0x02 /* Listen-only mode */
#define CAN_CTRLMODE_3_SAMPLES 0x04 /* Triple sampling mode */
#define CAN_CTRLMODE_ONE_SHOT 0x08 /* One-Shot mode */
#define CAN_CTRLMODE_BERR_REPORTING 0x10 /* Bus-error reporting */
#define CAN_CTRLMODE_FD 0x20 /* CAN FD mode */
#define CAN_CTRLMODE_PRESUME_ACK 0x40 /* Ignore missing CAN ACKs */
#define CAN_CTRLMODE_FD_NON_ISO 0x80 /* CAN FD in non-ISO mode */
/*
* CAN device statistics
*/
struct can_device_stats {
__u32 bus_error; /* Bus errors */
__u32 error_warning; /* Changes to error warning state */
__u32 error_passive; /* Changes to error passive state */
__u32 bus_off; /* Changes to bus off state */
__u32 arbitration_lost; /* Arbitration lost errors */
__u32 restarts; /* CAN controller re-starts */
};
/*
* CAN netlink interface
*/
enum {
IFLA_CAN_UNSPEC,
IFLA_CAN_BITTIMING,
IFLA_CAN_BITTIMING_CONST,
IFLA_CAN_CLOCK,
IFLA_CAN_STATE,
IFLA_CAN_CTRLMODE,
IFLA_CAN_RESTART_MS,
IFLA_CAN_RESTART,
IFLA_CAN_BERR_COUNTER,
IFLA_CAN_DATA_BITTIMING,
IFLA_CAN_DATA_BITTIMING_CONST,
IFLA_CAN_TERMINATION,
IFLA_CAN_TERMINATION_CONST,
IFLA_CAN_BITRATE_CONST,
IFLA_CAN_DATA_BITRATE_CONST,
IFLA_CAN_BITRATE_MAX,
__IFLA_CAN_MAX
};
#define IFLA_CAN_MAX (__IFLA_CAN_MAX - 1)
/* u16 termination range: 1..65535 Ohms */
#define CAN_TERMINATION_DISABLED 0
#endif /* !_UAPI_CAN_NETLINK_H */

90
libnl/include/linux-private/linux/fib_rules.h Normal file
View file

@ -0,0 +1,90 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_FIB_RULES_H
#define __LINUX_FIB_RULES_H
#include <linux/types.h>
#include <linux/rtnetlink.h>
/* rule is permanent, and cannot be deleted */
#define FIB_RULE_PERMANENT 0x00000001
#define FIB_RULE_INVERT 0x00000002
#define FIB_RULE_UNRESOLVED 0x00000004
#define FIB_RULE_IIF_DETACHED 0x00000008
#define FIB_RULE_DEV_DETACHED FIB_RULE_IIF_DETACHED
#define FIB_RULE_OIF_DETACHED 0x00000010
/* try to find source address in routing lookups */
#define FIB_RULE_FIND_SADDR 0x00010000
struct fib_rule_hdr {
__u8 family;
__u8 dst_len;
__u8 src_len;
__u8 tos;
__u8 table;
__u8 res1; /* reserved */
__u8 res2; /* reserved */
__u8 action;
__u32 flags;
};
struct fib_rule_uid_range {
__u32 start;
__u32 end;
};
struct fib_rule_port_range {
__u16 start;
__u16 end;
};
enum {
FRA_UNSPEC,
FRA_DST, /* destination address */
FRA_SRC, /* source address */
FRA_IIFNAME, /* interface name */
#define FRA_IFNAME FRA_IIFNAME
FRA_GOTO, /* target to jump to (FR_ACT_GOTO) */
FRA_UNUSED2,
FRA_PRIORITY, /* priority/preference */
FRA_UNUSED3,
FRA_UNUSED4,
FRA_UNUSED5,
FRA_FWMARK, /* mark */
FRA_FLOW, /* flow/class id */
FRA_TUN_ID,
FRA_SUPPRESS_IFGROUP,
FRA_SUPPRESS_PREFIXLEN,
FRA_TABLE, /* Extended table id */
FRA_FWMASK, /* mask for netfilter mark */
FRA_OIFNAME,
FRA_PAD,
FRA_L3MDEV, /* iif or oif is l3mdev goto its table */
FRA_UID_RANGE, /* UID range */
FRA_PROTOCOL, /* Originator of the rule */
FRA_IP_PROTO, /* ip proto */
FRA_SPORT_RANGE, /* sport */
FRA_DPORT_RANGE, /* dport */
__FRA_MAX
};
#define FRA_MAX (__FRA_MAX - 1)
enum {
FR_ACT_UNSPEC,
FR_ACT_TO_TBL, /* Pass to fixed table */
FR_ACT_GOTO, /* Jump to another rule */
FR_ACT_NOP, /* No operation */
FR_ACT_RES3,
FR_ACT_RES4,
FR_ACT_BLACKHOLE, /* Drop without notification */
FR_ACT_UNREACHABLE, /* Drop with ENETUNREACH */
FR_ACT_PROHIBIT, /* Drop with EACCES */
__FR_ACT_MAX,
};
#define FR_ACT_MAX (__FR_ACT_MAX - 1)
#endif

80
libnl/include/linux-private/linux/gen_stats.h Normal file
View file

@ -0,0 +1,80 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_GEN_STATS_H
#define __LINUX_GEN_STATS_H
#include <linux/types.h>
enum {
TCA_STATS_UNSPEC,
TCA_STATS_BASIC,
TCA_STATS_RATE_EST,
TCA_STATS_QUEUE,
TCA_STATS_APP,
TCA_STATS_RATE_EST64,
TCA_STATS_PAD,
__TCA_STATS_MAX,
};
#define TCA_STATS_MAX (__TCA_STATS_MAX - 1)
/**
* struct gnet_stats_basic - byte/packet throughput statistics
* @bytes: number of seen bytes
* @packets: number of seen packets
*/
struct gnet_stats_basic {
__u64 bytes;
__u32 packets;
};
struct gnet_stats_basic_packed {
__u64 bytes;
__u32 packets;
} __attribute__ ((packed));
/**
* struct gnet_stats_rate_est - rate estimator
* @bps: current byte rate
* @pps: current packet rate
*/
struct gnet_stats_rate_est {
__u32 bps;
__u32 pps;
};
/**
* struct gnet_stats_rate_est64 - rate estimator
* @bps: current byte rate
* @pps: current packet rate
*/
struct gnet_stats_rate_est64 {
__u64 bps;
__u64 pps;
};
/**
* struct gnet_stats_queue - queuing statistics
* @qlen: queue length
* @backlog: backlog size of queue
* @drops: number of dropped packets
* @requeues: number of requeues
* @overlimits: number of enqueues over the limit
*/
struct gnet_stats_queue {
__u32 qlen;
__u32 backlog;
__u32 drops;
__u32 requeues;
__u32 overlimits;
};
/**
* struct gnet_estimator - rate estimator configuration
* @interval: sampling period
* @ewma_log: the log of measurement window weight
*/
struct gnet_estimator {
signed char interval;
unsigned char ewma_log;
};
#endif /* __LINUX_GEN_STATS_H */

89
libnl/include/linux-private/linux/genetlink.h Normal file
View file

@ -0,0 +1,89 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_GENERIC_NETLINK_H
#define __LINUX_GENERIC_NETLINK_H
#include <linux/types.h>
#include <linux/netlink.h>
#define GENL_NAMSIZ 16 /* length of family name */
#define GENL_MIN_ID NLMSG_MIN_TYPE
#define GENL_MAX_ID 1023
struct genlmsghdr {
__u8 cmd;
__u8 version;
__u16 reserved;
};
#define GENL_HDRLEN NLMSG_ALIGN(sizeof(struct genlmsghdr))
#define GENL_ADMIN_PERM 0x01
#define GENL_CMD_CAP_DO 0x02
#define GENL_CMD_CAP_DUMP 0x04
#define GENL_CMD_CAP_HASPOL 0x08
#define GENL_UNS_ADMIN_PERM 0x10
/*
* List of reserved static generic netlink identifiers:
*/
#define GENL_ID_CTRL NLMSG_MIN_TYPE
#define GENL_ID_VFS_DQUOT (NLMSG_MIN_TYPE + 1)
#define GENL_ID_PMCRAID (NLMSG_MIN_TYPE + 2)
/* must be last reserved + 1 */
#define GENL_START_ALLOC (NLMSG_MIN_TYPE + 3)
/**************************************************************************
* Controller
**************************************************************************/
enum {
CTRL_CMD_UNSPEC,
CTRL_CMD_NEWFAMILY,
CTRL_CMD_DELFAMILY,
CTRL_CMD_GETFAMILY,
CTRL_CMD_NEWOPS,
CTRL_CMD_DELOPS,
CTRL_CMD_GETOPS,
CTRL_CMD_NEWMCAST_GRP,
CTRL_CMD_DELMCAST_GRP,
CTRL_CMD_GETMCAST_GRP, /* unused */
__CTRL_CMD_MAX,
};
#define CTRL_CMD_MAX (__CTRL_CMD_MAX - 1)
enum {
CTRL_ATTR_UNSPEC,
CTRL_ATTR_FAMILY_ID,
CTRL_ATTR_FAMILY_NAME,
CTRL_ATTR_VERSION,
CTRL_ATTR_HDRSIZE,
CTRL_ATTR_MAXATTR,
CTRL_ATTR_OPS,
CTRL_ATTR_MCAST_GROUPS,
__CTRL_ATTR_MAX,
};
#define CTRL_ATTR_MAX (__CTRL_ATTR_MAX - 1)
enum {
CTRL_ATTR_OP_UNSPEC,
CTRL_ATTR_OP_ID,
CTRL_ATTR_OP_FLAGS,
__CTRL_ATTR_OP_MAX,
};
#define CTRL_ATTR_OP_MAX (__CTRL_ATTR_OP_MAX - 1)
enum {
CTRL_ATTR_MCAST_GRP_UNSPEC,
CTRL_ATTR_MCAST_GRP_NAME,
CTRL_ATTR_MCAST_GRP_ID,
__CTRL_ATTR_MCAST_GRP_MAX,
};
#define CTRL_ATTR_MCAST_GRP_MAX (__CTRL_ATTR_MCAST_GRP_MAX - 1)
#endif /* __LINUX_GENERIC_NETLINK_H */

293
libnl/include/linux-private/linux/if.h Normal file
View file

@ -0,0 +1,293 @@
/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* INET An implementation of the TCP/IP protocol suite for the LINUX
* operating system. INET is implemented using the BSD Socket
* interface as the means of communication with the user level.
*
* Global definitions for the INET interface module.
*
* Version: @(#)if.h 1.0.2 04/18/93
*
* Authors: Original taken from Berkeley UNIX 4.3, (c) UCB 1982-1988
* Ross Biro
* Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#ifndef _LINUX_IF_H
#define _LINUX_IF_H
#include <linux/libc-compat.h> /* for compatibility with glibc */
#include <linux/types.h> /* for "__kernel_caddr_t" et al */
#include <linux/socket.h> /* for "struct sockaddr" et al */
/* for "__user" et al */
#include <sys/socket.h> /* for struct sockaddr. */
#if __UAPI_DEF_IF_IFNAMSIZ
#define IFNAMSIZ 16
#endif /* __UAPI_DEF_IF_IFNAMSIZ */
#define IFALIASZ 256
#include <linux/hdlc/ioctl.h>
/* For glibc compatibility. An empty enum does not compile. */
#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 || \
__UAPI_DEF_IF_NET_DEVICE_FLAGS != 0
/**
* enum net_device_flags - &struct net_device flags
*
* These are the &struct net_device flags, they can be set by drivers, the
* kernel and some can be triggered by userspace. Userspace can query and
* set these flags using userspace utilities but there is also a sysfs
* entry available for all dev flags which can be queried and set. These flags
* are shared for all types of net_devices. The sysfs entries are available
* via /sys/class/net/<dev>/flags. Flags which can be toggled through sysfs
* are annotated below, note that only a few flags can be toggled and some
* other flags are always preserved from the original net_device flags
* even if you try to set them via sysfs. Flags which are always preserved
* are kept under the flag grouping @IFF_VOLATILE. Flags which are __volatile__
* are annotated below as such.
*
* You should have a pretty good reason to be extending these flags.
*
* @IFF_UP: interface is up. Can be toggled through sysfs.
* @IFF_BROADCAST: broadcast address valid. Volatile.
* @IFF_DEBUG: turn on debugging. Can be toggled through sysfs.
* @IFF_LOOPBACK: is a loopback net. Volatile.
* @IFF_POINTOPOINT: interface is has p-p link. Volatile.
* @IFF_NOTRAILERS: avoid use of trailers. Can be toggled through sysfs.
* Volatile.
* @IFF_RUNNING: interface RFC2863 OPER_UP. Volatile.
* @IFF_NOARP: no ARP protocol. Can be toggled through sysfs. Volatile.
* @IFF_PROMISC: receive all packets. Can be toggled through sysfs.
* @IFF_ALLMULTI: receive all multicast packets. Can be toggled through
* sysfs.
* @IFF_MASTER: master of a load balancer. Volatile.
* @IFF_SLAVE: slave of a load balancer. Volatile.
* @IFF_MULTICAST: Supports multicast. Can be toggled through sysfs.
* @IFF_PORTSEL: can set media type. Can be toggled through sysfs.
* @IFF_AUTOMEDIA: auto media select active. Can be toggled through sysfs.
* @IFF_DYNAMIC: dialup device with changing addresses. Can be toggled
* through sysfs.
* @IFF_LOWER_UP: driver signals L1 up. Volatile.
* @IFF_DORMANT: driver signals dormant. Volatile.
* @IFF_ECHO: echo sent packets. Volatile.
*/
enum net_device_flags {
/* for compatibility with glibc net/if.h */
#if __UAPI_DEF_IF_NET_DEVICE_FLAGS
IFF_UP = 1<<0, /* sysfs */
IFF_BROADCAST = 1<<1, /* __volatile__ */
IFF_DEBUG = 1<<2, /* sysfs */
IFF_LOOPBACK = 1<<3, /* __volatile__ */
IFF_POINTOPOINT = 1<<4, /* __volatile__ */
IFF_NOTRAILERS = 1<<5, /* sysfs */
IFF_RUNNING = 1<<6, /* __volatile__ */
IFF_NOARP = 1<<7, /* sysfs */
IFF_PROMISC = 1<<8, /* sysfs */
IFF_ALLMULTI = 1<<9, /* sysfs */
IFF_MASTER = 1<<10, /* __volatile__ */
IFF_SLAVE = 1<<11, /* __volatile__ */
IFF_MULTICAST = 1<<12, /* sysfs */
IFF_PORTSEL = 1<<13, /* sysfs */
IFF_AUTOMEDIA = 1<<14, /* sysfs */
IFF_DYNAMIC = 1<<15, /* sysfs */
#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS */
#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO
IFF_LOWER_UP = 1<<16, /* __volatile__ */
IFF_DORMANT = 1<<17, /* __volatile__ */
IFF_ECHO = 1<<18, /* __volatile__ */
#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO */
};
#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO != 0 || __UAPI_DEF_IF_NET_DEVICE_FLAGS != 0 */
/* for compatibility with glibc net/if.h */
#if __UAPI_DEF_IF_NET_DEVICE_FLAGS
#define IFF_UP IFF_UP
#define IFF_BROADCAST IFF_BROADCAST
#define IFF_DEBUG IFF_DEBUG
#define IFF_LOOPBACK IFF_LOOPBACK
#define IFF_POINTOPOINT IFF_POINTOPOINT
#define IFF_NOTRAILERS IFF_NOTRAILERS
#define IFF_RUNNING IFF_RUNNING
#define IFF_NOARP IFF_NOARP
#define IFF_PROMISC IFF_PROMISC
#define IFF_ALLMULTI IFF_ALLMULTI
#define IFF_MASTER IFF_MASTER
#define IFF_SLAVE IFF_SLAVE
#define IFF_MULTICAST IFF_MULTICAST
#define IFF_PORTSEL IFF_PORTSEL
#define IFF_AUTOMEDIA IFF_AUTOMEDIA
#define IFF_DYNAMIC IFF_DYNAMIC
#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS */
#if __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO
#define IFF_LOWER_UP IFF_LOWER_UP
#define IFF_DORMANT IFF_DORMANT
#define IFF_ECHO IFF_ECHO
#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO */
#define IFF_VOLATILE (IFF_LOOPBACK|IFF_POINTOPOINT|IFF_BROADCAST|IFF_ECHO|\
IFF_MASTER|IFF_SLAVE|IFF_RUNNING|IFF_LOWER_UP|IFF_DORMANT)
#define IF_GET_IFACE 0x0001 /* for querying only */
#define IF_GET_PROTO 0x0002
/* For definitions see hdlc.h */
#define IF_IFACE_V35 0x1000 /* V.35 serial interface */
#define IF_IFACE_V24 0x1001 /* V.24 serial interface */
#define IF_IFACE_X21 0x1002 /* X.21 serial interface */
#define IF_IFACE_T1 0x1003 /* T1 telco serial interface */
#define IF_IFACE_E1 0x1004 /* E1 telco serial interface */
#define IF_IFACE_SYNC_SERIAL 0x1005 /* can't be set by software */
#define IF_IFACE_X21D 0x1006 /* X.21 Dual Clocking (FarSite) */
/* For definitions see hdlc.h */
#define IF_PROTO_HDLC 0x2000 /* raw HDLC protocol */
#define IF_PROTO_PPP 0x2001 /* PPP protocol */
#define IF_PROTO_CISCO 0x2002 /* Cisco HDLC protocol */
#define IF_PROTO_FR 0x2003 /* Frame Relay protocol */
#define IF_PROTO_FR_ADD_PVC 0x2004 /* Create FR PVC */
#define IF_PROTO_FR_DEL_PVC 0x2005 /* Delete FR PVC */
#define IF_PROTO_X25 0x2006 /* X.25 */
#define IF_PROTO_HDLC_ETH 0x2007 /* raw HDLC, Ethernet emulation */
#define IF_PROTO_FR_ADD_ETH_PVC 0x2008 /* Create FR Ethernet-bridged PVC */
#define IF_PROTO_FR_DEL_ETH_PVC 0x2009 /* Delete FR Ethernet-bridged PVC */
#define IF_PROTO_FR_PVC 0x200A /* for reading PVC status */
#define IF_PROTO_FR_ETH_PVC 0x200B
#define IF_PROTO_RAW 0x200C /* RAW Socket */
/* RFC 2863 operational status */
enum {
IF_OPER_UNKNOWN,
IF_OPER_NOTPRESENT,
IF_OPER_DOWN,
IF_OPER_LOWERLAYERDOWN,
IF_OPER_TESTING,
IF_OPER_DORMANT,
IF_OPER_UP,
};
/* link modes */
enum {
IF_LINK_MODE_DEFAULT,
IF_LINK_MODE_DORMANT, /* limit upward transition to dormant */
};
/*
* Device mapping structure. I'd just gone off and designed a
* beautiful scheme using only loadable modules with arguments
* for driver options and along come the PCMCIA people 8)
*
* Ah well. The get() side of this is good for WDSETUP, and it'll
* be handy for debugging things. The set side is fine for now and
* being very small might be worth keeping for clean configuration.
*/
/* for compatibility with glibc net/if.h */
#if __UAPI_DEF_IF_IFMAP
struct ifmap {
unsigned long mem_start;
unsigned long mem_end;
unsigned short base_addr;
unsigned char irq;
unsigned char dma;
unsigned char port;
/* 3 bytes spare */
};
#endif /* __UAPI_DEF_IF_IFMAP */
struct if_settings {
unsigned int type; /* Type of physical device or protocol */
unsigned int size; /* Size of the data allocated by the caller */
union {
/* {atm/eth/dsl}_settings anyone ? */
raw_hdlc_proto *raw_hdlc;
cisco_proto *cisco;
fr_proto *fr;
fr_proto_pvc *fr_pvc;
fr_proto_pvc_info *fr_pvc_info;
/* interface settings */
sync_serial_settings *sync;
te1_settings *te1;
} ifs_ifsu;
};
/*
* Interface request structure used for socket
* ioctl's. All interface ioctl's must have parameter
* definitions which begin with ifr_name. The
* remainder may be interface specific.
*/
/* for compatibility with glibc net/if.h */
#if __UAPI_DEF_IF_IFREQ
struct ifreq {
#define IFHWADDRLEN 6
union
{
char ifrn_name[IFNAMSIZ]; /* if name, e.g. "en0" */
} ifr_ifrn;
union {
struct sockaddr ifru_addr;
struct sockaddr ifru_dstaddr;
struct sockaddr ifru_broadaddr;
struct sockaddr ifru_netmask;
struct sockaddr ifru_hwaddr;
short ifru_flags;
int ifru_ivalue;
int ifru_mtu;
struct ifmap ifru_map;
char ifru_slave[IFNAMSIZ]; /* Just fits the size */
char ifru_newname[IFNAMSIZ];
void * ifru_data;
struct if_settings ifru_settings;
} ifr_ifru;
};
#endif /* __UAPI_DEF_IF_IFREQ */
#define ifr_name ifr_ifrn.ifrn_name /* interface name */
#define ifr_hwaddr ifr_ifru.ifru_hwaddr /* MAC address */
#define ifr_addr ifr_ifru.ifru_addr /* address */
#define ifr_dstaddr ifr_ifru.ifru_dstaddr /* other end of p-p lnk */
#define ifr_broadaddr ifr_ifru.ifru_broadaddr /* broadcast address */
#define ifr_netmask ifr_ifru.ifru_netmask /* interface net mask */
#define ifr_flags ifr_ifru.ifru_flags /* flags */
#define ifr_metric ifr_ifru.ifru_ivalue /* metric */
#define ifr_mtu ifr_ifru.ifru_mtu /* mtu */
#define ifr_map ifr_ifru.ifru_map /* device map */
#define ifr_slave ifr_ifru.ifru_slave /* slave device */
#define ifr_data ifr_ifru.ifru_data /* for use by interface */
#define ifr_ifindex ifr_ifru.ifru_ivalue /* interface index */
#define ifr_bandwidth ifr_ifru.ifru_ivalue /* link bandwidth */
#define ifr_qlen ifr_ifru.ifru_ivalue /* Queue length */
#define ifr_newname ifr_ifru.ifru_newname /* New name */
#define ifr_settings ifr_ifru.ifru_settings /* Device/proto settings*/
/*
* Structure used in SIOCGIFCONF request.
* Used to retrieve interface configuration
* for machine (useful for programs which
* must know all networks accessible).
*/
/* for compatibility with glibc net/if.h */
#if __UAPI_DEF_IF_IFCONF
struct ifconf {
int ifc_len; /* size of buffer */
union {
char *ifcu_buf;
struct ifreq *ifcu_req;
} ifc_ifcu;
};
#endif /* __UAPI_DEF_IF_IFCONF */
#define ifc_buf ifc_ifcu.ifcu_buf /* buffer address */
#define ifc_req ifc_ifcu.ifcu_req /* array of structures */
#endif /* _LINUX_IF_H */

69
libnl/include/linux-private/linux/if_addr.h Normal file
View file

@ -0,0 +1,69 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_IF_ADDR_H
#define __LINUX_IF_ADDR_H
#include <linux/types.h>
#include <linux/netlink.h>
struct ifaddrmsg {
__u8 ifa_family;
__u8 ifa_prefixlen; /* The prefix length */
__u8 ifa_flags; /* Flags */
__u8 ifa_scope; /* Address scope */
__u32 ifa_index; /* Link index */
};
/*
* Important comment:
* IFA_ADDRESS is prefix address, rather than local interface address.
* It makes no difference for normally configured broadcast interfaces,
* but for point-to-point IFA_ADDRESS is DESTINATION address,
* local address is supplied in IFA_LOCAL attribute.
*
* IFA_FLAGS is a u32 attribute that extends the u8 field ifa_flags.
* If present, the value from struct ifaddrmsg will be ignored.
*/
enum {
IFA_UNSPEC,
IFA_ADDRESS,
IFA_LOCAL,
IFA_LABEL,
IFA_BROADCAST,
IFA_ANYCAST,
IFA_CACHEINFO,
IFA_MULTICAST,
IFA_FLAGS,
IFA_RT_PRIORITY, /* u32, priority/metric for prefix route */
__IFA_MAX,
};
#define IFA_MAX (__IFA_MAX - 1)
/* ifa_flags */
#define IFA_F_SECONDARY 0x01
#define IFA_F_TEMPORARY IFA_F_SECONDARY
#define IFA_F_NODAD 0x02
#define IFA_F_OPTIMISTIC 0x04
#define IFA_F_DADFAILED 0x08
#define IFA_F_HOMEADDRESS 0x10
#define IFA_F_DEPRECATED 0x20
#define IFA_F_TENTATIVE 0x40
#define IFA_F_PERMANENT 0x80
#define IFA_F_MANAGETEMPADDR 0x100
#define IFA_F_NOPREFIXROUTE 0x200
#define IFA_F_MCAUTOJOIN 0x400
#define IFA_F_STABLE_PRIVACY 0x800
struct ifa_cacheinfo {
__u32 ifa_prefered;
__u32 ifa_valid;
__u32 cstamp; /* created timestamp, hundredths of seconds */
__u32 tstamp; /* updated timestamp, hundredths of seconds */
};
/* backwards compatibility for userspace */
#define IFA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
#define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg))
#endif

164
libnl/include/linux-private/linux/if_arp.h Normal file
View file

@ -0,0 +1,164 @@
/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* INET An implementation of the TCP/IP protocol suite for the LINUX
* operating system. INET is implemented using the BSD Socket
* interface as the means of communication with the user level.
*
* Global definitions for the ARP (RFC 826) protocol.
*
* Version: @(#)if_arp.h 1.0.1 04/16/93
*
* Authors: Original taken from Berkeley UNIX 4.3, (c) UCB 1986-1988
* Portions taken from the KA9Q/NOS (v2.00m PA0GRI) source.
* Ross Biro
* Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
* Florian La Roche,
* Jonathan Layes <layes@loran.com>
* Arnaldo Carvalho de Melo <acme@conectiva.com.br> ARPHRD_HWX25
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#ifndef _LINUX_IF_ARP_H
#define _LINUX_IF_ARP_H
#include <linux/netdevice.h>
/* ARP protocol HARDWARE identifiers. */
#define ARPHRD_NETROM 0 /* from KA9Q: NET/ROM pseudo */
#define ARPHRD_ETHER 1 /* Ethernet 10Mbps */
#define ARPHRD_EETHER 2 /* Experimental Ethernet */
#define ARPHRD_AX25 3 /* AX.25 Level 2 */
#define ARPHRD_PRONET 4 /* PROnet token ring */
#define ARPHRD_CHAOS 5 /* Chaosnet */
#define ARPHRD_IEEE802 6 /* IEEE 802.2 Ethernet/TR/TB */
#define ARPHRD_ARCNET 7 /* ARCnet */
#define ARPHRD_APPLETLK 8 /* APPLEtalk */
#define ARPHRD_DLCI 15 /* Frame Relay DLCI */
#define ARPHRD_ATM 19 /* ATM */
#define ARPHRD_METRICOM 23 /* Metricom STRIP (new IANA id) */
#define ARPHRD_IEEE1394 24 /* IEEE 1394 IPv4 - RFC 2734 */
#define ARPHRD_EUI64 27 /* EUI-64 */
#define ARPHRD_INFINIBAND 32 /* InfiniBand */
/* Dummy types for non ARP hardware */
#define ARPHRD_SLIP 256
#define ARPHRD_CSLIP 257
#define ARPHRD_SLIP6 258
#define ARPHRD_CSLIP6 259
#define ARPHRD_RSRVD 260 /* Notional KISS type */
#define ARPHRD_ADAPT 264
#define ARPHRD_ROSE 270
#define ARPHRD_X25 271 /* CCITT X.25 */
#define ARPHRD_HWX25 272 /* Boards with X.25 in firmware */
#define ARPHRD_CAN 280 /* Controller Area Network */
#define ARPHRD_PPP 512
#define ARPHRD_CISCO 513 /* Cisco HDLC */
#define ARPHRD_HDLC ARPHRD_CISCO
#define ARPHRD_LAPB 516 /* LAPB */
#define ARPHRD_DDCMP 517 /* Digital's DDCMP protocol */
#define ARPHRD_RAWHDLC 518 /* Raw HDLC */
#define ARPHRD_RAWIP 519 /* Raw IP */
#define ARPHRD_TUNNEL 768 /* IPIP tunnel */
#define ARPHRD_TUNNEL6 769 /* IP6IP6 tunnel */
#define ARPHRD_FRAD 770 /* Frame Relay Access Device */
#define ARPHRD_SKIP 771 /* SKIP vif */
#define ARPHRD_LOOPBACK 772 /* Loopback device */
#define ARPHRD_LOCALTLK 773 /* Localtalk device */
#define ARPHRD_FDDI 774 /* Fiber Distributed Data Interface */
#define ARPHRD_BIF 775 /* AP1000 BIF */
#define ARPHRD_SIT 776 /* sit0 device - IPv6-in-IPv4 */
#define ARPHRD_IPDDP 777 /* IP over DDP tunneller */
#define ARPHRD_IPGRE 778 /* GRE over IP */
#define ARPHRD_PIMREG 779 /* PIMSM register interface */
#define ARPHRD_HIPPI 780 /* High Performance Parallel Interface */
#define ARPHRD_ASH 781 /* Nexus 64Mbps Ash */
#define ARPHRD_ECONET 782 /* Acorn Econet */
#define ARPHRD_IRDA 783 /* Linux-IrDA */
/* ARP works differently on different FC media .. so */
#define ARPHRD_FCPP 784 /* Point to point fibrechannel */
#define ARPHRD_FCAL 785 /* Fibrechannel arbitrated loop */
#define ARPHRD_FCPL 786 /* Fibrechannel public loop */
#define ARPHRD_FCFABRIC 787 /* Fibrechannel fabric */
/* 787->799 reserved for fibrechannel media types */
#define ARPHRD_IEEE802_TR 800 /* Magic type ident for TR */
#define ARPHRD_IEEE80211 801 /* IEEE 802.11 */
#define ARPHRD_IEEE80211_PRISM 802 /* IEEE 802.11 + Prism2 header */
#define ARPHRD_IEEE80211_RADIOTAP 803 /* IEEE 802.11 + radiotap header */
#define ARPHRD_IEEE802154 804
#define ARPHRD_IEEE802154_MONITOR 805 /* IEEE 802.15.4 network monitor */
#define ARPHRD_PHONET 820 /* PhoNet media type */
#define ARPHRD_PHONET_PIPE 821 /* PhoNet pipe header */
#define ARPHRD_CAIF 822 /* CAIF media type */
#define ARPHRD_IP6GRE 823 /* GRE over IPv6 */
#define ARPHRD_NETLINK 824 /* Netlink header */
#define ARPHRD_6LOWPAN 825 /* IPv6 over LoWPAN */
#define ARPHRD_VSOCKMON 826 /* Vsock monitor header */
#define ARPHRD_VOID 0xFFFF /* Void type, nothing is known */
#define ARPHRD_NONE 0xFFFE /* zero header length */
/* ARP protocol opcodes. */
#define ARPOP_REQUEST 1 /* ARP request */
#define ARPOP_REPLY 2 /* ARP reply */
#define ARPOP_RREQUEST 3 /* RARP request */
#define ARPOP_RREPLY 4 /* RARP reply */
#define ARPOP_InREQUEST 8 /* InARP request */
#define ARPOP_InREPLY 9 /* InARP reply */
#define ARPOP_NAK 10 /* (ATM)ARP NAK */
/* ARP ioctl request. */
struct arpreq {
struct sockaddr arp_pa; /* protocol address */
struct sockaddr arp_ha; /* hardware address */
int arp_flags; /* flags */
struct sockaddr arp_netmask; /* netmask (only for proxy arps) */
char arp_dev[16];
};
struct arpreq_old {
struct sockaddr arp_pa; /* protocol address */
struct sockaddr arp_ha; /* hardware address */
int arp_flags; /* flags */
struct sockaddr arp_netmask; /* netmask (only for proxy arps) */
};
/* ARP Flag values. */
#define ATF_COM 0x02 /* completed entry (ha valid) */
#define ATF_PERM 0x04 /* permanent entry */
#define ATF_PUBL 0x08 /* publish entry */
#define ATF_USETRAILERS 0x10 /* has requested trailers */
#define ATF_NETMASK 0x20 /* want to use a netmask (only
for proxy entries) */
#define ATF_DONTPUB 0x40 /* don't answer this addresses */
/*
* This structure defines an ethernet arp header.
*/
struct arphdr {
__be16 ar_hrd; /* format of hardware address */
__be16 ar_pro; /* format of protocol address */
unsigned char ar_hln; /* length of hardware address */
unsigned char ar_pln; /* length of protocol address */
__be16 ar_op; /* ARP opcode (command) */
#if 0
/*
* Ethernet looks like this : This bit is variable sized however...
*/
unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */
unsigned char ar_sip[4]; /* sender IP address */
unsigned char ar_tha[ETH_ALEN]; /* target hardware address */
unsigned char ar_tip[4]; /* target IP address */
#endif
};
#endif /* _LINUX_IF_ARP_H */

295
libnl/include/linux-private/linux/if_bridge.h Normal file
View file

@ -0,0 +1,295 @@
/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* Linux ethernet bridge
*
* Authors:
* Lennert Buytenhek <buytenh@gnu.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#ifndef _LINUX_IF_BRIDGE_H
#define _LINUX_IF_BRIDGE_H
#include <linux/types.h>
#include <linux/if_ether.h>
#include <linux/in6.h>
#define SYSFS_BRIDGE_ATTR "bridge"
#define SYSFS_BRIDGE_FDB "brforward"
#define SYSFS_BRIDGE_PORT_SUBDIR "brif"
#define SYSFS_BRIDGE_PORT_ATTR "brport"
#define SYSFS_BRIDGE_PORT_LINK "bridge"
#define BRCTL_VERSION 1
#define BRCTL_GET_VERSION 0
#define BRCTL_GET_BRIDGES 1
#define BRCTL_ADD_BRIDGE 2
#define BRCTL_DEL_BRIDGE 3
#define BRCTL_ADD_IF 4
#define BRCTL_DEL_IF 5
#define BRCTL_GET_BRIDGE_INFO 6
#define BRCTL_GET_PORT_LIST 7
#define BRCTL_SET_BRIDGE_FORWARD_DELAY 8
#define BRCTL_SET_BRIDGE_HELLO_TIME 9
#define BRCTL_SET_BRIDGE_MAX_AGE 10
#define BRCTL_SET_AGEING_TIME 11
#define BRCTL_SET_GC_INTERVAL 12
#define BRCTL_GET_PORT_INFO 13
#define BRCTL_SET_BRIDGE_STP_STATE 14
#define BRCTL_SET_BRIDGE_PRIORITY 15
#define BRCTL_SET_PORT_PRIORITY 16
#define BRCTL_SET_PATH_COST 17
#define BRCTL_GET_FDB_ENTRIES 18
#define BR_STATE_DISABLED 0
#define BR_STATE_LISTENING 1
#define BR_STATE_LEARNING 2
#define BR_STATE_FORWARDING 3
#define BR_STATE_BLOCKING 4
struct __bridge_info {
__u64 designated_root;
__u64 bridge_id;
__u32 root_path_cost;
__u32 max_age;
__u32 hello_time;
__u32 forward_delay;
__u32 bridge_max_age;
__u32 bridge_hello_time;
__u32 bridge_forward_delay;
__u8 topology_change;
__u8 topology_change_detected;
__u8 root_port;
__u8 stp_enabled;
__u32 ageing_time;
__u32 gc_interval;
__u32 hello_timer_value;
__u32 tcn_timer_value;
__u32 topology_change_timer_value;
__u32 gc_timer_value;
};
struct __port_info {
__u64 designated_root;
__u64 designated_bridge;
__u16 port_id;
__u16 designated_port;
__u32 path_cost;
__u32 designated_cost;
__u8 state;
__u8 top_change_ack;
__u8 config_pending;
__u8 unused0;
__u32 message_age_timer_value;
__u32 forward_delay_timer_value;
__u32 hold_timer_value;
};
struct __fdb_entry {
__u8 mac_addr[ETH_ALEN];
__u8 port_no;
__u8 is_local;
__u32 ageing_timer_value;
__u8 port_hi;
__u8 pad0;
__u16 unused;
};
/* Bridge Flags */
#define BRIDGE_FLAGS_MASTER 1 /* Bridge command to/from master */
#define BRIDGE_FLAGS_SELF 2 /* Bridge command to/from lowerdev */
#define BRIDGE_MODE_VEB 0 /* Default loopback mode */
#define BRIDGE_MODE_VEPA 1 /* 802.1Qbg defined VEPA mode */
#define BRIDGE_MODE_UNDEF 0xFFFF /* mode undefined */
/* Bridge management nested attributes
* [IFLA_AF_SPEC] = {
* [IFLA_BRIDGE_FLAGS]
* [IFLA_BRIDGE_MODE]
* [IFLA_BRIDGE_VLAN_INFO]
* }
*/
enum {
IFLA_BRIDGE_FLAGS,
IFLA_BRIDGE_MODE,
IFLA_BRIDGE_VLAN_INFO,
IFLA_BRIDGE_VLAN_TUNNEL_INFO,
__IFLA_BRIDGE_MAX,
};
#define IFLA_BRIDGE_MAX (__IFLA_BRIDGE_MAX - 1)
#define BRIDGE_VLAN_INFO_MASTER (1<<0) /* Operate on Bridge device as well */
#define BRIDGE_VLAN_INFO_PVID (1<<1) /* VLAN is PVID, ingress untagged */
#define BRIDGE_VLAN_INFO_UNTAGGED (1<<2) /* VLAN egresses untagged */
#define BRIDGE_VLAN_INFO_RANGE_BEGIN (1<<3) /* VLAN is start of vlan range */
#define BRIDGE_VLAN_INFO_RANGE_END (1<<4) /* VLAN is end of vlan range */
#define BRIDGE_VLAN_INFO_BRENTRY (1<<5) /* Global bridge VLAN entry */
struct bridge_vlan_info {
__u16 flags;
__u16 vid;
};
enum {
IFLA_BRIDGE_VLAN_TUNNEL_UNSPEC,
IFLA_BRIDGE_VLAN_TUNNEL_ID,
IFLA_BRIDGE_VLAN_TUNNEL_VID,
IFLA_BRIDGE_VLAN_TUNNEL_FLAGS,
__IFLA_BRIDGE_VLAN_TUNNEL_MAX,
};
#define IFLA_BRIDGE_VLAN_TUNNEL_MAX (__IFLA_BRIDGE_VLAN_TUNNEL_MAX - 1)
struct bridge_vlan_xstats {
__u64 rx_bytes;
__u64 rx_packets;
__u64 tx_bytes;
__u64 tx_packets;
__u16 vid;
__u16 flags;
__u32 pad2;
};
/* Bridge multicast database attributes
* [MDBA_MDB] = {
* [MDBA_MDB_ENTRY] = {
* [MDBA_MDB_ENTRY_INFO] {
* struct br_mdb_entry
* [MDBA_MDB_EATTR attributes]
* }
* }
* }
* [MDBA_ROUTER] = {
* [MDBA_ROUTER_PORT] = {
* u32 ifindex
* [MDBA_ROUTER_PATTR attributes]
* }
* }
*/
enum {
MDBA_UNSPEC,
MDBA_MDB,
MDBA_ROUTER,
__MDBA_MAX,
};
#define MDBA_MAX (__MDBA_MAX - 1)
enum {
MDBA_MDB_UNSPEC,
MDBA_MDB_ENTRY,
__MDBA_MDB_MAX,
};
#define MDBA_MDB_MAX (__MDBA_MDB_MAX - 1)
enum {
MDBA_MDB_ENTRY_UNSPEC,
MDBA_MDB_ENTRY_INFO,
__MDBA_MDB_ENTRY_MAX,
};
#define MDBA_MDB_ENTRY_MAX (__MDBA_MDB_ENTRY_MAX - 1)
/* per mdb entry additional attributes */
enum {
MDBA_MDB_EATTR_UNSPEC,
MDBA_MDB_EATTR_TIMER,
__MDBA_MDB_EATTR_MAX
};
#define MDBA_MDB_EATTR_MAX (__MDBA_MDB_EATTR_MAX - 1)
/* multicast router types */
enum {
MDB_RTR_TYPE_DISABLED,
MDB_RTR_TYPE_TEMP_QUERY,
MDB_RTR_TYPE_PERM,
MDB_RTR_TYPE_TEMP
};
enum {
MDBA_ROUTER_UNSPEC,
MDBA_ROUTER_PORT,
__MDBA_ROUTER_MAX,
};
#define MDBA_ROUTER_MAX (__MDBA_ROUTER_MAX - 1)
/* router port attributes */
enum {
MDBA_ROUTER_PATTR_UNSPEC,
MDBA_ROUTER_PATTR_TIMER,
MDBA_ROUTER_PATTR_TYPE,
__MDBA_ROUTER_PATTR_MAX
};
#define MDBA_ROUTER_PATTR_MAX (__MDBA_ROUTER_PATTR_MAX - 1)
struct br_port_msg {
__u8 family;
__u32 ifindex;
};
struct br_mdb_entry {
__u32 ifindex;
#define MDB_TEMPORARY 0
#define MDB_PERMANENT 1
__u8 state;
#define MDB_FLAGS_OFFLOAD (1 << 0)
__u8 flags;
__u16 vid;
struct {
union {
__be32 ip4;
struct in6_addr ip6;
} u;
__be16 proto;
} addr;
};
enum {
MDBA_SET_ENTRY_UNSPEC,
MDBA_SET_ENTRY,
__MDBA_SET_ENTRY_MAX,
};
#define MDBA_SET_ENTRY_MAX (__MDBA_SET_ENTRY_MAX - 1)
/* Embedded inside LINK_XSTATS_TYPE_BRIDGE */
enum {
BRIDGE_XSTATS_UNSPEC,
BRIDGE_XSTATS_VLAN,
BRIDGE_XSTATS_MCAST,
BRIDGE_XSTATS_PAD,
__BRIDGE_XSTATS_MAX
};
#define BRIDGE_XSTATS_MAX (__BRIDGE_XSTATS_MAX - 1)
enum {
BR_MCAST_DIR_RX,
BR_MCAST_DIR_TX,
BR_MCAST_DIR_SIZE
};
/* IGMP/MLD statistics */
struct br_mcast_stats {
__u64 igmp_v1queries[BR_MCAST_DIR_SIZE];
__u64 igmp_v2queries[BR_MCAST_DIR_SIZE];
__u64 igmp_v3queries[BR_MCAST_DIR_SIZE];
__u64 igmp_leaves[BR_MCAST_DIR_SIZE];
__u64 igmp_v1reports[BR_MCAST_DIR_SIZE];
__u64 igmp_v2reports[BR_MCAST_DIR_SIZE];
__u64 igmp_v3reports[BR_MCAST_DIR_SIZE];
__u64 igmp_parse_errors;
__u64 mld_v1queries[BR_MCAST_DIR_SIZE];
__u64 mld_v2queries[BR_MCAST_DIR_SIZE];
__u64 mld_leaves[BR_MCAST_DIR_SIZE];
__u64 mld_v1reports[BR_MCAST_DIR_SIZE];
__u64 mld_v2reports[BR_MCAST_DIR_SIZE];
__u64 mld_parse_errors;
__u64 mcast_bytes[BR_MCAST_DIR_SIZE];
__u64 mcast_packets[BR_MCAST_DIR_SIZE];
};
#endif /* _LINUX_IF_BRIDGE_H */

169
libnl/include/linux-private/linux/if_ether.h Normal file
View file

@ -0,0 +1,169 @@
/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* INET An implementation of the TCP/IP protocol suite for the LINUX
* operating system. INET is implemented using the BSD Socket
* interface as the means of communication with the user level.
*
* Global definitions for the Ethernet IEEE 802.3 interface.
*
* Version: @(#)if_ether.h 1.0.1a 02/08/94
*
* Author: Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
* Donald Becker, <becker@super.org>
* Alan Cox, <alan@lxorguk.ukuu.org.uk>
* Steve Whitehouse, <gw7rrm@eeshack3.swan.ac.uk>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#ifndef _LINUX_IF_ETHER_H
#define _LINUX_IF_ETHER_H
#include <linux/types.h>
/*
* IEEE 802.3 Ethernet magic constants. The frame sizes omit the preamble
* and FCS/CRC (frame check sequence).
*/
#define ETH_ALEN 6 /* Octets in one ethernet addr */
#define ETH_TLEN 2 /* Octets in ethernet type field */
#define ETH_HLEN 14 /* Total octets in header. */
#define ETH_ZLEN 60 /* Min. octets in frame sans FCS */
#define ETH_DATA_LEN 1500 /* Max. octets in payload */
#define ETH_FRAME_LEN 1514 /* Max. octets in frame sans FCS */
#define ETH_FCS_LEN 4 /* Octets in the FCS */
#define ETH_MIN_MTU 68 /* Min IPv4 MTU per RFC791 */
#define ETH_MAX_MTU 0xFFFFU /* 65535, same as IP_MAX_MTU */
/*
* These are the defined Ethernet Protocol ID's.
*/
#define ETH_P_LOOP 0x0060 /* Ethernet Loopback packet */
#define ETH_P_PUP 0x0200 /* Xerox PUP packet */
#define ETH_P_PUPAT 0x0201 /* Xerox PUP Addr Trans packet */
#define ETH_P_TSN 0x22F0 /* TSN (IEEE 1722) packet */
#define ETH_P_ERSPAN2 0x22EB /* ERSPAN version 2 (type III) */
#define ETH_P_IP 0x0800 /* Internet Protocol packet */
#define ETH_P_X25 0x0805 /* CCITT X.25 */
#define ETH_P_ARP 0x0806 /* Address Resolution packet */
#define ETH_P_BPQ 0x08FF /* G8BPQ AX.25 Ethernet Packet [ NOT AN OFFICIALLY REGISTERED ID ] */
#define ETH_P_IEEEPUP 0x0a00 /* Xerox IEEE802.3 PUP packet */
#define ETH_P_IEEEPUPAT 0x0a01 /* Xerox IEEE802.3 PUP Addr Trans packet */
#define ETH_P_BATMAN 0x4305 /* B.A.T.M.A.N.-Advanced packet [ NOT AN OFFICIALLY REGISTERED ID ] */
#define ETH_P_DEC 0x6000 /* DEC Assigned proto */
#define ETH_P_DNA_DL 0x6001 /* DEC DNA Dump/Load */
#define ETH_P_DNA_RC 0x6002 /* DEC DNA Remote Console */
#define ETH_P_DNA_RT 0x6003 /* DEC DNA Routing */
#define ETH_P_LAT 0x6004 /* DEC LAT */
#define ETH_P_DIAG 0x6005 /* DEC Diagnostics */
#define ETH_P_CUST 0x6006 /* DEC Customer use */
#define ETH_P_SCA 0x6007 /* DEC Systems Comms Arch */
#define ETH_P_TEB 0x6558 /* Trans Ether Bridging */
#define ETH_P_RARP 0x8035 /* Reverse Addr Res packet */
#define ETH_P_ATALK 0x809B /* Appletalk DDP */
#define ETH_P_AARP 0x80F3 /* Appletalk AARP */
#define ETH_P_8021Q 0x8100 /* 802.1Q VLAN Extended Header */
#define ETH_P_ERSPAN 0x88BE /* ERSPAN type II */
#define ETH_P_IPX 0x8137 /* IPX over DIX */
#define ETH_P_IPV6 0x86DD /* IPv6 over bluebook */
#define ETH_P_PAUSE 0x8808 /* IEEE Pause frames. See 802.3 31B */
#define ETH_P_SLOW 0x8809 /* Slow Protocol. See 802.3ad 43B */
#define ETH_P_WCCP 0x883E /* Web-cache coordination protocol
* defined in draft-wilson-wrec-wccp-v2-00.txt */
#define ETH_P_MPLS_UC 0x8847 /* MPLS Unicast traffic */
#define ETH_P_MPLS_MC 0x8848 /* MPLS Multicast traffic */
#define ETH_P_ATMMPOA 0x884c /* MultiProtocol Over ATM */
#define ETH_P_PPP_DISC 0x8863 /* PPPoE discovery messages */
#define ETH_P_PPP_SES 0x8864 /* PPPoE session messages */
#define ETH_P_LINK_CTL 0x886c /* HPNA, wlan link local tunnel */
#define ETH_P_ATMFATE 0x8884 /* Frame-based ATM Transport
* over Ethernet
*/
#define ETH_P_PAE 0x888E /* Port Access Entity (IEEE 802.1X) */
#define ETH_P_AOE 0x88A2 /* ATA over Ethernet */
#define ETH_P_8021AD 0x88A8 /* 802.1ad Service VLAN */
#define ETH_P_802_EX1 0x88B5 /* 802.1 Local Experimental 1. */
#define ETH_P_PREAUTH 0x88C7 /* 802.11 Preauthentication */
#define ETH_P_TIPC 0x88CA /* TIPC */
#define ETH_P_MACSEC 0x88E5 /* 802.1ae MACsec */
#define ETH_P_8021AH 0x88E7 /* 802.1ah Backbone Service Tag */
#define ETH_P_MVRP 0x88F5 /* 802.1Q MVRP */
#define ETH_P_1588 0x88F7 /* IEEE 1588 Timesync */
#define ETH_P_NCSI 0x88F8 /* NCSI protocol */
#define ETH_P_PRP 0x88FB /* IEC 62439-3 PRP/HSRv0 */
#define ETH_P_FCOE 0x8906 /* Fibre Channel over Ethernet */
#define ETH_P_IBOE 0x8915 /* Infiniband over Ethernet */
#define ETH_P_TDLS 0x890D /* TDLS */
#define ETH_P_FIP 0x8914 /* FCoE Initialization Protocol */
#define ETH_P_80221 0x8917 /* IEEE 802.21 Media Independent Handover Protocol */
#define ETH_P_HSR 0x892F /* IEC 62439-3 HSRv1 */
#define ETH_P_NSH 0x894F /* Network Service Header */
#define ETH_P_LOOPBACK 0x9000 /* Ethernet loopback packet, per IEEE 802.3 */
#define ETH_P_QINQ1 0x9100 /* deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] */
#define ETH_P_QINQ2 0x9200 /* deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] */
#define ETH_P_QINQ3 0x9300 /* deprecated QinQ VLAN [ NOT AN OFFICIALLY REGISTERED ID ] */
#define ETH_P_EDSA 0xDADA /* Ethertype DSA [ NOT AN OFFICIALLY REGISTERED ID ] */
#define ETH_P_IFE 0xED3E /* ForCES inter-FE LFB type */
#define ETH_P_AF_IUCV 0xFBFB /* IBM af_iucv [ NOT AN OFFICIALLY REGISTERED ID ] */
#define ETH_P_802_3_MIN 0x0600 /* If the value in the ethernet type is less than this value
* then the frame is Ethernet II. Else it is 802.3 */
/*
* Non DIX types. Won't clash for 1500 types.
*/
#define ETH_P_802_3 0x0001 /* Dummy type for 802.3 frames */
#define ETH_P_AX25 0x0002 /* Dummy protocol id for AX.25 */
#define ETH_P_ALL 0x0003 /* Every packet (be careful!!!) */
#define ETH_P_802_2 0x0004 /* 802.2 frames */
#define ETH_P_SNAP 0x0005 /* Internal only */
#define ETH_P_DDCMP 0x0006 /* DEC DDCMP: Internal only */
#define ETH_P_WAN_PPP 0x0007 /* Dummy type for WAN PPP frames*/
#define ETH_P_PPP_MP 0x0008 /* Dummy type for PPP MP frames */
#define ETH_P_LOCALTALK 0x0009 /* Localtalk pseudo type */
#define ETH_P_CAN 0x000C /* CAN: Controller Area Network */
#define ETH_P_CANFD 0x000D /* CANFD: CAN flexible data rate*/
#define ETH_P_PPPTALK 0x0010 /* Dummy type for Atalk over PPP*/
#define ETH_P_TR_802_2 0x0011 /* 802.2 frames */
#define ETH_P_MOBITEX 0x0015 /* Mobitex (kaz@cafe.net) */
#define ETH_P_CONTROL 0x0016 /* Card specific control frames */
#define ETH_P_IRDA 0x0017 /* Linux-IrDA */
#define ETH_P_ECONET 0x0018 /* Acorn Econet */
#define ETH_P_HDLC 0x0019 /* HDLC frames */
#define ETH_P_ARCNET 0x001A /* 1A for ArcNet :-) */
#define ETH_P_DSA 0x001B /* Distributed Switch Arch. */
#define ETH_P_TRAILER 0x001C /* Trailer switch tagging */
#define ETH_P_PHONET 0x00F5 /* Nokia Phonet frames */
#define ETH_P_IEEE802154 0x00F6 /* IEEE802.15.4 frame */
#define ETH_P_CAIF 0x00F7 /* ST-Ericsson CAIF protocol */
#define ETH_P_XDSA 0x00F8 /* Multiplexed DSA protocol */
#define ETH_P_MAP 0x00F9 /* Qualcomm multiplexing and
* aggregation protocol
*/
/*
* This is an Ethernet frame header.
*/
/* allow libcs like musl to deactivate this, glibc does not implement this. */
#ifndef __UAPI_DEF_ETHHDR
#define __UAPI_DEF_ETHHDR 1
#endif
#if __UAPI_DEF_ETHHDR
struct ethhdr {
unsigned char h_dest[ETH_ALEN]; /* destination eth addr */
unsigned char h_source[ETH_ALEN]; /* source ether addr */
__be16 h_proto; /* packet type ID field */
} __attribute__((packed));
#endif
#endif /* _LINUX_IF_ETHER_H */

1000
libnl/include/linux-private/linux/if_link.h Normal file
View file

File diff suppressed because it is too large Load diff

177
libnl/include/linux-private/linux/if_macsec.h Normal file
View file

@ -0,0 +1,177 @@
/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* include/uapi/linux/if_macsec.h - MACsec device
*
* Copyright (c) 2015 Sabrina Dubroca <sd@queasysnail.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*/
#ifndef _MACSEC_H
#define _MACSEC_H
#include <linux/types.h>
#define MACSEC_GENL_NAME "macsec"
#define MACSEC_GENL_VERSION 1
#define MACSEC_MAX_KEY_LEN 128
#define MACSEC_KEYID_LEN 16
/* cipher IDs as per IEEE802.1AEbn-2011 */
#define MACSEC_CIPHER_ID_GCM_AES_128 0x0080C20001000001ULL
#define MACSEC_CIPHER_ID_GCM_AES_256 0x0080C20001000002ULL
/* deprecated cipher ID for GCM-AES-128 */
#define MACSEC_DEFAULT_CIPHER_ID 0x0080020001000001ULL
#define MACSEC_DEFAULT_CIPHER_ALT MACSEC_CIPHER_ID_GCM_AES_128
#define MACSEC_MIN_ICV_LEN 8
#define MACSEC_MAX_ICV_LEN 32
/* upper limit for ICV length as recommended by IEEE802.1AE-2006 */
#define MACSEC_STD_ICV_LEN 16
enum macsec_attrs {
MACSEC_ATTR_UNSPEC,
MACSEC_ATTR_IFINDEX, /* u32, ifindex of the MACsec netdevice */
MACSEC_ATTR_RXSC_CONFIG, /* config, nested macsec_rxsc_attrs */
MACSEC_ATTR_SA_CONFIG, /* config, nested macsec_sa_attrs */
MACSEC_ATTR_SECY, /* dump, nested macsec_secy_attrs */
MACSEC_ATTR_TXSA_LIST, /* dump, nested, macsec_sa_attrs for each TXSA */
MACSEC_ATTR_RXSC_LIST, /* dump, nested, macsec_rxsc_attrs for each RXSC */
MACSEC_ATTR_TXSC_STATS, /* dump, nested, macsec_txsc_stats_attr */
MACSEC_ATTR_SECY_STATS, /* dump, nested, macsec_secy_stats_attr */
__MACSEC_ATTR_END,
NUM_MACSEC_ATTR = __MACSEC_ATTR_END,
MACSEC_ATTR_MAX = __MACSEC_ATTR_END - 1,
};
enum macsec_secy_attrs {
MACSEC_SECY_ATTR_UNSPEC,
MACSEC_SECY_ATTR_SCI,
MACSEC_SECY_ATTR_ENCODING_SA,
MACSEC_SECY_ATTR_WINDOW,
MACSEC_SECY_ATTR_CIPHER_SUITE,
MACSEC_SECY_ATTR_ICV_LEN,
MACSEC_SECY_ATTR_PROTECT,
MACSEC_SECY_ATTR_REPLAY,
MACSEC_SECY_ATTR_OPER,
MACSEC_SECY_ATTR_VALIDATE,
MACSEC_SECY_ATTR_ENCRYPT,
MACSEC_SECY_ATTR_INC_SCI,
MACSEC_SECY_ATTR_ES,
MACSEC_SECY_ATTR_SCB,
MACSEC_SECY_ATTR_PAD,
__MACSEC_SECY_ATTR_END,
NUM_MACSEC_SECY_ATTR = __MACSEC_SECY_ATTR_END,
MACSEC_SECY_ATTR_MAX = __MACSEC_SECY_ATTR_END - 1,
};
enum macsec_rxsc_attrs {
MACSEC_RXSC_ATTR_UNSPEC,
MACSEC_RXSC_ATTR_SCI, /* config/dump, u64 */
MACSEC_RXSC_ATTR_ACTIVE, /* config/dump, u8 0..1 */
MACSEC_RXSC_ATTR_SA_LIST, /* dump, nested */
MACSEC_RXSC_ATTR_STATS, /* dump, nested, macsec_rxsc_stats_attr */
MACSEC_RXSC_ATTR_PAD,
__MACSEC_RXSC_ATTR_END,
NUM_MACSEC_RXSC_ATTR = __MACSEC_RXSC_ATTR_END,
MACSEC_RXSC_ATTR_MAX = __MACSEC_RXSC_ATTR_END - 1,
};
enum macsec_sa_attrs {
MACSEC_SA_ATTR_UNSPEC,
MACSEC_SA_ATTR_AN, /* config/dump, u8 0..3 */
MACSEC_SA_ATTR_ACTIVE, /* config/dump, u8 0..1 */
MACSEC_SA_ATTR_PN, /* config/dump, u32 */
MACSEC_SA_ATTR_KEY, /* config, data */
MACSEC_SA_ATTR_KEYID, /* config/dump, 128-bit */
MACSEC_SA_ATTR_STATS, /* dump, nested, macsec_sa_stats_attr */
MACSEC_SA_ATTR_PAD,
__MACSEC_SA_ATTR_END,
NUM_MACSEC_SA_ATTR = __MACSEC_SA_ATTR_END,
MACSEC_SA_ATTR_MAX = __MACSEC_SA_ATTR_END - 1,
};
enum macsec_nl_commands {
MACSEC_CMD_GET_TXSC,
MACSEC_CMD_ADD_RXSC,
MACSEC_CMD_DEL_RXSC,
MACSEC_CMD_UPD_RXSC,
MACSEC_CMD_ADD_TXSA,
MACSEC_CMD_DEL_TXSA,
MACSEC_CMD_UPD_TXSA,
MACSEC_CMD_ADD_RXSA,
MACSEC_CMD_DEL_RXSA,
MACSEC_CMD_UPD_RXSA,
};
/* u64 per-RXSC stats */
enum macsec_rxsc_stats_attr {
MACSEC_RXSC_STATS_ATTR_UNSPEC,
MACSEC_RXSC_STATS_ATTR_IN_OCTETS_VALIDATED,
MACSEC_RXSC_STATS_ATTR_IN_OCTETS_DECRYPTED,
MACSEC_RXSC_STATS_ATTR_IN_PKTS_UNCHECKED,
MACSEC_RXSC_STATS_ATTR_IN_PKTS_DELAYED,
MACSEC_RXSC_STATS_ATTR_IN_PKTS_OK,
MACSEC_RXSC_STATS_ATTR_IN_PKTS_INVALID,
MACSEC_RXSC_STATS_ATTR_IN_PKTS_LATE,
MACSEC_RXSC_STATS_ATTR_IN_PKTS_NOT_VALID,
MACSEC_RXSC_STATS_ATTR_IN_PKTS_NOT_USING_SA,
MACSEC_RXSC_STATS_ATTR_IN_PKTS_UNUSED_SA,
MACSEC_RXSC_STATS_ATTR_PAD,
__MACSEC_RXSC_STATS_ATTR_END,
NUM_MACSEC_RXSC_STATS_ATTR = __MACSEC_RXSC_STATS_ATTR_END,
MACSEC_RXSC_STATS_ATTR_MAX = __MACSEC_RXSC_STATS_ATTR_END - 1,
};
/* u32 per-{RX,TX}SA stats */
enum macsec_sa_stats_attr {
MACSEC_SA_STATS_ATTR_UNSPEC,
MACSEC_SA_STATS_ATTR_IN_PKTS_OK,
MACSEC_SA_STATS_ATTR_IN_PKTS_INVALID,
MACSEC_SA_STATS_ATTR_IN_PKTS_NOT_VALID,
MACSEC_SA_STATS_ATTR_IN_PKTS_NOT_USING_SA,
MACSEC_SA_STATS_ATTR_IN_PKTS_UNUSED_SA,
MACSEC_SA_STATS_ATTR_OUT_PKTS_PROTECTED,
MACSEC_SA_STATS_ATTR_OUT_PKTS_ENCRYPTED,
__MACSEC_SA_STATS_ATTR_END,
NUM_MACSEC_SA_STATS_ATTR = __MACSEC_SA_STATS_ATTR_END,
MACSEC_SA_STATS_ATTR_MAX = __MACSEC_SA_STATS_ATTR_END - 1,
};
/* u64 per-TXSC stats */
enum macsec_txsc_stats_attr {
MACSEC_TXSC_STATS_ATTR_UNSPEC,
MACSEC_TXSC_STATS_ATTR_OUT_PKTS_PROTECTED,
MACSEC_TXSC_STATS_ATTR_OUT_PKTS_ENCRYPTED,
MACSEC_TXSC_STATS_ATTR_OUT_OCTETS_PROTECTED,
MACSEC_TXSC_STATS_ATTR_OUT_OCTETS_ENCRYPTED,
MACSEC_TXSC_STATS_ATTR_PAD,
__MACSEC_TXSC_STATS_ATTR_END,
NUM_MACSEC_TXSC_STATS_ATTR = __MACSEC_TXSC_STATS_ATTR_END,
MACSEC_TXSC_STATS_ATTR_MAX = __MACSEC_TXSC_STATS_ATTR_END - 1,
};
/* u64 per-SecY stats */
enum macsec_secy_stats_attr {
MACSEC_SECY_STATS_ATTR_UNSPEC,
MACSEC_SECY_STATS_ATTR_OUT_PKTS_UNTAGGED,
MACSEC_SECY_STATS_ATTR_IN_PKTS_UNTAGGED,
MACSEC_SECY_STATS_ATTR_OUT_PKTS_TOO_LONG,
MACSEC_SECY_STATS_ATTR_IN_PKTS_NO_TAG,
MACSEC_SECY_STATS_ATTR_IN_PKTS_BAD_TAG,
MACSEC_SECY_STATS_ATTR_IN_PKTS_UNKNOWN_SCI,
MACSEC_SECY_STATS_ATTR_IN_PKTS_NO_SCI,
MACSEC_SECY_STATS_ATTR_IN_PKTS_OVERRUN,
MACSEC_SECY_STATS_ATTR_PAD,
__MACSEC_SECY_STATS_ATTR_END,
NUM_MACSEC_SECY_STATS_ATTR = __MACSEC_SECY_STATS_ATTR_END,
MACSEC_SECY_STATS_ATTR_MAX = __MACSEC_SECY_STATS_ATTR_END - 1,
};
#endif /* _MACSEC_H */

163
libnl/include/linux-private/linux/if_tunnel.h Normal file
View file

@ -0,0 +1,163 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _IF_TUNNEL_H_
#define _IF_TUNNEL_H_
#include <linux/types.h>
#include <linux/if.h>
#include <linux/ip.h>
#include <linux/in6.h>
#include <asm/byteorder.h>
#define SIOCGETTUNNEL (SIOCDEVPRIVATE + 0)
#define SIOCADDTUNNEL (SIOCDEVPRIVATE + 1)
#define SIOCDELTUNNEL (SIOCDEVPRIVATE + 2)
#define SIOCCHGTUNNEL (SIOCDEVPRIVATE + 3)
#define SIOCGETPRL (SIOCDEVPRIVATE + 4)
#define SIOCADDPRL (SIOCDEVPRIVATE + 5)
#define SIOCDELPRL (SIOCDEVPRIVATE + 6)
#define SIOCCHGPRL (SIOCDEVPRIVATE + 7)
#define SIOCGET6RD (SIOCDEVPRIVATE + 8)
#define SIOCADD6RD (SIOCDEVPRIVATE + 9)
#define SIOCDEL6RD (SIOCDEVPRIVATE + 10)
#define SIOCCHG6RD (SIOCDEVPRIVATE + 11)
#define GRE_CSUM __cpu_to_be16(0x8000)
#define GRE_ROUTING __cpu_to_be16(0x4000)
#define GRE_KEY __cpu_to_be16(0x2000)
#define GRE_SEQ __cpu_to_be16(0x1000)
#define GRE_STRICT __cpu_to_be16(0x0800)
#define GRE_REC __cpu_to_be16(0x0700)
#define GRE_ACK __cpu_to_be16(0x0080)
#define GRE_FLAGS __cpu_to_be16(0x0078)
#define GRE_VERSION __cpu_to_be16(0x0007)
#define GRE_IS_CSUM(f) ((f) & GRE_CSUM)
#define GRE_IS_ROUTING(f) ((f) & GRE_ROUTING)
#define GRE_IS_KEY(f) ((f) & GRE_KEY)
#define GRE_IS_SEQ(f) ((f) & GRE_SEQ)
#define GRE_IS_STRICT(f) ((f) & GRE_STRICT)
#define GRE_IS_REC(f) ((f) & GRE_REC)
#define GRE_IS_ACK(f) ((f) & GRE_ACK)
#define GRE_VERSION_0 __cpu_to_be16(0x0000)
#define GRE_VERSION_1 __cpu_to_be16(0x0001)
#define GRE_PROTO_PPP __cpu_to_be16(0x880b)
#define GRE_PPTP_KEY_MASK __cpu_to_be32(0xffff)
struct ip_tunnel_parm {
char name[IFNAMSIZ];
int link;
__be16 i_flags;
__be16 o_flags;
__be32 i_key;
__be32 o_key;
struct iphdr iph;
};
enum {
IFLA_IPTUN_UNSPEC,
IFLA_IPTUN_LINK,
IFLA_IPTUN_LOCAL,
IFLA_IPTUN_REMOTE,
IFLA_IPTUN_TTL,
IFLA_IPTUN_TOS,
IFLA_IPTUN_ENCAP_LIMIT,
IFLA_IPTUN_FLOWINFO,
IFLA_IPTUN_FLAGS,
IFLA_IPTUN_PROTO,
IFLA_IPTUN_PMTUDISC,
IFLA_IPTUN_6RD_PREFIX,
IFLA_IPTUN_6RD_RELAY_PREFIX,
IFLA_IPTUN_6RD_PREFIXLEN,
IFLA_IPTUN_6RD_RELAY_PREFIXLEN,
IFLA_IPTUN_ENCAP_TYPE,
IFLA_IPTUN_ENCAP_FLAGS,
IFLA_IPTUN_ENCAP_SPORT,
IFLA_IPTUN_ENCAP_DPORT,
IFLA_IPTUN_COLLECT_METADATA,
IFLA_IPTUN_FWMARK,
__IFLA_IPTUN_MAX,
};
#define IFLA_IPTUN_MAX (__IFLA_IPTUN_MAX - 1)
enum tunnel_encap_types {
TUNNEL_ENCAP_NONE,
TUNNEL_ENCAP_FOU,
TUNNEL_ENCAP_GUE,
TUNNEL_ENCAP_MPLS,
};
#define TUNNEL_ENCAP_FLAG_CSUM (1<<0)
#define TUNNEL_ENCAP_FLAG_CSUM6 (1<<1)
#define TUNNEL_ENCAP_FLAG_REMCSUM (1<<2)
/* SIT-mode i_flags */
#define SIT_ISATAP 0x0001
struct ip_tunnel_prl {
__be32 addr;
__u16 flags;
__u16 __reserved;
__u32 datalen;
__u32 __reserved2;
/* data follows */
};
/* PRL flags */
#define PRL_DEFAULT 0x0001
struct ip_tunnel_6rd {
struct in6_addr prefix;
__be32 relay_prefix;
__u16 prefixlen;
__u16 relay_prefixlen;
};
enum {
IFLA_GRE_UNSPEC,
IFLA_GRE_LINK,
IFLA_GRE_IFLAGS,
IFLA_GRE_OFLAGS,
IFLA_GRE_IKEY,
IFLA_GRE_OKEY,
IFLA_GRE_LOCAL,
IFLA_GRE_REMOTE,
IFLA_GRE_TTL,
IFLA_GRE_TOS,
IFLA_GRE_PMTUDISC,
IFLA_GRE_ENCAP_LIMIT,
IFLA_GRE_FLOWINFO,
IFLA_GRE_FLAGS,
IFLA_GRE_ENCAP_TYPE,
IFLA_GRE_ENCAP_FLAGS,
IFLA_GRE_ENCAP_SPORT,
IFLA_GRE_ENCAP_DPORT,
IFLA_GRE_COLLECT_METADATA,
IFLA_GRE_IGNORE_DF,
IFLA_GRE_FWMARK,
IFLA_GRE_ERSPAN_INDEX,
IFLA_GRE_ERSPAN_VER,
IFLA_GRE_ERSPAN_DIR,
IFLA_GRE_ERSPAN_HWID,
__IFLA_GRE_MAX,
};
#define IFLA_GRE_MAX (__IFLA_GRE_MAX - 1)
/* VTI-mode i_flags */
#define VTI_ISVTI ((__be16)0x0001)
enum {
IFLA_VTI_UNSPEC,
IFLA_VTI_LINK,
IFLA_VTI_IKEY,
IFLA_VTI_OKEY,
IFLA_VTI_LOCAL,
IFLA_VTI_REMOTE,
IFLA_VTI_FWMARK,
__IFLA_VTI_MAX,
};
#define IFLA_VTI_MAX (__IFLA_VTI_MAX - 1)
#endif /* _IF_TUNNEL_H_ */

65
libnl/include/linux-private/linux/if_vlan.h Normal file
View file

@ -0,0 +1,65 @@
/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* VLAN An implementation of 802.1Q VLAN tagging.
*
* Authors: Ben Greear <greearb@candelatech.com>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
*/
#ifndef _LINUX_IF_VLAN_H_
#define _LINUX_IF_VLAN_H_
/* VLAN IOCTLs are found in sockios.h */
/* Passed in vlan_ioctl_args structure to determine behaviour. */
enum vlan_ioctl_cmds {
ADD_VLAN_CMD,
DEL_VLAN_CMD,
SET_VLAN_INGRESS_PRIORITY_CMD,
SET_VLAN_EGRESS_PRIORITY_CMD,
GET_VLAN_INGRESS_PRIORITY_CMD,
GET_VLAN_EGRESS_PRIORITY_CMD,
SET_VLAN_NAME_TYPE_CMD,
SET_VLAN_FLAG_CMD,
GET_VLAN_REALDEV_NAME_CMD, /* If this works, you know it's a VLAN device, btw */
GET_VLAN_VID_CMD /* Get the VID of this VLAN (specified by name) */
};
enum vlan_flags {
VLAN_FLAG_REORDER_HDR = 0x1,
VLAN_FLAG_GVRP = 0x2,
VLAN_FLAG_LOOSE_BINDING = 0x4,
VLAN_FLAG_MVRP = 0x8,
};
enum vlan_name_types {
VLAN_NAME_TYPE_PLUS_VID, /* Name will look like: vlan0005 */
VLAN_NAME_TYPE_RAW_PLUS_VID, /* name will look like: eth1.0005 */
VLAN_NAME_TYPE_PLUS_VID_NO_PAD, /* Name will look like: vlan5 */
VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD, /* Name will look like: eth0.5 */
VLAN_NAME_TYPE_HIGHEST
};
struct vlan_ioctl_args {
int cmd; /* Should be one of the vlan_ioctl_cmds enum above. */
char device1[24];
union {
char device2[24];
int VID;
unsigned int skb_priority;
unsigned int name_type;
unsigned int bind_type;
unsigned int flag; /* Matches vlan_dev_priv flags */
} u;
short vlan_qos;
};
#endif /* _LINUX_IF_VLAN_H_ */

301
libnl/include/linux-private/linux/in.h Normal file
View file

@ -0,0 +1,301 @@
/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* INET An implementation of the TCP/IP protocol suite for the LINUX
* operating system. INET is implemented using the BSD Socket
* interface as the means of communication with the user level.
*
* Definitions of the Internet Protocol.
*
* Version: @(#)in.h 1.0.1 04/21/93
*
* Authors: Original taken from the GNU Project <netinet/in.h> file.
* Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#ifndef _LINUX_IN_H
#define _LINUX_IN_H
#include <linux/types.h>
#include <linux/libc-compat.h>
#include <linux/socket.h>
#if __UAPI_DEF_IN_IPPROTO
/* Standard well-defined IP protocols. */
enum {
IPPROTO_IP = 0, /* Dummy protocol for TCP */
#define IPPROTO_IP IPPROTO_IP
IPPROTO_ICMP = 1, /* Internet Control Message Protocol */
#define IPPROTO_ICMP IPPROTO_ICMP
IPPROTO_IGMP = 2, /* Internet Group Management Protocol */
#define IPPROTO_IGMP IPPROTO_IGMP
IPPROTO_IPIP = 4, /* IPIP tunnels (older KA9Q tunnels use 94) */
#define IPPROTO_IPIP IPPROTO_IPIP
IPPROTO_TCP = 6, /* Transmission Control Protocol */
#define IPPROTO_TCP IPPROTO_TCP
IPPROTO_EGP = 8, /* Exterior Gateway Protocol */
#define IPPROTO_EGP IPPROTO_EGP
IPPROTO_PUP = 12, /* PUP protocol */
#define IPPROTO_PUP IPPROTO_PUP
IPPROTO_UDP = 17, /* User Datagram Protocol */
#define IPPROTO_UDP IPPROTO_UDP
IPPROTO_IDP = 22, /* XNS IDP protocol */
#define IPPROTO_IDP IPPROTO_IDP
IPPROTO_TP = 29, /* SO Transport Protocol Class 4 */
#define IPPROTO_TP IPPROTO_TP
IPPROTO_DCCP = 33, /* Datagram Congestion Control Protocol */
#define IPPROTO_DCCP IPPROTO_DCCP
IPPROTO_IPV6 = 41, /* IPv6-in-IPv4 tunnelling */
#define IPPROTO_IPV6 IPPROTO_IPV6
IPPROTO_RSVP = 46, /* RSVP Protocol */
#define IPPROTO_RSVP IPPROTO_RSVP
IPPROTO_GRE = 47, /* Cisco GRE tunnels (rfc 1701,1702) */
#define IPPROTO_GRE IPPROTO_GRE
IPPROTO_ESP = 50, /* Encapsulation Security Payload protocol */
#define IPPROTO_ESP IPPROTO_ESP
IPPROTO_AH = 51, /* Authentication Header protocol */
#define IPPROTO_AH IPPROTO_AH
IPPROTO_MTP = 92, /* Multicast Transport Protocol */
#define IPPROTO_MTP IPPROTO_MTP
IPPROTO_BEETPH = 94, /* IP option pseudo header for BEET */
#define IPPROTO_BEETPH IPPROTO_BEETPH
IPPROTO_ENCAP = 98, /* Encapsulation Header */
#define IPPROTO_ENCAP IPPROTO_ENCAP
IPPROTO_PIM = 103, /* Protocol Independent Multicast */
#define IPPROTO_PIM IPPROTO_PIM
IPPROTO_COMP = 108, /* Compression Header Protocol */
#define IPPROTO_COMP IPPROTO_COMP
IPPROTO_SCTP = 132, /* Stream Control Transport Protocol */
#define IPPROTO_SCTP IPPROTO_SCTP
IPPROTO_UDPLITE = 136, /* UDP-Lite (RFC 3828) */
#define IPPROTO_UDPLITE IPPROTO_UDPLITE
IPPROTO_MPLS = 137, /* MPLS in IP (RFC 4023) */
#define IPPROTO_MPLS IPPROTO_MPLS
IPPROTO_RAW = 255, /* Raw IP packets */
#define IPPROTO_RAW IPPROTO_RAW
IPPROTO_MAX
};
#endif
#if __UAPI_DEF_IN_ADDR
/* Internet address. */
struct in_addr {
__be32 s_addr;
};
#endif
#define IP_TOS 1
#define IP_TTL 2
#define IP_HDRINCL 3
#define IP_OPTIONS 4
#define IP_ROUTER_ALERT 5
#define IP_RECVOPTS 6
#define IP_RETOPTS 7
#define IP_PKTINFO 8
#define IP_PKTOPTIONS 9
#define IP_MTU_DISCOVER 10
#define IP_RECVERR 11
#define IP_RECVTTL 12
#define IP_RECVTOS 13
#define IP_MTU 14
#define IP_FREEBIND 15
#define IP_IPSEC_POLICY 16
#define IP_XFRM_POLICY 17
#define IP_PASSSEC 18
#define IP_TRANSPARENT 19
/* BSD compatibility */
#define IP_RECVRETOPTS IP_RETOPTS
/* TProxy original addresses */
#define IP_ORIGDSTADDR 20
#define IP_RECVORIGDSTADDR IP_ORIGDSTADDR
#define IP_MINTTL 21
#define IP_NODEFRAG 22
#define IP_CHECKSUM 23
#define IP_BIND_ADDRESS_NO_PORT 24
#define IP_RECVFRAGSIZE 25
/* IP_MTU_DISCOVER values */
#define IP_PMTUDISC_DONT 0 /* Never send DF frames */
#define IP_PMTUDISC_WANT 1 /* Use per route hints */
#define IP_PMTUDISC_DO 2 /* Always DF */
#define IP_PMTUDISC_PROBE 3 /* Ignore dst pmtu */
/* Always use interface mtu (ignores dst pmtu) but don't set DF flag.
* Also incoming ICMP frag_needed notifications will be ignored on
* this socket to prevent accepting spoofed ones.
*/
#define IP_PMTUDISC_INTERFACE 4
/* weaker version of IP_PMTUDISC_INTERFACE, which allos packets to get
* fragmented if they exeed the interface mtu
*/
#define IP_PMTUDISC_OMIT 5
#define IP_MULTICAST_IF 32
#define IP_MULTICAST_TTL 33
#define IP_MULTICAST_LOOP 34
#define IP_ADD_MEMBERSHIP 35
#define IP_DROP_MEMBERSHIP 36
#define IP_UNBLOCK_SOURCE 37
#define IP_BLOCK_SOURCE 38
#define IP_ADD_SOURCE_MEMBERSHIP 39
#define IP_DROP_SOURCE_MEMBERSHIP 40
#define IP_MSFILTER 41
#define MCAST_JOIN_GROUP 42
#define MCAST_BLOCK_SOURCE 43
#define MCAST_UNBLOCK_SOURCE 44
#define MCAST_LEAVE_GROUP 45
#define MCAST_JOIN_SOURCE_GROUP 46
#define MCAST_LEAVE_SOURCE_GROUP 47
#define MCAST_MSFILTER 48
#define IP_MULTICAST_ALL 49
#define IP_UNICAST_IF 50
#define MCAST_EXCLUDE 0
#define MCAST_INCLUDE 1
/* These need to appear somewhere around here */
#define IP_DEFAULT_MULTICAST_TTL 1
#define IP_DEFAULT_MULTICAST_LOOP 1
/* Request struct for multicast socket ops */
#if __UAPI_DEF_IP_MREQ
struct ip_mreq {
struct in_addr imr_multiaddr; /* IP multicast address of group */
struct in_addr imr_interface; /* local IP address of interface */
};
struct ip_mreqn {
struct in_addr imr_multiaddr; /* IP multicast address of group */
struct in_addr imr_address; /* local IP address of interface */
int imr_ifindex; /* Interface index */
};
struct ip_mreq_source {
__be32 imr_multiaddr;
__be32 imr_interface;
__be32 imr_sourceaddr;
};
struct ip_msfilter {
__be32 imsf_multiaddr;
__be32 imsf_interface;
__u32 imsf_fmode;
__u32 imsf_numsrc;
__be32 imsf_slist[1];
};
#define IP_MSFILTER_SIZE(numsrc) \
(sizeof(struct ip_msfilter) - sizeof(__u32) \
+ (numsrc) * sizeof(__u32))
struct group_req {
__u32 gr_interface; /* interface index */
struct __kernel_sockaddr_storage gr_group; /* group address */
};
struct group_source_req {
__u32 gsr_interface; /* interface index */
struct __kernel_sockaddr_storage gsr_group; /* group address */
struct __kernel_sockaddr_storage gsr_source; /* source address */
};
struct group_filter {
__u32 gf_interface; /* interface index */
struct __kernel_sockaddr_storage gf_group; /* multicast address */
__u32 gf_fmode; /* filter mode */
__u32 gf_numsrc; /* number of sources */
struct __kernel_sockaddr_storage gf_slist[1]; /* interface index */
};
#define GROUP_FILTER_SIZE(numsrc) \
(sizeof(struct group_filter) - sizeof(struct __kernel_sockaddr_storage) \
+ (numsrc) * sizeof(struct __kernel_sockaddr_storage))
#endif
#if __UAPI_DEF_IN_PKTINFO
struct in_pktinfo {
int ipi_ifindex;
struct in_addr ipi_spec_dst;
struct in_addr ipi_addr;
};
#endif
/* Structure describing an Internet (IP) socket address. */
#if __UAPI_DEF_SOCKADDR_IN
#define __SOCK_SIZE__ 16 /* sizeof(struct sockaddr) */
struct sockaddr_in {
__kernel_sa_family_t sin_family; /* Address family */
__be16 sin_port; /* Port number */
struct in_addr sin_addr; /* Internet address */
/* Pad to size of `struct sockaddr'. */
unsigned char __pad[__SOCK_SIZE__ - sizeof(short int) -
sizeof(unsigned short int) - sizeof(struct in_addr)];
};
#define sin_zero __pad /* for BSD UNIX comp. -FvK */
#endif
#if __UAPI_DEF_IN_CLASS
/*
* Definitions of the bits in an Internet address integer.
* On subnets, host and network parts are found according
* to the subnet mask, not these masks.
*/
#define IN_CLASSA(a) ((((long int) (a)) & 0x80000000) == 0)
#define IN_CLASSA_NET 0xff000000
#define IN_CLASSA_NSHIFT 24
#define IN_CLASSA_HOST (0xffffffff & ~IN_CLASSA_NET)
#define IN_CLASSA_MAX 128
#define IN_CLASSB(a) ((((long int) (a)) & 0xc0000000) == 0x80000000)
#define IN_CLASSB_NET 0xffff0000
#define IN_CLASSB_NSHIFT 16
#define IN_CLASSB_HOST (0xffffffff & ~IN_CLASSB_NET)
#define IN_CLASSB_MAX 65536
#define IN_CLASSC(a) ((((long int) (a)) & 0xe0000000) == 0xc0000000)
#define IN_CLASSC_NET 0xffffff00
#define IN_CLASSC_NSHIFT 8
#define IN_CLASSC_HOST (0xffffffff & ~IN_CLASSC_NET)
#define IN_CLASSD(a) ((((long int) (a)) & 0xf0000000) == 0xe0000000)
#define IN_MULTICAST(a) IN_CLASSD(a)
#define IN_MULTICAST_NET 0xF0000000
#define IN_EXPERIMENTAL(a) ((((long int) (a)) & 0xf0000000) == 0xf0000000)
#define IN_BADCLASS(a) IN_EXPERIMENTAL((a))
/* Address to accept any incoming messages. */
#define INADDR_ANY ((unsigned long int) 0x00000000)
/* Address to send to all hosts. */
#define INADDR_BROADCAST ((unsigned long int) 0xffffffff)
/* Address indicating an error return. */
#define INADDR_NONE ((unsigned long int) 0xffffffff)
/* Network number for local host loopback. */
#define IN_LOOPBACKNET 127
/* Address to loopback in software to local host. */
#define INADDR_LOOPBACK 0x7f000001 /* 127.0.0.1 */
#define IN_LOOPBACK(a) ((((long int) (a)) & 0xff000000) == 0x7f000000)
/* Defines for Multicast INADDR */
#define INADDR_UNSPEC_GROUP 0xe0000000U /* 224.0.0.0 */
#define INADDR_ALLHOSTS_GROUP 0xe0000001U /* 224.0.0.1 */
#define INADDR_ALLRTRS_GROUP 0xe0000002U /* 224.0.0.2 */
#define INADDR_MAX_LOCAL_GROUP 0xe00000ffU /* 224.0.0.255 */
#endif
/* <asm/byteorder.h> contains the htonl type stuff.. */
#include <asm/byteorder.h>
#endif /* _LINUX_IN_H */

298
libnl/include/linux-private/linux/in6.h Normal file
View file

@ -0,0 +1,298 @@
/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* Types and definitions for AF_INET6
* Linux INET6 implementation
*
* Authors:
* Pedro Roque <roque@di.fc.ul.pt>
*
* Sources:
* IPv6 Program Interfaces for BSD Systems
* <draft-ietf-ipngwg-bsd-api-05.txt>
*
* Advanced Sockets API for IPv6
* <draft-stevens-advanced-api-00.txt>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#ifndef _LINUX_IN6_H
#define _LINUX_IN6_H
#include <linux/types.h>
#include <linux/libc-compat.h>
/*
* IPv6 address structure
*/
#if __UAPI_DEF_IN6_ADDR
struct in6_addr {
union {
__u8 u6_addr8[16];
#if __UAPI_DEF_IN6_ADDR_ALT
__be16 u6_addr16[8];
__be32 u6_addr32[4];
#endif
} in6_u;
#define s6_addr in6_u.u6_addr8
#if __UAPI_DEF_IN6_ADDR_ALT
#define s6_addr16 in6_u.u6_addr16
#define s6_addr32 in6_u.u6_addr32
#endif
};
#endif /* __UAPI_DEF_IN6_ADDR */
#if __UAPI_DEF_SOCKADDR_IN6
struct sockaddr_in6 {
unsigned short int sin6_family; /* AF_INET6 */
__be16 sin6_port; /* Transport layer port # */
__be32 sin6_flowinfo; /* IPv6 flow information */
struct in6_addr sin6_addr; /* IPv6 address */
__u32 sin6_scope_id; /* scope id (new in RFC2553) */
};
#endif /* __UAPI_DEF_SOCKADDR_IN6 */
#if __UAPI_DEF_IPV6_MREQ
struct ipv6_mreq {
/* IPv6 multicast address of group */
struct in6_addr ipv6mr_multiaddr;
/* local IPv6 address of interface */
int ipv6mr_ifindex;
};
#endif /* __UAPI_DEF_IVP6_MREQ */
#define ipv6mr_acaddr ipv6mr_multiaddr
struct in6_flowlabel_req {
struct in6_addr flr_dst;
__be32 flr_label;
__u8 flr_action;
__u8 flr_share;
__u16 flr_flags;
__u16 flr_expires;
__u16 flr_linger;
__u32 __flr_pad;
/* Options in format of IPV6_PKTOPTIONS */
};
#define IPV6_FL_A_GET 0
#define IPV6_FL_A_PUT 1
#define IPV6_FL_A_RENEW 2
#define IPV6_FL_F_CREATE 1
#define IPV6_FL_F_EXCL 2
#define IPV6_FL_F_REFLECT 4
#define IPV6_FL_F_REMOTE 8
#define IPV6_FL_S_NONE 0
#define IPV6_FL_S_EXCL 1
#define IPV6_FL_S_PROCESS 2
#define IPV6_FL_S_USER 3
#define IPV6_FL_S_ANY 255
/*
* Bitmask constant declarations to help applications select out the
* flow label and priority fields.
*
* Note that this are in host byte order while the flowinfo field of
* sockaddr_in6 is in network byte order.
*/
#define IPV6_FLOWINFO_FLOWLABEL 0x000fffff
#define IPV6_FLOWINFO_PRIORITY 0x0ff00000
/* These definitions are obsolete */
#define IPV6_PRIORITY_UNCHARACTERIZED 0x0000
#define IPV6_PRIORITY_FILLER 0x0100
#define IPV6_PRIORITY_UNATTENDED 0x0200
#define IPV6_PRIORITY_RESERVED1 0x0300
#define IPV6_PRIORITY_BULK 0x0400
#define IPV6_PRIORITY_RESERVED2 0x0500
#define IPV6_PRIORITY_INTERACTIVE 0x0600
#define IPV6_PRIORITY_CONTROL 0x0700
#define IPV6_PRIORITY_8 0x0800
#define IPV6_PRIORITY_9 0x0900
#define IPV6_PRIORITY_10 0x0a00
#define IPV6_PRIORITY_11 0x0b00
#define IPV6_PRIORITY_12 0x0c00
#define IPV6_PRIORITY_13 0x0d00
#define IPV6_PRIORITY_14 0x0e00
#define IPV6_PRIORITY_15 0x0f00
/*
* IPV6 extension headers
*/
#if __UAPI_DEF_IPPROTO_V6
#define IPPROTO_HOPOPTS 0 /* IPv6 hop-by-hop options */
#define IPPROTO_ROUTING 43 /* IPv6 routing header */
#define IPPROTO_FRAGMENT 44 /* IPv6 fragmentation header */
#define IPPROTO_ICMPV6 58 /* ICMPv6 */
#define IPPROTO_NONE 59 /* IPv6 no next header */
#define IPPROTO_DSTOPTS 60 /* IPv6 destination options */
#define IPPROTO_MH 135 /* IPv6 mobility header */
#endif /* __UAPI_DEF_IPPROTO_V6 */
/*
* IPv6 TLV options.
*/
#define IPV6_TLV_PAD1 0
#define IPV6_TLV_PADN 1
#define IPV6_TLV_ROUTERALERT 5
#define IPV6_TLV_CALIPSO 7 /* RFC 5570 */
#define IPV6_TLV_JUMBO 194
#define IPV6_TLV_HAO 201 /* home address option */
/*
* IPV6 socket options
*/
#if __UAPI_DEF_IPV6_OPTIONS
#define IPV6_ADDRFORM 1
#define IPV6_2292PKTINFO 2
#define IPV6_2292HOPOPTS 3
#define IPV6_2292DSTOPTS 4
#define IPV6_2292RTHDR 5
#define IPV6_2292PKTOPTIONS 6
#define IPV6_CHECKSUM 7
#define IPV6_2292HOPLIMIT 8
#define IPV6_NEXTHOP 9
#define IPV6_AUTHHDR 10 /* obsolete */
#define IPV6_FLOWINFO 11
#define IPV6_UNICAST_HOPS 16
#define IPV6_MULTICAST_IF 17
#define IPV6_MULTICAST_HOPS 18
#define IPV6_MULTICAST_LOOP 19
#define IPV6_ADD_MEMBERSHIP 20
#define IPV6_DROP_MEMBERSHIP 21
#define IPV6_ROUTER_ALERT 22
#define IPV6_MTU_DISCOVER 23
#define IPV6_MTU 24
#define IPV6_RECVERR 25
#define IPV6_V6ONLY 26
#define IPV6_JOIN_ANYCAST 27
#define IPV6_LEAVE_ANYCAST 28
/* IPV6_MTU_DISCOVER values */
#define IPV6_PMTUDISC_DONT 0
#define IPV6_PMTUDISC_WANT 1
#define IPV6_PMTUDISC_DO 2
#define IPV6_PMTUDISC_PROBE 3
/* same as IPV6_PMTUDISC_PROBE, provided for symetry with IPv4
* also see comments on IP_PMTUDISC_INTERFACE
*/
#define IPV6_PMTUDISC_INTERFACE 4
/* weaker version of IPV6_PMTUDISC_INTERFACE, which allows packets to
* get fragmented if they exceed the interface mtu
*/
#define IPV6_PMTUDISC_OMIT 5
/* Flowlabel */
#define IPV6_FLOWLABEL_MGR 32
#define IPV6_FLOWINFO_SEND 33
#define IPV6_IPSEC_POLICY 34
#define IPV6_XFRM_POLICY 35
#define IPV6_HDRINCL 36
#endif
/*
* Multicast:
* Following socket options are shared between IPv4 and IPv6.
*
* MCAST_JOIN_GROUP 42
* MCAST_BLOCK_SOURCE 43
* MCAST_UNBLOCK_SOURCE 44
* MCAST_LEAVE_GROUP 45
* MCAST_JOIN_SOURCE_GROUP 46
* MCAST_LEAVE_SOURCE_GROUP 47
* MCAST_MSFILTER 48
*/
/*
* Advanced API (RFC3542) (1)
*
* Note: IPV6_RECVRTHDRDSTOPTS does not exist. see net/ipv6/datagram.c.
*/
#define IPV6_RECVPKTINFO 49
#define IPV6_PKTINFO 50
#define IPV6_RECVHOPLIMIT 51
#define IPV6_HOPLIMIT 52
#define IPV6_RECVHOPOPTS 53
#define IPV6_HOPOPTS 54
#define IPV6_RTHDRDSTOPTS 55
#define IPV6_RECVRTHDR 56
#define IPV6_RTHDR 57
#define IPV6_RECVDSTOPTS 58
#define IPV6_DSTOPTS 59
#define IPV6_RECVPATHMTU 60
#define IPV6_PATHMTU 61
#define IPV6_DONTFRAG 62
#if 0 /* not yet */
#define IPV6_USE_MIN_MTU 63
#endif
/*
* Netfilter (1)
*
* Following socket options are used in ip6_tables;
* see include/linux/netfilter_ipv6/ip6_tables.h.
*
* IP6T_SO_SET_REPLACE / IP6T_SO_GET_INFO 64
* IP6T_SO_SET_ADD_COUNTERS / IP6T_SO_GET_ENTRIES 65
*/
/*
* Advanced API (RFC3542) (2)
*/
#define IPV6_RECVTCLASS 66
#define IPV6_TCLASS 67
/*
* Netfilter (2)
*
* Following socket options are used in ip6_tables;
* see include/linux/netfilter_ipv6/ip6_tables.h.
*
* IP6T_SO_GET_REVISION_MATCH 68
* IP6T_SO_GET_REVISION_TARGET 69
* IP6T_SO_ORIGINAL_DST 80
*/
#define IPV6_AUTOFLOWLABEL 70
/* RFC5014: Source address selection */
#define IPV6_ADDR_PREFERENCES 72
#define IPV6_PREFER_SRC_TMP 0x0001
#define IPV6_PREFER_SRC_PUBLIC 0x0002
#define IPV6_PREFER_SRC_PUBTMP_DEFAULT 0x0100
#define IPV6_PREFER_SRC_COA 0x0004
#define IPV6_PREFER_SRC_HOME 0x0400
#define IPV6_PREFER_SRC_CGA 0x0008
#define IPV6_PREFER_SRC_NONCGA 0x0800
/* RFC5082: Generalized Ttl Security Mechanism */
#define IPV6_MINHOPCOUNT 73
#define IPV6_ORIGDSTADDR 74
#define IPV6_RECVORIGDSTADDR IPV6_ORIGDSTADDR
#define IPV6_TRANSPARENT 75
#define IPV6_UNICAST_IF 76
#define IPV6_RECVFRAGSIZE 77
#define IPV6_FREEBIND 78
/*
* Multicast Routing:
* see include/uapi/linux/mroute6.h.
*
* MRT6_BASE 200
* ...
* MRT6_MAX
*/
#endif /* _LINUX_IN6_H */

205
libnl/include/linux-private/linux/inet_diag.h Normal file
View file

@ -0,0 +1,205 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _INET_DIAG_H_
#define _INET_DIAG_H_
#include <linux/types.h>
/* Just some random number */
#define TCPDIAG_GETSOCK 18
#define DCCPDIAG_GETSOCK 19
#define INET_DIAG_GETSOCK_MAX 24
/* Socket identity */
struct inet_diag_sockid {
__be16 idiag_sport;
__be16 idiag_dport;
__be32 idiag_src[4];
__be32 idiag_dst[4];
__u32 idiag_if;
__u32 idiag_cookie[2];
#define INET_DIAG_NOCOOKIE (~0U)
};
/* Request structure */
struct inet_diag_req {
__u8 idiag_family; /* Family of addresses. */
__u8 idiag_src_len;
__u8 idiag_dst_len;
__u8 idiag_ext; /* Query extended information */
struct inet_diag_sockid id;
__u32 idiag_states; /* States to dump */
__u32 idiag_dbs; /* Tables to dump (NI) */
};
struct inet_diag_req_v2 {
__u8 sdiag_family;
__u8 sdiag_protocol;
__u8 idiag_ext;
__u8 pad;
__u32 idiag_states;
struct inet_diag_sockid id;
};
/*
* SOCK_RAW sockets require the underlied protocol to be
* additionally specified so we can use @pad member for
* this, but we can't rename it because userspace programs
* still may depend on this name. Instead lets use another
* structure definition as an alias for struct
* @inet_diag_req_v2.
*/
struct inet_diag_req_raw {
__u8 sdiag_family;
__u8 sdiag_protocol;
__u8 idiag_ext;
__u8 sdiag_raw_protocol;
__u32 idiag_states;
struct inet_diag_sockid id;
};
enum {
INET_DIAG_REQ_NONE,
INET_DIAG_REQ_BYTECODE,
};
#define INET_DIAG_REQ_MAX INET_DIAG_REQ_BYTECODE
/* Bytecode is sequence of 4 byte commands followed by variable arguments.
* All the commands identified by "code" are conditional jumps forward:
* to offset cc+"yes" or to offset cc+"no". "yes" is supposed to be
* length of the command and its arguments.
*/
struct inet_diag_bc_op {
unsigned char code;
unsigned char yes;
unsigned short no;
};
enum {
INET_DIAG_BC_NOP,
INET_DIAG_BC_JMP,
INET_DIAG_BC_S_GE,
INET_DIAG_BC_S_LE,
INET_DIAG_BC_D_GE,
INET_DIAG_BC_D_LE,
INET_DIAG_BC_AUTO,
INET_DIAG_BC_S_COND,
INET_DIAG_BC_D_COND,
INET_DIAG_BC_DEV_COND, /* u32 ifindex */
INET_DIAG_BC_MARK_COND,
INET_DIAG_BC_S_EQ,
INET_DIAG_BC_D_EQ,
};
struct inet_diag_hostcond {
__u8 family;
__u8 prefix_len;
int port;
__be32 addr[0];
};
struct inet_diag_markcond {
__u32 mark;
__u32 mask;
};
/* Base info structure. It contains socket identity (addrs/ports/cookie)
* and, alas, the information shown by netstat. */
struct inet_diag_msg {
__u8 idiag_family;
__u8 idiag_state;
__u8 idiag_timer;
__u8 idiag_retrans;
struct inet_diag_sockid id;
__u32 idiag_expires;
__u32 idiag_rqueue;
__u32 idiag_wqueue;
__u32 idiag_uid;
__u32 idiag_inode;
};
/* Extensions */
enum {
INET_DIAG_NONE,
INET_DIAG_MEMINFO,
INET_DIAG_INFO,
INET_DIAG_VEGASINFO,
INET_DIAG_CONG,
INET_DIAG_TOS,
INET_DIAG_TCLASS,
INET_DIAG_SKMEMINFO,
INET_DIAG_SHUTDOWN,
/*
* Next extenstions cannot be requested in struct inet_diag_req_v2:
* its field idiag_ext has only 8 bits.
*/
INET_DIAG_DCTCPINFO, /* request as INET_DIAG_VEGASINFO */
INET_DIAG_PROTOCOL, /* response attribute only */
INET_DIAG_SKV6ONLY,
INET_DIAG_LOCALS,
INET_DIAG_PEERS,
INET_DIAG_PAD,
INET_DIAG_MARK, /* only with CAP_NET_ADMIN */
INET_DIAG_BBRINFO, /* request as INET_DIAG_VEGASINFO */
INET_DIAG_CLASS_ID, /* request as INET_DIAG_TCLASS */
INET_DIAG_MD5SIG,
__INET_DIAG_MAX,
};
#define INET_DIAG_MAX (__INET_DIAG_MAX - 1)
/* INET_DIAG_MEM */
struct inet_diag_meminfo {
__u32 idiag_rmem;
__u32 idiag_wmem;
__u32 idiag_fmem;
__u32 idiag_tmem;
};
/* INET_DIAG_VEGASINFO */
struct tcpvegas_info {
__u32 tcpv_enabled;
__u32 tcpv_rttcnt;
__u32 tcpv_rtt;
__u32 tcpv_minrtt;
};
/* INET_DIAG_DCTCPINFO */
struct tcp_dctcp_info {
__u16 dctcp_enabled;
__u16 dctcp_ce_state;
__u32 dctcp_alpha;
__u32 dctcp_ab_ecn;
__u32 dctcp_ab_tot;
};
/* INET_DIAG_BBRINFO */
struct tcp_bbr_info {
/* u64 bw: max-filtered BW (app throughput) estimate in Byte per sec: */
__u32 bbr_bw_lo; /* lower 32 bits of bw */
__u32 bbr_bw_hi; /* upper 32 bits of bw */
__u32 bbr_min_rtt; /* min-filtered RTT in uSec */
__u32 bbr_pacing_gain; /* pacing gain shifted left 8 bits */
__u32 bbr_cwnd_gain; /* cwnd gain shifted left 8 bits */
};
union tcp_cc_info {
struct tcpvegas_info vegas;
struct tcp_dctcp_info dctcp;
struct tcp_bbr_info bbr;
};
#endif /* _INET_DIAG_H_ */

177
libnl/include/linux-private/linux/ip.h Normal file
View file

@ -0,0 +1,177 @@
/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* INET An implementation of the TCP/IP protocol suite for the LINUX
* operating system. INET is implemented using the BSD Socket
* interface as the means of communication with the user level.
*
* Definitions for the IP protocol.
*
* Version: @(#)ip.h 1.0.2 04/28/93
*
* Authors: Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#ifndef _LINUX_IP_H
#define _LINUX_IP_H
#include <linux/types.h>
#include <asm/byteorder.h>
#define IPTOS_TOS_MASK 0x1E
#define IPTOS_TOS(tos) ((tos)&IPTOS_TOS_MASK)
#define IPTOS_LOWDELAY 0x10
#define IPTOS_THROUGHPUT 0x08
#define IPTOS_RELIABILITY 0x04
#define IPTOS_MINCOST 0x02
#define IPTOS_PREC_MASK 0xE0
#define IPTOS_PREC(tos) ((tos)&IPTOS_PREC_MASK)
#define IPTOS_PREC_NETCONTROL 0xe0
#define IPTOS_PREC_INTERNETCONTROL 0xc0
#define IPTOS_PREC_CRITIC_ECP 0xa0
#define IPTOS_PREC_FLASHOVERRIDE 0x80
#define IPTOS_PREC_FLASH 0x60
#define IPTOS_PREC_IMMEDIATE 0x40
#define IPTOS_PREC_PRIORITY 0x20
#define IPTOS_PREC_ROUTINE 0x00
/* IP options */
#define IPOPT_COPY 0x80
#define IPOPT_CLASS_MASK 0x60
#define IPOPT_NUMBER_MASK 0x1f
#define IPOPT_COPIED(o) ((o)&IPOPT_COPY)
#define IPOPT_CLASS(o) ((o)&IPOPT_CLASS_MASK)
#define IPOPT_NUMBER(o) ((o)&IPOPT_NUMBER_MASK)
#define IPOPT_CONTROL 0x00
#define IPOPT_RESERVED1 0x20
#define IPOPT_MEASUREMENT 0x40
#define IPOPT_RESERVED2 0x60
#define IPOPT_END (0 |IPOPT_CONTROL)
#define IPOPT_NOOP (1 |IPOPT_CONTROL)
#define IPOPT_SEC (2 |IPOPT_CONTROL|IPOPT_COPY)
#define IPOPT_LSRR (3 |IPOPT_CONTROL|IPOPT_COPY)
#define IPOPT_TIMESTAMP (4 |IPOPT_MEASUREMENT)
#define IPOPT_CIPSO (6 |IPOPT_CONTROL|IPOPT_COPY)
#define IPOPT_RR (7 |IPOPT_CONTROL)
#define IPOPT_SID (8 |IPOPT_CONTROL|IPOPT_COPY)
#define IPOPT_SSRR (9 |IPOPT_CONTROL|IPOPT_COPY)
#define IPOPT_RA (20|IPOPT_CONTROL|IPOPT_COPY)
#define IPVERSION 4
#define MAXTTL 255
#define IPDEFTTL 64
#define IPOPT_OPTVAL 0
#define IPOPT_OLEN 1
#define IPOPT_OFFSET 2
#define IPOPT_MINOFF 4
#define MAX_IPOPTLEN 40
#define IPOPT_NOP IPOPT_NOOP
#define IPOPT_EOL IPOPT_END
#define IPOPT_TS IPOPT_TIMESTAMP
#define IPOPT_TS_TSONLY 0 /* timestamps only */
#define IPOPT_TS_TSANDADDR 1 /* timestamps and addresses */
#define IPOPT_TS_PRESPEC 3 /* specified modules only */
#define IPV4_BEET_PHMAXLEN 8
struct iphdr {
#if defined(__LITTLE_ENDIAN_BITFIELD)
__u8 ihl:4,
version:4;
#elif defined (__BIG_ENDIAN_BITFIELD)
__u8 version:4,
ihl:4;
#else
#error "Please fix <asm/byteorder.h>"
#endif
__u8 tos;
__be16 tot_len;
__be16 id;
__be16 frag_off;
__u8 ttl;
__u8 protocol;
__sum16 check;
__be32 saddr;
__be32 daddr;
/*The options start here. */
};
struct ip_auth_hdr {
__u8 nexthdr;
__u8 hdrlen; /* This one is measured in 32 bit units! */
__be16 reserved;
__be32 spi;
__be32 seq_no; /* Sequence number */
__u8 auth_data[0]; /* Variable len but >=4. Mind the 64 bit alignment! */
};
struct ip_esp_hdr {
__be32 spi;
__be32 seq_no; /* Sequence number */
__u8 enc_data[0]; /* Variable len but >=8. Mind the 64 bit alignment! */
};
struct ip_comp_hdr {
__u8 nexthdr;
__u8 flags;
__be16 cpi;
};
struct ip_beet_phdr {
__u8 nexthdr;
__u8 hdrlen;
__u8 padlen;
__u8 reserved;
};
/* index values for the variables in ipv4_devconf */
enum
{
IPV4_DEVCONF_FORWARDING=1,
IPV4_DEVCONF_MC_FORWARDING,
IPV4_DEVCONF_PROXY_ARP,
IPV4_DEVCONF_ACCEPT_REDIRECTS,
IPV4_DEVCONF_SECURE_REDIRECTS,
IPV4_DEVCONF_SEND_REDIRECTS,
IPV4_DEVCONF_SHARED_MEDIA,
IPV4_DEVCONF_RP_FILTER,
IPV4_DEVCONF_ACCEPT_SOURCE_ROUTE,
IPV4_DEVCONF_BOOTP_RELAY,
IPV4_DEVCONF_LOG_MARTIANS,
IPV4_DEVCONF_TAG,
IPV4_DEVCONF_ARPFILTER,
IPV4_DEVCONF_MEDIUM_ID,
IPV4_DEVCONF_NOXFRM,
IPV4_DEVCONF_NOPOLICY,
IPV4_DEVCONF_FORCE_IGMP_VERSION,
IPV4_DEVCONF_ARP_ANNOUNCE,
IPV4_DEVCONF_ARP_IGNORE,
IPV4_DEVCONF_PROMOTE_SECONDARIES,
IPV4_DEVCONF_ARP_ACCEPT,
IPV4_DEVCONF_ARP_NOTIFY,
IPV4_DEVCONF_ACCEPT_LOCAL,
IPV4_DEVCONF_SRC_VMARK,
IPV4_DEVCONF_PROXY_ARP_PVLAN,
IPV4_DEVCONF_ROUTE_LOCALNET,
IPV4_DEVCONF_IGMPV2_UNSOLICITED_REPORT_INTERVAL,
IPV4_DEVCONF_IGMPV3_UNSOLICITED_REPORT_INTERVAL,
IPV4_DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN,
IPV4_DEVCONF_DROP_UNICAST_IN_L2_MULTICAST,
IPV4_DEVCONF_DROP_GRATUITOUS_ARP,
IPV4_DEVCONF_BC_FORWARDING,
__IPV4_DEVCONF_MAX
};
#define IPV4_DEVCONF_MAX (__IPV4_DEVCONF_MAX - 1)
#endif /* _LINUX_IP_H */

194
libnl/include/linux-private/linux/ipv6.h Normal file
View file

@ -0,0 +1,194 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _IPV6_H
#define _IPV6_H
#include <linux/libc-compat.h>
#include <linux/types.h>
#include <linux/in6.h>
#include <asm/byteorder.h>
/* The latest drafts declared increase in minimal mtu up to 1280. */
#define IPV6_MIN_MTU 1280
/*
* Advanced API
* source interface/address selection, source routing, etc...
* *under construction*
*/
#if __UAPI_DEF_IN6_PKTINFO
struct in6_pktinfo {
struct in6_addr ipi6_addr;
int ipi6_ifindex;
};
#endif
#if __UAPI_DEF_IP6_MTUINFO
struct ip6_mtuinfo {
struct sockaddr_in6 ip6m_addr;
__u32 ip6m_mtu;
};
#endif
struct in6_ifreq {
struct in6_addr ifr6_addr;
__u32 ifr6_prefixlen;
int ifr6_ifindex;
};
#define IPV6_SRCRT_STRICT 0x01 /* Deprecated; will be removed */
#define IPV6_SRCRT_TYPE_0 0 /* Deprecated; will be removed */
#define IPV6_SRCRT_TYPE_2 2 /* IPv6 type 2 Routing Header */
#define IPV6_SRCRT_TYPE_4 4 /* Segment Routing with IPv6 */
/*
* routing header
*/
struct ipv6_rt_hdr {
__u8 nexthdr;
__u8 hdrlen;
__u8 type;
__u8 segments_left;
/*
* type specific data
* variable length field
*/
};
struct ipv6_opt_hdr {
__u8 nexthdr;
__u8 hdrlen;
/*
* TLV encoded option data follows.
*/
} __attribute__((packed)); /* required for some archs */
#define ipv6_destopt_hdr ipv6_opt_hdr
#define ipv6_hopopt_hdr ipv6_opt_hdr
/* Router Alert option values (RFC2711) */
#define IPV6_OPT_ROUTERALERT_MLD 0x0000 /* MLD(RFC2710) */
/*
* routing header type 0 (used in cmsghdr struct)
*/
struct rt0_hdr {
struct ipv6_rt_hdr rt_hdr;
__u32 reserved;
struct in6_addr addr[0];
#define rt0_type rt_hdr.type
};
/*
* routing header type 2
*/
struct rt2_hdr {
struct ipv6_rt_hdr rt_hdr;
__u32 reserved;
struct in6_addr addr;
#define rt2_type rt_hdr.type
};
/*
* home address option in destination options header
*/
struct ipv6_destopt_hao {
__u8 type;
__u8 length;
struct in6_addr addr;
} __attribute__((packed));
/*
* IPv6 fixed header
*
* BEWARE, it is incorrect. The first 4 bits of flow_lbl
* are glued to priority now, forming "class".
*/
struct ipv6hdr {
#if defined(__LITTLE_ENDIAN_BITFIELD)
__u8 priority:4,
version:4;
#elif defined(__BIG_ENDIAN_BITFIELD)
__u8 version:4,
priority:4;
#else
#error "Please fix <asm/byteorder.h>"
#endif
__u8 flow_lbl[3];
__be16 payload_len;
__u8 nexthdr;
__u8 hop_limit;
struct in6_addr saddr;
struct in6_addr daddr;
};
/* index values for the variables in ipv6_devconf */
enum {
DEVCONF_FORWARDING = 0,
DEVCONF_HOPLIMIT,
DEVCONF_MTU6,
DEVCONF_ACCEPT_RA,
DEVCONF_ACCEPT_REDIRECTS,
DEVCONF_AUTOCONF,
DEVCONF_DAD_TRANSMITS,
DEVCONF_RTR_SOLICITS,
DEVCONF_RTR_SOLICIT_INTERVAL,
DEVCONF_RTR_SOLICIT_DELAY,
DEVCONF_USE_TEMPADDR,
DEVCONF_TEMP_VALID_LFT,
DEVCONF_TEMP_PREFERED_LFT,
DEVCONF_REGEN_MAX_RETRY,
DEVCONF_MAX_DESYNC_FACTOR,
DEVCONF_MAX_ADDRESSES,
DEVCONF_FORCE_MLD_VERSION,
DEVCONF_ACCEPT_RA_DEFRTR,
DEVCONF_ACCEPT_RA_PINFO,
DEVCONF_ACCEPT_RA_RTR_PREF,
DEVCONF_RTR_PROBE_INTERVAL,
DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN,
DEVCONF_PROXY_NDP,
DEVCONF_OPTIMISTIC_DAD,
DEVCONF_ACCEPT_SOURCE_ROUTE,
DEVCONF_MC_FORWARDING,
DEVCONF_DISABLE_IPV6,
DEVCONF_ACCEPT_DAD,
DEVCONF_FORCE_TLLAO,
DEVCONF_NDISC_NOTIFY,
DEVCONF_MLDV1_UNSOLICITED_REPORT_INTERVAL,
DEVCONF_MLDV2_UNSOLICITED_REPORT_INTERVAL,
DEVCONF_SUPPRESS_FRAG_NDISC,
DEVCONF_ACCEPT_RA_FROM_LOCAL,
DEVCONF_USE_OPTIMISTIC,
DEVCONF_ACCEPT_RA_MTU,
DEVCONF_STABLE_SECRET,
DEVCONF_USE_OIF_ADDRS_ONLY,
DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT,
DEVCONF_IGNORE_ROUTES_WITH_LINKDOWN,
DEVCONF_DROP_UNICAST_IN_L2_MULTICAST,
DEVCONF_DROP_UNSOLICITED_NA,
DEVCONF_KEEP_ADDR_ON_DOWN,
DEVCONF_RTR_SOLICIT_MAX_INTERVAL,
DEVCONF_SEG6_ENABLED,
DEVCONF_SEG6_REQUIRE_HMAC,
DEVCONF_ENHANCED_DAD,
DEVCONF_ADDR_GEN_MODE,
DEVCONF_DISABLE_POLICY,
DEVCONF_ACCEPT_RA_RT_INFO_MIN_PLEN,
DEVCONF_NDISC_TCLASS,
DEVCONF_MAX
};
#endif /* _IPV6_H */

267
libnl/include/linux-private/linux/libc-compat.h Normal file
View file

@ -0,0 +1,267 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* Compatibility interface for userspace libc header coordination:
*
* Define compatibility macros that are used to control the inclusion or
* exclusion of UAPI structures and definitions in coordination with another
* userspace C library.
*
* This header is intended to solve the problem of UAPI definitions that
* conflict with userspace definitions. If a UAPI header has such conflicting
* definitions then the solution is as follows:
*
* * Synchronize the UAPI header and the libc headers so either one can be
* used and such that the ABI is preserved. If this is not possible then
* no simple compatibility interface exists (you need to write translating
* wrappers and rename things) and you can't use this interface.
*
* Then follow this process:
*
* (a) Include libc-compat.h in the UAPI header.
* e.g. #include <linux/libc-compat.h>
* This include must be as early as possible.
*
* (b) In libc-compat.h add enough code to detect that the comflicting
* userspace libc header has been included first.
*
* (c) If the userspace libc header has been included first define a set of
* guard macros of the form __UAPI_DEF_FOO and set their values to 1, else
* set their values to 0.
*
* (d) Back in the UAPI header with the conflicting definitions, guard the
* definitions with:
* #if __UAPI_DEF_FOO
* ...
* #endif
*
* This fixes the situation where the linux headers are included *after* the
* libc headers. To fix the problem with the inclusion in the other order the
* userspace libc headers must be fixed like this:
*
* * For all definitions that conflict with kernel definitions wrap those
* defines in the following:
* #if !__UAPI_DEF_FOO
* ...
* #endif
*
* This prevents the redefinition of a construct already defined by the kernel.
*/
#ifndef _LIBC_COMPAT_H
#define _LIBC_COMPAT_H
/* We have included glibc headers... */
#if defined(__GLIBC__)
/* Coordinate with glibc net/if.h header. */
#if defined(_NET_IF_H) && defined(__USE_MISC)
/* GLIBC headers included first so don't define anything
* that would already be defined. */
#define __UAPI_DEF_IF_IFCONF 0
#define __UAPI_DEF_IF_IFMAP 0
#define __UAPI_DEF_IF_IFNAMSIZ 0
#define __UAPI_DEF_IF_IFREQ 0
/* Everything up to IFF_DYNAMIC, matches net/if.h until glibc 2.23 */
#define __UAPI_DEF_IF_NET_DEVICE_FLAGS 0
/* For the future if glibc adds IFF_LOWER_UP, IFF_DORMANT and IFF_ECHO */
#ifndef __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO
#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 1
#endif /* __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO */
#else /* _NET_IF_H */
/* Linux headers included first, and we must define everything
* we need. The expectation is that glibc will check the
* __UAPI_DEF_* defines and adjust appropriately. */
#define __UAPI_DEF_IF_IFCONF 1
#define __UAPI_DEF_IF_IFMAP 1
#define __UAPI_DEF_IF_IFNAMSIZ 1
#define __UAPI_DEF_IF_IFREQ 1
/* Everything up to IFF_DYNAMIC, matches net/if.h until glibc 2.23 */
#define __UAPI_DEF_IF_NET_DEVICE_FLAGS 1
/* For the future if glibc adds IFF_LOWER_UP, IFF_DORMANT and IFF_ECHO */
#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 1
#endif /* _NET_IF_H */
/* Coordinate with glibc netinet/in.h header. */
#if defined(_NETINET_IN_H)
/* GLIBC headers included first so don't define anything
* that would already be defined. */
#define __UAPI_DEF_IN_ADDR 0
#define __UAPI_DEF_IN_IPPROTO 0
#define __UAPI_DEF_IN_PKTINFO 0
#define __UAPI_DEF_IP_MREQ 0
#define __UAPI_DEF_SOCKADDR_IN 0
#define __UAPI_DEF_IN_CLASS 0
#define __UAPI_DEF_IN6_ADDR 0
/* The exception is the in6_addr macros which must be defined
* if the glibc code didn't define them. This guard matches
* the guard in glibc/inet/netinet/in.h which defines the
* additional in6_addr macros e.g. s6_addr16, and s6_addr32. */
#if defined(__USE_MISC) || defined (__USE_GNU)
#define __UAPI_DEF_IN6_ADDR_ALT 0
#else
#define __UAPI_DEF_IN6_ADDR_ALT 1
#endif
#define __UAPI_DEF_SOCKADDR_IN6 0
#define __UAPI_DEF_IPV6_MREQ 0
#define __UAPI_DEF_IPPROTO_V6 0
#define __UAPI_DEF_IPV6_OPTIONS 0
#define __UAPI_DEF_IN6_PKTINFO 0
#define __UAPI_DEF_IP6_MTUINFO 0
#else
/* Linux headers included first, and we must define everything
* we need. The expectation is that glibc will check the
* __UAPI_DEF_* defines and adjust appropriately. */
#define __UAPI_DEF_IN_ADDR 1
#define __UAPI_DEF_IN_IPPROTO 1
#define __UAPI_DEF_IN_PKTINFO 1
#define __UAPI_DEF_IP_MREQ 1
#define __UAPI_DEF_SOCKADDR_IN 1
#define __UAPI_DEF_IN_CLASS 1
#define __UAPI_DEF_IN6_ADDR 1
/* We unconditionally define the in6_addr macros and glibc must
* coordinate. */
#define __UAPI_DEF_IN6_ADDR_ALT 1
#define __UAPI_DEF_SOCKADDR_IN6 1
#define __UAPI_DEF_IPV6_MREQ 1
#define __UAPI_DEF_IPPROTO_V6 1
#define __UAPI_DEF_IPV6_OPTIONS 1
#define __UAPI_DEF_IN6_PKTINFO 1
#define __UAPI_DEF_IP6_MTUINFO 1
#endif /* _NETINET_IN_H */
/* Coordinate with glibc netipx/ipx.h header. */
#if defined(__NETIPX_IPX_H)
#define __UAPI_DEF_SOCKADDR_IPX 0
#define __UAPI_DEF_IPX_ROUTE_DEFINITION 0
#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 0
#define __UAPI_DEF_IPX_CONFIG_DATA 0
#define __UAPI_DEF_IPX_ROUTE_DEF 0
#else /* defined(__NETIPX_IPX_H) */
#define __UAPI_DEF_SOCKADDR_IPX 1
#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1
#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1
#define __UAPI_DEF_IPX_CONFIG_DATA 1
#define __UAPI_DEF_IPX_ROUTE_DEF 1
#endif /* defined(__NETIPX_IPX_H) */
/* Definitions for xattr.h */
#if defined(_SYS_XATTR_H)
#define __UAPI_DEF_XATTR 0
#else
#define __UAPI_DEF_XATTR 1
#endif
/* If we did not see any headers from any supported C libraries,
* or we are being included in the kernel, then define everything
* that we need. Check for previous __UAPI_* definitions to give
* unsupported C libraries a way to opt out of any kernel definition. */
#else /* !defined(__GLIBC__) */
/* Definitions for if.h */
#ifndef __UAPI_DEF_IF_IFCONF
#define __UAPI_DEF_IF_IFCONF 1
#endif
#ifndef __UAPI_DEF_IF_IFMAP
#define __UAPI_DEF_IF_IFMAP 1
#endif
#ifndef __UAPI_DEF_IF_IFNAMSIZ
#define __UAPI_DEF_IF_IFNAMSIZ 1
#endif
#ifndef __UAPI_DEF_IF_IFREQ
#define __UAPI_DEF_IF_IFREQ 1
#endif
/* Everything up to IFF_DYNAMIC, matches net/if.h until glibc 2.23 */
#ifndef __UAPI_DEF_IF_NET_DEVICE_FLAGS
#define __UAPI_DEF_IF_NET_DEVICE_FLAGS 1
#endif
/* For the future if glibc adds IFF_LOWER_UP, IFF_DORMANT and IFF_ECHO */
#ifndef __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO
#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 1
#endif
/* Definitions for in.h */
#ifndef __UAPI_DEF_IN_ADDR
#define __UAPI_DEF_IN_ADDR 1
#endif
#ifndef __UAPI_DEF_IN_IPPROTO
#define __UAPI_DEF_IN_IPPROTO 1
#endif
#ifndef __UAPI_DEF_IN_PKTINFO
#define __UAPI_DEF_IN_PKTINFO 1
#endif
#ifndef __UAPI_DEF_IP_MREQ
#define __UAPI_DEF_IP_MREQ 1
#endif
#ifndef __UAPI_DEF_SOCKADDR_IN
#define __UAPI_DEF_SOCKADDR_IN 1
#endif
#ifndef __UAPI_DEF_IN_CLASS
#define __UAPI_DEF_IN_CLASS 1
#endif
/* Definitions for in6.h */
#ifndef __UAPI_DEF_IN6_ADDR
#define __UAPI_DEF_IN6_ADDR 1
#endif
#ifndef __UAPI_DEF_IN6_ADDR_ALT
#define __UAPI_DEF_IN6_ADDR_ALT 1
#endif
#ifndef __UAPI_DEF_SOCKADDR_IN6
#define __UAPI_DEF_SOCKADDR_IN6 1
#endif
#ifndef __UAPI_DEF_IPV6_MREQ
#define __UAPI_DEF_IPV6_MREQ 1
#endif
#ifndef __UAPI_DEF_IPPROTO_V6
#define __UAPI_DEF_IPPROTO_V6 1
#endif
#ifndef __UAPI_DEF_IPV6_OPTIONS
#define __UAPI_DEF_IPV6_OPTIONS 1
#endif
#ifndef __UAPI_DEF_IN6_PKTINFO
#define __UAPI_DEF_IN6_PKTINFO 1
#endif
#ifndef __UAPI_DEF_IP6_MTUINFO
#define __UAPI_DEF_IP6_MTUINFO 1
#endif
/* Definitions for ipx.h */
#ifndef __UAPI_DEF_SOCKADDR_IPX
#define __UAPI_DEF_SOCKADDR_IPX 1
#endif
#ifndef __UAPI_DEF_IPX_ROUTE_DEFINITION
#define __UAPI_DEF_IPX_ROUTE_DEFINITION 1
#endif
#ifndef __UAPI_DEF_IPX_INTERFACE_DEFINITION
#define __UAPI_DEF_IPX_INTERFACE_DEFINITION 1
#endif
#ifndef __UAPI_DEF_IPX_CONFIG_DATA
#define __UAPI_DEF_IPX_CONFIG_DATA 1
#endif
#ifndef __UAPI_DEF_IPX_ROUTE_DEF
#define __UAPI_DEF_IPX_ROUTE_DEF 1
#endif
/* Definitions for xattr.h */
#ifndef __UAPI_DEF_XATTR
#define __UAPI_DEF_XATTR 1
#endif
#endif /* __GLIBC__ */
#endif /* _LIBC_COMPAT_H */

71
libnl/include/linux-private/linux/lwtunnel.h Normal file
View file

@ -0,0 +1,71 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _LWTUNNEL_H_
#define _LWTUNNEL_H_
#include <linux/types.h>
enum lwtunnel_encap_types {
LWTUNNEL_ENCAP_NONE,
LWTUNNEL_ENCAP_MPLS,
LWTUNNEL_ENCAP_IP,
LWTUNNEL_ENCAP_ILA,
LWTUNNEL_ENCAP_IP6,
LWTUNNEL_ENCAP_SEG6,
LWTUNNEL_ENCAP_BPF,
LWTUNNEL_ENCAP_SEG6_LOCAL,
__LWTUNNEL_ENCAP_MAX,
};
#define LWTUNNEL_ENCAP_MAX (__LWTUNNEL_ENCAP_MAX - 1)
enum lwtunnel_ip_t {
LWTUNNEL_IP_UNSPEC,
LWTUNNEL_IP_ID,
LWTUNNEL_IP_DST,
LWTUNNEL_IP_SRC,
LWTUNNEL_IP_TTL,
LWTUNNEL_IP_TOS,
LWTUNNEL_IP_FLAGS,
LWTUNNEL_IP_PAD,
__LWTUNNEL_IP_MAX,
};
#define LWTUNNEL_IP_MAX (__LWTUNNEL_IP_MAX - 1)
enum lwtunnel_ip6_t {
LWTUNNEL_IP6_UNSPEC,
LWTUNNEL_IP6_ID,
LWTUNNEL_IP6_DST,
LWTUNNEL_IP6_SRC,
LWTUNNEL_IP6_HOPLIMIT,
LWTUNNEL_IP6_TC,
LWTUNNEL_IP6_FLAGS,
LWTUNNEL_IP6_PAD,
__LWTUNNEL_IP6_MAX,
};
#define LWTUNNEL_IP6_MAX (__LWTUNNEL_IP6_MAX - 1)
enum {
LWT_BPF_PROG_UNSPEC,
LWT_BPF_PROG_FD,
LWT_BPF_PROG_NAME,
__LWT_BPF_PROG_MAX,
};
#define LWT_BPF_PROG_MAX (__LWT_BPF_PROG_MAX - 1)
enum {
LWT_BPF_UNSPEC,
LWT_BPF_IN,
LWT_BPF_OUT,
LWT_BPF_XMIT,
LWT_BPF_XMIT_HEADROOM,
__LWT_BPF_MAX,
};
#define LWT_BPF_MAX (__LWT_BPF_MAX - 1)
#define LWT_BPF_MAX_HEADROOM 256
#endif /* _LWTUNNEL_H_ */

77
libnl/include/linux-private/linux/mpls.h Normal file
View file

@ -0,0 +1,77 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _MPLS_H
#define _MPLS_H
#include <linux/types.h>
#include <asm/byteorder.h>
/* Reference: RFC 5462, RFC 3032
*
* 0 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Label | TC |S| TTL |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*
* Label: Label Value, 20 bits
* TC: Traffic Class field, 3 bits
* S: Bottom of Stack, 1 bit
* TTL: Time to Live, 8 bits
*/
struct mpls_label {
__be32 entry;
};
#define MPLS_LS_LABEL_MASK 0xFFFFF000
#define MPLS_LS_LABEL_SHIFT 12
#define MPLS_LS_TC_MASK 0x00000E00
#define MPLS_LS_TC_SHIFT 9
#define MPLS_LS_S_MASK 0x00000100
#define MPLS_LS_S_SHIFT 8
#define MPLS_LS_TTL_MASK 0x000000FF
#define MPLS_LS_TTL_SHIFT 0
/* Reserved labels */
#define MPLS_LABEL_IPV4NULL 0 /* RFC3032 */
#define MPLS_LABEL_RTALERT 1 /* RFC3032 */
#define MPLS_LABEL_IPV6NULL 2 /* RFC3032 */
#define MPLS_LABEL_IMPLNULL 3 /* RFC3032 */
#define MPLS_LABEL_ENTROPY 7 /* RFC6790 */
#define MPLS_LABEL_GAL 13 /* RFC5586 */
#define MPLS_LABEL_OAMALERT 14 /* RFC3429 */
#define MPLS_LABEL_EXTENSION 15 /* RFC7274 */
#define MPLS_LABEL_FIRST_UNRESERVED 16 /* RFC3032 */
/* These are embedded into IFLA_STATS_AF_SPEC:
* [IFLA_STATS_AF_SPEC]
* -> [AF_MPLS]
* -> [MPLS_STATS_xxx]
*
* Attributes:
* [MPLS_STATS_LINK] = {
* struct mpls_link_stats
* }
*/
enum {
MPLS_STATS_UNSPEC, /* also used as 64bit pad attribute */
MPLS_STATS_LINK,
__MPLS_STATS_MAX,
};
#define MPLS_STATS_MAX (__MPLS_STATS_MAX - 1)
struct mpls_link_stats {
__u64 rx_packets; /* total packets received */
__u64 tx_packets; /* total packets transmitted */
__u64 rx_bytes; /* total bytes received */
__u64 tx_bytes; /* total bytes transmitted */
__u64 rx_errors; /* bad packets received */
__u64 tx_errors; /* packet transmit problems */
__u64 rx_dropped; /* packet dropped on receive */
__u64 tx_dropped; /* packet dropped on transmit */
__u64 rx_noroute; /* no route for packet dest */
};
#endif /* _MPLS_H */

31
libnl/include/linux-private/linux/mpls_iptunnel.h Normal file
View file

@ -0,0 +1,31 @@
/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* mpls tunnel api
*
* Authors:
* Roopa Prabhu <roopa@cumulusnetworks.com>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#ifndef _LINUX_MPLS_IPTUNNEL_H
#define _LINUX_MPLS_IPTUNNEL_H
/* MPLS tunnel attributes
* [RTA_ENCAP] = {
* [MPLS_IPTUNNEL_DST]
* [MPLS_IPTUNNEL_TTL]
* }
*/
enum {
MPLS_IPTUNNEL_UNSPEC,
MPLS_IPTUNNEL_DST,
MPLS_IPTUNNEL_TTL,
__MPLS_IPTUNNEL_MAX,
};
#define MPLS_IPTUNNEL_MAX (__MPLS_IPTUNNEL_MAX - 1)
#endif /* _LINUX_MPLS_IPTUNNEL_H */

172
libnl/include/linux-private/linux/neighbour.h Normal file
View file

@ -0,0 +1,172 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_NEIGHBOUR_H
#define __LINUX_NEIGHBOUR_H
#include <linux/types.h>
#include <linux/netlink.h>
struct ndmsg {
__u8 ndm_family;
__u8 ndm_pad1;
__u16 ndm_pad2;
__s32 ndm_ifindex;
__u16 ndm_state;
__u8 ndm_flags;
__u8 ndm_type;
};
enum {
NDA_UNSPEC,
NDA_DST,
NDA_LLADDR,
NDA_CACHEINFO,
NDA_PROBES,
NDA_VLAN,
NDA_PORT,
NDA_VNI,
NDA_IFINDEX,
NDA_MASTER,
NDA_LINK_NETNSID,
NDA_SRC_VNI,
__NDA_MAX
};
#define NDA_MAX (__NDA_MAX - 1)
/*
* Neighbor Cache Entry Flags
*/
#define NTF_USE 0x01
#define NTF_SELF 0x02
#define NTF_MASTER 0x04
#define NTF_PROXY 0x08 /* == ATF_PUBL */
#define NTF_EXT_LEARNED 0x10
#define NTF_OFFLOADED 0x20
#define NTF_ROUTER 0x80
/*
* Neighbor Cache Entry States.
*/
#define NUD_INCOMPLETE 0x01
#define NUD_REACHABLE 0x02
#define NUD_STALE 0x04
#define NUD_DELAY 0x08
#define NUD_PROBE 0x10
#define NUD_FAILED 0x20
/* Dummy states */
#define NUD_NOARP 0x40
#define NUD_PERMANENT 0x80
#define NUD_NONE 0x00
/* NUD_NOARP & NUD_PERMANENT are pseudostates, they never change
and make no address resolution or NUD.
NUD_PERMANENT also cannot be deleted by garbage collectors.
*/
struct nda_cacheinfo {
__u32 ndm_confirmed;
__u32 ndm_used;
__u32 ndm_updated;
__u32 ndm_refcnt;
};
/*****************************************************************
* Neighbour tables specific messages.
*
* To retrieve the neighbour tables send RTM_GETNEIGHTBL with the
* NLM_F_DUMP flag set. Every neighbour table configuration is
* spread over multiple messages to avoid running into message
* size limits on systems with many interfaces. The first message
* in the sequence transports all not device specific data such as
* statistics, configuration, and the default parameter set.
* This message is followed by 0..n messages carrying device
* specific parameter sets.
* Although the ordering should be sufficient, NDTA_NAME can be
* used to identify sequences. The initial message can be identified
* by checking for NDTA_CONFIG. The device specific messages do
* not contain this TLV but have NDTPA_IFINDEX set to the
* corresponding interface index.
*
* To change neighbour table attributes, send RTM_SETNEIGHTBL
* with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],
* NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked
* otherwise. Device specific parameter sets can be changed by
* setting NDTPA_IFINDEX to the interface index of the corresponding
* device.
****/
struct ndt_stats {
__u64 ndts_allocs;
__u64 ndts_destroys;
__u64 ndts_hash_grows;
__u64 ndts_res_failed;
__u64 ndts_lookups;
__u64 ndts_hits;
__u64 ndts_rcv_probes_mcast;
__u64 ndts_rcv_probes_ucast;
__u64 ndts_periodic_gc_runs;
__u64 ndts_forced_gc_runs;
__u64 ndts_table_fulls;
};
enum {
NDTPA_UNSPEC,
NDTPA_IFINDEX, /* u32, unchangeable */
NDTPA_REFCNT, /* u32, read-only */
NDTPA_REACHABLE_TIME, /* u64, read-only, msecs */
NDTPA_BASE_REACHABLE_TIME, /* u64, msecs */
NDTPA_RETRANS_TIME, /* u64, msecs */
NDTPA_GC_STALETIME, /* u64, msecs */
NDTPA_DELAY_PROBE_TIME, /* u64, msecs */
NDTPA_QUEUE_LEN, /* u32 */
NDTPA_APP_PROBES, /* u32 */
NDTPA_UCAST_PROBES, /* u32 */
NDTPA_MCAST_PROBES, /* u32 */
NDTPA_ANYCAST_DELAY, /* u64, msecs */
NDTPA_PROXY_DELAY, /* u64, msecs */
NDTPA_PROXY_QLEN, /* u32 */
NDTPA_LOCKTIME, /* u64, msecs */
NDTPA_QUEUE_LENBYTES, /* u32 */
NDTPA_MCAST_REPROBES, /* u32 */
NDTPA_PAD,
__NDTPA_MAX
};
#define NDTPA_MAX (__NDTPA_MAX - 1)
struct ndtmsg {
__u8 ndtm_family;
__u8 ndtm_pad1;
__u16 ndtm_pad2;
};
struct ndt_config {
__u16 ndtc_key_len;
__u16 ndtc_entry_size;
__u32 ndtc_entries;
__u32 ndtc_last_flush; /* delta to now in msecs */
__u32 ndtc_last_rand; /* delta to now in msecs */
__u32 ndtc_hash_rnd;
__u32 ndtc_hash_mask;
__u32 ndtc_hash_chain_gc;
__u32 ndtc_proxy_qlen;
};
enum {
NDTA_UNSPEC,
NDTA_NAME, /* char *, unchangeable */
NDTA_THRESH1, /* u32 */
NDTA_THRESH2, /* u32 */
NDTA_THRESH3, /* u32 */
NDTA_CONFIG, /* struct ndt_config, read-only */
NDTA_PARMS, /* nested TLV NDTPA_* */
NDTA_STATS, /* struct ndt_stats, read-only */
NDTA_GC_INTERVAL, /* u64, msecs */
NDTA_PAD,
__NDTA_MAX
};
#define NDTA_MAX (__NDTA_MAX - 1)
#endif

30
libnl/include/linux-private/linux/netconf.h Normal file
View file

@ -0,0 +1,30 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _LINUX_NETCONF_H_
#define _LINUX_NETCONF_H_
#include <linux/types.h>
#include <linux/netlink.h>
struct netconfmsg {
__u8 ncm_family;
};
enum {
NETCONFA_UNSPEC,
NETCONFA_IFINDEX,
NETCONFA_FORWARDING,
NETCONFA_RP_FILTER,
NETCONFA_MC_FORWARDING,
NETCONFA_PROXY_NEIGH,
NETCONFA_IGNORE_ROUTES_WITH_LINKDOWN,
NETCONFA_INPUT,
NETCONFA_BC_FORWARDING,
__NETCONFA_MAX
};
#define NETCONFA_MAX (__NETCONFA_MAX - 1)
#define NETCONFA_ALL -1
#define NETCONFA_IFINDEX_ALL -1
#define NETCONFA_IFINDEX_DEFAULT -2
#endif /* _LINUX_NETCONF_H_ */

78
libnl/include/linux-private/linux/netfilter.h Normal file
View file

@ -0,0 +1,78 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_NETFILTER_H
#define __LINUX_NETFILTER_H
#include <linux/types.h>
#include <linux/in.h>
#include <linux/in6.h>
/* Responses from hook functions. */
#define NF_DROP 0
#define NF_ACCEPT 1
#define NF_STOLEN 2
#define NF_QUEUE 3
#define NF_REPEAT 4
#define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */
#define NF_MAX_VERDICT NF_STOP
/* we overload the higher bits for encoding auxiliary data such as the queue
* number or errno values. Not nice, but better than additional function
* arguments. */
#define NF_VERDICT_MASK 0x000000ff
/* extra verdict flags have mask 0x0000ff00 */
#define NF_VERDICT_FLAG_QUEUE_BYPASS 0x00008000
/* queue number (NF_QUEUE) or errno (NF_DROP) */
#define NF_VERDICT_QMASK 0xffff0000
#define NF_VERDICT_QBITS 16
#define NF_QUEUE_NR(x) ((((x) << 16) & NF_VERDICT_QMASK) | NF_QUEUE)
#define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP)
/* only for userspace compatibility */
/* Generic cache responses from hook functions.
<= 0x2000 is used for protocol-flags. */
#define NFC_UNKNOWN 0x4000
#define NFC_ALTERED 0x8000
/* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */
#define NF_VERDICT_BITS 16
enum nf_inet_hooks {
NF_INET_PRE_ROUTING,
NF_INET_LOCAL_IN,
NF_INET_FORWARD,
NF_INET_LOCAL_OUT,
NF_INET_POST_ROUTING,
NF_INET_NUMHOOKS
};
enum nf_dev_hooks {
NF_NETDEV_INGRESS,
NF_NETDEV_NUMHOOKS
};
enum {
NFPROTO_UNSPEC = 0,
NFPROTO_INET = 1,
NFPROTO_IPV4 = 2,
NFPROTO_ARP = 3,
NFPROTO_NETDEV = 5,
NFPROTO_BRIDGE = 7,
NFPROTO_IPV6 = 10,
NFPROTO_DECNET = 12,
NFPROTO_NUMPROTO,
};
union nf_inet_addr {
__u32 all[4];
__be32 ip;
__be32 ip6[4];
struct in_addr in;
struct in6_addr in6;
};
#endif /* __LINUX_NETFILTER_H */

142
libnl/include/linux-private/linux/netfilter/nf_conntrack_common.h Normal file
View file

@ -0,0 +1,142 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _NF_CONNTRACK_COMMON_H
#define _NF_CONNTRACK_COMMON_H
/* Connection state tracking for netfilter. This is separated from,
but required by, the NAT layer; it can also be used by an iptables
extension. */
enum ip_conntrack_info {
/* Part of an established connection (either direction). */
IP_CT_ESTABLISHED,
/* Like NEW, but related to an existing connection, or ICMP error
(in either direction). */
IP_CT_RELATED,
/* Started a new connection to track (only
IP_CT_DIR_ORIGINAL); may be a retransmission. */
IP_CT_NEW,
/* >= this indicates reply direction */
IP_CT_IS_REPLY,
IP_CT_ESTABLISHED_REPLY = IP_CT_ESTABLISHED + IP_CT_IS_REPLY,
IP_CT_RELATED_REPLY = IP_CT_RELATED + IP_CT_IS_REPLY,
/* No NEW in reply direction. */
/* Number of distinct IP_CT types. */
IP_CT_NUMBER,
/* only for userspace compatibility */
IP_CT_NEW_REPLY = IP_CT_NUMBER,
};
#define NF_CT_STATE_INVALID_BIT (1 << 0)
#define NF_CT_STATE_BIT(ctinfo) (1 << ((ctinfo) % IP_CT_IS_REPLY + 1))
#define NF_CT_STATE_UNTRACKED_BIT (1 << 6)
/* Bitset representing status of connection. */
enum ip_conntrack_status {
/* It's an expected connection: bit 0 set. This bit never changed */
IPS_EXPECTED_BIT = 0,
IPS_EXPECTED = (1 << IPS_EXPECTED_BIT),
/* We've seen packets both ways: bit 1 set. Can be set, not unset. */
IPS_SEEN_REPLY_BIT = 1,
IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
/* Conntrack should never be early-expired. */
IPS_ASSURED_BIT = 2,
IPS_ASSURED = (1 << IPS_ASSURED_BIT),
/* Connection is confirmed: originating packet has left box */
IPS_CONFIRMED_BIT = 3,
IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
/* Connection needs src nat in orig dir. This bit never changed. */
IPS_SRC_NAT_BIT = 4,
IPS_SRC_NAT = (1 << IPS_SRC_NAT_BIT),
/* Connection needs dst nat in orig dir. This bit never changed. */
IPS_DST_NAT_BIT = 5,
IPS_DST_NAT = (1 << IPS_DST_NAT_BIT),
/* Both together. */
IPS_NAT_MASK = (IPS_DST_NAT | IPS_SRC_NAT),
/* Connection needs TCP sequence adjusted. */
IPS_SEQ_ADJUST_BIT = 6,
IPS_SEQ_ADJUST = (1 << IPS_SEQ_ADJUST_BIT),
/* NAT initialization bits. */
IPS_SRC_NAT_DONE_BIT = 7,
IPS_SRC_NAT_DONE = (1 << IPS_SRC_NAT_DONE_BIT),
IPS_DST_NAT_DONE_BIT = 8,
IPS_DST_NAT_DONE = (1 << IPS_DST_NAT_DONE_BIT),
/* Both together */
IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE),
/* Connection is dying (removed from lists), can not be unset. */
IPS_DYING_BIT = 9,
IPS_DYING = (1 << IPS_DYING_BIT),
/* Connection has fixed timeout. */
IPS_FIXED_TIMEOUT_BIT = 10,
IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
/* Conntrack is a template */
IPS_TEMPLATE_BIT = 11,
IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT),
/* Conntrack is a fake untracked entry. Obsolete and not used anymore */
IPS_UNTRACKED_BIT = 12,
IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT),
/* Conntrack got a helper explicitly attached via CT target. */
IPS_HELPER_BIT = 13,
IPS_HELPER = (1 << IPS_HELPER_BIT),
/* Conntrack has been offloaded to flow table. */
IPS_OFFLOAD_BIT = 14,
IPS_OFFLOAD = (1 << IPS_OFFLOAD_BIT),
/* Be careful here, modifying these bits can make things messy,
* so don't let users modify them directly.
*/
IPS_UNCHANGEABLE_MASK = (IPS_NAT_DONE_MASK | IPS_NAT_MASK |
IPS_EXPECTED | IPS_CONFIRMED | IPS_DYING |
IPS_SEQ_ADJUST | IPS_TEMPLATE | IPS_OFFLOAD),
__IPS_MAX_BIT = 15,
};
/* Connection tracking event types */
enum ip_conntrack_events {
IPCT_NEW, /* new conntrack */
IPCT_RELATED, /* related conntrack */
IPCT_DESTROY, /* destroyed conntrack */
IPCT_REPLY, /* connection has seen two-way traffic */
IPCT_ASSURED, /* connection status has changed to assured */
IPCT_PROTOINFO, /* protocol information has changed */
IPCT_HELPER, /* new helper has been set */
IPCT_MARK, /* new mark has been set */
IPCT_SEQADJ, /* sequence adjustment has changed */
IPCT_NATSEQADJ = IPCT_SEQADJ,
IPCT_SECMARK, /* new security mark has been set */
IPCT_LABEL, /* new connlabel has been set */
IPCT_SYNPROXY, /* synproxy has been set */
};
enum ip_conntrack_expect_events {
IPEXP_NEW, /* new expectation */
IPEXP_DESTROY, /* destroyed expectation */
};
/* expectation flags */
#define NF_CT_EXPECT_PERMANENT 0x1
#define NF_CT_EXPECT_INACTIVE 0x2
#define NF_CT_EXPECT_USERSPACE 0x4
#endif /* _NF_CONNTRACK_COMMON_H */

81
libnl/include/linux-private/linux/netfilter/nfnetlink.h Normal file
View file

@ -0,0 +1,81 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _NFNETLINK_H
#define _NFNETLINK_H
#include <linux/types.h>
#include <linux/netfilter/nfnetlink_compat.h>
enum nfnetlink_groups {
NFNLGRP_NONE,
#define NFNLGRP_NONE NFNLGRP_NONE
NFNLGRP_CONNTRACK_NEW,
#define NFNLGRP_CONNTRACK_NEW NFNLGRP_CONNTRACK_NEW
NFNLGRP_CONNTRACK_UPDATE,
#define NFNLGRP_CONNTRACK_UPDATE NFNLGRP_CONNTRACK_UPDATE
NFNLGRP_CONNTRACK_DESTROY,
#define NFNLGRP_CONNTRACK_DESTROY NFNLGRP_CONNTRACK_DESTROY
NFNLGRP_CONNTRACK_EXP_NEW,
#define NFNLGRP_CONNTRACK_EXP_NEW NFNLGRP_CONNTRACK_EXP_NEW
NFNLGRP_CONNTRACK_EXP_UPDATE,
#define NFNLGRP_CONNTRACK_EXP_UPDATE NFNLGRP_CONNTRACK_EXP_UPDATE
NFNLGRP_CONNTRACK_EXP_DESTROY,
#define NFNLGRP_CONNTRACK_EXP_DESTROY NFNLGRP_CONNTRACK_EXP_DESTROY
NFNLGRP_NFTABLES,
#define NFNLGRP_NFTABLES NFNLGRP_NFTABLES
NFNLGRP_ACCT_QUOTA,
#define NFNLGRP_ACCT_QUOTA NFNLGRP_ACCT_QUOTA
NFNLGRP_NFTRACE,
#define NFNLGRP_NFTRACE NFNLGRP_NFTRACE
__NFNLGRP_MAX,
};
#define NFNLGRP_MAX (__NFNLGRP_MAX - 1)
/* General form of address family dependent message.
*/
struct nfgenmsg {
__u8 nfgen_family; /* AF_xxx */
__u8 version; /* nfnetlink version */
__be16 res_id; /* resource id */
};
#define NFNETLINK_V0 0
/* netfilter netlink message types are split in two pieces:
* 8 bit subsystem, 8bit operation.
*/
#define NFNL_SUBSYS_ID(x) ((x & 0xff00) >> 8)
#define NFNL_MSG_TYPE(x) (x & 0x00ff)
/* No enum here, otherwise __stringify() trick of MODULE_ALIAS_NFNL_SUBSYS()
* won't work anymore */
#define NFNL_SUBSYS_NONE 0
#define NFNL_SUBSYS_CTNETLINK 1
#define NFNL_SUBSYS_CTNETLINK_EXP 2
#define NFNL_SUBSYS_QUEUE 3
#define NFNL_SUBSYS_ULOG 4
#define NFNL_SUBSYS_OSF 5
#define NFNL_SUBSYS_IPSET 6
#define NFNL_SUBSYS_ACCT 7
#define NFNL_SUBSYS_CTNETLINK_TIMEOUT 8
#define NFNL_SUBSYS_CTHELPER 9
#define NFNL_SUBSYS_NFTABLES 10
#define NFNL_SUBSYS_NFT_COMPAT 11
#define NFNL_SUBSYS_COUNT 12
/* Reserved control nfnetlink messages */
#define NFNL_MSG_BATCH_BEGIN NLMSG_MIN_TYPE
#define NFNL_MSG_BATCH_END NLMSG_MIN_TYPE+1
/**
* enum nfnl_batch_attributes - nfnetlink batch netlink attributes
*
* @NFNL_BATCH_GENID: generation ID for this changeset (NLA_U32)
*/
enum nfnl_batch_attributes {
NFNL_BATCH_UNSPEC,
NFNL_BATCH_GENID,
__NFNL_BATCH_MAX
};
#define NFNL_BATCH_MAX (__NFNL_BATCH_MAX - 1)
#endif /* _NFNETLINK_H */

62
libnl/include/linux-private/linux/netfilter/nfnetlink_compat.h Normal file
View file

@ -0,0 +1,62 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _NFNETLINK_COMPAT_H
#define _NFNETLINK_COMPAT_H
#include <linux/types.h>
/* Old nfnetlink macros for userspace */
/* nfnetlink groups: Up to 32 maximum */
#define NF_NETLINK_CONNTRACK_NEW 0x00000001
#define NF_NETLINK_CONNTRACK_UPDATE 0x00000002
#define NF_NETLINK_CONNTRACK_DESTROY 0x00000004
#define NF_NETLINK_CONNTRACK_EXP_NEW 0x00000008
#define NF_NETLINK_CONNTRACK_EXP_UPDATE 0x00000010
#define NF_NETLINK_CONNTRACK_EXP_DESTROY 0x00000020
/* Generic structure for encapsulation optional netfilter information.
* It is reminiscent of sockaddr, but with sa_family replaced
* with attribute type.
* ! This should someday be put somewhere generic as now rtnetlink and
* ! nfnetlink use the same attributes methods. - J. Schulist.
*/
struct nfattr {
__u16 nfa_len;
__u16 nfa_type; /* we use 15 bits for the type, and the highest
* bit to indicate whether the payload is nested */
};
/* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from
* rtnetlink.h, it's time to put this in a generic file */
#define NFNL_NFA_NEST 0x8000
#define NFA_TYPE(attr) ((attr)->nfa_type & 0x7fff)
#define NFA_ALIGNTO 4
#define NFA_ALIGN(len) (((len) + NFA_ALIGNTO - 1) & ~(NFA_ALIGNTO - 1))
#define NFA_OK(nfa,len) ((len) > 0 && (nfa)->nfa_len >= sizeof(struct nfattr) \
&& (nfa)->nfa_len <= (len))
#define NFA_NEXT(nfa,attrlen) ((attrlen) -= NFA_ALIGN((nfa)->nfa_len), \
(struct nfattr *)(((char *)(nfa)) + NFA_ALIGN((nfa)->nfa_len)))
#define NFA_LENGTH(len) (NFA_ALIGN(sizeof(struct nfattr)) + (len))
#define NFA_SPACE(len) NFA_ALIGN(NFA_LENGTH(len))
#define NFA_DATA(nfa) ((void *)(((char *)(nfa)) + NFA_LENGTH(0)))
#define NFA_PAYLOAD(nfa) ((int)((nfa)->nfa_len) - NFA_LENGTH(0))
#define NFA_NEST(skb, type) \
({ struct nfattr *__start = (struct nfattr *)skb_tail_pointer(skb); \
NFA_PUT(skb, (NFNL_NFA_NEST | type), 0, NULL); \
__start; })
#define NFA_NEST_END(skb, start) \
({ (start)->nfa_len = skb_tail_pointer(skb) - (unsigned char *)(start); \
(skb)->len; })
#define NFA_NEST_CANCEL(skb, start) \
({ if (start) \
skb_trim(skb, (unsigned char *) (start) - (skb)->data); \
-1; })
#define NFM_NFA(n) ((struct nfattr *)(((char *)(n)) \
+ NLMSG_ALIGN(sizeof(struct nfgenmsg))))
#define NFM_PAYLOAD(n) NLMSG_PAYLOAD(n, sizeof(struct nfgenmsg))
#endif /* _NFNETLINK_COMPAT_H */

279
libnl/include/linux-private/linux/netfilter/nfnetlink_conntrack.h Normal file
View file

@ -0,0 +1,279 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _IPCONNTRACK_NETLINK_H
#define _IPCONNTRACK_NETLINK_H
#include <linux/netfilter/nfnetlink.h>
enum cntl_msg_types {
IPCTNL_MSG_CT_NEW,
IPCTNL_MSG_CT_GET,
IPCTNL_MSG_CT_DELETE,
IPCTNL_MSG_CT_GET_CTRZERO,
IPCTNL_MSG_CT_GET_STATS_CPU,
IPCTNL_MSG_CT_GET_STATS,
IPCTNL_MSG_CT_GET_DYING,
IPCTNL_MSG_CT_GET_UNCONFIRMED,
IPCTNL_MSG_MAX
};
enum ctnl_exp_msg_types {
IPCTNL_MSG_EXP_NEW,
IPCTNL_MSG_EXP_GET,
IPCTNL_MSG_EXP_DELETE,
IPCTNL_MSG_EXP_GET_STATS_CPU,
IPCTNL_MSG_EXP_MAX
};
enum ctattr_type {
CTA_UNSPEC,
CTA_TUPLE_ORIG,
CTA_TUPLE_REPLY,
CTA_STATUS,
CTA_PROTOINFO,
CTA_HELP,
CTA_NAT_SRC,
#define CTA_NAT CTA_NAT_SRC /* backwards compatibility */
CTA_TIMEOUT,
CTA_MARK,
CTA_COUNTERS_ORIG,
CTA_COUNTERS_REPLY,
CTA_USE,
CTA_ID,
CTA_NAT_DST,
CTA_TUPLE_MASTER,
CTA_SEQ_ADJ_ORIG,
CTA_NAT_SEQ_ADJ_ORIG = CTA_SEQ_ADJ_ORIG,
CTA_SEQ_ADJ_REPLY,
CTA_NAT_SEQ_ADJ_REPLY = CTA_SEQ_ADJ_REPLY,
CTA_SECMARK, /* obsolete */
CTA_ZONE,
CTA_SECCTX,
CTA_TIMESTAMP,
CTA_MARK_MASK,
CTA_LABELS,
CTA_LABELS_MASK,
CTA_SYNPROXY,
__CTA_MAX
};
#define CTA_MAX (__CTA_MAX - 1)
enum ctattr_tuple {
CTA_TUPLE_UNSPEC,
CTA_TUPLE_IP,
CTA_TUPLE_PROTO,
CTA_TUPLE_ZONE,
__CTA_TUPLE_MAX
};
#define CTA_TUPLE_MAX (__CTA_TUPLE_MAX - 1)
enum ctattr_ip {
CTA_IP_UNSPEC,
CTA_IP_V4_SRC,
CTA_IP_V4_DST,
CTA_IP_V6_SRC,
CTA_IP_V6_DST,
__CTA_IP_MAX
};
#define CTA_IP_MAX (__CTA_IP_MAX - 1)
enum ctattr_l4proto {
CTA_PROTO_UNSPEC,
CTA_PROTO_NUM,
CTA_PROTO_SRC_PORT,
CTA_PROTO_DST_PORT,
CTA_PROTO_ICMP_ID,
CTA_PROTO_ICMP_TYPE,
CTA_PROTO_ICMP_CODE,
CTA_PROTO_ICMPV6_ID,
CTA_PROTO_ICMPV6_TYPE,
CTA_PROTO_ICMPV6_CODE,
__CTA_PROTO_MAX
};
#define CTA_PROTO_MAX (__CTA_PROTO_MAX - 1)
enum ctattr_protoinfo {
CTA_PROTOINFO_UNSPEC,
CTA_PROTOINFO_TCP,
CTA_PROTOINFO_DCCP,
CTA_PROTOINFO_SCTP,
__CTA_PROTOINFO_MAX
};
#define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1)
enum ctattr_protoinfo_tcp {
CTA_PROTOINFO_TCP_UNSPEC,
CTA_PROTOINFO_TCP_STATE,
CTA_PROTOINFO_TCP_WSCALE_ORIGINAL,
CTA_PROTOINFO_TCP_WSCALE_REPLY,
CTA_PROTOINFO_TCP_FLAGS_ORIGINAL,
CTA_PROTOINFO_TCP_FLAGS_REPLY,
__CTA_PROTOINFO_TCP_MAX
};
#define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1)
enum ctattr_protoinfo_dccp {
CTA_PROTOINFO_DCCP_UNSPEC,
CTA_PROTOINFO_DCCP_STATE,
CTA_PROTOINFO_DCCP_ROLE,
CTA_PROTOINFO_DCCP_HANDSHAKE_SEQ,
CTA_PROTOINFO_DCCP_PAD,
__CTA_PROTOINFO_DCCP_MAX,
};
#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)
enum ctattr_protoinfo_sctp {
CTA_PROTOINFO_SCTP_UNSPEC,
CTA_PROTOINFO_SCTP_STATE,
CTA_PROTOINFO_SCTP_VTAG_ORIGINAL,
CTA_PROTOINFO_SCTP_VTAG_REPLY,
__CTA_PROTOINFO_SCTP_MAX
};
#define CTA_PROTOINFO_SCTP_MAX (__CTA_PROTOINFO_SCTP_MAX - 1)
enum ctattr_counters {
CTA_COUNTERS_UNSPEC,
CTA_COUNTERS_PACKETS, /* 64bit counters */
CTA_COUNTERS_BYTES, /* 64bit counters */
CTA_COUNTERS32_PACKETS, /* old 32bit counters, unused */
CTA_COUNTERS32_BYTES, /* old 32bit counters, unused */
CTA_COUNTERS_PAD,
__CTA_COUNTERS_MAX
};
#define CTA_COUNTERS_MAX (__CTA_COUNTERS_MAX - 1)
enum ctattr_tstamp {
CTA_TIMESTAMP_UNSPEC,
CTA_TIMESTAMP_START,
CTA_TIMESTAMP_STOP,
CTA_TIMESTAMP_PAD,
__CTA_TIMESTAMP_MAX
};
#define CTA_TIMESTAMP_MAX (__CTA_TIMESTAMP_MAX - 1)
enum ctattr_nat {
CTA_NAT_UNSPEC,
CTA_NAT_V4_MINIP,
#define CTA_NAT_MINIP CTA_NAT_V4_MINIP
CTA_NAT_V4_MAXIP,
#define CTA_NAT_MAXIP CTA_NAT_V4_MAXIP
CTA_NAT_PROTO,
CTA_NAT_V6_MINIP,
CTA_NAT_V6_MAXIP,
__CTA_NAT_MAX
};
#define CTA_NAT_MAX (__CTA_NAT_MAX - 1)
enum ctattr_protonat {
CTA_PROTONAT_UNSPEC,
CTA_PROTONAT_PORT_MIN,
CTA_PROTONAT_PORT_MAX,
__CTA_PROTONAT_MAX
};
#define CTA_PROTONAT_MAX (__CTA_PROTONAT_MAX - 1)
enum ctattr_seqadj {
CTA_SEQADJ_UNSPEC,
CTA_SEQADJ_CORRECTION_POS,
CTA_SEQADJ_OFFSET_BEFORE,
CTA_SEQADJ_OFFSET_AFTER,
__CTA_SEQADJ_MAX
};
#define CTA_SEQADJ_MAX (__CTA_SEQADJ_MAX - 1)
enum ctattr_natseq {
CTA_NAT_SEQ_UNSPEC,
CTA_NAT_SEQ_CORRECTION_POS,
CTA_NAT_SEQ_OFFSET_BEFORE,
CTA_NAT_SEQ_OFFSET_AFTER,
__CTA_NAT_SEQ_MAX
};
#define CTA_NAT_SEQ_MAX (__CTA_NAT_SEQ_MAX - 1)
enum ctattr_synproxy {
CTA_SYNPROXY_UNSPEC,
CTA_SYNPROXY_ISN,
CTA_SYNPROXY_ITS,
CTA_SYNPROXY_TSOFF,
__CTA_SYNPROXY_MAX,
};
#define CTA_SYNPROXY_MAX (__CTA_SYNPROXY_MAX - 1)
enum ctattr_expect {
CTA_EXPECT_UNSPEC,
CTA_EXPECT_MASTER,
CTA_EXPECT_TUPLE,
CTA_EXPECT_MASK,
CTA_EXPECT_TIMEOUT,
CTA_EXPECT_ID,
CTA_EXPECT_HELP_NAME,
CTA_EXPECT_ZONE,
CTA_EXPECT_FLAGS,
CTA_EXPECT_CLASS,
CTA_EXPECT_NAT,
CTA_EXPECT_FN,
__CTA_EXPECT_MAX
};
#define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1)
enum ctattr_expect_nat {
CTA_EXPECT_NAT_UNSPEC,
CTA_EXPECT_NAT_DIR,
CTA_EXPECT_NAT_TUPLE,
__CTA_EXPECT_NAT_MAX
};
#define CTA_EXPECT_NAT_MAX (__CTA_EXPECT_NAT_MAX - 1)
enum ctattr_help {
CTA_HELP_UNSPEC,
CTA_HELP_NAME,
CTA_HELP_INFO,
__CTA_HELP_MAX
};
#define CTA_HELP_MAX (__CTA_HELP_MAX - 1)
enum ctattr_secctx {
CTA_SECCTX_UNSPEC,
CTA_SECCTX_NAME,
__CTA_SECCTX_MAX
};
#define CTA_SECCTX_MAX (__CTA_SECCTX_MAX - 1)
enum ctattr_stats_cpu {
CTA_STATS_UNSPEC,
CTA_STATS_SEARCHED, /* no longer used */
CTA_STATS_FOUND,
CTA_STATS_NEW, /* no longer used */
CTA_STATS_INVALID,
CTA_STATS_IGNORE,
CTA_STATS_DELETE, /* no longer used */
CTA_STATS_DELETE_LIST, /* no longer used */
CTA_STATS_INSERT,
CTA_STATS_INSERT_FAILED,
CTA_STATS_DROP,
CTA_STATS_EARLY_DROP,
CTA_STATS_ERROR,
CTA_STATS_SEARCH_RESTART,
__CTA_STATS_MAX,
};
#define CTA_STATS_MAX (__CTA_STATS_MAX - 1)
enum ctattr_stats_global {
CTA_STATS_GLOBAL_UNSPEC,
CTA_STATS_GLOBAL_ENTRIES,
CTA_STATS_GLOBAL_MAX_ENTRIES,
__CTA_STATS_GLOBAL_MAX,
};
#define CTA_STATS_GLOBAL_MAX (__CTA_STATS_GLOBAL_MAX - 1)
enum ctattr_expect_stats {
CTA_STATS_EXP_UNSPEC,
CTA_STATS_EXP_NEW,
CTA_STATS_EXP_CREATE,
CTA_STATS_EXP_DELETE,
__CTA_STATS_EXP_MAX,
};
#define CTA_STATS_EXP_MAX (__CTA_STATS_EXP_MAX - 1)
#endif /* _IPCONNTRACK_NETLINK_H */

101
libnl/include/linux-private/linux/netfilter/nfnetlink_log.h Normal file
View file

@ -0,0 +1,101 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _NFNETLINK_LOG_H
#define _NFNETLINK_LOG_H
/* This file describes the netlink messages (i.e. 'protocol packets'),
* and not any kind of function definitions. It is shared between kernel and
* userspace. Don't put kernel specific stuff in here */
#include <linux/types.h>
#include <linux/netfilter/nfnetlink.h>
enum nfulnl_msg_types {
NFULNL_MSG_PACKET, /* packet from kernel to userspace */
NFULNL_MSG_CONFIG, /* connect to a particular queue */
NFULNL_MSG_MAX
};
struct nfulnl_msg_packet_hdr {
__be16 hw_protocol; /* hw protocol (network order) */
__u8 hook; /* netfilter hook */
__u8 _pad;
};
struct nfulnl_msg_packet_hw {
__be16 hw_addrlen;
__u16 _pad;
__u8 hw_addr[8];
};
struct nfulnl_msg_packet_timestamp {
__aligned_be64 sec;
__aligned_be64 usec;
};
enum nfulnl_attr_type {
NFULA_UNSPEC,
NFULA_PACKET_HDR,
NFULA_MARK, /* __u32 nfmark */
NFULA_TIMESTAMP, /* nfulnl_msg_packet_timestamp */
NFULA_IFINDEX_INDEV, /* __u32 ifindex */
NFULA_IFINDEX_OUTDEV, /* __u32 ifindex */
NFULA_IFINDEX_PHYSINDEV, /* __u32 ifindex */
NFULA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */
NFULA_HWADDR, /* nfulnl_msg_packet_hw */
NFULA_PAYLOAD, /* opaque data payload */
NFULA_PREFIX, /* string prefix */
NFULA_UID, /* user id of socket */
NFULA_SEQ, /* instance-local sequence number */
NFULA_SEQ_GLOBAL, /* global sequence number */
NFULA_GID, /* group id of socket */
NFULA_HWTYPE, /* hardware type */
NFULA_HWHEADER, /* hardware header */
NFULA_HWLEN, /* hardware header length */
NFULA_CT, /* nf_conntrack_netlink.h */
NFULA_CT_INFO, /* enum ip_conntrack_info */
__NFULA_MAX
};
#define NFULA_MAX (__NFULA_MAX - 1)
enum nfulnl_msg_config_cmds {
NFULNL_CFG_CMD_NONE,
NFULNL_CFG_CMD_BIND,
NFULNL_CFG_CMD_UNBIND,
NFULNL_CFG_CMD_PF_BIND,
NFULNL_CFG_CMD_PF_UNBIND,
};
struct nfulnl_msg_config_cmd {
__u8 command; /* nfulnl_msg_config_cmds */
} __attribute__ ((packed));
struct nfulnl_msg_config_mode {
__be32 copy_range;
__u8 copy_mode;
__u8 _pad;
} __attribute__ ((packed));
enum nfulnl_attr_config {
NFULA_CFG_UNSPEC,
NFULA_CFG_CMD, /* nfulnl_msg_config_cmd */
NFULA_CFG_MODE, /* nfulnl_msg_config_mode */
NFULA_CFG_NLBUFSIZ, /* __u32 buffer size */
NFULA_CFG_TIMEOUT, /* __u32 in 1/100 s */
NFULA_CFG_QTHRESH, /* __u32 */
NFULA_CFG_FLAGS, /* __u16 */
__NFULA_CFG_MAX
};
#define NFULA_CFG_MAX (__NFULA_CFG_MAX -1)
#define NFULNL_COPY_NONE 0x00
#define NFULNL_COPY_META 0x01
#define NFULNL_COPY_PACKET 0x02
/* 0xff is reserved, don't use it for new copy modes. */
#define NFULNL_CFG_F_SEQ 0x0001
#define NFULNL_CFG_F_SEQ_GLOBAL 0x0002
#define NFULNL_CFG_F_CONNTRACK 0x0004
#endif /* _NFNETLINK_LOG_H */

128
libnl/include/linux-private/linux/netfilter/nfnetlink_queue.h Normal file
View file

@ -0,0 +1,128 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _NFNETLINK_QUEUE_H
#define _NFNETLINK_QUEUE_H
#include <linux/types.h>
#include <linux/netfilter/nfnetlink.h>
enum nfqnl_msg_types {
NFQNL_MSG_PACKET, /* packet from kernel to userspace */
NFQNL_MSG_VERDICT, /* verdict from userspace to kernel */
NFQNL_MSG_CONFIG, /* connect to a particular queue */
NFQNL_MSG_VERDICT_BATCH, /* batchv from userspace to kernel */
NFQNL_MSG_MAX
};
struct nfqnl_msg_packet_hdr {
__be32 packet_id; /* unique ID of packet in queue */
__be16 hw_protocol; /* hw protocol (network order) */
__u8 hook; /* netfilter hook */
} __attribute__ ((packed));
struct nfqnl_msg_packet_hw {
__be16 hw_addrlen;
__u16 _pad;
__u8 hw_addr[8];
};
struct nfqnl_msg_packet_timestamp {
__aligned_be64 sec;
__aligned_be64 usec;
};
enum nfqnl_vlan_attr {
NFQA_VLAN_UNSPEC,
NFQA_VLAN_PROTO, /* __be16 skb vlan_proto */
NFQA_VLAN_TCI, /* __be16 skb htons(vlan_tci) */
__NFQA_VLAN_MAX,
};
#define NFQA_VLAN_MAX (__NFQA_VLAN_MAX - 1)
enum nfqnl_attr_type {
NFQA_UNSPEC,
NFQA_PACKET_HDR,
NFQA_VERDICT_HDR, /* nfqnl_msg_verdict_hrd */
NFQA_MARK, /* __u32 nfmark */
NFQA_TIMESTAMP, /* nfqnl_msg_packet_timestamp */
NFQA_IFINDEX_INDEV, /* __u32 ifindex */
NFQA_IFINDEX_OUTDEV, /* __u32 ifindex */
NFQA_IFINDEX_PHYSINDEV, /* __u32 ifindex */
NFQA_IFINDEX_PHYSOUTDEV, /* __u32 ifindex */
NFQA_HWADDR, /* nfqnl_msg_packet_hw */
NFQA_PAYLOAD, /* opaque data payload */
NFQA_CT, /* nf_conntrack_netlink.h */
NFQA_CT_INFO, /* enum ip_conntrack_info */
NFQA_CAP_LEN, /* __u32 length of captured packet */
NFQA_SKB_INFO, /* __u32 skb meta information */
NFQA_EXP, /* nf_conntrack_netlink.h */
NFQA_UID, /* __u32 sk uid */
NFQA_GID, /* __u32 sk gid */
NFQA_SECCTX, /* security context string */
NFQA_VLAN, /* nested attribute: packet vlan info */
NFQA_L2HDR, /* full L2 header */
__NFQA_MAX
};
#define NFQA_MAX (__NFQA_MAX - 1)
struct nfqnl_msg_verdict_hdr {
__be32 verdict;
__be32 id;
};
enum nfqnl_msg_config_cmds {
NFQNL_CFG_CMD_NONE,
NFQNL_CFG_CMD_BIND,
NFQNL_CFG_CMD_UNBIND,
NFQNL_CFG_CMD_PF_BIND,
NFQNL_CFG_CMD_PF_UNBIND,
};
struct nfqnl_msg_config_cmd {
__u8 command; /* nfqnl_msg_config_cmds */
__u8 _pad;
__be16 pf; /* AF_xxx for PF_[UN]BIND */
};
enum nfqnl_config_mode {
NFQNL_COPY_NONE,
NFQNL_COPY_META,
NFQNL_COPY_PACKET,
};
struct nfqnl_msg_config_params {
__be32 copy_range;
__u8 copy_mode; /* enum nfqnl_config_mode */
} __attribute__ ((packed));
enum nfqnl_attr_config {
NFQA_CFG_UNSPEC,
NFQA_CFG_CMD, /* nfqnl_msg_config_cmd */
NFQA_CFG_PARAMS, /* nfqnl_msg_config_params */
NFQA_CFG_QUEUE_MAXLEN, /* __u32 */
NFQA_CFG_MASK, /* identify which flags to change */
NFQA_CFG_FLAGS, /* value of these flags (__u32) */
__NFQA_CFG_MAX
};
#define NFQA_CFG_MAX (__NFQA_CFG_MAX-1)
/* Flags for NFQA_CFG_FLAGS */
#define NFQA_CFG_F_FAIL_OPEN (1 << 0)
#define NFQA_CFG_F_CONNTRACK (1 << 1)
#define NFQA_CFG_F_GSO (1 << 2)
#define NFQA_CFG_F_UID_GID (1 << 3)
#define NFQA_CFG_F_SECCTX (1 << 4)
#define NFQA_CFG_F_MAX (1 << 5)
/* flags for NFQA_SKB_INFO */
/* packet appears to have wrong checksums, but they are ok */
#define NFQA_SKB_CSUMNOTREADY (1 << 0)
/* packet is GSO (i.e., exceeds device mtu) */
#define NFQA_SKB_GSO (1 << 1)
/* csum not validated (incoming device doesn't support hw checksum, etc.) */
#define NFQA_SKB_CSUM_NOTVERIFIED (1 << 2)
#endif /* _NFNETLINK_QUEUE_H */

247
libnl/include/linux-private/linux/netlink.h Normal file
View file

@ -0,0 +1,247 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_NETLINK_H
#define __LINUX_NETLINK_H
#include <linux/kernel.h>
#include <linux/socket.h> /* for __kernel_sa_family_t */
#include <linux/types.h>
#define NETLINK_ROUTE 0 /* Routing/device hook */
#define NETLINK_UNUSED 1 /* Unused number */
#define NETLINK_USERSOCK 2 /* Reserved for user mode socket protocols */
#define NETLINK_FIREWALL 3 /* Unused number, formerly ip_queue */
#define NETLINK_SOCK_DIAG 4 /* socket monitoring */
#define NETLINK_NFLOG 5 /* netfilter/iptables ULOG */
#define NETLINK_XFRM 6 /* ipsec */
#define NETLINK_SELINUX 7 /* SELinux event notifications */
#define NETLINK_ISCSI 8 /* Open-iSCSI */
#define NETLINK_AUDIT 9 /* auditing */
#define NETLINK_FIB_LOOKUP 10
#define NETLINK_CONNECTOR 11
#define NETLINK_NETFILTER 12 /* netfilter subsystem */
#define NETLINK_IP6_FW 13
#define NETLINK_DNRTMSG 14 /* DECnet routing messages */
#define NETLINK_KOBJECT_UEVENT 15 /* Kernel messages to userspace */
#define NETLINK_GENERIC 16
/* leave room for NETLINK_DM (DM Events) */
#define NETLINK_SCSITRANSPORT 18 /* SCSI Transports */
#define NETLINK_ECRYPTFS 19
#define NETLINK_RDMA 20
#define NETLINK_CRYPTO 21 /* Crypto layer */
#define NETLINK_SMC 22 /* SMC monitoring */
#define NETLINK_INET_DIAG NETLINK_SOCK_DIAG
#define MAX_LINKS 32
struct sockaddr_nl {
__kernel_sa_family_t nl_family; /* AF_NETLINK */
unsigned short nl_pad; /* zero */
__u32 nl_pid; /* port ID */
__u32 nl_groups; /* multicast groups mask */
};
struct nlmsghdr {
__u32 nlmsg_len; /* Length of message including header */
__u16 nlmsg_type; /* Message content */
__u16 nlmsg_flags; /* Additional flags */
__u32 nlmsg_seq; /* Sequence number */
__u32 nlmsg_pid; /* Sending process port ID */
};
/* Flags values */
#define NLM_F_REQUEST 0x01 /* It is request message. */
#define NLM_F_MULTI 0x02 /* Multipart message, terminated by NLMSG_DONE */
#define NLM_F_ACK 0x04 /* Reply with ack, with zero or error code */
#define NLM_F_ECHO 0x08 /* Echo this request */
#define NLM_F_DUMP_INTR 0x10 /* Dump was inconsistent due to sequence change */
#define NLM_F_DUMP_FILTERED 0x20 /* Dump was filtered as requested */
/* Modifiers to GET request */
#define NLM_F_ROOT 0x100 /* specify tree root */
#define NLM_F_MATCH 0x200 /* return all matching */
#define NLM_F_ATOMIC 0x400 /* atomic GET */
#define NLM_F_DUMP (NLM_F_ROOT|NLM_F_MATCH)
/* Modifiers to NEW request */
#define NLM_F_REPLACE 0x100 /* Override existing */
#define NLM_F_EXCL 0x200 /* Do not touch, if it exists */
#define NLM_F_CREATE 0x400 /* Create, if it does not exist */
#define NLM_F_APPEND 0x800 /* Add to end of list */
/* Modifiers to DELETE request */
#define NLM_F_NONREC 0x100 /* Do not delete recursively */
/* Flags for ACK message */
#define NLM_F_CAPPED 0x100 /* request was capped */
#define NLM_F_ACK_TLVS 0x200 /* extended ACK TVLs were included */
/*
4.4BSD ADD NLM_F_CREATE|NLM_F_EXCL
4.4BSD CHANGE NLM_F_REPLACE
True CHANGE NLM_F_CREATE|NLM_F_REPLACE
Append NLM_F_CREATE
Check NLM_F_EXCL
*/
#define NLMSG_ALIGNTO 4U
#define NLMSG_ALIGN(len) ( ((len)+NLMSG_ALIGNTO-1) & ~(NLMSG_ALIGNTO-1) )
#define NLMSG_HDRLEN ((int) NLMSG_ALIGN(sizeof(struct nlmsghdr)))
#define NLMSG_LENGTH(len) ((len) + NLMSG_HDRLEN)
#define NLMSG_SPACE(len) NLMSG_ALIGN(NLMSG_LENGTH(len))
#define NLMSG_DATA(nlh) ((void*)(((char*)nlh) + NLMSG_LENGTH(0)))
#define NLMSG_NEXT(nlh,len) ((len) -= NLMSG_ALIGN((nlh)->nlmsg_len), \
(struct nlmsghdr*)(((char*)(nlh)) + NLMSG_ALIGN((nlh)->nlmsg_len)))
#define NLMSG_OK(nlh,len) ((len) >= (int)sizeof(struct nlmsghdr) && \
(nlh)->nlmsg_len >= sizeof(struct nlmsghdr) && \
(nlh)->nlmsg_len <= (len))
#define NLMSG_PAYLOAD(nlh,len) ((nlh)->nlmsg_len - NLMSG_SPACE((len)))
#define NLMSG_NOOP 0x1 /* Nothing. */
#define NLMSG_ERROR 0x2 /* Error */
#define NLMSG_DONE 0x3 /* End of a dump */
#define NLMSG_OVERRUN 0x4 /* Data lost */
#define NLMSG_MIN_TYPE 0x10 /* < 0x10: reserved control messages */
struct nlmsgerr {
int error;
struct nlmsghdr msg;
/*
* followed by the message contents unless NETLINK_CAP_ACK was set
* or the ACK indicates success (error == 0)
* message length is aligned with NLMSG_ALIGN()
*/
/*
* followed by TLVs defined in enum nlmsgerr_attrs
* if NETLINK_EXT_ACK was set
*/
};
/**
* enum nlmsgerr_attrs - nlmsgerr attributes
* @NLMSGERR_ATTR_UNUSED: unused
* @NLMSGERR_ATTR_MSG: error message string (string)
* @NLMSGERR_ATTR_OFFS: offset of the invalid attribute in the original
* message, counting from the beginning of the header (u32)
* @NLMSGERR_ATTR_COOKIE: arbitrary subsystem specific cookie to
* be used - in the success case - to identify a created
* object or operation or similar (binary)
* @__NLMSGERR_ATTR_MAX: number of attributes
* @NLMSGERR_ATTR_MAX: highest attribute number
*/
enum nlmsgerr_attrs {
NLMSGERR_ATTR_UNUSED,
NLMSGERR_ATTR_MSG,
NLMSGERR_ATTR_OFFS,
NLMSGERR_ATTR_COOKIE,
__NLMSGERR_ATTR_MAX,
NLMSGERR_ATTR_MAX = __NLMSGERR_ATTR_MAX - 1
};
#define NETLINK_ADD_MEMBERSHIP 1
#define NETLINK_DROP_MEMBERSHIP 2
#define NETLINK_PKTINFO 3
#define NETLINK_BROADCAST_ERROR 4
#define NETLINK_NO_ENOBUFS 5
#define NETLINK_RX_RING 6
#define NETLINK_TX_RING 7
#define NETLINK_LISTEN_ALL_NSID 8
#define NETLINK_LIST_MEMBERSHIPS 9
#define NETLINK_CAP_ACK 10
#define NETLINK_EXT_ACK 11
struct nl_pktinfo {
__u32 group;
};
struct nl_mmap_req {
unsigned int nm_block_size;
unsigned int nm_block_nr;
unsigned int nm_frame_size;
unsigned int nm_frame_nr;
};
struct nl_mmap_hdr {
unsigned int nm_status;
unsigned int nm_len;
__u32 nm_group;
/* credentials */
__u32 nm_pid;
__u32 nm_uid;
__u32 nm_gid;
};
enum nl_mmap_status {
NL_MMAP_STATUS_UNUSED,
NL_MMAP_STATUS_RESERVED,
NL_MMAP_STATUS_VALID,
NL_MMAP_STATUS_COPY,
NL_MMAP_STATUS_SKIP,
};
#define NL_MMAP_MSG_ALIGNMENT NLMSG_ALIGNTO
#define NL_MMAP_MSG_ALIGN(sz) __ALIGN_KERNEL(sz, NL_MMAP_MSG_ALIGNMENT)
#define NL_MMAP_HDRLEN NL_MMAP_MSG_ALIGN(sizeof(struct nl_mmap_hdr))
#define NET_MAJOR 36 /* Major 36 is reserved for networking */
enum {
NETLINK_UNCONNECTED = 0,
NETLINK_CONNECTED,
};
/*
* <------- NLA_HDRLEN ------> <-- NLA_ALIGN(payload)-->
* +---------------------+- - -+- - - - - - - - - -+- - -+
* | Header | Pad | Payload | Pad |
* | (struct nlattr) | ing | | ing |
* +---------------------+- - -+- - - - - - - - - -+- - -+
* <-------------- nlattr->nla_len -------------->
*/
struct nlattr {
__u16 nla_len;
__u16 nla_type;
};
/*
* nla_type (16 bits)
* +---+---+-------------------------------+
* | N | O | Attribute Type |
* +---+---+-------------------------------+
* N := Carries nested attributes
* O := Payload stored in network byte order
*
* Note: The N and O flag are mutually exclusive.
*/
#define NLA_F_NESTED (1 << 15)
#define NLA_F_NET_BYTEORDER (1 << 14)
#define NLA_TYPE_MASK ~(NLA_F_NESTED | NLA_F_NET_BYTEORDER)
#define NLA_ALIGNTO 4
#define NLA_ALIGN(len) (((len) + NLA_ALIGNTO - 1) & ~(NLA_ALIGNTO - 1))
#define NLA_HDRLEN ((int) NLA_ALIGN(sizeof(struct nlattr)))
/* Generic 32 bitflags attribute content sent to the kernel.
*
* The value is a bitmap that defines the values being set
* The selector is a bitmask that defines which value is legit
*
* Examples:
* value = 0x0, and selector = 0x1
* implies we are selecting bit 1 and we want to set its value to 0.
*
* value = 0x2, and selector = 0x2
* implies we are selecting bit 2 and we want to set its value to 1.
*
*/
struct nla_bitfield32 {
__u32 value;
__u32 selector;
};
#endif /* __LINUX_NETLINK_H */

610
libnl/include/linux-private/linux/pkt_cls.h Normal file
View file

@ -0,0 +1,610 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_PKT_CLS_H
#define __LINUX_PKT_CLS_H
#include <linux/types.h>
#include <linux/pkt_sched.h>
#define TC_COOKIE_MAX_SIZE 16
/* Action attributes */
enum {
TCA_ACT_UNSPEC,
TCA_ACT_KIND,
TCA_ACT_OPTIONS,
TCA_ACT_INDEX,
TCA_ACT_STATS,
TCA_ACT_PAD,
TCA_ACT_COOKIE,
__TCA_ACT_MAX
};
#define TCA_ACT_MAX __TCA_ACT_MAX
#define TCA_OLD_COMPAT (TCA_ACT_MAX+1)
#define TCA_ACT_MAX_PRIO 32
#define TCA_ACT_BIND 1
#define TCA_ACT_NOBIND 0
#define TCA_ACT_UNBIND 1
#define TCA_ACT_NOUNBIND 0
#define TCA_ACT_REPLACE 1
#define TCA_ACT_NOREPLACE 0
#define TC_ACT_UNSPEC (-1)
#define TC_ACT_OK 0
#define TC_ACT_RECLASSIFY 1
#define TC_ACT_SHOT 2
#define TC_ACT_PIPE 3
#define TC_ACT_STOLEN 4
#define TC_ACT_QUEUED 5
#define TC_ACT_REPEAT 6
#define TC_ACT_REDIRECT 7
#define TC_ACT_TRAP 8 /* For hw path, this means "trap to cpu"
* and don't further process the frame
* in hardware. For sw path, this is
* equivalent of TC_ACT_STOLEN - drop
* the skb and act like everything
* is alright.
*/
#define TC_ACT_VALUE_MAX TC_ACT_TRAP
/* There is a special kind of actions called "extended actions",
* which need a value parameter. These have a local opcode located in
* the highest nibble, starting from 1. The rest of the bits
* are used to carry the value. These two parts together make
* a combined opcode.
*/
#define __TC_ACT_EXT_SHIFT 28
#define __TC_ACT_EXT(local) ((local) << __TC_ACT_EXT_SHIFT)
#define TC_ACT_EXT_VAL_MASK ((1 << __TC_ACT_EXT_SHIFT) - 1)
#define TC_ACT_EXT_OPCODE(combined) ((combined) & (~TC_ACT_EXT_VAL_MASK))
#define TC_ACT_EXT_CMP(combined, opcode) (TC_ACT_EXT_OPCODE(combined) == opcode)
#define TC_ACT_JUMP __TC_ACT_EXT(1)
#define TC_ACT_GOTO_CHAIN __TC_ACT_EXT(2)
#define TC_ACT_EXT_OPCODE_MAX TC_ACT_GOTO_CHAIN
/* Action type identifiers*/
enum {
TCA_ID_UNSPEC=0,
TCA_ID_POLICE=1,
/* other actions go here */
__TCA_ID_MAX=255
};
#define TCA_ID_MAX __TCA_ID_MAX
struct tc_police {
__u32 index;
int action;
#define TC_POLICE_UNSPEC TC_ACT_UNSPEC
#define TC_POLICE_OK TC_ACT_OK
#define TC_POLICE_RECLASSIFY TC_ACT_RECLASSIFY
#define TC_POLICE_SHOT TC_ACT_SHOT
#define TC_POLICE_PIPE TC_ACT_PIPE
__u32 limit;
__u32 burst;
__u32 mtu;
struct tc_ratespec rate;
struct tc_ratespec peakrate;
int refcnt;
int bindcnt;
__u32 capab;
};
struct tcf_t {
__u64 install;
__u64 lastuse;
__u64 expires;
__u64 firstuse;
};
struct tc_cnt {
int refcnt;
int bindcnt;
};
#define tc_gen \
__u32 index; \
__u32 capab; \
int action; \
int refcnt; \
int bindcnt
enum {
TCA_POLICE_UNSPEC,
TCA_POLICE_TBF,
TCA_POLICE_RATE,
TCA_POLICE_PEAKRATE,
TCA_POLICE_AVRATE,
TCA_POLICE_RESULT,
TCA_POLICE_TM,
TCA_POLICE_PAD,
__TCA_POLICE_MAX
#define TCA_POLICE_RESULT TCA_POLICE_RESULT
};
#define TCA_POLICE_MAX (__TCA_POLICE_MAX - 1)
/* tca flags definitions */
#define TCA_CLS_FLAGS_SKIP_HW (1 << 0) /* don't offload filter to HW */
#define TCA_CLS_FLAGS_SKIP_SW (1 << 1) /* don't use filter in SW */
#define TCA_CLS_FLAGS_IN_HW (1 << 2) /* filter is offloaded to HW */
#define TCA_CLS_FLAGS_NOT_IN_HW (1 << 3) /* filter isn't offloaded to HW */
#define TCA_CLS_FLAGS_VERBOSE (1 << 4) /* verbose logging */
/* U32 filters */
#define TC_U32_HTID(h) ((h)&0xFFF00000)
#define TC_U32_USERHTID(h) (TC_U32_HTID(h)>>20)
#define TC_U32_HASH(h) (((h)>>12)&0xFF)
#define TC_U32_NODE(h) ((h)&0xFFF)
#define TC_U32_KEY(h) ((h)&0xFFFFF)
#define TC_U32_UNSPEC 0
#define TC_U32_ROOT (0xFFF00000)
enum {
TCA_U32_UNSPEC,
TCA_U32_CLASSID,
TCA_U32_HASH,
TCA_U32_LINK,
TCA_U32_DIVISOR,
TCA_U32_SEL,
TCA_U32_POLICE,
TCA_U32_ACT,
TCA_U32_INDEV,
TCA_U32_PCNT,
TCA_U32_MARK,
TCA_U32_FLAGS,
TCA_U32_PAD,
__TCA_U32_MAX
};
#define TCA_U32_MAX (__TCA_U32_MAX - 1)
struct tc_u32_key {
__be32 mask;
__be32 val;
int off;
int offmask;
};
struct tc_u32_sel {
unsigned char flags;
unsigned char offshift;
unsigned char nkeys;
__be16 offmask;
__u16 off;
short offoff;
short hoff;
__be32 hmask;
struct tc_u32_key keys[0];
};
struct tc_u32_mark {
__u32 val;
__u32 mask;
__u32 success;
};
struct tc_u32_pcnt {
__u64 rcnt;
__u64 rhit;
__u64 kcnts[0];
};
/* Flags */
#define TC_U32_TERMINAL 1
#define TC_U32_OFFSET 2
#define TC_U32_VAROFFSET 4
#define TC_U32_EAT 8
#define TC_U32_MAXDEPTH 8
/* RSVP filter */
enum {
TCA_RSVP_UNSPEC,
TCA_RSVP_CLASSID,
TCA_RSVP_DST,
TCA_RSVP_SRC,
TCA_RSVP_PINFO,
TCA_RSVP_POLICE,
TCA_RSVP_ACT,
__TCA_RSVP_MAX
};
#define TCA_RSVP_MAX (__TCA_RSVP_MAX - 1 )
struct tc_rsvp_gpi {
__u32 key;
__u32 mask;
int offset;
};
struct tc_rsvp_pinfo {
struct tc_rsvp_gpi dpi;
struct tc_rsvp_gpi spi;
__u8 protocol;
__u8 tunnelid;
__u8 tunnelhdr;
__u8 pad;
};
/* ROUTE filter */
enum {
TCA_ROUTE4_UNSPEC,
TCA_ROUTE4_CLASSID,
TCA_ROUTE4_TO,
TCA_ROUTE4_FROM,
TCA_ROUTE4_IIF,
TCA_ROUTE4_POLICE,
TCA_ROUTE4_ACT,
__TCA_ROUTE4_MAX
};
#define TCA_ROUTE4_MAX (__TCA_ROUTE4_MAX - 1)
/* FW filter */
enum {
TCA_FW_UNSPEC,
TCA_FW_CLASSID,
TCA_FW_POLICE,
TCA_FW_INDEV, /* used by CONFIG_NET_CLS_IND */
TCA_FW_ACT, /* used by CONFIG_NET_CLS_ACT */
TCA_FW_MASK,
__TCA_FW_MAX
};
#define TCA_FW_MAX (__TCA_FW_MAX - 1)
/* TC index filter */
enum {
TCA_TCINDEX_UNSPEC,
TCA_TCINDEX_HASH,
TCA_TCINDEX_MASK,
TCA_TCINDEX_SHIFT,
TCA_TCINDEX_FALL_THROUGH,
TCA_TCINDEX_CLASSID,
TCA_TCINDEX_POLICE,
TCA_TCINDEX_ACT,
__TCA_TCINDEX_MAX
};
#define TCA_TCINDEX_MAX (__TCA_TCINDEX_MAX - 1)
/* Flow filter */
enum {
FLOW_KEY_SRC,
FLOW_KEY_DST,
FLOW_KEY_PROTO,
FLOW_KEY_PROTO_SRC,
FLOW_KEY_PROTO_DST,
FLOW_KEY_IIF,
FLOW_KEY_PRIORITY,
FLOW_KEY_MARK,
FLOW_KEY_NFCT,
FLOW_KEY_NFCT_SRC,
FLOW_KEY_NFCT_DST,
FLOW_KEY_NFCT_PROTO_SRC,
FLOW_KEY_NFCT_PROTO_DST,
FLOW_KEY_RTCLASSID,
FLOW_KEY_SKUID,
FLOW_KEY_SKGID,
FLOW_KEY_VLAN_TAG,
FLOW_KEY_RXHASH,
__FLOW_KEY_MAX,
};
#define FLOW_KEY_MAX (__FLOW_KEY_MAX - 1)
enum {
FLOW_MODE_MAP,
FLOW_MODE_HASH,
};
enum {
TCA_FLOW_UNSPEC,
TCA_FLOW_KEYS,
TCA_FLOW_MODE,
TCA_FLOW_BASECLASS,
TCA_FLOW_RSHIFT,
TCA_FLOW_ADDEND,
TCA_FLOW_MASK,
TCA_FLOW_XOR,
TCA_FLOW_DIVISOR,
TCA_FLOW_ACT,
TCA_FLOW_POLICE,
TCA_FLOW_EMATCHES,
TCA_FLOW_PERTURB,
__TCA_FLOW_MAX
};
#define TCA_FLOW_MAX (__TCA_FLOW_MAX - 1)
/* Basic filter */
enum {
TCA_BASIC_UNSPEC,
TCA_BASIC_CLASSID,
TCA_BASIC_EMATCHES,
TCA_BASIC_ACT,
TCA_BASIC_POLICE,
__TCA_BASIC_MAX
};
#define TCA_BASIC_MAX (__TCA_BASIC_MAX - 1)
/* Cgroup classifier */
enum {
TCA_CGROUP_UNSPEC,
TCA_CGROUP_ACT,
TCA_CGROUP_POLICE,
TCA_CGROUP_EMATCHES,
__TCA_CGROUP_MAX,
};
#define TCA_CGROUP_MAX (__TCA_CGROUP_MAX - 1)
/* BPF classifier */
#define TCA_BPF_FLAG_ACT_DIRECT (1 << 0)
enum {
TCA_BPF_UNSPEC,
TCA_BPF_ACT,
TCA_BPF_POLICE,
TCA_BPF_CLASSID,
TCA_BPF_OPS_LEN,
TCA_BPF_OPS,
TCA_BPF_FD,
TCA_BPF_NAME,
TCA_BPF_FLAGS,
TCA_BPF_FLAGS_GEN,
TCA_BPF_TAG,
TCA_BPF_ID,
__TCA_BPF_MAX,
};
#define TCA_BPF_MAX (__TCA_BPF_MAX - 1)
/* Flower classifier */
enum {
TCA_FLOWER_UNSPEC,
TCA_FLOWER_CLASSID,
TCA_FLOWER_INDEV,
TCA_FLOWER_ACT,
TCA_FLOWER_KEY_ETH_DST, /* ETH_ALEN */
TCA_FLOWER_KEY_ETH_DST_MASK, /* ETH_ALEN */
TCA_FLOWER_KEY_ETH_SRC, /* ETH_ALEN */
TCA_FLOWER_KEY_ETH_SRC_MASK, /* ETH_ALEN */
TCA_FLOWER_KEY_ETH_TYPE, /* be16 */
TCA_FLOWER_KEY_IP_PROTO, /* u8 */
TCA_FLOWER_KEY_IPV4_SRC, /* be32 */
TCA_FLOWER_KEY_IPV4_SRC_MASK, /* be32 */
TCA_FLOWER_KEY_IPV4_DST, /* be32 */
TCA_FLOWER_KEY_IPV4_DST_MASK, /* be32 */
TCA_FLOWER_KEY_IPV6_SRC, /* struct in6_addr */
TCA_FLOWER_KEY_IPV6_SRC_MASK, /* struct in6_addr */
TCA_FLOWER_KEY_IPV6_DST, /* struct in6_addr */
TCA_FLOWER_KEY_IPV6_DST_MASK, /* struct in6_addr */
TCA_FLOWER_KEY_TCP_SRC, /* be16 */
TCA_FLOWER_KEY_TCP_DST, /* be16 */
TCA_FLOWER_KEY_UDP_SRC, /* be16 */
TCA_FLOWER_KEY_UDP_DST, /* be16 */
TCA_FLOWER_FLAGS,
TCA_FLOWER_KEY_VLAN_ID, /* be16 */
TCA_FLOWER_KEY_VLAN_PRIO, /* u8 */
TCA_FLOWER_KEY_VLAN_ETH_TYPE, /* be16 */
TCA_FLOWER_KEY_ENC_KEY_ID, /* be32 */
TCA_FLOWER_KEY_ENC_IPV4_SRC, /* be32 */
TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK,/* be32 */
TCA_FLOWER_KEY_ENC_IPV4_DST, /* be32 */
TCA_FLOWER_KEY_ENC_IPV4_DST_MASK,/* be32 */
TCA_FLOWER_KEY_ENC_IPV6_SRC, /* struct in6_addr */
TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK,/* struct in6_addr */
TCA_FLOWER_KEY_ENC_IPV6_DST, /* struct in6_addr */
TCA_FLOWER_KEY_ENC_IPV6_DST_MASK,/* struct in6_addr */
TCA_FLOWER_KEY_TCP_SRC_MASK, /* be16 */
TCA_FLOWER_KEY_TCP_DST_MASK, /* be16 */
TCA_FLOWER_KEY_UDP_SRC_MASK, /* be16 */
TCA_FLOWER_KEY_UDP_DST_MASK, /* be16 */
TCA_FLOWER_KEY_SCTP_SRC_MASK, /* be16 */
TCA_FLOWER_KEY_SCTP_DST_MASK, /* be16 */
TCA_FLOWER_KEY_SCTP_SRC, /* be16 */
TCA_FLOWER_KEY_SCTP_DST, /* be16 */
TCA_FLOWER_KEY_ENC_UDP_SRC_PORT, /* be16 */
TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK, /* be16 */
TCA_FLOWER_KEY_ENC_UDP_DST_PORT, /* be16 */
TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK, /* be16 */
TCA_FLOWER_KEY_FLAGS, /* be32 */
TCA_FLOWER_KEY_FLAGS_MASK, /* be32 */
TCA_FLOWER_KEY_ICMPV4_CODE, /* u8 */
TCA_FLOWER_KEY_ICMPV4_CODE_MASK,/* u8 */
TCA_FLOWER_KEY_ICMPV4_TYPE, /* u8 */
TCA_FLOWER_KEY_ICMPV4_TYPE_MASK,/* u8 */
TCA_FLOWER_KEY_ICMPV6_CODE, /* u8 */
TCA_FLOWER_KEY_ICMPV6_CODE_MASK,/* u8 */
TCA_FLOWER_KEY_ICMPV6_TYPE, /* u8 */
TCA_FLOWER_KEY_ICMPV6_TYPE_MASK,/* u8 */
TCA_FLOWER_KEY_ARP_SIP, /* be32 */
TCA_FLOWER_KEY_ARP_SIP_MASK, /* be32 */
TCA_FLOWER_KEY_ARP_TIP, /* be32 */
TCA_FLOWER_KEY_ARP_TIP_MASK, /* be32 */
TCA_FLOWER_KEY_ARP_OP, /* u8 */
TCA_FLOWER_KEY_ARP_OP_MASK, /* u8 */
TCA_FLOWER_KEY_ARP_SHA, /* ETH_ALEN */
TCA_FLOWER_KEY_ARP_SHA_MASK, /* ETH_ALEN */
TCA_FLOWER_KEY_ARP_THA, /* ETH_ALEN */
TCA_FLOWER_KEY_ARP_THA_MASK, /* ETH_ALEN */
TCA_FLOWER_KEY_MPLS_TTL, /* u8 - 8 bits */
TCA_FLOWER_KEY_MPLS_BOS, /* u8 - 1 bit */
TCA_FLOWER_KEY_MPLS_TC, /* u8 - 3 bits */
TCA_FLOWER_KEY_MPLS_LABEL, /* be32 - 20 bits */
TCA_FLOWER_KEY_TCP_FLAGS, /* be16 */
TCA_FLOWER_KEY_TCP_FLAGS_MASK, /* be16 */
TCA_FLOWER_KEY_IP_TOS, /* u8 */
TCA_FLOWER_KEY_IP_TOS_MASK, /* u8 */
TCA_FLOWER_KEY_IP_TTL, /* u8 */
TCA_FLOWER_KEY_IP_TTL_MASK, /* u8 */
TCA_FLOWER_KEY_CVLAN_ID, /* be16 */
TCA_FLOWER_KEY_CVLAN_PRIO, /* u8 */
TCA_FLOWER_KEY_CVLAN_ETH_TYPE, /* be16 */
TCA_FLOWER_KEY_ENC_IP_TOS, /* u8 */
TCA_FLOWER_KEY_ENC_IP_TOS_MASK, /* u8 */
TCA_FLOWER_KEY_ENC_IP_TTL, /* u8 */
TCA_FLOWER_KEY_ENC_IP_TTL_MASK, /* u8 */
TCA_FLOWER_KEY_ENC_OPTS,
TCA_FLOWER_KEY_ENC_OPTS_MASK,
__TCA_FLOWER_MAX,
};
#define TCA_FLOWER_MAX (__TCA_FLOWER_MAX - 1)
enum {
TCA_FLOWER_KEY_ENC_OPTS_UNSPEC,
TCA_FLOWER_KEY_ENC_OPTS_GENEVE, /* Nested
* TCA_FLOWER_KEY_ENC_OPT_GENEVE_
* attributes
*/
__TCA_FLOWER_KEY_ENC_OPTS_MAX,
};
#define TCA_FLOWER_KEY_ENC_OPTS_MAX (__TCA_FLOWER_KEY_ENC_OPTS_MAX - 1)
enum {
TCA_FLOWER_KEY_ENC_OPT_GENEVE_UNSPEC,
TCA_FLOWER_KEY_ENC_OPT_GENEVE_CLASS, /* u16 */
TCA_FLOWER_KEY_ENC_OPT_GENEVE_TYPE, /* u8 */
TCA_FLOWER_KEY_ENC_OPT_GENEVE_DATA, /* 4 to 128 bytes */
__TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX,
};
#define TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX \
(__TCA_FLOWER_KEY_ENC_OPT_GENEVE_MAX - 1)
enum {
TCA_FLOWER_KEY_FLAGS_IS_FRAGMENT = (1 << 0),
TCA_FLOWER_KEY_FLAGS_FRAG_IS_FIRST = (1 << 1),
};
/* Match-all classifier */
enum {
TCA_MATCHALL_UNSPEC,
TCA_MATCHALL_CLASSID,
TCA_MATCHALL_ACT,
TCA_MATCHALL_FLAGS,
__TCA_MATCHALL_MAX,
};
#define TCA_MATCHALL_MAX (__TCA_MATCHALL_MAX - 1)
/* Extended Matches */
struct tcf_ematch_tree_hdr {
__u16 nmatches;
__u16 progid;
};
enum {
TCA_EMATCH_TREE_UNSPEC,
TCA_EMATCH_TREE_HDR,
TCA_EMATCH_TREE_LIST,
__TCA_EMATCH_TREE_MAX
};
#define TCA_EMATCH_TREE_MAX (__TCA_EMATCH_TREE_MAX - 1)
struct tcf_ematch_hdr {
__u16 matchid;
__u16 kind;
__u16 flags;
__u16 pad; /* currently unused */
};
/* 0 1
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
* +-----------------------+-+-+---+
* | Unused |S|I| R |
* +-----------------------+-+-+---+
*
* R(2) ::= relation to next ematch
* where: 0 0 END (last ematch)
* 0 1 AND
* 1 0 OR
* 1 1 Unused (invalid)
* I(1) ::= invert result
* S(1) ::= simple payload
*/
#define TCF_EM_REL_END 0
#define TCF_EM_REL_AND (1<<0)
#define TCF_EM_REL_OR (1<<1)
#define TCF_EM_INVERT (1<<2)
#define TCF_EM_SIMPLE (1<<3)
#define TCF_EM_REL_MASK 3
#define TCF_EM_REL_VALID(v) (((v) & TCF_EM_REL_MASK) != TCF_EM_REL_MASK)
enum {
TCF_LAYER_LINK,
TCF_LAYER_NETWORK,
TCF_LAYER_TRANSPORT,
__TCF_LAYER_MAX
};
#define TCF_LAYER_MAX (__TCF_LAYER_MAX - 1)
/* Ematch type assignments
* 1..32767 Reserved for ematches inside kernel tree
* 32768..65535 Free to use, not reliable
*/
#define TCF_EM_CONTAINER 0
#define TCF_EM_CMP 1
#define TCF_EM_NBYTE 2
#define TCF_EM_U32 3
#define TCF_EM_META 4
#define TCF_EM_TEXT 5
#define TCF_EM_VLAN 6
#define TCF_EM_CANID 7
#define TCF_EM_IPSET 8
#define TCF_EM_IPT 9
#define TCF_EM_MAX 9
enum {
TCF_EM_PROG_TC
};
enum {
TCF_EM_OPND_EQ,
TCF_EM_OPND_GT,
TCF_EM_OPND_LT
};
#endif

1087
libnl/include/linux-private/linux/pkt_sched.h Normal file
View file

File diff suppressed because it is too large Load diff

749
libnl/include/linux-private/linux/rtnetlink.h Normal file
View file

@ -0,0 +1,749 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_RTNETLINK_H
#define __LINUX_RTNETLINK_H
#include <linux/types.h>
#include <linux/netlink.h>
#include <linux/if_link.h>
#include <linux/if_addr.h>
#include <linux/neighbour.h>
/* rtnetlink families. Values up to 127 are reserved for real address
* families, values above 128 may be used arbitrarily.
*/
#define RTNL_FAMILY_IPMR 128
#define RTNL_FAMILY_IP6MR 129
#define RTNL_FAMILY_MAX 129
/****
* Routing/neighbour discovery messages.
****/
/* Types of messages */
enum {
RTM_BASE = 16,
#define RTM_BASE RTM_BASE
RTM_NEWLINK = 16,
#define RTM_NEWLINK RTM_NEWLINK
RTM_DELLINK,
#define RTM_DELLINK RTM_DELLINK
RTM_GETLINK,
#define RTM_GETLINK RTM_GETLINK
RTM_SETLINK,
#define RTM_SETLINK RTM_SETLINK
RTM_NEWADDR = 20,
#define RTM_NEWADDR RTM_NEWADDR
RTM_DELADDR,
#define RTM_DELADDR RTM_DELADDR
RTM_GETADDR,
#define RTM_GETADDR RTM_GETADDR
RTM_NEWROUTE = 24,
#define RTM_NEWROUTE RTM_NEWROUTE
RTM_DELROUTE,
#define RTM_DELROUTE RTM_DELROUTE
RTM_GETROUTE,
#define RTM_GETROUTE RTM_GETROUTE
RTM_NEWNEIGH = 28,
#define RTM_NEWNEIGH RTM_NEWNEIGH
RTM_DELNEIGH,
#define RTM_DELNEIGH RTM_DELNEIGH
RTM_GETNEIGH,
#define RTM_GETNEIGH RTM_GETNEIGH
RTM_NEWRULE = 32,
#define RTM_NEWRULE RTM_NEWRULE
RTM_DELRULE,
#define RTM_DELRULE RTM_DELRULE
RTM_GETRULE,
#define RTM_GETRULE RTM_GETRULE
RTM_NEWQDISC = 36,
#define RTM_NEWQDISC RTM_NEWQDISC
RTM_DELQDISC,
#define RTM_DELQDISC RTM_DELQDISC
RTM_GETQDISC,
#define RTM_GETQDISC RTM_GETQDISC
RTM_NEWTCLASS = 40,
#define RTM_NEWTCLASS RTM_NEWTCLASS
RTM_DELTCLASS,
#define RTM_DELTCLASS RTM_DELTCLASS
RTM_GETTCLASS,
#define RTM_GETTCLASS RTM_GETTCLASS
RTM_NEWTFILTER = 44,
#define RTM_NEWTFILTER RTM_NEWTFILTER
RTM_DELTFILTER,
#define RTM_DELTFILTER RTM_DELTFILTER
RTM_GETTFILTER,
#define RTM_GETTFILTER RTM_GETTFILTER
RTM_NEWACTION = 48,
#define RTM_NEWACTION RTM_NEWACTION
RTM_DELACTION,
#define RTM_DELACTION RTM_DELACTION
RTM_GETACTION,
#define RTM_GETACTION RTM_GETACTION
RTM_NEWPREFIX = 52,
#define RTM_NEWPREFIX RTM_NEWPREFIX
RTM_GETMULTICAST = 58,
#define RTM_GETMULTICAST RTM_GETMULTICAST
RTM_GETANYCAST = 62,
#define RTM_GETANYCAST RTM_GETANYCAST
RTM_NEWNEIGHTBL = 64,
#define RTM_NEWNEIGHTBL RTM_NEWNEIGHTBL
RTM_GETNEIGHTBL = 66,
#define RTM_GETNEIGHTBL RTM_GETNEIGHTBL
RTM_SETNEIGHTBL,
#define RTM_SETNEIGHTBL RTM_SETNEIGHTBL
RTM_NEWNDUSEROPT = 68,
#define RTM_NEWNDUSEROPT RTM_NEWNDUSEROPT
RTM_NEWADDRLABEL = 72,
#define RTM_NEWADDRLABEL RTM_NEWADDRLABEL
RTM_DELADDRLABEL,
#define RTM_DELADDRLABEL RTM_DELADDRLABEL
RTM_GETADDRLABEL,
#define RTM_GETADDRLABEL RTM_GETADDRLABEL
RTM_GETDCB = 78,
#define RTM_GETDCB RTM_GETDCB
RTM_SETDCB,
#define RTM_SETDCB RTM_SETDCB
RTM_NEWNETCONF = 80,
#define RTM_NEWNETCONF RTM_NEWNETCONF
RTM_DELNETCONF,
#define RTM_DELNETCONF RTM_DELNETCONF
RTM_GETNETCONF = 82,
#define RTM_GETNETCONF RTM_GETNETCONF
RTM_NEWMDB = 84,
#define RTM_NEWMDB RTM_NEWMDB
RTM_DELMDB = 85,
#define RTM_DELMDB RTM_DELMDB
RTM_GETMDB = 86,
#define RTM_GETMDB RTM_GETMDB
RTM_NEWNSID = 88,
#define RTM_NEWNSID RTM_NEWNSID
RTM_DELNSID = 89,
#define RTM_DELNSID RTM_DELNSID
RTM_GETNSID = 90,
#define RTM_GETNSID RTM_GETNSID
RTM_NEWSTATS = 92,
#define RTM_NEWSTATS RTM_NEWSTATS
RTM_GETSTATS = 94,
#define RTM_GETSTATS RTM_GETSTATS
RTM_NEWCACHEREPORT = 96,
#define RTM_NEWCACHEREPORT RTM_NEWCACHEREPORT
RTM_NEWCHAIN = 100,
#define RTM_NEWCHAIN RTM_NEWCHAIN
RTM_DELCHAIN,
#define RTM_DELCHAIN RTM_DELCHAIN
RTM_GETCHAIN,
#define RTM_GETCHAIN RTM_GETCHAIN
__RTM_MAX,
#define RTM_MAX (((__RTM_MAX + 3) & ~3) - 1)
};
#define RTM_NR_MSGTYPES (RTM_MAX + 1 - RTM_BASE)
#define RTM_NR_FAMILIES (RTM_NR_MSGTYPES >> 2)
#define RTM_FAM(cmd) (((cmd) - RTM_BASE) >> 2)
/*
Generic structure for encapsulation of optional route information.
It is reminiscent of sockaddr, but with sa_family replaced
with attribute type.
*/
struct rtattr {
unsigned short rta_len;
unsigned short rta_type;
};
/* Macros to handle rtattributes */
#define RTA_ALIGNTO 4U
#define RTA_ALIGN(len) ( ((len)+RTA_ALIGNTO-1) & ~(RTA_ALIGNTO-1) )
#define RTA_OK(rta,len) ((len) >= (int)sizeof(struct rtattr) && \
(rta)->rta_len >= sizeof(struct rtattr) && \
(rta)->rta_len <= (len))
#define RTA_NEXT(rta,attrlen) ((attrlen) -= RTA_ALIGN((rta)->rta_len), \
(struct rtattr*)(((char*)(rta)) + RTA_ALIGN((rta)->rta_len)))
#define RTA_LENGTH(len) (RTA_ALIGN(sizeof(struct rtattr)) + (len))
#define RTA_SPACE(len) RTA_ALIGN(RTA_LENGTH(len))
#define RTA_DATA(rta) ((void*)(((char*)(rta)) + RTA_LENGTH(0)))
#define RTA_PAYLOAD(rta) ((int)((rta)->rta_len) - RTA_LENGTH(0))
/******************************************************************************
* Definitions used in routing table administration.
****/
struct rtmsg {
unsigned char rtm_family;
unsigned char rtm_dst_len;
unsigned char rtm_src_len;
unsigned char rtm_tos;
unsigned char rtm_table; /* Routing table id */
unsigned char rtm_protocol; /* Routing protocol; see below */
unsigned char rtm_scope; /* See below */
unsigned char rtm_type; /* See below */
unsigned rtm_flags;
};
/* rtm_type */
enum {
RTN_UNSPEC,
RTN_UNICAST, /* Gateway or direct route */
RTN_LOCAL, /* Accept locally */
RTN_BROADCAST, /* Accept locally as broadcast,
send as broadcast */
RTN_ANYCAST, /* Accept locally as broadcast,
but send as unicast */
RTN_MULTICAST, /* Multicast route */
RTN_BLACKHOLE, /* Drop */
RTN_UNREACHABLE, /* Destination is unreachable */
RTN_PROHIBIT, /* Administratively prohibited */
RTN_THROW, /* Not in this table */
RTN_NAT, /* Translate this address */
RTN_XRESOLVE, /* Use external resolver */
__RTN_MAX
};
#define RTN_MAX (__RTN_MAX - 1)
/* rtm_protocol */
#define RTPROT_UNSPEC 0
#define RTPROT_REDIRECT 1 /* Route installed by ICMP redirects;
not used by current IPv4 */
#define RTPROT_KERNEL 2 /* Route installed by kernel */
#define RTPROT_BOOT 3 /* Route installed during boot */
#define RTPROT_STATIC 4 /* Route installed by administrator */
/* Values of protocol >= RTPROT_STATIC are not interpreted by kernel;
they are just passed from user and back as is.
It will be used by hypothetical multiple routing daemons.
Note that protocol values should be standardized in order to
avoid conflicts.
*/
#define RTPROT_GATED 8 /* Apparently, GateD */
#define RTPROT_RA 9 /* RDISC/ND router advertisements */
#define RTPROT_MRT 10 /* Merit MRT */
#define RTPROT_ZEBRA 11 /* Zebra */
#define RTPROT_BIRD 12 /* BIRD */
#define RTPROT_DNROUTED 13 /* DECnet routing daemon */
#define RTPROT_XORP 14 /* XORP */
#define RTPROT_NTK 15 /* Netsukuku */
#define RTPROT_DHCP 16 /* DHCP client */
#define RTPROT_MROUTED 17 /* Multicast daemon */
#define RTPROT_BABEL 42 /* Babel daemon */
#define RTPROT_BGP 186 /* BGP Routes */
#define RTPROT_ISIS 187 /* ISIS Routes */
#define RTPROT_OSPF 188 /* OSPF Routes */
#define RTPROT_RIP 189 /* RIP Routes */
#define RTPROT_EIGRP 192 /* EIGRP Routes */
/* rtm_scope
Really it is not scope, but sort of distance to the destination.
NOWHERE are reserved for not existing destinations, HOST is our
local addresses, LINK are destinations, located on directly attached
link and UNIVERSE is everywhere in the Universe.
Intermediate values are also possible f.e. interior routes
could be assigned a value between UNIVERSE and LINK.
*/
enum rt_scope_t {
RT_SCOPE_UNIVERSE=0,
/* User defined values */
RT_SCOPE_SITE=200,
RT_SCOPE_LINK=253,
RT_SCOPE_HOST=254,
RT_SCOPE_NOWHERE=255
};
/* rtm_flags */
#define RTM_F_NOTIFY 0x100 /* Notify user of route change */
#define RTM_F_CLONED 0x200 /* This route is cloned */
#define RTM_F_EQUALIZE 0x400 /* Multipath equalizer: NI */
#define RTM_F_PREFIX 0x800 /* Prefix addresses */
#define RTM_F_LOOKUP_TABLE 0x1000 /* set rtm_table to FIB lookup result */
#define RTM_F_FIB_MATCH 0x2000 /* return full fib lookup match */
/* Reserved table identifiers */
enum rt_class_t {
RT_TABLE_UNSPEC=0,
/* User defined values */
RT_TABLE_COMPAT=252,
RT_TABLE_DEFAULT=253,
RT_TABLE_MAIN=254,
RT_TABLE_LOCAL=255,
RT_TABLE_MAX=0xFFFFFFFF
};
/* Routing message attributes */
enum rtattr_type_t {
RTA_UNSPEC,
RTA_DST,
RTA_SRC,
RTA_IIF,
RTA_OIF,
RTA_GATEWAY,
RTA_PRIORITY,
RTA_PREFSRC,
RTA_METRICS,
RTA_MULTIPATH,
RTA_PROTOINFO, /* no longer used */
RTA_FLOW,
RTA_CACHEINFO,
RTA_SESSION, /* no longer used */
RTA_MP_ALGO, /* no longer used */
RTA_TABLE,
RTA_MARK,
RTA_MFC_STATS,
RTA_VIA,
RTA_NEWDST,
RTA_PREF,
RTA_ENCAP_TYPE,
RTA_ENCAP,
RTA_EXPIRES,
RTA_PAD,
RTA_UID,
RTA_TTL_PROPAGATE,
RTA_IP_PROTO,
RTA_SPORT,
RTA_DPORT,
__RTA_MAX
};
#define RTA_MAX (__RTA_MAX - 1)
#define RTM_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct rtmsg))))
#define RTM_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct rtmsg))
/* RTM_MULTIPATH --- array of struct rtnexthop.
*
* "struct rtnexthop" describes all necessary nexthop information,
* i.e. parameters of path to a destination via this nexthop.
*
* At the moment it is impossible to set different prefsrc, mtu, window
* and rtt for different paths from multipath.
*/
struct rtnexthop {
unsigned short rtnh_len;
unsigned char rtnh_flags;
unsigned char rtnh_hops;
int rtnh_ifindex;
};
/* rtnh_flags */
#define RTNH_F_DEAD 1 /* Nexthop is dead (used by multipath) */
#define RTNH_F_PERVASIVE 2 /* Do recursive gateway lookup */
#define RTNH_F_ONLINK 4 /* Gateway is forced on link */
#define RTNH_F_OFFLOAD 8 /* offloaded route */
#define RTNH_F_LINKDOWN 16 /* carrier-down on nexthop */
#define RTNH_F_UNRESOLVED 32 /* The entry is unresolved (ipmr) */
#define RTNH_COMPARE_MASK (RTNH_F_DEAD | RTNH_F_LINKDOWN | RTNH_F_OFFLOAD)
/* Macros to handle hexthops */
#define RTNH_ALIGNTO 4
#define RTNH_ALIGN(len) ( ((len)+RTNH_ALIGNTO-1) & ~(RTNH_ALIGNTO-1) )
#define RTNH_OK(rtnh,len) ((rtnh)->rtnh_len >= sizeof(struct rtnexthop) && \
((int)(rtnh)->rtnh_len) <= (len))
#define RTNH_NEXT(rtnh) ((struct rtnexthop*)(((char*)(rtnh)) + RTNH_ALIGN((rtnh)->rtnh_len)))
#define RTNH_LENGTH(len) (RTNH_ALIGN(sizeof(struct rtnexthop)) + (len))
#define RTNH_SPACE(len) RTNH_ALIGN(RTNH_LENGTH(len))
#define RTNH_DATA(rtnh) ((struct rtattr*)(((char*)(rtnh)) + RTNH_LENGTH(0)))
/* RTA_VIA */
struct rtvia {
__kernel_sa_family_t rtvia_family;
__u8 rtvia_addr[0];
};
/* RTM_CACHEINFO */
struct rta_cacheinfo {
__u32 rta_clntref;
__u32 rta_lastuse;
__s32 rta_expires;
__u32 rta_error;
__u32 rta_used;
#define RTNETLINK_HAVE_PEERINFO 1
__u32 rta_id;
__u32 rta_ts;
__u32 rta_tsage;
};
/* RTM_METRICS --- array of struct rtattr with types of RTAX_* */
enum {
RTAX_UNSPEC,
#define RTAX_UNSPEC RTAX_UNSPEC
RTAX_LOCK,
#define RTAX_LOCK RTAX_LOCK
RTAX_MTU,
#define RTAX_MTU RTAX_MTU
RTAX_WINDOW,
#define RTAX_WINDOW RTAX_WINDOW
RTAX_RTT,
#define RTAX_RTT RTAX_RTT
RTAX_RTTVAR,
#define RTAX_RTTVAR RTAX_RTTVAR
RTAX_SSTHRESH,
#define RTAX_SSTHRESH RTAX_SSTHRESH
RTAX_CWND,
#define RTAX_CWND RTAX_CWND
RTAX_ADVMSS,
#define RTAX_ADVMSS RTAX_ADVMSS
RTAX_REORDERING,
#define RTAX_REORDERING RTAX_REORDERING
RTAX_HOPLIMIT,
#define RTAX_HOPLIMIT RTAX_HOPLIMIT
RTAX_INITCWND,
#define RTAX_INITCWND RTAX_INITCWND
RTAX_FEATURES,
#define RTAX_FEATURES RTAX_FEATURES
RTAX_RTO_MIN,
#define RTAX_RTO_MIN RTAX_RTO_MIN
RTAX_INITRWND,
#define RTAX_INITRWND RTAX_INITRWND
RTAX_QUICKACK,
#define RTAX_QUICKACK RTAX_QUICKACK
RTAX_CC_ALGO,
#define RTAX_CC_ALGO RTAX_CC_ALGO
RTAX_FASTOPEN_NO_COOKIE,
#define RTAX_FASTOPEN_NO_COOKIE RTAX_FASTOPEN_NO_COOKIE
__RTAX_MAX
};
#define RTAX_MAX (__RTAX_MAX - 1)
#define RTAX_FEATURE_ECN (1 << 0)
#define RTAX_FEATURE_SACK (1 << 1)
#define RTAX_FEATURE_TIMESTAMP (1 << 2)
#define RTAX_FEATURE_ALLFRAG (1 << 3)
#define RTAX_FEATURE_MASK (RTAX_FEATURE_ECN | RTAX_FEATURE_SACK | \
RTAX_FEATURE_TIMESTAMP | RTAX_FEATURE_ALLFRAG)
struct rta_session {
__u8 proto;
__u8 pad1;
__u16 pad2;
union {
struct {
__u16 sport;
__u16 dport;
} ports;
struct {
__u8 type;
__u8 code;
__u16 ident;
} icmpt;
__u32 spi;
} u;
};
struct rta_mfc_stats {
__u64 mfcs_packets;
__u64 mfcs_bytes;
__u64 mfcs_wrong_if;
};
/****
* General form of address family dependent message.
****/
struct rtgenmsg {
unsigned char rtgen_family;
};
/*****************************************************************
* Link layer specific messages.
****/
/* struct ifinfomsg
* passes link level specific information, not dependent
* on network protocol.
*/
struct ifinfomsg {
unsigned char ifi_family;
unsigned char __ifi_pad;
unsigned short ifi_type; /* ARPHRD_* */
int ifi_index; /* Link index */
unsigned ifi_flags; /* IFF_* flags */
unsigned ifi_change; /* IFF_* change mask */
};
/********************************************************************
* prefix information
****/
struct prefixmsg {
unsigned char prefix_family;
unsigned char prefix_pad1;
unsigned short prefix_pad2;
int prefix_ifindex;
unsigned char prefix_type;
unsigned char prefix_len;
unsigned char prefix_flags;
unsigned char prefix_pad3;
};
enum
{
PREFIX_UNSPEC,
PREFIX_ADDRESS,
PREFIX_CACHEINFO,
__PREFIX_MAX
};
#define PREFIX_MAX (__PREFIX_MAX - 1)
struct prefix_cacheinfo {
__u32 preferred_time;
__u32 valid_time;
};
/*****************************************************************
* Traffic control messages.
****/
struct tcmsg {
unsigned char tcm_family;
unsigned char tcm__pad1;
unsigned short tcm__pad2;
int tcm_ifindex;
__u32 tcm_handle;
__u32 tcm_parent;
/* tcm_block_index is used instead of tcm_parent
* in case tcm_ifindex == TCM_IFINDEX_MAGIC_BLOCK
*/
#define tcm_block_index tcm_parent
__u32 tcm_info;
};
/* For manipulation of filters in shared block, tcm_ifindex is set to
* TCM_IFINDEX_MAGIC_BLOCK, and tcm_parent is aliased to tcm_block_index
* which is the block index.
*/
#define TCM_IFINDEX_MAGIC_BLOCK (0xFFFFFFFFU)
enum {
TCA_UNSPEC,
TCA_KIND,
TCA_OPTIONS,
TCA_STATS,
TCA_XSTATS,
TCA_RATE,
TCA_FCNT,
TCA_STATS2,
TCA_STAB,
TCA_PAD,
TCA_DUMP_INVISIBLE,
TCA_CHAIN,
TCA_HW_OFFLOAD,
TCA_INGRESS_BLOCK,
TCA_EGRESS_BLOCK,
__TCA_MAX
};
#define TCA_MAX (__TCA_MAX - 1)
#define TCA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct tcmsg))))
#define TCA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct tcmsg))
/********************************************************************
* Neighbor Discovery userland options
****/
struct nduseroptmsg {
unsigned char nduseropt_family;
unsigned char nduseropt_pad1;
unsigned short nduseropt_opts_len; /* Total length of options */
int nduseropt_ifindex;
__u8 nduseropt_icmp_type;
__u8 nduseropt_icmp_code;
unsigned short nduseropt_pad2;
unsigned int nduseropt_pad3;
/* Followed by one or more ND options */
};
enum {
NDUSEROPT_UNSPEC,
NDUSEROPT_SRCADDR,
__NDUSEROPT_MAX
};
#define NDUSEROPT_MAX (__NDUSEROPT_MAX - 1)
/* RTnetlink multicast groups - backwards compatibility for userspace */
#define RTMGRP_LINK 1
#define RTMGRP_NOTIFY 2
#define RTMGRP_NEIGH 4
#define RTMGRP_TC 8
#define RTMGRP_IPV4_IFADDR 0x10
#define RTMGRP_IPV4_MROUTE 0x20
#define RTMGRP_IPV4_ROUTE 0x40
#define RTMGRP_IPV4_RULE 0x80
#define RTMGRP_IPV6_IFADDR 0x100
#define RTMGRP_IPV6_MROUTE 0x200
#define RTMGRP_IPV6_ROUTE 0x400
#define RTMGRP_IPV6_IFINFO 0x800
#define RTMGRP_DECnet_IFADDR 0x1000
#define RTMGRP_DECnet_ROUTE 0x4000
#define RTMGRP_IPV6_PREFIX 0x20000
/* RTnetlink multicast groups */
enum rtnetlink_groups {
RTNLGRP_NONE,
#define RTNLGRP_NONE RTNLGRP_NONE
RTNLGRP_LINK,
#define RTNLGRP_LINK RTNLGRP_LINK
RTNLGRP_NOTIFY,
#define RTNLGRP_NOTIFY RTNLGRP_NOTIFY
RTNLGRP_NEIGH,
#define RTNLGRP_NEIGH RTNLGRP_NEIGH
RTNLGRP_TC,
#define RTNLGRP_TC RTNLGRP_TC
RTNLGRP_IPV4_IFADDR,
#define RTNLGRP_IPV4_IFADDR RTNLGRP_IPV4_IFADDR
RTNLGRP_IPV4_MROUTE,
#define RTNLGRP_IPV4_MROUTE RTNLGRP_IPV4_MROUTE
RTNLGRP_IPV4_ROUTE,
#define RTNLGRP_IPV4_ROUTE RTNLGRP_IPV4_ROUTE
RTNLGRP_IPV4_RULE,
#define RTNLGRP_IPV4_RULE RTNLGRP_IPV4_RULE
RTNLGRP_IPV6_IFADDR,
#define RTNLGRP_IPV6_IFADDR RTNLGRP_IPV6_IFADDR
RTNLGRP_IPV6_MROUTE,
#define RTNLGRP_IPV6_MROUTE RTNLGRP_IPV6_MROUTE
RTNLGRP_IPV6_ROUTE,
#define RTNLGRP_IPV6_ROUTE RTNLGRP_IPV6_ROUTE
RTNLGRP_IPV6_IFINFO,
#define RTNLGRP_IPV6_IFINFO RTNLGRP_IPV6_IFINFO
RTNLGRP_DECnet_IFADDR,
#define RTNLGRP_DECnet_IFADDR RTNLGRP_DECnet_IFADDR
RTNLGRP_NOP2,
RTNLGRP_DECnet_ROUTE,
#define RTNLGRP_DECnet_ROUTE RTNLGRP_DECnet_ROUTE
RTNLGRP_DECnet_RULE,
#define RTNLGRP_DECnet_RULE RTNLGRP_DECnet_RULE
RTNLGRP_NOP4,
RTNLGRP_IPV6_PREFIX,
#define RTNLGRP_IPV6_PREFIX RTNLGRP_IPV6_PREFIX
RTNLGRP_IPV6_RULE,
#define RTNLGRP_IPV6_RULE RTNLGRP_IPV6_RULE
RTNLGRP_ND_USEROPT,
#define RTNLGRP_ND_USEROPT RTNLGRP_ND_USEROPT
RTNLGRP_PHONET_IFADDR,
#define RTNLGRP_PHONET_IFADDR RTNLGRP_PHONET_IFADDR
RTNLGRP_PHONET_ROUTE,
#define RTNLGRP_PHONET_ROUTE RTNLGRP_PHONET_ROUTE
RTNLGRP_DCB,
#define RTNLGRP_DCB RTNLGRP_DCB
RTNLGRP_IPV4_NETCONF,
#define RTNLGRP_IPV4_NETCONF RTNLGRP_IPV4_NETCONF
RTNLGRP_IPV6_NETCONF,
#define RTNLGRP_IPV6_NETCONF RTNLGRP_IPV6_NETCONF
RTNLGRP_MDB,
#define RTNLGRP_MDB RTNLGRP_MDB
RTNLGRP_MPLS_ROUTE,
#define RTNLGRP_MPLS_ROUTE RTNLGRP_MPLS_ROUTE
RTNLGRP_NSID,
#define RTNLGRP_NSID RTNLGRP_NSID
RTNLGRP_MPLS_NETCONF,
#define RTNLGRP_MPLS_NETCONF RTNLGRP_MPLS_NETCONF
RTNLGRP_IPV4_MROUTE_R,
#define RTNLGRP_IPV4_MROUTE_R RTNLGRP_IPV4_MROUTE_R
RTNLGRP_IPV6_MROUTE_R,
#define RTNLGRP_IPV6_MROUTE_R RTNLGRP_IPV6_MROUTE_R
__RTNLGRP_MAX
};
#define RTNLGRP_MAX (__RTNLGRP_MAX - 1)
/* TC action piece */
struct tcamsg {
unsigned char tca_family;
unsigned char tca__pad1;
unsigned short tca__pad2;
};
enum {
TCA_ROOT_UNSPEC,
TCA_ROOT_TAB,
#define TCA_ACT_TAB TCA_ROOT_TAB
#define TCAA_MAX TCA_ROOT_TAB
TCA_ROOT_FLAGS,
TCA_ROOT_COUNT,
TCA_ROOT_TIME_DELTA, /* in msecs */
__TCA_ROOT_MAX,
#define TCA_ROOT_MAX (__TCA_ROOT_MAX - 1)
};
#define TA_RTA(r) ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct tcamsg))))
#define TA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct tcamsg))
/* tcamsg flags stored in attribute TCA_ROOT_FLAGS
*
* TCA_FLAG_LARGE_DUMP_ON user->kernel to request for larger than TCA_ACT_MAX_PRIO
* actions in a dump. All dump responses will contain the number of actions
* being dumped stored in for user app's consumption in TCA_ROOT_COUNT
*
*/
#define TCA_FLAG_LARGE_DUMP_ON (1 << 0)
/* New extended info filters for IFLA_EXT_MASK */
#define RTEXT_FILTER_VF (1 << 0)
#define RTEXT_FILTER_BRVLAN (1 << 1)
#define RTEXT_FILTER_BRVLAN_COMPRESSED (1 << 2)
#define RTEXT_FILTER_SKIP_STATS (1 << 3)
/* End of information exported to user level */
#endif /* __LINUX_RTNETLINK_H */

324
libnl/include/linux-private/linux/snmp.h Normal file
View file

@ -0,0 +1,324 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* Definitions for MIBs
*
* Author: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
*/
#ifndef _LINUX_SNMP_H
#define _LINUX_SNMP_H
/* ipstats mib definitions */
/*
* RFC 1213: MIB-II
* RFC 2011 (updates 1213): SNMPv2-MIB-IP
* RFC 2863: Interfaces Group MIB
* RFC 2465: IPv6 MIB: General Group
* draft-ietf-ipv6-rfc2011-update-10.txt: MIB for IP: IP Statistics Tables
*/
enum
{
IPSTATS_MIB_NUM = 0,
/* frequently written fields in fast path, kept in same cache line */
IPSTATS_MIB_INPKTS, /* InReceives */
IPSTATS_MIB_INOCTETS, /* InOctets */
IPSTATS_MIB_INDELIVERS, /* InDelivers */
IPSTATS_MIB_OUTFORWDATAGRAMS, /* OutForwDatagrams */
IPSTATS_MIB_OUTPKTS, /* OutRequests */
IPSTATS_MIB_OUTOCTETS, /* OutOctets */
/* other fields */
IPSTATS_MIB_INHDRERRORS, /* InHdrErrors */
IPSTATS_MIB_INTOOBIGERRORS, /* InTooBigErrors */
IPSTATS_MIB_INNOROUTES, /* InNoRoutes */
IPSTATS_MIB_INADDRERRORS, /* InAddrErrors */
IPSTATS_MIB_INUNKNOWNPROTOS, /* InUnknownProtos */
IPSTATS_MIB_INTRUNCATEDPKTS, /* InTruncatedPkts */
IPSTATS_MIB_INDISCARDS, /* InDiscards */
IPSTATS_MIB_OUTDISCARDS, /* OutDiscards */
IPSTATS_MIB_OUTNOROUTES, /* OutNoRoutes */
IPSTATS_MIB_REASMTIMEOUT, /* ReasmTimeout */
IPSTATS_MIB_REASMREQDS, /* ReasmReqds */
IPSTATS_MIB_REASMOKS, /* ReasmOKs */
IPSTATS_MIB_REASMFAILS, /* ReasmFails */
IPSTATS_MIB_FRAGOKS, /* FragOKs */
IPSTATS_MIB_FRAGFAILS, /* FragFails */
IPSTATS_MIB_FRAGCREATES, /* FragCreates */
IPSTATS_MIB_INMCASTPKTS, /* InMcastPkts */
IPSTATS_MIB_OUTMCASTPKTS, /* OutMcastPkts */
IPSTATS_MIB_INBCASTPKTS, /* InBcastPkts */
IPSTATS_MIB_OUTBCASTPKTS, /* OutBcastPkts */
IPSTATS_MIB_INMCASTOCTETS, /* InMcastOctets */
IPSTATS_MIB_OUTMCASTOCTETS, /* OutMcastOctets */
IPSTATS_MIB_INBCASTOCTETS, /* InBcastOctets */
IPSTATS_MIB_OUTBCASTOCTETS, /* OutBcastOctets */
IPSTATS_MIB_CSUMERRORS, /* InCsumErrors */
IPSTATS_MIB_NOECTPKTS, /* InNoECTPkts */
IPSTATS_MIB_ECT1PKTS, /* InECT1Pkts */
IPSTATS_MIB_ECT0PKTS, /* InECT0Pkts */
IPSTATS_MIB_CEPKTS, /* InCEPkts */
IPSTATS_MIB_REASM_OVERLAPS, /* ReasmOverlaps */
__IPSTATS_MIB_MAX
};
/* icmp mib definitions */
/*
* RFC 1213: MIB-II ICMP Group
* RFC 2011 (updates 1213): SNMPv2 MIB for IP: ICMP group
*/
enum
{
ICMP_MIB_NUM = 0,
ICMP_MIB_INMSGS, /* InMsgs */
ICMP_MIB_INERRORS, /* InErrors */
ICMP_MIB_INDESTUNREACHS, /* InDestUnreachs */
ICMP_MIB_INTIMEEXCDS, /* InTimeExcds */
ICMP_MIB_INPARMPROBS, /* InParmProbs */
ICMP_MIB_INSRCQUENCHS, /* InSrcQuenchs */
ICMP_MIB_INREDIRECTS, /* InRedirects */
ICMP_MIB_INECHOS, /* InEchos */
ICMP_MIB_INECHOREPS, /* InEchoReps */
ICMP_MIB_INTIMESTAMPS, /* InTimestamps */
ICMP_MIB_INTIMESTAMPREPS, /* InTimestampReps */
ICMP_MIB_INADDRMASKS, /* InAddrMasks */
ICMP_MIB_INADDRMASKREPS, /* InAddrMaskReps */
ICMP_MIB_OUTMSGS, /* OutMsgs */
ICMP_MIB_OUTERRORS, /* OutErrors */
ICMP_MIB_OUTDESTUNREACHS, /* OutDestUnreachs */
ICMP_MIB_OUTTIMEEXCDS, /* OutTimeExcds */
ICMP_MIB_OUTPARMPROBS, /* OutParmProbs */
ICMP_MIB_OUTSRCQUENCHS, /* OutSrcQuenchs */
ICMP_MIB_OUTREDIRECTS, /* OutRedirects */
ICMP_MIB_OUTECHOS, /* OutEchos */
ICMP_MIB_OUTECHOREPS, /* OutEchoReps */
ICMP_MIB_OUTTIMESTAMPS, /* OutTimestamps */
ICMP_MIB_OUTTIMESTAMPREPS, /* OutTimestampReps */
ICMP_MIB_OUTADDRMASKS, /* OutAddrMasks */
ICMP_MIB_OUTADDRMASKREPS, /* OutAddrMaskReps */
ICMP_MIB_CSUMERRORS, /* InCsumErrors */
__ICMP_MIB_MAX
};
#define __ICMPMSG_MIB_MAX 512 /* Out+In for all 8-bit ICMP types */
/* icmp6 mib definitions */
/*
* RFC 2466: ICMPv6-MIB
*/
enum
{
ICMP6_MIB_NUM = 0,
ICMP6_MIB_INMSGS, /* InMsgs */
ICMP6_MIB_INERRORS, /* InErrors */
ICMP6_MIB_OUTMSGS, /* OutMsgs */
ICMP6_MIB_OUTERRORS, /* OutErrors */
ICMP6_MIB_CSUMERRORS, /* InCsumErrors */
__ICMP6_MIB_MAX
};
#define __ICMP6MSG_MIB_MAX 512 /* Out+In for all 8-bit ICMPv6 types */
/* tcp mib definitions */
/*
* RFC 1213: MIB-II TCP group
* RFC 2012 (updates 1213): SNMPv2-MIB-TCP
*/
enum
{
TCP_MIB_NUM = 0,
TCP_MIB_RTOALGORITHM, /* RtoAlgorithm */
TCP_MIB_RTOMIN, /* RtoMin */
TCP_MIB_RTOMAX, /* RtoMax */
TCP_MIB_MAXCONN, /* MaxConn */
TCP_MIB_ACTIVEOPENS, /* ActiveOpens */
TCP_MIB_PASSIVEOPENS, /* PassiveOpens */
TCP_MIB_ATTEMPTFAILS, /* AttemptFails */
TCP_MIB_ESTABRESETS, /* EstabResets */
TCP_MIB_CURRESTAB, /* CurrEstab */
TCP_MIB_INSEGS, /* InSegs */
TCP_MIB_OUTSEGS, /* OutSegs */
TCP_MIB_RETRANSSEGS, /* RetransSegs */
TCP_MIB_INERRS, /* InErrs */
TCP_MIB_OUTRSTS, /* OutRsts */
TCP_MIB_CSUMERRORS, /* InCsumErrors */
__TCP_MIB_MAX
};
/* udp mib definitions */
/*
* RFC 1213: MIB-II UDP group
* RFC 2013 (updates 1213): SNMPv2-MIB-UDP
*/
enum
{
UDP_MIB_NUM = 0,
UDP_MIB_INDATAGRAMS, /* InDatagrams */
UDP_MIB_NOPORTS, /* NoPorts */
UDP_MIB_INERRORS, /* InErrors */
UDP_MIB_OUTDATAGRAMS, /* OutDatagrams */
UDP_MIB_RCVBUFERRORS, /* RcvbufErrors */
UDP_MIB_SNDBUFERRORS, /* SndbufErrors */
UDP_MIB_CSUMERRORS, /* InCsumErrors */
UDP_MIB_IGNOREDMULTI, /* IgnoredMulti */
__UDP_MIB_MAX
};
/* linux mib definitions */
enum
{
LINUX_MIB_NUM = 0,
LINUX_MIB_SYNCOOKIESSENT, /* SyncookiesSent */
LINUX_MIB_SYNCOOKIESRECV, /* SyncookiesRecv */
LINUX_MIB_SYNCOOKIESFAILED, /* SyncookiesFailed */
LINUX_MIB_EMBRYONICRSTS, /* EmbryonicRsts */
LINUX_MIB_PRUNECALLED, /* PruneCalled */
LINUX_MIB_RCVPRUNED, /* RcvPruned */
LINUX_MIB_OFOPRUNED, /* OfoPruned */
LINUX_MIB_OUTOFWINDOWICMPS, /* OutOfWindowIcmps */
LINUX_MIB_LOCKDROPPEDICMPS, /* LockDroppedIcmps */
LINUX_MIB_ARPFILTER, /* ArpFilter */
LINUX_MIB_TIMEWAITED, /* TimeWaited */
LINUX_MIB_TIMEWAITRECYCLED, /* TimeWaitRecycled */
LINUX_MIB_TIMEWAITKILLED, /* TimeWaitKilled */
LINUX_MIB_PAWSACTIVEREJECTED, /* PAWSActiveRejected */
LINUX_MIB_PAWSESTABREJECTED, /* PAWSEstabRejected */
LINUX_MIB_DELAYEDACKS, /* DelayedACKs */
LINUX_MIB_DELAYEDACKLOCKED, /* DelayedACKLocked */
LINUX_MIB_DELAYEDACKLOST, /* DelayedACKLost */
LINUX_MIB_LISTENOVERFLOWS, /* ListenOverflows */
LINUX_MIB_LISTENDROPS, /* ListenDrops */
LINUX_MIB_TCPHPHITS, /* TCPHPHits */
LINUX_MIB_TCPPUREACKS, /* TCPPureAcks */
LINUX_MIB_TCPHPACKS, /* TCPHPAcks */
LINUX_MIB_TCPRENORECOVERY, /* TCPRenoRecovery */
LINUX_MIB_TCPSACKRECOVERY, /* TCPSackRecovery */
LINUX_MIB_TCPSACKRENEGING, /* TCPSACKReneging */
LINUX_MIB_TCPSACKREORDER, /* TCPSACKReorder */
LINUX_MIB_TCPRENOREORDER, /* TCPRenoReorder */
LINUX_MIB_TCPTSREORDER, /* TCPTSReorder */
LINUX_MIB_TCPFULLUNDO, /* TCPFullUndo */
LINUX_MIB_TCPPARTIALUNDO, /* TCPPartialUndo */
LINUX_MIB_TCPDSACKUNDO, /* TCPDSACKUndo */
LINUX_MIB_TCPLOSSUNDO, /* TCPLossUndo */
LINUX_MIB_TCPLOSTRETRANSMIT, /* TCPLostRetransmit */
LINUX_MIB_TCPRENOFAILURES, /* TCPRenoFailures */
LINUX_MIB_TCPSACKFAILURES, /* TCPSackFailures */
LINUX_MIB_TCPLOSSFAILURES, /* TCPLossFailures */
LINUX_MIB_TCPFASTRETRANS, /* TCPFastRetrans */
LINUX_MIB_TCPSLOWSTARTRETRANS, /* TCPSlowStartRetrans */
LINUX_MIB_TCPTIMEOUTS, /* TCPTimeouts */
LINUX_MIB_TCPLOSSPROBES, /* TCPLossProbes */
LINUX_MIB_TCPLOSSPROBERECOVERY, /* TCPLossProbeRecovery */
LINUX_MIB_TCPRENORECOVERYFAIL, /* TCPRenoRecoveryFail */
LINUX_MIB_TCPSACKRECOVERYFAIL, /* TCPSackRecoveryFail */
LINUX_MIB_TCPRCVCOLLAPSED, /* TCPRcvCollapsed */
LINUX_MIB_TCPDSACKOLDSENT, /* TCPDSACKOldSent */
LINUX_MIB_TCPDSACKOFOSENT, /* TCPDSACKOfoSent */
LINUX_MIB_TCPDSACKRECV, /* TCPDSACKRecv */
LINUX_MIB_TCPDSACKOFORECV, /* TCPDSACKOfoRecv */
LINUX_MIB_TCPABORTONDATA, /* TCPAbortOnData */
LINUX_MIB_TCPABORTONCLOSE, /* TCPAbortOnClose */
LINUX_MIB_TCPABORTONMEMORY, /* TCPAbortOnMemory */
LINUX_MIB_TCPABORTONTIMEOUT, /* TCPAbortOnTimeout */
LINUX_MIB_TCPABORTONLINGER, /* TCPAbortOnLinger */
LINUX_MIB_TCPABORTFAILED, /* TCPAbortFailed */
LINUX_MIB_TCPMEMORYPRESSURES, /* TCPMemoryPressures */
LINUX_MIB_TCPMEMORYPRESSURESCHRONO, /* TCPMemoryPressuresChrono */
LINUX_MIB_TCPSACKDISCARD, /* TCPSACKDiscard */
LINUX_MIB_TCPDSACKIGNOREDOLD, /* TCPSACKIgnoredOld */
LINUX_MIB_TCPDSACKIGNOREDNOUNDO, /* TCPSACKIgnoredNoUndo */
LINUX_MIB_TCPSPURIOUSRTOS, /* TCPSpuriousRTOs */
LINUX_MIB_TCPMD5NOTFOUND, /* TCPMD5NotFound */
LINUX_MIB_TCPMD5UNEXPECTED, /* TCPMD5Unexpected */
LINUX_MIB_TCPMD5FAILURE, /* TCPMD5Failure */
LINUX_MIB_SACKSHIFTED,
LINUX_MIB_SACKMERGED,
LINUX_MIB_SACKSHIFTFALLBACK,
LINUX_MIB_TCPBACKLOGDROP,
LINUX_MIB_PFMEMALLOCDROP,
LINUX_MIB_TCPMINTTLDROP, /* RFC 5082 */
LINUX_MIB_TCPDEFERACCEPTDROP,
LINUX_MIB_IPRPFILTER, /* IP Reverse Path Filter (rp_filter) */
LINUX_MIB_TCPTIMEWAITOVERFLOW, /* TCPTimeWaitOverflow */
LINUX_MIB_TCPREQQFULLDOCOOKIES, /* TCPReqQFullDoCookies */
LINUX_MIB_TCPREQQFULLDROP, /* TCPReqQFullDrop */
LINUX_MIB_TCPRETRANSFAIL, /* TCPRetransFail */
LINUX_MIB_TCPRCVCOALESCE, /* TCPRcvCoalesce */
LINUX_MIB_TCPOFOQUEUE, /* TCPOFOQueue */
LINUX_MIB_TCPOFODROP, /* TCPOFODrop */
LINUX_MIB_TCPOFOMERGE, /* TCPOFOMerge */
LINUX_MIB_TCPCHALLENGEACK, /* TCPChallengeACK */
LINUX_MIB_TCPSYNCHALLENGE, /* TCPSYNChallenge */
LINUX_MIB_TCPFASTOPENACTIVE, /* TCPFastOpenActive */
LINUX_MIB_TCPFASTOPENACTIVEFAIL, /* TCPFastOpenActiveFail */
LINUX_MIB_TCPFASTOPENPASSIVE, /* TCPFastOpenPassive*/
LINUX_MIB_TCPFASTOPENPASSIVEFAIL, /* TCPFastOpenPassiveFail */
LINUX_MIB_TCPFASTOPENLISTENOVERFLOW, /* TCPFastOpenListenOverflow */
LINUX_MIB_TCPFASTOPENCOOKIEREQD, /* TCPFastOpenCookieReqd */
LINUX_MIB_TCPFASTOPENBLACKHOLE, /* TCPFastOpenBlackholeDetect */
LINUX_MIB_TCPSPURIOUS_RTX_HOSTQUEUES, /* TCPSpuriousRtxHostQueues */
LINUX_MIB_BUSYPOLLRXPACKETS, /* BusyPollRxPackets */
LINUX_MIB_TCPAUTOCORKING, /* TCPAutoCorking */
LINUX_MIB_TCPFROMZEROWINDOWADV, /* TCPFromZeroWindowAdv */
LINUX_MIB_TCPTOZEROWINDOWADV, /* TCPToZeroWindowAdv */
LINUX_MIB_TCPWANTZEROWINDOWADV, /* TCPWantZeroWindowAdv */
LINUX_MIB_TCPSYNRETRANS, /* TCPSynRetrans */
LINUX_MIB_TCPORIGDATASENT, /* TCPOrigDataSent */
LINUX_MIB_TCPHYSTARTTRAINDETECT, /* TCPHystartTrainDetect */
LINUX_MIB_TCPHYSTARTTRAINCWND, /* TCPHystartTrainCwnd */
LINUX_MIB_TCPHYSTARTDELAYDETECT, /* TCPHystartDelayDetect */
LINUX_MIB_TCPHYSTARTDELAYCWND, /* TCPHystartDelayCwnd */
LINUX_MIB_TCPACKSKIPPEDSYNRECV, /* TCPACKSkippedSynRecv */
LINUX_MIB_TCPACKSKIPPEDPAWS, /* TCPACKSkippedPAWS */
LINUX_MIB_TCPACKSKIPPEDSEQ, /* TCPACKSkippedSeq */
LINUX_MIB_TCPACKSKIPPEDFINWAIT2, /* TCPACKSkippedFinWait2 */
LINUX_MIB_TCPACKSKIPPEDTIMEWAIT, /* TCPACKSkippedTimeWait */
LINUX_MIB_TCPACKSKIPPEDCHALLENGE, /* TCPACKSkippedChallenge */
LINUX_MIB_TCPWINPROBE, /* TCPWinProbe */
LINUX_MIB_TCPKEEPALIVE, /* TCPKeepAlive */
LINUX_MIB_TCPMTUPFAIL, /* TCPMTUPFail */
LINUX_MIB_TCPMTUPSUCCESS, /* TCPMTUPSuccess */
LINUX_MIB_TCPDELIVERED, /* TCPDelivered */
LINUX_MIB_TCPDELIVEREDCE, /* TCPDeliveredCE */
LINUX_MIB_TCPACKCOMPRESSED, /* TCPAckCompressed */
LINUX_MIB_TCPZEROWINDOWDROP, /* TCPZeroWindowDrop */
LINUX_MIB_TCPRCVQDROP, /* TCPRcvQDrop */
LINUX_MIB_TCPWQUEUETOOBIG, /* TCPWqueueTooBig */
__LINUX_MIB_MAX
};
/* linux Xfrm mib definitions */
enum
{
LINUX_MIB_XFRMNUM = 0,
LINUX_MIB_XFRMINERROR, /* XfrmInError */
LINUX_MIB_XFRMINBUFFERERROR, /* XfrmInBufferError */
LINUX_MIB_XFRMINHDRERROR, /* XfrmInHdrError */
LINUX_MIB_XFRMINNOSTATES, /* XfrmInNoStates */
LINUX_MIB_XFRMINSTATEPROTOERROR, /* XfrmInStateProtoError */
LINUX_MIB_XFRMINSTATEMODEERROR, /* XfrmInStateModeError */
LINUX_MIB_XFRMINSTATESEQERROR, /* XfrmInStateSeqError */
LINUX_MIB_XFRMINSTATEEXPIRED, /* XfrmInStateExpired */
LINUX_MIB_XFRMINSTATEMISMATCH, /* XfrmInStateMismatch */
LINUX_MIB_XFRMINSTATEINVALID, /* XfrmInStateInvalid */
LINUX_MIB_XFRMINTMPLMISMATCH, /* XfrmInTmplMismatch */
LINUX_MIB_XFRMINNOPOLS, /* XfrmInNoPols */
LINUX_MIB_XFRMINPOLBLOCK, /* XfrmInPolBlock */
LINUX_MIB_XFRMINPOLERROR, /* XfrmInPolError */
LINUX_MIB_XFRMOUTERROR, /* XfrmOutError */
LINUX_MIB_XFRMOUTBUNDLEGENERROR, /* XfrmOutBundleGenError */
LINUX_MIB_XFRMOUTBUNDLECHECKERROR, /* XfrmOutBundleCheckError */
LINUX_MIB_XFRMOUTNOSTATES, /* XfrmOutNoStates */
LINUX_MIB_XFRMOUTSTATEPROTOERROR, /* XfrmOutStateProtoError */
LINUX_MIB_XFRMOUTSTATEMODEERROR, /* XfrmOutStateModeError */
LINUX_MIB_XFRMOUTSTATESEQERROR, /* XfrmOutStateSeqError */
LINUX_MIB_XFRMOUTSTATEEXPIRED, /* XfrmOutStateExpired */
LINUX_MIB_XFRMOUTPOLBLOCK, /* XfrmOutPolBlock */
LINUX_MIB_XFRMOUTPOLDEAD, /* XfrmOutPolDead */
LINUX_MIB_XFRMOUTPOLERROR, /* XfrmOutPolError */
LINUX_MIB_XFRMFWDHDRERROR, /* XfrmFwdHdrError*/
LINUX_MIB_XFRMOUTSTATEINVALID, /* XfrmOutStateInvalid */
LINUX_MIB_XFRMACQUIREERROR, /* XfrmAcquireError */
__LINUX_MIB_XFRMMAX
};
#endif /* _LINUX_SNMP_H */

39
libnl/include/linux-private/linux/sock_diag.h Normal file
View file

@ -0,0 +1,39 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __SOCK_DIAG_H__
#define __SOCK_DIAG_H__
#include <linux/types.h>
#define SOCK_DIAG_BY_FAMILY 20
#define SOCK_DESTROY 21
struct sock_diag_req {
__u8 sdiag_family;
__u8 sdiag_protocol;
};
enum {
SK_MEMINFO_RMEM_ALLOC,
SK_MEMINFO_RCVBUF,
SK_MEMINFO_WMEM_ALLOC,
SK_MEMINFO_SNDBUF,
SK_MEMINFO_FWD_ALLOC,
SK_MEMINFO_WMEM_QUEUED,
SK_MEMINFO_OPTMEM,
SK_MEMINFO_BACKLOG,
SK_MEMINFO_DROPS,
SK_MEMINFO_VARS,
};
enum sknetlink_groups {
SKNLGRP_NONE,
SKNLGRP_INET_TCP_DESTROY,
SKNLGRP_INET_UDP_DESTROY,
SKNLGRP_INET6_TCP_DESTROY,
SKNLGRP_INET6_UDP_DESTROY,
__SKNLGRP_MAX,
};
#define SKNLGRP_MAX (__SKNLGRP_MAX - 1)
#endif /* __SOCK_DIAG_H__ */

22
libnl/include/linux-private/linux/socket.h Normal file
View file

@ -0,0 +1,22 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _LINUX_SOCKET_H
#define _LINUX_SOCKET_H
/*
* Desired design of maximum size and alignment (see RFC2553)
*/
#define _K_SS_MAXSIZE 128 /* Implementation specific max size */
#define _K_SS_ALIGNSIZE (__alignof__ (struct sockaddr *))
/* Implementation specific desired alignment */
typedef unsigned short __kernel_sa_family_t;
struct __kernel_sockaddr_storage {
__kernel_sa_family_t ss_family; /* address family */
/* Following field(s) are implementation specific */
char __data[_K_SS_MAXSIZE - sizeof(unsigned short)];
/* space to achieve desired size, */
/* _SS_MAXSIZE value minus size of ss_family */
} __attribute__ ((aligned(_K_SS_ALIGNSIZE))); /* force desired alignment */
#endif /* _LINUX_SOCKET_H */

34
libnl/include/linux-private/linux/tc_act/tc_gact.h Normal file
View file

@ -0,0 +1,34 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_TC_GACT_H
#define __LINUX_TC_GACT_H
#include <linux/types.h>
#include <linux/pkt_cls.h>
#define TCA_ACT_GACT 5
struct tc_gact {
tc_gen;
};
struct tc_gact_p {
#define PGACT_NONE 0
#define PGACT_NETRAND 1
#define PGACT_DETERM 2
#define MAX_RAND (PGACT_DETERM + 1 )
__u16 ptype;
__u16 pval;
int paction;
};
enum {
TCA_GACT_UNSPEC,
TCA_GACT_TM,
TCA_GACT_PARMS,
TCA_GACT_PROB,
TCA_GACT_PAD,
__TCA_GACT_MAX
};
#define TCA_GACT_MAX (__TCA_GACT_MAX - 1)
#endif

29
libnl/include/linux-private/linux/tc_act/tc_mirred.h Normal file
View file

@ -0,0 +1,29 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_TC_MIR_H
#define __LINUX_TC_MIR_H
#include <linux/types.h>
#include <linux/pkt_cls.h>
#define TCA_ACT_MIRRED 8
#define TCA_EGRESS_REDIR 1 /* packet redirect to EGRESS*/
#define TCA_EGRESS_MIRROR 2 /* mirror packet to EGRESS */
#define TCA_INGRESS_REDIR 3 /* packet redirect to INGRESS*/
#define TCA_INGRESS_MIRROR 4 /* mirror packet to INGRESS */
struct tc_mirred {
tc_gen;
int eaction; /* one of IN/EGRESS_MIRROR/REDIR */
__u32 ifindex; /* ifindex of egress port */
};
enum {
TCA_MIRRED_UNSPEC,
TCA_MIRRED_TM,
TCA_MIRRED_PARMS,
TCA_MIRRED_PAD,
__TCA_MIRRED_MAX
};
#define TCA_MIRRED_MAX (__TCA_MIRRED_MAX - 1)
#endif

54
libnl/include/linux-private/linux/tc_act/tc_skbedit.h Normal file
View file

@ -0,0 +1,54 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
/*
* Copyright (c) 2008, Intel Corporation.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307 USA.
*
* Author: Alexander Duyck <alexander.h.duyck@intel.com>
*/
#ifndef __LINUX_TC_SKBEDIT_H
#define __LINUX_TC_SKBEDIT_H
#include <linux/pkt_cls.h>
#define TCA_ACT_SKBEDIT 11
#define SKBEDIT_F_PRIORITY 0x1
#define SKBEDIT_F_QUEUE_MAPPING 0x2
#define SKBEDIT_F_MARK 0x4
#define SKBEDIT_F_PTYPE 0x8
#define SKBEDIT_F_MASK 0x10
#define SKBEDIT_F_INHERITDSFIELD 0x20
struct tc_skbedit {
tc_gen;
};
enum {
TCA_SKBEDIT_UNSPEC,
TCA_SKBEDIT_TM,
TCA_SKBEDIT_PARMS,
TCA_SKBEDIT_PRIORITY,
TCA_SKBEDIT_QUEUE_MAPPING,
TCA_SKBEDIT_MARK,
TCA_SKBEDIT_PAD,
TCA_SKBEDIT_PTYPE,
TCA_SKBEDIT_MASK,
TCA_SKBEDIT_FLAGS,
__TCA_SKBEDIT_MAX
};
#define TCA_SKBEDIT_MAX (__TCA_SKBEDIT_MAX - 1)
#endif

39
libnl/include/linux-private/linux/tc_act/tc_vlan.h Normal file
View file

@ -0,0 +1,39 @@
/* SPDX-License-Identifier: GPL-2.0+ WITH Linux-syscall-note */
/*
* Copyright (c) 2014 Jiri Pirko <jiri@resnulli.us>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*/
#ifndef __LINUX_TC_VLAN_H
#define __LINUX_TC_VLAN_H
#include <linux/pkt_cls.h>
#define TCA_ACT_VLAN 12
#define TCA_VLAN_ACT_POP 1
#define TCA_VLAN_ACT_PUSH 2
#define TCA_VLAN_ACT_MODIFY 3
struct tc_vlan {
tc_gen;
int v_action;
};
enum {
TCA_VLAN_UNSPEC,
TCA_VLAN_TM,
TCA_VLAN_PARMS,
TCA_VLAN_PUSH_VLAN_ID,
TCA_VLAN_PUSH_VLAN_PROTOCOL,
TCA_VLAN_PAD,
TCA_VLAN_PUSH_VLAN_PRIORITY,
__TCA_VLAN_MAX,
};
#define TCA_VLAN_MAX (__TCA_VLAN_MAX - 1)
#endif

93
libnl/include/linux-private/linux/tc_ematch/tc_em_meta.h Normal file
View file

@ -0,0 +1,93 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __LINUX_TC_EM_META_H
#define __LINUX_TC_EM_META_H
#include <linux/types.h>
#include <linux/pkt_cls.h>
enum {
TCA_EM_META_UNSPEC,
TCA_EM_META_HDR,
TCA_EM_META_LVALUE,
TCA_EM_META_RVALUE,
__TCA_EM_META_MAX
};
#define TCA_EM_META_MAX (__TCA_EM_META_MAX - 1)
struct tcf_meta_val {
__u16 kind;
__u8 shift;
__u8 op;
};
#define TCF_META_TYPE_MASK (0xf << 12)
#define TCF_META_TYPE(kind) (((kind) & TCF_META_TYPE_MASK) >> 12)
#define TCF_META_ID_MASK 0x7ff
#define TCF_META_ID(kind) ((kind) & TCF_META_ID_MASK)
enum {
TCF_META_TYPE_VAR,
TCF_META_TYPE_INT,
__TCF_META_TYPE_MAX
};
#define TCF_META_TYPE_MAX (__TCF_META_TYPE_MAX - 1)
enum {
TCF_META_ID_VALUE,
TCF_META_ID_RANDOM,
TCF_META_ID_LOADAVG_0,
TCF_META_ID_LOADAVG_1,
TCF_META_ID_LOADAVG_2,
TCF_META_ID_DEV,
TCF_META_ID_PRIORITY,
TCF_META_ID_PROTOCOL,
TCF_META_ID_PKTTYPE,
TCF_META_ID_PKTLEN,
TCF_META_ID_DATALEN,
TCF_META_ID_MACLEN,
TCF_META_ID_NFMARK,
TCF_META_ID_TCINDEX,
TCF_META_ID_RTCLASSID,
TCF_META_ID_RTIIF,
TCF_META_ID_SK_FAMILY,
TCF_META_ID_SK_STATE,
TCF_META_ID_SK_REUSE,
TCF_META_ID_SK_BOUND_IF,
TCF_META_ID_SK_REFCNT,
TCF_META_ID_SK_SHUTDOWN,
TCF_META_ID_SK_PROTO,
TCF_META_ID_SK_TYPE,
TCF_META_ID_SK_RCVBUF,
TCF_META_ID_SK_RMEM_ALLOC,
TCF_META_ID_SK_WMEM_ALLOC,
TCF_META_ID_SK_OMEM_ALLOC,
TCF_META_ID_SK_WMEM_QUEUED,
TCF_META_ID_SK_RCV_QLEN,
TCF_META_ID_SK_SND_QLEN,
TCF_META_ID_SK_ERR_QLEN,
TCF_META_ID_SK_FORWARD_ALLOCS,
TCF_META_ID_SK_SNDBUF,
TCF_META_ID_SK_ALLOCS,
__TCF_META_ID_SK_ROUTE_CAPS, /* unimplemented but in ABI already */
TCF_META_ID_SK_HASH,
TCF_META_ID_SK_LINGERTIME,
TCF_META_ID_SK_ACK_BACKLOG,
TCF_META_ID_SK_MAX_ACK_BACKLOG,
TCF_META_ID_SK_PRIO,
TCF_META_ID_SK_RCVLOWAT,
TCF_META_ID_SK_RCVTIMEO,
TCF_META_ID_SK_SNDTIMEO,
TCF_META_ID_SK_SENDMSG_OFF,
TCF_META_ID_SK_WRITE_PENDING,
TCF_META_ID_VLAN_TAG,
TCF_META_ID_RXHASH,
__TCF_META_ID_MAX
};
#define TCF_META_ID_MAX (__TCF_META_ID_MAX - 1)
struct tcf_meta_hdr {
struct tcf_meta_val left;
struct tcf_meta_val right;
};
#endif

13
libnl/include/linux-private/linux/veth.h Normal file
View file

@ -0,0 +1,13 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef __NET_VETH_H_
#define __NET_VETH_H_
enum {
VETH_INFO_UNSPEC,
VETH_INFO_PEER,
__VETH_INFO_MAX
#define VETH_INFO_MAX (__VETH_INFO_MAX - 1)
};
#endif

540
libnl/include/linux-private/linux/xfrm.h Normal file
View file

@ -0,0 +1,540 @@
/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _LINUX_XFRM_H
#define _LINUX_XFRM_H
#include <linux/in6.h>
#include <linux/types.h>
/* All of the structures in this file may not change size as they are
* passed into the kernel from userspace via netlink sockets.
*/
/* Structure to encapsulate addresses. I do not want to use
* "standard" structure. My apologies.
*/
typedef union {
__be32 a4;
__be32 a6[4];
struct in6_addr in6;
} xfrm_address_t;
/* Ident of a specific xfrm_state. It is used on input to lookup
* the state by (spi,daddr,ah/esp) or to store information about
* spi, protocol and tunnel address on output.
*/
struct xfrm_id {
xfrm_address_t daddr;
__be32 spi;
__u8 proto;
};
struct xfrm_sec_ctx {
__u8 ctx_doi;
__u8 ctx_alg;
__u16 ctx_len;
__u32 ctx_sid;
char ctx_str[0];
};
/* Security Context Domains of Interpretation */
#define XFRM_SC_DOI_RESERVED 0
#define XFRM_SC_DOI_LSM 1
/* Security Context Algorithms */
#define XFRM_SC_ALG_RESERVED 0
#define XFRM_SC_ALG_SELINUX 1
/* Selector, used as selector both on policy rules (SPD) and SAs. */
struct xfrm_selector {
xfrm_address_t daddr;
xfrm_address_t saddr;
__be16 dport;
__be16 dport_mask;
__be16 sport;
__be16 sport_mask;
__u16 family;
__u8 prefixlen_d;
__u8 prefixlen_s;
__u8 proto;
int ifindex;
__kernel_uid32_t user;
};
#define XFRM_INF (~(__u64)0)
struct xfrm_lifetime_cfg {
__u64 soft_byte_limit;
__u64 hard_byte_limit;
__u64 soft_packet_limit;
__u64 hard_packet_limit;
__u64 soft_add_expires_seconds;
__u64 hard_add_expires_seconds;
__u64 soft_use_expires_seconds;
__u64 hard_use_expires_seconds;
};
struct xfrm_lifetime_cur {
__u64 bytes;
__u64 packets;
__u64 add_time;
__u64 use_time;
};
struct xfrm_replay_state {
__u32 oseq;
__u32 seq;
__u32 bitmap;
};
#define XFRMA_REPLAY_ESN_MAX 4096
struct xfrm_replay_state_esn {
unsigned int bmp_len;
__u32 oseq;
__u32 seq;
__u32 oseq_hi;
__u32 seq_hi;
__u32 replay_window;
__u32 bmp[0];
};
struct xfrm_algo {
char alg_name[64];
unsigned int alg_key_len; /* in bits */
char alg_key[0];
};
struct xfrm_algo_auth {
char alg_name[64];
unsigned int alg_key_len; /* in bits */
unsigned int alg_trunc_len; /* in bits */
char alg_key[0];
};
struct xfrm_algo_aead {
char alg_name[64];
unsigned int alg_key_len; /* in bits */
unsigned int alg_icv_len; /* in bits */
char alg_key[0];
};
struct xfrm_stats {
__u32 replay_window;
__u32 replay;
__u32 integrity_failed;
};
enum {
XFRM_POLICY_TYPE_MAIN = 0,
XFRM_POLICY_TYPE_SUB = 1,
XFRM_POLICY_TYPE_MAX = 2,
XFRM_POLICY_TYPE_ANY = 255
};
enum {
XFRM_POLICY_IN = 0,
XFRM_POLICY_OUT = 1,
XFRM_POLICY_FWD = 2,
XFRM_POLICY_MASK = 3,
XFRM_POLICY_MAX = 3
};
enum {
XFRM_SHARE_ANY, /* No limitations */
XFRM_SHARE_SESSION, /* For this session only */
XFRM_SHARE_USER, /* For this user only */
XFRM_SHARE_UNIQUE /* Use once */
};
#define XFRM_MODE_TRANSPORT 0
#define XFRM_MODE_TUNNEL 1
#define XFRM_MODE_ROUTEOPTIMIZATION 2
#define XFRM_MODE_IN_TRIGGER 3
#define XFRM_MODE_BEET 4
#define XFRM_MODE_MAX 5
/* Netlink configuration messages. */
enum {
XFRM_MSG_BASE = 0x10,
XFRM_MSG_NEWSA = 0x10,
#define XFRM_MSG_NEWSA XFRM_MSG_NEWSA
XFRM_MSG_DELSA,
#define XFRM_MSG_DELSA XFRM_MSG_DELSA
XFRM_MSG_GETSA,
#define XFRM_MSG_GETSA XFRM_MSG_GETSA
XFRM_MSG_NEWPOLICY,
#define XFRM_MSG_NEWPOLICY XFRM_MSG_NEWPOLICY
XFRM_MSG_DELPOLICY,
#define XFRM_MSG_DELPOLICY XFRM_MSG_DELPOLICY
XFRM_MSG_GETPOLICY,
#define XFRM_MSG_GETPOLICY XFRM_MSG_GETPOLICY
XFRM_MSG_ALLOCSPI,
#define XFRM_MSG_ALLOCSPI XFRM_MSG_ALLOCSPI
XFRM_MSG_ACQUIRE,
#define XFRM_MSG_ACQUIRE XFRM_MSG_ACQUIRE
XFRM_MSG_EXPIRE,
#define XFRM_MSG_EXPIRE XFRM_MSG_EXPIRE
XFRM_MSG_UPDPOLICY,
#define XFRM_MSG_UPDPOLICY XFRM_MSG_UPDPOLICY
XFRM_MSG_UPDSA,
#define XFRM_MSG_UPDSA XFRM_MSG_UPDSA
XFRM_MSG_POLEXPIRE,
#define XFRM_MSG_POLEXPIRE XFRM_MSG_POLEXPIRE
XFRM_MSG_FLUSHSA,
#define XFRM_MSG_FLUSHSA XFRM_MSG_FLUSHSA
XFRM_MSG_FLUSHPOLICY,
#define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY
XFRM_MSG_NEWAE,
#define XFRM_MSG_NEWAE XFRM_MSG_NEWAE
XFRM_MSG_GETAE,
#define XFRM_MSG_GETAE XFRM_MSG_GETAE
XFRM_MSG_REPORT,
#define XFRM_MSG_REPORT XFRM_MSG_REPORT
XFRM_MSG_MIGRATE,
#define XFRM_MSG_MIGRATE XFRM_MSG_MIGRATE
XFRM_MSG_NEWSADINFO,
#define XFRM_MSG_NEWSADINFO XFRM_MSG_NEWSADINFO
XFRM_MSG_GETSADINFO,
#define XFRM_MSG_GETSADINFO XFRM_MSG_GETSADINFO
XFRM_MSG_NEWSPDINFO,
#define XFRM_MSG_NEWSPDINFO XFRM_MSG_NEWSPDINFO
XFRM_MSG_GETSPDINFO,
#define XFRM_MSG_GETSPDINFO XFRM_MSG_GETSPDINFO
XFRM_MSG_MAPPING,
#define XFRM_MSG_MAPPING XFRM_MSG_MAPPING
__XFRM_MSG_MAX
};
#define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1)
#define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)
/*
* Generic LSM security context for comunicating to user space
* NOTE: Same format as sadb_x_sec_ctx
*/
struct xfrm_user_sec_ctx {
__u16 len;
__u16 exttype;
__u8 ctx_alg; /* LSMs: e.g., selinux == 1 */
__u8 ctx_doi;
__u16 ctx_len;
};
struct xfrm_user_tmpl {
struct xfrm_id id;
__u16 family;
xfrm_address_t saddr;
__u32 reqid;
__u8 mode;
__u8 share;
__u8 optional;
__u32 aalgos;
__u32 ealgos;
__u32 calgos;
};
struct xfrm_encap_tmpl {
__u16 encap_type;
__be16 encap_sport;
__be16 encap_dport;
xfrm_address_t encap_oa;
};
/* AEVENT flags */
enum xfrm_ae_ftype_t {
XFRM_AE_UNSPEC,
XFRM_AE_RTHR=1, /* replay threshold*/
XFRM_AE_RVAL=2, /* replay value */
XFRM_AE_LVAL=4, /* lifetime value */
XFRM_AE_ETHR=8, /* expiry timer threshold */
XFRM_AE_CR=16, /* Event cause is replay update */
XFRM_AE_CE=32, /* Event cause is timer expiry */
XFRM_AE_CU=64, /* Event cause is policy update */
__XFRM_AE_MAX
#define XFRM_AE_MAX (__XFRM_AE_MAX - 1)
};
struct xfrm_userpolicy_type {
__u8 type;
__u16 reserved1;
__u8 reserved2;
};
/* Netlink message attributes. */
enum xfrm_attr_type_t {
XFRMA_UNSPEC,
XFRMA_ALG_AUTH, /* struct xfrm_algo */
XFRMA_ALG_CRYPT, /* struct xfrm_algo */
XFRMA_ALG_COMP, /* struct xfrm_algo */
XFRMA_ENCAP, /* struct xfrm_algo + struct xfrm_encap_tmpl */
XFRMA_TMPL, /* 1 or more struct xfrm_user_tmpl */
XFRMA_SA, /* struct xfrm_usersa_info */
XFRMA_POLICY, /*struct xfrm_userpolicy_info */
XFRMA_SEC_CTX, /* struct xfrm_sec_ctx */
XFRMA_LTIME_VAL,
XFRMA_REPLAY_VAL,
XFRMA_REPLAY_THRESH,
XFRMA_ETIMER_THRESH,
XFRMA_SRCADDR, /* xfrm_address_t */
XFRMA_COADDR, /* xfrm_address_t */
XFRMA_LASTUSED, /* unsigned long */
XFRMA_POLICY_TYPE, /* struct xfrm_userpolicy_type */
XFRMA_MIGRATE,
XFRMA_ALG_AEAD, /* struct xfrm_algo_aead */
XFRMA_KMADDRESS, /* struct xfrm_user_kmaddress */
XFRMA_ALG_AUTH_TRUNC, /* struct xfrm_algo_auth */
XFRMA_MARK, /* struct xfrm_mark */
XFRMA_TFCPAD, /* __u32 */
XFRMA_REPLAY_ESN_VAL, /* struct xfrm_replay_state_esn */
XFRMA_SA_EXTRA_FLAGS, /* __u32 */
XFRMA_PROTO, /* __u8 */
XFRMA_ADDRESS_FILTER, /* struct xfrm_address_filter */
XFRMA_PAD,
XFRMA_OFFLOAD_DEV, /* struct xfrm_state_offload */
XFRMA_SET_MARK, /* __u32 */
XFRMA_SET_MARK_MASK, /* __u32 */
XFRMA_IF_ID, /* __u32 */
__XFRMA_MAX
#define XFRMA_OUTPUT_MARK XFRMA_SET_MARK /* Compatibility */
#define XFRMA_MAX (__XFRMA_MAX - 1)
};
struct xfrm_mark {
__u32 v; /* value */
__u32 m; /* mask */
};
enum xfrm_sadattr_type_t {
XFRMA_SAD_UNSPEC,
XFRMA_SAD_CNT,
XFRMA_SAD_HINFO,
__XFRMA_SAD_MAX
#define XFRMA_SAD_MAX (__XFRMA_SAD_MAX - 1)
};
struct xfrmu_sadhinfo {
__u32 sadhcnt; /* current hash bkts */
__u32 sadhmcnt; /* max allowed hash bkts */
};
enum xfrm_spdattr_type_t {
XFRMA_SPD_UNSPEC,
XFRMA_SPD_INFO,
XFRMA_SPD_HINFO,
XFRMA_SPD_IPV4_HTHRESH,
XFRMA_SPD_IPV6_HTHRESH,
__XFRMA_SPD_MAX
#define XFRMA_SPD_MAX (__XFRMA_SPD_MAX - 1)
};
struct xfrmu_spdinfo {
__u32 incnt;
__u32 outcnt;
__u32 fwdcnt;
__u32 inscnt;
__u32 outscnt;
__u32 fwdscnt;
};
struct xfrmu_spdhinfo {
__u32 spdhcnt;
__u32 spdhmcnt;
};
struct xfrmu_spdhthresh {
__u8 lbits;
__u8 rbits;
};
struct xfrm_usersa_info {
struct xfrm_selector sel;
struct xfrm_id id;
xfrm_address_t saddr;
struct xfrm_lifetime_cfg lft;
struct xfrm_lifetime_cur curlft;
struct xfrm_stats stats;
__u32 seq;
__u32 reqid;
__u16 family;
__u8 mode; /* XFRM_MODE_xxx */
__u8 replay_window;
__u8 flags;
#define XFRM_STATE_NOECN 1
#define XFRM_STATE_DECAP_DSCP 2
#define XFRM_STATE_NOPMTUDISC 4
#define XFRM_STATE_WILDRECV 8
#define XFRM_STATE_ICMP 16
#define XFRM_STATE_AF_UNSPEC 32
#define XFRM_STATE_ALIGN4 64
#define XFRM_STATE_ESN 128
};
#define XFRM_SA_XFLAG_DONT_ENCAP_DSCP 1
struct xfrm_usersa_id {
xfrm_address_t daddr;
__be32 spi;
__u16 family;
__u8 proto;
};
struct xfrm_aevent_id {
struct xfrm_usersa_id sa_id;
xfrm_address_t saddr;
__u32 flags;
__u32 reqid;
};
struct xfrm_userspi_info {
struct xfrm_usersa_info info;
__u32 min;
__u32 max;
};
struct xfrm_userpolicy_info {
struct xfrm_selector sel;
struct xfrm_lifetime_cfg lft;
struct xfrm_lifetime_cur curlft;
__u32 priority;
__u32 index;
__u8 dir;
__u8 action;
#define XFRM_POLICY_ALLOW 0
#define XFRM_POLICY_BLOCK 1
__u8 flags;
#define XFRM_POLICY_LOCALOK 1 /* Allow user to override global policy */
/* Automatically expand selector to include matching ICMP payloads. */
#define XFRM_POLICY_ICMP 2
__u8 share;
};
struct xfrm_userpolicy_id {
struct xfrm_selector sel;
__u32 index;
__u8 dir;
};
struct xfrm_user_acquire {
struct xfrm_id id;
xfrm_address_t saddr;
struct xfrm_selector sel;
struct xfrm_userpolicy_info policy;
__u32 aalgos;
__u32 ealgos;
__u32 calgos;
__u32 seq;
};
struct xfrm_user_expire {
struct xfrm_usersa_info state;
__u8 hard;
};
struct xfrm_user_polexpire {
struct xfrm_userpolicy_info pol;
__u8 hard;
};
struct xfrm_usersa_flush {
__u8 proto;
};
struct xfrm_user_report {
__u8 proto;
struct xfrm_selector sel;
};
/* Used by MIGRATE to pass addresses IKE should use to perform
* SA negotiation with the peer */
struct xfrm_user_kmaddress {
xfrm_address_t local;
xfrm_address_t remote;
__u32 reserved;
__u16 family;
};
struct xfrm_user_migrate {
xfrm_address_t old_daddr;
xfrm_address_t old_saddr;
xfrm_address_t new_daddr;
xfrm_address_t new_saddr;
__u8 proto;
__u8 mode;
__u16 reserved;
__u32 reqid;
__u16 old_family;
__u16 new_family;
};
struct xfrm_user_mapping {
struct xfrm_usersa_id id;
__u32 reqid;
xfrm_address_t old_saddr;
xfrm_address_t new_saddr;
__be16 old_sport;
__be16 new_sport;
};
struct xfrm_address_filter {
xfrm_address_t saddr;
xfrm_address_t daddr;
__u16 family;
__u8 splen;
__u8 dplen;
};
struct xfrm_user_offload {
int ifindex;
__u8 flags;
};
#define XFRM_OFFLOAD_IPV6 1
#define XFRM_OFFLOAD_INBOUND 2
/* backwards compatibility for userspace */
#define XFRMGRP_ACQUIRE 1
#define XFRMGRP_EXPIRE 2
#define XFRMGRP_SA 4
#define XFRMGRP_POLICY 8
#define XFRMGRP_REPORT 0x20
enum xfrm_nlgroups {
XFRMNLGRP_NONE,
#define XFRMNLGRP_NONE XFRMNLGRP_NONE
XFRMNLGRP_ACQUIRE,
#define XFRMNLGRP_ACQUIRE XFRMNLGRP_ACQUIRE
XFRMNLGRP_EXPIRE,
#define XFRMNLGRP_EXPIRE XFRMNLGRP_EXPIRE
XFRMNLGRP_SA,
#define XFRMNLGRP_SA XFRMNLGRP_SA
XFRMNLGRP_POLICY,
#define XFRMNLGRP_POLICY XFRMNLGRP_POLICY
XFRMNLGRP_AEVENTS,
#define XFRMNLGRP_AEVENTS XFRMNLGRP_AEVENTS
XFRMNLGRP_REPORT,
#define XFRMNLGRP_REPORT XFRMNLGRP_REPORT
XFRMNLGRP_MIGRATE,
#define XFRMNLGRP_MIGRATE XFRMNLGRP_MIGRATE
XFRMNLGRP_MAPPING,
#define XFRMNLGRP_MAPPING XFRMNLGRP_MAPPING
__XFRMNLGRP_MAX
};
#define XFRMNLGRP_MAX (__XFRMNLGRP_MAX - 1)
#endif /* _LINUX_XFRM_H */

265
libnl/include/netlink-private/cache-api.h Normal file
View file

@ -0,0 +1,265 @@
/* SPDX-License-Identifier: LGPL-2.1-only */
/*
* Copyright (c) 2003-2013 Thomas Graf <tgraf@suug.ch>
*/
#ifndef NETLINK_CACHE_API_H_
#define NETLINK_CACHE_API_H_
#include <netlink/netlink.h>
#include <netlink/cache.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @ingroup cache
* @defgroup cache_api Cache Implementation
* @brief
*
* @par 1) Cache Definition
* @code
* struct nl_cache_ops my_cache_ops = {
* .co_name = "route/link",
* .co_protocol = NETLINK_ROUTE,
* .co_hdrsize = sizeof(struct ifinfomsg),
* .co_obj_ops = &my_obj_ops,
* };
* @endcode
*
* @par 2)
* @code
* // The simplest way to fill a cache is by providing a request-update
* // function which must trigger a complete dump on the kernel-side of
* // whatever the cache covers.
* static int my_request_update(struct nl_cache *cache,
* struct nl_sock *socket)
* {
* // In this example, we request a full dump of the interface table
* return nl_rtgen_request(socket, RTM_GETLINK, AF_UNSPEC, NLM_F_DUMP);
* }
*
* // The resulting netlink messages sent back will be fed into a message
* // parser one at a time. The message parser has to extract all relevant
* // information from the message and create an object reflecting the
* // contents of the message and pass it on to the parser callback function
* // provide which will add the object to the cache.
* static int my_msg_parser(struct nl_cache_ops *ops, struct sockaddr_nl *who,
* struct nlmsghdr *nlh, struct nl_parser_param *pp)
* {
* struct my_obj *obj;
*
* obj = my_obj_alloc();
* obj->ce_msgtype = nlh->nlmsg_type;
*
* // Parse the netlink message and continue creating the object.
*
* err = pp->pp_cb((struct nl_object *) obj, pp);
* if (err < 0)
* goto errout;
* }
*
* struct nl_cache_ops my_cache_ops = {
* ...
* .co_request_update = my_request_update,
* .co_msg_parser = my_msg_parser,
* };
* @endcode
*
* @par 3) Notification based Updates
* @code
* // Caches can be kept up-to-date based on notifications if the kernel
* // sends out notifications whenever an object is added/removed/changed.
* //
* // It is trivial to support this, first a list of groups needs to be
* // defined which are required to join in order to receive all necessary
* // notifications. The groups are separated by address family to support
* // the common situation where a separate group is used for each address
* // family. If there is only one group, simply specify AF_UNSPEC.
* static struct nl_af_group addr_groups[] = {
* { AF_INET, RTNLGRP_IPV4_IFADDR },
* { AF_INET6, RTNLGRP_IPV6_IFADDR },
* { END_OF_GROUP_LIST },
* };
*
* // In order for the caching system to know the meaning of each message
* // type it requires a table which maps each supported message type to
* // a cache action, e.g. RTM_NEWADDR means address has been added or
* // updated, RTM_DELADDR means address has been removed.
* static struct nl_cache_ops rtnl_addr_ops = {
* ...
* .co_msgtypes = {
* { RTM_NEWADDR, NL_ACT_NEW, "new" },
* { RTM_DELADDR, NL_ACT_DEL, "del" },
* { RTM_GETADDR, NL_ACT_GET, "get" },
* END_OF_MSGTYPES_LIST,
* },
* .co_groups = addr_groups,
* };
*
* // It is now possible to keep the cache up-to-date using the cache manager.
* @endcode
* @{
*/
#define END_OF_MSGTYPES_LIST { -1, -1, NULL }
/**
* Message type to cache action association
*/
struct nl_msgtype
{
/** Netlink message type */
int mt_id;
/** Cache action to take */
int mt_act;
/** Name of operation for human-readable printing */
char * mt_name;
};
/**
* Address family to netlink group association
*/
struct nl_af_group
{
/** Address family */
int ag_family;
/** Netlink group identifier */
int ag_group;
};
#define END_OF_GROUP_LIST AF_UNSPEC, 0
/**
* Parser parameters
*
* This structure is used to configure what kind of parser to use
* when parsing netlink messages to create objects.
*/
struct nl_parser_param
{
/** Function to parse netlink messages into objects */
int (*pp_cb)(struct nl_object *, struct nl_parser_param *);
/** Arbitary argument to be passed to the parser */
void * pp_arg;
};
/**
* Cache Operations
*
* This structure defines the characterstics of a cache type. It contains
* pointers to functions which implement the specifics of the object type
* the cache can hold.
*/
struct nl_cache_ops
{
/** Name of cache type (must be unique) */
char * co_name;
/** Size of family specific netlink header */
int co_hdrsize;
/** Netlink protocol */
int co_protocol;
/** cache object hash size **/
int co_hash_size;
/** cache flags */
unsigned int co_flags;
/** Reference counter */
unsigned int co_refcnt;
/** Group definition */
struct nl_af_group * co_groups;
/**
* Called whenever an update of the cache is required. Must send
* a request message to the kernel requesting a complete dump.
*/
int (*co_request_update)(struct nl_cache *, struct nl_sock *);
/**
* Called whenever a message was received that needs to be parsed.
* Must parse the message and call the paser callback function
* (nl_parser_param) provided via the argument.
*/
int (*co_msg_parser)(struct nl_cache_ops *, struct sockaddr_nl *,
struct nlmsghdr *, struct nl_parser_param *);
/**
* The function registered under this callback is called after a
* netlink notification associated with this cache type has been
* parsed into an object and is being considered for inclusio into
* the specified cache.
*
* The purpose of this function is to filter out notifications
* which should be ignored when updating caches.
*
* The function must return NL_SKIP to prevent the object from
* being included, or NL_OK to include it.
*
* @code
* int my_filter(struct nl_cache *cache, struct nl_object *obj)
* {
* if (reason_to_not_include_obj(obj))
* return NL_SKIP;
*
* return NL_OK;
* }
* @endcode
*/
int (*co_event_filter)(struct nl_cache *, struct nl_object *obj);
/**
* The function registered under this callback is called when an
* object formed from a notification event needs to be included in
* a cache.
*
* For each modified object, the change callback \c change_cb must
* be called with the \c data argument provided.
*
* If no function is registered, the function nl_cache_include()
* will be used for this purpose.
*
* @see nl_cache_include()
*/
int (*co_include_event)(struct nl_cache *cache, struct nl_object *obj,
change_func_t change_cb, change_func_v2_t change_cb_v2,
void *data);
void (*reserved_1)(void);
void (*reserved_2)(void);
void (*reserved_3)(void);
void (*reserved_4)(void);
void (*reserved_5)(void);
void (*reserved_6)(void);
void (*reserved_7)(void);
void (*reserved_8)(void);
/** Object operations */
struct nl_object_ops * co_obj_ops;
/** Internal, do not touch! */
struct nl_cache_ops *co_next;
struct nl_cache *co_major_cache;
struct genl_ops * co_genl;
/* Message type definition */
struct nl_msgtype co_msgtypes[];
};
/** @} */
#ifdef __cplusplus
}
#endif
#endif

16
libnl/include/netlink-private/genl.h Normal file
View file

@ -0,0 +1,16 @@
/* SPDX-License-Identifier: LGPL-2.1-only */
/*
* Copyright (c) 2003-2013 Thomas Graf <tgraf@suug.ch>
*/
#ifndef NETLINK_GENL_PRIV_H_
#define NETLINK_GENL_PRIV_H_
#include <netlink-private/netlink.h>
#include <netlink/netlink.h>
#define GENL_HDRSIZE(hdrlen) (GENL_HDRLEN + (hdrlen))
extern int genl_resolve_id(struct genl_ops *ops);
#endif

281
libnl/include/netlink-private/netlink.h Normal file
View file

@ -0,0 +1,281 @@
/* SPDX-License-Identifier: LGPL-2.1-only */
/*
* Copyright (c) 2003-2013 Thomas Graf <tgraf@suug.ch>
*/
#ifndef NETLINK_LOCAL_H_
#define NETLINK_LOCAL_H_
#include <stdio.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <fcntl.h>
#include <time.h>
#include <stdarg.h>
#include <ctype.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <inttypes.h>
#include <assert.h>
#include <limits.h>
#include <search.h>
#include <arpa/inet.h>
#include <netdb.h>
#ifndef SOL_NETLINK
#define SOL_NETLINK 270
#endif
#include <linux/types.h>
/* local header copies */
#include <linux/if.h>
#include <linux/if_arp.h>
#include <linux/if_ether.h>
#include <linux/ethtool.h>
#include <linux/pkt_sched.h>
#include <linux/pkt_cls.h>
#include <linux/gen_stats.h>
#include <linux/atm.h>
#include <linux/ip.h>
#include <linux/ipv6.h>
#include <linux/snmp.h>
#include <linux/xfrm.h>
#ifndef DISABLE_PTHREADS
#include <pthread.h>
#endif
#include <netlink/netlink.h>
#include <netlink/handlers.h>
#include <netlink/cache.h>
#include <netlink/route/tc.h>
#include <netlink-private/object-api.h>
#include <netlink-private/cache-api.h>
#include <netlink-private/types.h>
#define NSEC_PER_SEC 1000000000L
struct trans_tbl {
uint64_t i;
const char *a;
};
#define __ADD(id, name) { .i = id, .a = #name }
struct trans_list {
int i;
char *a;
struct nl_list_head list;
};
#ifdef NL_DEBUG
#define NL_DBG(LVL,FMT,ARG...) \
do { \
if (LVL <= nl_debug) { \
int _errsv = errno; \
fprintf(stderr, \
"DBG<" #LVL ">%20s:%-4u %s: " FMT, \
__FILE__, __LINE__, \
__func__, ##ARG); \
errno = _errsv; \
} \
} while (0)
#else /* NL_DEBUG */
#define NL_DBG(LVL,FMT,ARG...) do { } while(0)
#endif /* NL_DEBUG */
#define BUG() \
do { \
fprintf(stderr, "BUG at file position %s:%d:%s\n", \
__FILE__, __LINE__, __func__); \
assert(0); \
} while (0)
#define BUG_ON(condition) \
do { \
if (condition) \
BUG(); \
} while (0)
#define APPBUG(msg) \
do { \
fprintf(stderr, "APPLICATION BUG: %s:%d:%s: %s\n", \
__FILE__, __LINE__, __func__, msg); \
assert(0); \
} while(0)
extern int __nl_read_num_str_file(const char *path,
int (*cb)(long, const char *));
extern int __trans_list_add(int, const char *, struct nl_list_head *);
extern void __trans_list_clear(struct nl_list_head *);
extern char *__type2str(int, char *, size_t, const struct trans_tbl *, size_t);
extern int __str2type(const char *, const struct trans_tbl *, size_t);
extern char *__list_type2str(int, char *, size_t, struct nl_list_head *);
extern int __list_str2type(const char *, struct nl_list_head *);
extern char *__flags2str(int, char *, size_t, const struct trans_tbl *, size_t);
extern int __str2flags(const char *, const struct trans_tbl *, size_t);
extern void dump_from_ops(struct nl_object *, struct nl_dump_params *);
extern struct rtnl_link *link_lookup(struct nl_cache *cache, int ifindex);
static inline int nl_cb_call(struct nl_cb *cb, enum nl_cb_type type, struct nl_msg *msg)
{
int ret;
cb->cb_active = type;
ret = cb->cb_set[type](msg, cb->cb_args[type]);
cb->cb_active = __NL_CB_TYPE_MAX;
return ret;
}
#define ARRAY_SIZE(X) (sizeof(X) / sizeof((X)[0]))
/* This is also defined in stddef.h */
#ifndef offsetof
#define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
#endif
#define __init __attribute__ ((constructor))
#define __exit __attribute__ ((destructor))
#undef __deprecated
#define __deprecated __attribute__ ((deprecated))
#define min(x,y) ({ \
__typeof__(x) _x = (x); \
__typeof__(y) _y = (y); \
(void) (&_x == &_y); \
_x < _y ? _x : _y; })
#define max(x,y) ({ \
__typeof__(x) _x = (x); \
__typeof__(y) _y = (y); \
(void) (&_x == &_y); \
_x > _y ? _x : _y; })
#define min_t(type,x,y) \
({ type __x = (x); type __y = (y); __x < __y ? __x: __y; })
#define max_t(type,x,y) \
({ type __x = (x); type __y = (y); __x > __y ? __x: __y; })
extern int nl_cache_parse(struct nl_cache_ops *, struct sockaddr_nl *,
struct nlmsghdr *, struct nl_parser_param *);
static inline void rtnl_copy_ratespec(struct rtnl_ratespec *dst,
struct tc_ratespec *src)
{
dst->rs_cell_log = src->cell_log;
dst->rs_overhead = src->overhead;
dst->rs_cell_align = src->cell_align;
dst->rs_mpu = src->mpu;
dst->rs_rate64 = src->rate;
}
static inline void rtnl_rcopy_ratespec(struct tc_ratespec *dst,
struct rtnl_ratespec *src)
{
dst->cell_log = src->rs_cell_log;
dst->overhead = src->rs_overhead;
dst->cell_align = src->rs_cell_align;
dst->mpu = src->rs_mpu;
dst->rate = src->rs_rate64 > 0xFFFFFFFFull ? 0xFFFFFFFFull : (uint32_t) src->rs_rate64;
}
static inline const char *nl_cache_name(struct nl_cache *cache)
{
return cache->c_ops ? cache->c_ops->co_name : "unknown";
}
#define GENL_FAMILY(id, name) \
{ \
{ id, NL_ACT_UNSPEC, name }, \
END_OF_MSGTYPES_LIST, \
}
static inline int wait_for_ack(struct nl_sock *sk)
{
if (sk->s_flags & NL_NO_AUTO_ACK)
return 0;
else
return nl_wait_for_ack(sk);
}
static inline int build_sysconf_path(char **strp, const char *filename)
{
char *sysconfdir;
sysconfdir = getenv("NLSYSCONFDIR");
if (!sysconfdir)
sysconfdir = "/etc";
return asprintf(strp, "%s/%s", sysconfdir, filename);
}
#ifndef DISABLE_PTHREADS
#define NL_LOCK(NAME) pthread_mutex_t (NAME) = PTHREAD_MUTEX_INITIALIZER
#define NL_RW_LOCK(NAME) pthread_rwlock_t (NAME) = PTHREAD_RWLOCK_INITIALIZER
static inline void nl_lock(pthread_mutex_t *lock)
{
pthread_mutex_lock(lock);
}
static inline void nl_unlock(pthread_mutex_t *lock)
{
pthread_mutex_unlock(lock);
}
static inline void nl_read_lock(pthread_rwlock_t *lock)
{
pthread_rwlock_rdlock(lock);
}
static inline void nl_read_unlock(pthread_rwlock_t *lock)
{
pthread_rwlock_unlock(lock);
}
static inline void nl_write_lock(pthread_rwlock_t *lock)
{
pthread_rwlock_wrlock(lock);
}
static inline void nl_write_unlock(pthread_rwlock_t *lock)
{
pthread_rwlock_unlock(lock);
}
#else
#define NL_LOCK(NAME) int __unused_lock_ ##NAME __attribute__((unused))
#define NL_RW_LOCK(NAME) int __unused_lock_ ##NAME __attribute__((unused))
#define nl_lock(LOCK) do { } while(0)
#define nl_unlock(LOCK) do { } while(0)
#define nl_read_lock(LOCK) do { } while(0)
#define nl_read_unlock(LOCK) do { } while(0)
#define nl_write_lock(LOCK) do { } while(0)
#define nl_write_unlock(LOCK) do { } while(0)
#endif
static inline int rtnl_tc_calc_txtime64(int bufsize, uint64_t rate)
{
return ((double) bufsize / (double) rate) * 1000000.0;
}
static inline int rtnl_tc_calc_bufsize64(int txtime, uint64_t rate)
{
return ((double) txtime * (double) rate) / 1000000.0;
}
#endif

62
libnl/include/netlink-private/nl-auto.h Normal file
View file

@ -0,0 +1,62 @@
/* SPDX-License-Identifier: LGPL-2.1-only */
#ifndef NETLINK_NL_AUTO_H_
#define NETLINK_NL_AUTO_H_
#include <stdlib.h>
#define _nl_auto(fcn) __attribute__ ((__cleanup__(fcn)))
#define _NL_AUTO_DEFINE_FCN_VOID0(CastType, name, func) \
static inline void name(void *v) \
{ \
if (*((CastType *) v)) \
func(*((CastType *) v)); \
}
#define _NL_AUTO_DEFINE_FCN_TYPED0(CastType, name, func) \
static inline void name(CastType *v) \
{ \
if (*v) \
func(*v); \
}
#define _nl_auto_free _nl_auto(_nl_auto_free_fcn)
_NL_AUTO_DEFINE_FCN_VOID0(void *, _nl_auto_free_fcn, free)
struct nl_addr;
void nl_addr_put(struct nl_addr *);
#define _nl_auto_nl_addr _nl_auto(_nl_auto_nl_addr_fcn)
_NL_AUTO_DEFINE_FCN_TYPED0(struct nl_addr *, _nl_auto_nl_addr_fcn, nl_addr_put)
struct nl_msg;
void nlmsg_free(struct nl_msg *);
#define _nl_auto_nl_msg _nl_auto(_nl_auto_nl_msg_fcn)
_NL_AUTO_DEFINE_FCN_TYPED0(struct nl_msg *, _nl_auto_nl_msg_fcn, nlmsg_free)
struct rtnl_link;
void rtnl_link_put(struct rtnl_link *);
#define _nl_auto_rtnl_link _nl_auto(_nl_auto_rtnl_link_fcn)
_NL_AUTO_DEFINE_FCN_TYPED0(struct rtnl_link *, _nl_auto_rtnl_link_fcn, rtnl_link_put)
struct rtnl_route;
void rtnl_route_put(struct rtnl_route *);
#define _nl_auto_rtnl_route _nl_auto(_nl_auto_rtnl_route_fcn)
_NL_AUTO_DEFINE_FCN_TYPED0(struct rtnl_route *, _nl_auto_rtnl_route_fcn, rtnl_route_put)
struct rtnl_nexthop;
void rtnl_route_nh_free(struct rtnl_nexthop *);
#define _nl_auto_rtnl_nexthop _nl_auto(_nl_auto_rtnl_nexthop_fcn)
_NL_AUTO_DEFINE_FCN_TYPED0(struct rtnl_nexthop *, _nl_auto_rtnl_nexthop_fcn, rtnl_route_nh_free)
struct nl_cache;
void nl_cache_put(struct nl_cache *);
#define _nl_auto_nl_cache _nl_auto(_nl_auto_nl_cache_fcn)
_NL_AUTO_DEFINE_FCN_TYPED0(struct nl_cache *, _nl_auto_nl_cache_fcn, nl_cache_put)
struct rtnl_link_af_ops;
void rtnl_link_af_ops_put(struct rtnl_link_af_ops *);
#define _nl_auto_rtnl_link_af_ops _nl_auto(_nl_auto_rtnl_link_af_ops_fcn)
_NL_AUTO_DEFINE_FCN_TYPED0(struct rtnl_link_af_ops *, _nl_auto_rtnl_link_af_ops_fcn, rtnl_link_af_ops_put)
#endif /* NETLINK_NL_AUTO_H_ */

372
libnl/include/netlink-private/object-api.h Normal file
View file

@ -0,0 +1,372 @@
/* SPDX-License-Identifier: LGPL-2.1-only */
/*
* Copyright (c) 2003-2013 Thomas Graf <tgraf@suug.ch>
*/
#ifndef NETLINK_OBJECT_API_H_
#define NETLINK_OBJECT_API_H_
#include <netlink/netlink.h>
#include <netlink/utils.h>
#include <netlink/object.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @ingroup object
* @defgroup object_api Object API
* @brief
*
* @par 1) Object Definition
* @code
* // Define your object starting with the common object header
* struct my_obj {
* NLHDR_COMMON
* int my_data;
* };
*
* // Fill out the object operations structure
* struct nl_object_ops my_ops = {
* .oo_name = "my_obj",
* .oo_size = sizeof(struct my_obj),
* };
*
* // At this point the object can be allocated, you may want to provide a
* // separate _alloc() function to ease allocting objects of this kind.
* struct nl_object *obj = nl_object_alloc(&my_ops);
*
* // And release it again...
* nl_object_put(obj);
* @endcode
*
* @par 2) Allocating additional data
* @code
* // You may require to allocate additional data and store it inside
* // object, f.e. assuming there is a field `ptr'.
* struct my_obj {
* NLHDR_COMMON
* void * ptr;
* };
*
* // And at some point you may assign allocated data to this field:
* my_obj->ptr = calloc(1, ...);
*
* // In order to not introduce any memory leaks you have to release
* // this data again when the last reference is given back.
* static void my_obj_free_data(struct nl_object *obj)
* {
* struct my_obj *my_obj = nl_object_priv(obj);
*
* free(my_obj->ptr);
* }
*
* // Also when the object is cloned, you must ensure for your pointer
* // stay valid even if one of the clones is freed by either making
* // a clone as well or increase the reference count.
* static int my_obj_clone(struct nl_object *src, struct nl_object *dst)
* {
* struct my_obj *my_src = nl_object_priv(src);
* struct my_obj *my_dst = nl_object_priv(dst);
*
* if (src->ptr) {
* dst->ptr = calloc(1, ...);
* memcpy(dst->ptr, src->ptr, ...);
* }
* }
*
* struct nl_object_ops my_ops = {
* ...
* .oo_free_data = my_obj_free_data,
* .oo_clone = my_obj_clone,
* };
* @endcode
*
* @par 3) Object Dumping
* @code
* static int my_obj_dump_detailed(struct nl_object *obj,
* struct nl_dump_params *params)
* {
* struct my_obj *my_obj = nl_object_priv(obj);
*
* // It is absolutely essential to use nl_dump() when printing
* // any text to make sure the dumping parameters are respected.
* nl_dump(params, "Obj Integer: %d\n", my_obj->my_int);
*
* // Before we can dump the next line, make sure to prefix
* // this line correctly.
* nl_new_line(params);
*
* // You may also split a line into multiple nl_dump() calls.
* nl_dump(params, "String: %s ", my_obj->my_string);
* nl_dump(params, "String-2: %s\n", my_obj->another_string);
* }
*
* struct nl_object_ops my_ops = {
* ...
* .oo_dump[NL_DUMP_FULL] = my_obj_dump_detailed,
* };
* @endcode
*
* @par 4) Object Attributes
* @code
* // The concept of object attributes is optional but can ease the typical
* // case of objects that have optional attributes, e.g. a route may have a
* // nexthop assigned but it is not required to.
*
* // The first step to define your object specific bitmask listing all
* // attributes
* #define MY_ATTR_FOO (1<<0)
* #define MY_ATTR_BAR (1<<1)
*
* // Bit 31 for attributes is reserved for 32-bit API.
*
* // When assigning an optional attribute to the object, make sure
* // to mark its availability.
* my_obj->foo = 123123;
* my_obj->ce_mask |= MY_ATTR_FOO;
*
* // At any time you may use this mask to check for the availability
* // of the attribute, e.g. while dumping
* if (my_obj->ce_mask & MY_ATTR_FOO)
* nl_dump(params, "foo %d ", my_obj->foo);
*
* // One of the big advantages of this concept is that it allows for
* // standardized comparisons which make it trivial for caches to
* // identify unique objects by use of unified comparison functions.
* // In order for it to work, your object implementation must provide
* // a comparison function and define a list of attributes which
* // combined together make an object unique.
*
* static int my_obj_compare(struct nl_object *_a, struct nl_object *_b,
* uint32_t attrs, int flags)
* {
* struct my_obj *a = nl_object_priv(_a):
* struct my_obj *b = nl_object_priv(_b):
* int diff = 0;
*
* // We help ourselves in defining our own DIFF macro which will
* // call ATTR_DIFF() on both objects which will make sure to only
* // compare the attributes if required.
* #define MY_DIFF(ATTR, EXPR) ATTR_DIFF(attrs, MY_ATTR_##ATTR, a, b, EXPR)
*
* // Call our own diff macro for each attribute to build a bitmask
* // representing the attributes which mismatch.
* diff |= MY_DIFF(FOO, a->foo != b->foo)
* diff |= MY_DIFF(BAR, strcmp(a->bar, b->bar))
*
* return diff;
* }
*
* // In order to identify identical objects with differing attributes
* // you must specify the attributes required to uniquely identify
* // your object. Make sure to not include too many attributes, this
* // list is used when caches look for an old version of an object.
* struct nl_object_ops my_ops = {
* ...
* .oo_id_attrs = MY_ATTR_FOO,
* .oo_compare = my_obj_compare,
* };
* @endcode
* @{
*/
/**
* Common Object Header
*
* This macro must be included as first member in every object
* definition to allow objects to be cached.
*/
#define NLHDR_COMMON \
int ce_refcnt; \
struct nl_object_ops * ce_ops; \
struct nl_cache * ce_cache; \
struct nl_list_head ce_list; \
int ce_msgtype; \
int ce_flags; \
uint64_t ce_mask;
struct nl_object
{
NLHDR_COMMON
};
/**
* Return true if attribute is available in both objects
* @arg A an object
* @arg B another object
* @arg ATTR attribute bit
*
* @return True if the attribute is available, otherwise false is returned.
*/
#define AVAILABLE(A, B, ATTR) (((A)->ce_mask & (B)->ce_mask) & (ATTR))
/**
* Return true if attribute is available in only one of both objects
* @arg A an object
* @arg B another object
* @arg ATTR attribute bit
*
* @return True if the attribute is available in only one of both objects,
* otherwise false is returned.
*/
#define AVAILABLE_MISMATCH(A, B, ATTR) (((A)->ce_mask ^ (B)->ce_mask) & (ATTR))
/**
* Return true if attributes mismatch
* @arg A an object
* @arg B another object
* @arg ATTR attribute bit
* @arg EXPR Comparison expression
*
* This function will check if the attribute in question is available
* in both objects, if not this will count as a mismatch.
*
* If available the function will execute the expression which must
* return true if the attributes mismatch.
*
* @return True if the attribute mismatch, or false if they match.
*/
#define ATTR_MISMATCH(A, B, ATTR, EXPR) (AVAILABLE_MISMATCH(A, B, ATTR) || \
(AVAILABLE(A, B, ATTR) && (EXPR)))
/**
* Return attribute bit if attribute does not match
* @arg LIST list of attributes to be compared
* @arg ATTR attribute bit
* @arg A an object
* @arg B another object
* @arg EXPR Comparison expression
*
* This function will check if the attribute in question is available
* in both objects, if not this will count as a mismatch.
*
* If available the function will execute the expression which must
* return true if the attributes mismatch.
*
* In case the attributes mismatch, the attribute is returned, otherwise
* 0 is returned.
*
* @code
* diff |= ATTR_DIFF(attrs, MY_ATTR_FOO, a, b, a->foo != b->foo);
* @endcode
*/
#define ATTR_DIFF(LIST, ATTR, A, B, EXPR) \
({ uint64_t diff = 0; \
if (((LIST) & (ATTR)) && ATTR_MISMATCH(A, B, ATTR, EXPR)) \
diff = ATTR; \
diff; })
/**
* Object Operations
*/
struct nl_object_ops
{
/**
* Unique name of object type
*
* Must be in the form family/name, e.g. "route/addr"
*/
char * oo_name;
/** Size of object including its header */
size_t oo_size;
/* List of attributes needed to uniquely identify the object */
uint32_t oo_id_attrs;
/**
* Constructor function
*
* Will be called when a new object of this type is allocated.
* Can be used to initialize members such as lists etc.
*/
void (*oo_constructor)(struct nl_object *);
/**
* Destructor function
*
* Will be called when an object is freed. Must free all
* resources which may have been allocated as part of this
* object.
*/
void (*oo_free_data)(struct nl_object *);
/**
* Cloning function
*
* Will be called when an object needs to be cloned. Please
* note that the generic object code will make an exact
* copy of the object first, therefore you only need to take
* care of members which require reference counting etc.
*
* May return a negative error code to abort cloning.
*/
int (*oo_clone)(struct nl_object *, struct nl_object *);
/**
* Dumping functions
*
* Will be called when an object is dumped. The implementations
* have to use nl_dump(), nl_dump_line(), and nl_new_line() to
* dump objects.
*
* The functions must return the number of lines printed.
*/
void (*oo_dump[NL_DUMP_MAX+1])(struct nl_object *,
struct nl_dump_params *);
/**
* Comparison function
*
* Will be called when two objects of the same type are
* compared. It takes the two objects in question, an object
* specific bitmask defining which attributes should be
* compared and flags to control the behaviour.
*
* The function must return a bitmask with the relevant bit
* set for each attribute that mismatches.
*/
uint64_t (*oo_compare)(struct nl_object *, struct nl_object *,
uint64_t, int);
/**
* update function
*
* Will be called when the object given by first argument
* needs to be updated with the contents of the second object
*
* The function must return 0 for success and error for failure
* to update. In case of failure its assumed that the original
* object is not touched
*/
int (*oo_update)(struct nl_object *, struct nl_object *);
/**
* Hash Key generator function
*
* When called returns a hash key for the object being
* referenced. This key will be used by higher level hash functions
* to build association lists. Each object type gets to specify
* it's own key formulation
*/
void (*oo_keygen)(struct nl_object *, uint32_t *, uint32_t);
char *(*oo_attrs2str)(int, char *, size_t);
/**
* Get key attributes by family function
*/
uint32_t (*oo_id_attrs_get)(struct nl_object *);
};
/** @} */
#ifdef __cplusplus
}
#endif
#endif

193
libnl/include/netlink-private/route/link/api.h Normal file
View file

@ -0,0 +1,193 @@
/* SPDX-License-Identifier: LGPL-2.1-only */
/*
* Copyright (c) 2003-2013 Thomas Graf <tgraf@suug.ch>
*/
#ifndef NETLINK_LINK_API_H_
#define NETLINK_LINK_API_H_
#include <netlink/netlink.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @ingroup link_api
*
* Available operations to modules implementing a link info type.
*/
struct rtnl_link_info_ops
{
/** Name of link info type, must match name on kernel side */
char * io_name;
/** Reference count, DO NOT MODIFY */
int io_refcnt;
/** Called to assign an info type to a link.
* Has to allocate enough resources to hold attributes. Can
* use link->l_info to store a pointer. */
int (*io_alloc)(struct rtnl_link *);
/** Called to parse the link info attribute.
* Must parse the attribute and assign all values to the link.
*/
int (*io_parse)(struct rtnl_link *,
struct nlattr *,
struct nlattr *);
/** Called when the link object is dumped.
* Must dump the info type specific attributes. */
void (*io_dump[NL_DUMP_MAX+1])(struct rtnl_link *,
struct nl_dump_params *);
/** Called when a link object is cloned.
* Must clone all info type specific attributes. */
int (*io_clone)(struct rtnl_link *, struct rtnl_link *);
/** Called when construction a link netlink message.
* Must append all info type specific attributes to the message. */
int (*io_put_attrs)(struct nl_msg *, struct rtnl_link *);
/** Called to release all resources previously allocated
* in either io_alloc() or io_parse(). */
void (*io_free)(struct rtnl_link *);
/** Called to compare link info parameters between two links. */
int (*io_compare)(struct rtnl_link *, struct rtnl_link *,
int flags);
struct nl_list_head io_list;
};
extern struct rtnl_link_info_ops *rtnl_link_info_ops_lookup(const char *);
extern void rtnl_link_info_ops_put(struct rtnl_link_info_ops *);
extern int rtnl_link_register_info(struct rtnl_link_info_ops *);
extern int rtnl_link_unregister_info(struct rtnl_link_info_ops *);
/**
* @ingroup link_api
*
* Available operations to modules implementing a link address family.
*/
struct rtnl_link_af_ops
{
/** The address family this operations set implements */
const unsigned int ao_family;
/** Number of users of this operations, DO NOT MODIFY. */
int ao_refcnt;
/** Validation policy for IFLA_PROTINFO attribute. This pointer
* can be set to a nla_policy structure describing the minimal
* requirements the attribute must meet. Failure of meeting these
* requirements will result in a parsing error. */
const struct nla_policy *ao_protinfo_policy;
/** Called after address family has been assigned to link. Must
* allocate data buffer to hold address family specific data and
* store it in link->l_af_data. */
void * (*ao_alloc)(struct rtnl_link *);
/** Called when the link is cloned, must allocate a clone of the
* address family specific buffer and return it. */
void * (*ao_clone)(struct rtnl_link *, void *);
/** Called when the link gets freed. Must free all allocated data */
void (*ao_free)(struct rtnl_link *, void *);
/** Called if a IFLA_PROTINFO attribute needs to be parsed. Typically
* stores the parsed data in the address family specific buffer. */
int (*ao_parse_protinfo)(struct rtnl_link *,
struct nlattr *, void *);
/** Called if a IFLA_AF_SPEC attribute needs to be parsed. Typically
* stores the parsed data in the address family specific buffer. */
int (*ao_parse_af)(struct rtnl_link *,
struct nlattr *, void *);
/** Called if a link message is sent to the kernel. Must append the
* link address family specific attributes to the message. */
int (*ao_fill_af)(struct rtnl_link *,
struct nl_msg *msg, void *);
/** Called if the full IFLA_AF_SPEC data needs to be parsed. Typically
* stores the parsed data in the address family specific buffer. */
int (*ao_parse_af_full)(struct rtnl_link *,
struct nlattr *, void *);
/** Called for GETLINK message to the kernel. Used to append
* link address family specific attributes to the request message. */
int (*ao_get_af)(struct nl_msg *msg,
uint32_t *ext_filter_mask);
/** Dump address family specific link attributes */
void (*ao_dump[NL_DUMP_MAX+1])(struct rtnl_link *,
struct nl_dump_params *,
void *);
/** Comparison function
*
* Will be called when two links are compared for their af data. It
* takes two link objects in question, an object specific bitmask
* defining which attributes should be compared and flags to control
* the behaviour
*
* The function must return a bitmask with the relevant bit set for
* each attribute that mismatches
*/
int (*ao_compare)(struct rtnl_link *,
struct rtnl_link *, int, uint32_t, int);
/* RTM_NEWLINK override
*
* Called if a change link request is set to the kernel. If this returns
* anything other than zero, RTM_NEWLINK will be overriden with
* RTM_SETLINK when rtnl_link_build_change_request() is called.
*/
int (*ao_override_rtm)(struct rtnl_link *);
/** Called if a link message is sent to the kernel. Must append the
* link protocol specific attributes to the message. (IFLA_PROTINFO) */
int (*ao_fill_pi)(struct rtnl_link *,
struct nl_msg *msg, void *);
/** PROTINFO type
*
* Called if a link message is sent to the kernel. If this is set,
* the default IFLA_PROTINFO is bitmasked with what is specified
* here. (eg. NLA_F_NESTED)
*/
const int ao_fill_pi_flags;
/** IFLA_AF_SPEC nesting override
*
* Called if a link message is sent to the kernel. If this is set,
* the AF specific nest is not created. Instead, AF specific attributes
* are nested directly in the IFLA_AF_SPEC attribute.
*/
const int ao_fill_af_no_nest;
};
extern struct rtnl_link_af_ops *rtnl_link_af_ops_lookup(unsigned int);
extern void rtnl_link_af_ops_put(struct rtnl_link_af_ops *);
extern void * rtnl_link_af_alloc(struct rtnl_link *,
const struct rtnl_link_af_ops *);
extern void * rtnl_link_af_data(const struct rtnl_link *,
const struct rtnl_link_af_ops *);
extern int rtnl_link_af_register(struct rtnl_link_af_ops *);
extern int rtnl_link_af_unregister(struct rtnl_link_af_ops *);
extern int rtnl_link_af_data_compare(struct rtnl_link *a,
struct rtnl_link *b,
int family);
extern int rtnl_link_info_data_compare(struct rtnl_link *a,
struct rtnl_link *b,
int flags);
#ifdef __cplusplus
}
#endif
#endif

28
libnl/include/netlink-private/route/link/sriov.h Normal file
View file

@ -0,0 +1,28 @@
/* SPDX-License-Identifier: LGPL-2.1-only */
/*
* Copyright (c) 2016 Intel Corp. All rights reserved.
* Copyright (c) 2016 Jef Oliver <jef.oliver@intel.com>
*/
#ifndef NETLINK_PRIV_LINK_SRIOV_H_
#define NETLINK_PRIV_LINK_SRIOV_H_
#include <netlink/netlink.h>
#include <netlink/route/link/sriov.h>
#ifdef __cplusplus
extern "C" {
#endif
extern int rtnl_link_sriov_clone(struct rtnl_link *, struct rtnl_link *);
extern void rtnl_link_sriov_dump_details(struct rtnl_link *, struct nl_dump_params *);
extern void rtnl_link_sriov_dump_stats(struct rtnl_link *, struct nl_dump_params *);
extern int rtnl_link_sriov_fill_vflist(struct nl_msg *, struct rtnl_link *);
extern void rtnl_link_sriov_free_data(struct rtnl_link *);
extern int rtnl_link_sriov_parse_vflist(struct rtnl_link *, struct nlattr **);
#ifdef __cplusplus
}
#endif
#endif

15
libnl/include/netlink-private/route/mpls.h Normal file
View file

@ -0,0 +1,15 @@
#ifndef MPLS_H_
#define MPLS_H_
#ifdef __cplusplus
extern "C" {
#endif
extern const char *mpls_ntop(int af, const void *addr, char *buf, size_t buflen);
extern int mpls_pton(int af, const char *src, void *addr, size_t alen);
#ifdef __cplusplus
}
#endif
#endif

35
libnl/include/netlink-private/route/nexthop-encap.h Normal file
View file

@ -0,0 +1,35 @@
#ifndef NETLINK_NEXTHOP_ENCAP_H_
#define NETLINK_NEXTHOP_ENCAP_H_
struct nh_encap_ops {
uint16_t encap_type;
int (*build_msg)(struct nl_msg *msg, void *priv);
int (*parse_msg)(struct nlattr *nla, struct rtnl_nexthop *rtnh);
int (*compare)(void *a, void *b);
void (*dump)(void *priv, struct nl_dump_params *dp);
void (*destructor)(void *priv);
};
struct rtnl_nh_encap;
/*
* generic nexthop encap
*/
void nh_set_encap(struct rtnl_nexthop *nh, struct rtnl_nh_encap *rtnh_encap);
int nh_encap_parse_msg(struct nlattr *encap, struct nlattr *encap_type,
struct rtnl_nexthop *rtnh);
int nh_encap_build_msg(struct nl_msg *msg, struct rtnl_nh_encap *rtnh_encap);
void nh_encap_dump(struct rtnl_nh_encap *rtnh_encap, struct nl_dump_params *dp);
int nh_encap_compare(struct rtnl_nh_encap *a, struct rtnl_nh_encap *b);
/*
* MPLS encap
*/
extern struct nh_encap_ops mpls_encap_ops;
#endif

129
libnl/include/netlink-private/route/tc-api.h Normal file
View file

@ -0,0 +1,129 @@
/* SPDX-License-Identifier: LGPL-2.1-only */
/*
* Copyright (c) 2011-2013 Thomas Graf <tgraf@suug.ch>
*/
#ifndef NETLINK_TC_API_H_
#define NETLINK_TC_API_H_
#include <netlink/netlink.h>
#include <netlink/msg.h>
#include <netlink/route/tc.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* Traffic control object operations
* @ingroup tc
*
* This structure holds function pointers and settings implementing
* the features of each traffic control object implementation.
*/
struct rtnl_tc_ops
{
/**
* Name of traffic control module
*/
char *to_kind;
/**
* Type of traffic control object
*/
enum rtnl_tc_type to_type;
/**
* Size of private data
*/
size_t to_size;
/**
* Dump callbacks
*/
void (*to_dump[NL_DUMP_MAX+1])(struct rtnl_tc *, void *,
struct nl_dump_params *);
/**
* Used to fill the contents of TCA_OPTIONS
*/
int (*to_msg_fill)(struct rtnl_tc *, void *, struct nl_msg *);
/**
* Uesd to to fill tc related messages, unlike with to_msg_fill,
* the contents is not encapsulated with a TCA_OPTIONS nested
* attribute.
*/
int (*to_msg_fill_raw)(struct rtnl_tc *, void *, struct nl_msg *);
/**
* TCA_OPTIONS message parser
*/
int (*to_msg_parser)(struct rtnl_tc *, void *);
/**
* Called before a tc object is destroyed
*/
void (*to_free_data)(struct rtnl_tc *, void *);
/**
* Called whenever a classifier object needs to be cloned
*/
int (*to_clone)(void *, void *);
/**
* Internal, don't touch
*/
struct nl_list_head to_list;
};
struct rtnl_tc_type_ops
{
enum rtnl_tc_type tt_type;
char *tt_dump_prefix;
/**
* Dump callbacks
*/
void (*tt_dump[NL_DUMP_MAX+1])(struct rtnl_tc *,
struct nl_dump_params *);
};
extern int rtnl_tc_msg_parse(struct nlmsghdr *,
struct rtnl_tc *);
extern int rtnl_tc_msg_build(struct rtnl_tc *, int,
int, struct nl_msg **);
extern void rtnl_tc_free_data(struct nl_object *);
extern int rtnl_tc_clone(struct nl_object *,
struct nl_object *);
extern void rtnl_tc_dump_line(struct nl_object *,
struct nl_dump_params *);
extern void rtnl_tc_dump_details(struct nl_object *,
struct nl_dump_params *);
extern void rtnl_tc_dump_stats(struct nl_object *,
struct nl_dump_params *);
extern uint64_t rtnl_tc_compare(struct nl_object *,
struct nl_object *,
uint64_t, int);
void * rtnl_tc_data_peek(struct rtnl_tc *tc);
extern void * rtnl_tc_data(struct rtnl_tc *);
extern void * rtnl_tc_data_check(struct rtnl_tc *,
struct rtnl_tc_ops *, int *);
extern struct rtnl_tc_ops * rtnl_tc_lookup_ops(enum rtnl_tc_type,
const char *);
extern struct rtnl_tc_ops * rtnl_tc_get_ops(struct rtnl_tc *);
extern int rtnl_tc_register(struct rtnl_tc_ops *);
extern void rtnl_tc_unregister(struct rtnl_tc_ops *);
extern void rtnl_tc_type_register(struct rtnl_tc_type_ops *);
extern void rtnl_tc_type_unregister(struct rtnl_tc_type_ops *);
#ifdef __cplusplus
}
#endif
#endif

8
libnl/include/netlink-private/route/utils.h Normal file
View file

@ -0,0 +1,8 @@
/* SPDX-License-Identifier: LGPL-2.1-only */
#ifndef NETLINK_ROUTE_UTILS_PRIV_H_
#define NETLINK_ROUTE_UTILS_PRIV_H_
extern const uint8_t *const _nltst_map_stat_id_from_IPSTATS_MIB_v2;
#endif

25
libnl/include/netlink-private/socket.h Normal file
View file

@ -0,0 +1,25 @@
/* SPDX-License-Identifier: LGPL-2.1-only */
/*
* Copyright (c) 2014 Thomas Graf <tgraf@suug.ch>
*/
#ifndef NETLINK_SOCKET_PRIV_H_
#define NETLINK_SOCKET_PRIV_H_
#include <netlink-private/netlink.h>
#ifdef __cplusplus
extern "C" {
#endif
int _nl_socket_is_local_port_unspecified (struct nl_sock *sk);
uint32_t _nl_socket_set_local_port_no_release(struct nl_sock *sk, int generate_other);
void _nl_socket_used_ports_release_all(const uint32_t *used_ports);
void _nl_socket_used_ports_set(uint32_t *used_ports, uint32_t port);
#ifdef __cplusplus
}
#endif
#endif

52
libnl/include/netlink-private/tc.h Normal file
View file

@ -0,0 +1,52 @@
/* SPDX-License-Identifier: LGPL-2.1-only */
/*
* Copyright (c) 2003-2013 Thomas Graf <tgraf@suug.ch>
*/
#ifndef NETLINK_TC_PRIV_H_
#define NETLINK_TC_PRIV_H_
#include <netlink-private/netlink.h>
#ifdef __cplusplus
extern "C" {
#endif
#define TCA_ATTR_HANDLE 0x0001
#define TCA_ATTR_PARENT 0x0002
#define TCA_ATTR_IFINDEX 0x0004
#define TCA_ATTR_KIND 0x0008
#define TCA_ATTR_FAMILY 0x0010
#define TCA_ATTR_INFO 0x0020
#define TCA_ATTR_OPTS 0x0040
#define TCA_ATTR_STATS 0x0080
#define TCA_ATTR_XSTATS 0x0100
#define TCA_ATTR_LINK 0x0200
#define TCA_ATTR_MTU 0x0400
#define TCA_ATTR_MPU 0x0800
#define TCA_ATTR_OVERHEAD 0x1000
#define TCA_ATTR_LINKTYPE 0x2000
#define TCA_ATTR_CHAIN 0x4000
#define TCA_ATTR_MAX TCA_ATTR_CHAIN
extern int tca_parse(struct nlattr **, int, struct rtnl_tc *,
const struct nla_policy *);
#define RTNL_TC_RTABLE_SIZE 256
extern int rtnl_tc_build_rate_table(struct rtnl_tc *tc, struct rtnl_ratespec *,
uint32_t *);
static inline void *tca_xstats(struct rtnl_tc *tca)
{
return tca->tc_xstats->d_data;
}
extern struct nl_af_group tc_groups[];
#ifdef __cplusplus
}
#endif
#endif

1335
libnl/include/netlink-private/types.h Normal file
View file

File diff suppressed because it is too large Load diff

255
libnl/include/netlink-private/utils.h Normal file
View file

@ -0,0 +1,255 @@
/* SPDX-License-Identifier: LGPL-2.1-only */
/*
* Copyright (c) 2003-2012 Thomas Graf <tgraf@suug.ch>
*/
#ifndef NETLINK_UTILS_PRIV_H_
#define NETLINK_UTILS_PRIV_H_
#include <byteswap.h>
#include <assert.h>
#if __BYTE_ORDER == __BIG_ENDIAN
#define ntohll(x) (x)
#elif __BYTE_ORDER == __LITTLE_ENDIAN
#define ntohll(x) bswap_64((x))
#endif
#define htonll(x) ntohll(x)
/*****************************************************************************/
#define _NL_STRINGIFY_ARG(contents) #contents
#define _NL_STRINGIFY(macro_or_string) _NL_STRINGIFY_ARG (macro_or_string)
/*****************************************************************************/
#if defined (__GNUC__)
#define _NL_PRAGMA_WARNING_DO(warning) _NL_STRINGIFY(GCC diagnostic ignored warning)
#elif defined (__clang__)
#define _NL_PRAGMA_WARNING_DO(warning) _NL_STRINGIFY(clang diagnostic ignored warning)
#endif
/* you can only suppress a specific warning that the compiler
* understands. Otherwise you will get another compiler warning
* about invalid pragma option.
* It's not that bad however, because gcc and clang often have the
* same name for the same warning. */
#if defined (__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
#define _NL_PRAGMA_WARNING_DISABLE(warning) \
_Pragma("GCC diagnostic push") \
_Pragma(_NL_PRAGMA_WARNING_DO("-Wpragmas")) \
_Pragma(_NL_PRAGMA_WARNING_DO(warning))
#elif defined (__clang__)
#define _NL_PRAGMA_WARNING_DISABLE(warning) \
_Pragma("clang diagnostic push") \
_Pragma(_NL_PRAGMA_WARNING_DO("-Wunknown-warning-option")) \
_Pragma(_NL_PRAGMA_WARNING_DO(warning))
#else
#define _NL_PRAGMA_WARNING_DISABLE(warning)
#endif
#if defined (__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 6))
#define _NL_PRAGMA_WARNING_REENABLE \
_Pragma("GCC diagnostic pop")
#elif defined (__clang__)
#define _NL_PRAGMA_WARNING_REENABLE \
_Pragma("clang diagnostic pop")
#else
#define _NL_PRAGMA_WARNING_REENABLE
#endif
/*****************************************************************************/
#define _nl_unused __attribute__ ((__unused__))
#define _nl_auto(fcn) __attribute__ ((__cleanup__(fcn)))
/*****************************************************************************/
#define _NL_STATIC_ASSERT(cond) ((void) sizeof (char[(cond) ? 1 : -1]))
/*****************************************************************************/
#if defined(NL_MORE_ASSERTS) && NL_MORE_ASSERTS > 0
#define _nl_assert(cond) assert(cond)
#else
#define _nl_assert(cond) do { if (0) { assert(cond); } } while (0)
#endif
#define _nl_assert_not_reached() assert(0)
/*****************************************************************************/
extern const char *nl_strerror_l(int err);
/*****************************************************************************/
/* internal macro to calculate the size of a struct @type up to (and including) @field.
* this will be used for .minlen policy fields, so that we require only a field of up
* to the given size. */
#define _nl_offsetofend(type, field) (offsetof (type, field) + sizeof (((type *) NULL)->field))
/*****************************************************************************/
#define _nl_clear_pointer(pp, destroy) \
({ \
__typeof__ (*(pp)) *_pp = (pp); \
__typeof__ (*_pp) _p; \
int _changed = 0; \
\
if ( _pp \
&& (_p = *_pp)) { \
_nl_unused const void *const _p_check_is_pointer = _p; \
\
*_pp = NULL; \
\
(destroy) (_p); \
\
_changed = 1; \
} \
_changed; \
})
#define _nl_clear_free(pp) _nl_clear_pointer (pp, free)
#define _nl_steal_pointer(pp) \
({ \
__typeof__ (*(pp)) *const _pp = (pp); \
__typeof__ (*_pp) _p = NULL; \
\
if ( _pp \
&& (_p = *_pp)) { \
*_pp = NULL; \
} \
\
_p; \
})
/*****************************************************************************/
#define _nl_malloc_maybe_a(alloca_maxlen, bytes, to_free) \
({ \
const size_t _bytes = (bytes); \
__typeof__ (to_free) _to_free = (to_free); \
__typeof__ (*_to_free) _ptr; \
\
_NL_STATIC_ASSERT ((alloca_maxlen) <= 500); \
_nl_assert (_to_free && !*_to_free); \
\
if (_bytes <= (alloca_maxlen)) { \
_ptr = alloca (_bytes); \
} else { \
_ptr = malloc (_bytes); \
*_to_free = _ptr; \
}; \
\
_ptr; \
})
/*****************************************************************************/
static inline char *
_nl_strncpy_trunc(char *dst, const char *src, size_t len)
{
/* we don't use/reimplement strlcpy(), because we want the fill-all-with-NUL
* behavior of strncpy(). This is just strncpy() with gracefully handling truncation
* (and disabling the "-Wstringop-truncation" warning).
*
* Note that truncation is silently accepted.
*/
_NL_PRAGMA_WARNING_DISABLE ("-Wstringop-truncation");
_NL_PRAGMA_WARNING_DISABLE ("-Wstringop-overflow");
if (len > 0) {
_nl_assert(dst);
_nl_assert(src);
strncpy(dst, src, len);
dst[len - 1] = '\0';
}
_NL_PRAGMA_WARNING_REENABLE;
_NL_PRAGMA_WARNING_REENABLE;
return dst;
}
static inline char *
_nl_strncpy_assert(char *dst, const char *src, size_t len)
{
/* we don't use/reimplement strlcpy(), because we want the fill-all-with-NUL
* behavior of strncpy(). This is just strncpy() with assertion against truncation
* (and disabling the "-Wstringop-truncation" warning).
*
* Note that truncation is still a bug and there is an _nl_assert()
* against that.
*/
_NL_PRAGMA_WARNING_DISABLE ("-Wstringop-truncation");
_NL_PRAGMA_WARNING_DISABLE ("-Wstringop-overflow");
if (len > 0) {
_nl_assert(dst);
_nl_assert(src);
strncpy(dst, src, len);
_nl_assert (dst[len - 1] == '\0');
dst[len - 1] = '\0';
}
_NL_PRAGMA_WARNING_REENABLE;
_NL_PRAGMA_WARNING_REENABLE;
return dst;
}
#include "nl-auto.h"
#define _NL_RETURN_ON_ERR(cmd) \
do { \
int _err; \
\
_err = (cmd); \
if (_err < 0) \
return _err; \
} while (0)
#define _NL_RETURN_E_ON_ERR(e, cmd) \
do { \
int _err; \
\
_err = (cmd); \
if (_err < 0) { \
_NL_STATIC_ASSERT((e) > 0); \
return -(e); \
} \
} while (0)
/* _NL_RETURN_ON_PUT_ERR() shall only be used with a put command (nla_put or nlmsg_append).
* These commands can either fail with a regular error code (which gets propagated)
* or with -NLE_NOMEM. However, they don't really try to allocate memory, so we don't
* want to propagate -NLE_NOMEM. Instead, we coerce such failure to -NLE_MSGSIZE. */
#define _NL_RETURN_ON_PUT_ERR(put_cmd) \
do { \
int _err; \
\
_err = (put_cmd); \
if (_err < 0) { \
if (_err == -NLE_NOMEM) { \
/* nla_put() returns -NLE_NOMEM in case of out of buffer size. We don't
* want to propagate that error and map it to -NLE_MSGSIZE. */ \
return -NLE_MSGSIZE; \
} \
/* any other error can only be due to invalid parameters. Propagate the
* error, however also assert that it cannot be reached. */ \
_nl_assert_not_reached (); \
return _err; \
} else \
_nl_assert (_err == 0); \
} while (0)
#endif

Some files were not shown because too many files have changed in this diff Show more