# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
---
name: conntrack
protocol: netlink-raw
protonum: 12

doc: >-
  Netfilter connection tracking subsystem over nfnetlink

definitions:
  -
    name: nfgenmsg
    type: struct
    members:
      -
        name: nfgen-family
        type: u8
      -
        name: version
        type: u8
      -
        name: res-id
        byte-order: big-endian
        type: u16
  -
    name: nf-ct-tcp-flags-mask
    type: struct
    members:
      -
        name: flags
        type: u8
        enum: nf-ct-tcp-flags
        enum-as-flags: true
      -
        name: mask
        type: u8
        enum: nf-ct-tcp-flags
        enum-as-flags: true
  -
    name: nf-ct-tcp-flags
    type: flags
    entries:
      - window-scale
      - sack-perm
      - close-init
      - be-liberal
      - unacked
      - maxack
      - challenge-ack
      - simultaneous-open
  -
    name: nf-ct-tcp-state
    type: enum
    entries:
      - none
      - syn-sent
      - syn-recv
      - established
      - fin-wait
      - close-wait
      - last-ack
      - time-wait
      - close
      - syn-sent2
      - max
      - ignore
      - retrans
      - unack
      - timeout-max
  -
    name: nf-ct-sctp-state
    type: enum
    entries:
      - none
      - cloned
      - cookie-wait
      - cookie-echoed
      - established
      - shutdown-sent
      - shutdown-received
      - shutdown-ack-sent
      - shutdown-heartbeat-sent
  -
    name: nf-ct-status
    type: flags
    entries:
      - expected
      - seen-reply
      - assured
      - confirmed
      - src-nat
      - dst-nat
      - seq-adj
      - src-nat-done
      - dst-nat-done
      - dying
      - fixed-timeout
      - template
      - nat-clash
      - helper
      - offload
      - hw-offload

attribute-sets:
  -
    name: counter-attrs
    attributes:
      -
        name: packets
        type: u64
        byte-order: big-endian
      -
        name: bytes
        type: u64
        byte-order: big-endian
      -
        name: packets-old
        type: u32
      -
        name: bytes-old
        type: u32
      -
        name: pad
        type: pad
  -
    name: tuple-proto-attrs
    attributes:
      -
        name: proto-num
        type: u8
        doc: l4 protocol number
      -
        name: proto-src-port
        type: u16
        byte-order: big-endian
        doc: l4 source port
      -
        name: proto-dst-port
        type: u16
        byte-order: big-endian
        doc: l4 source port
      -
        name: proto-icmp-id
        type: u16
        byte-order: big-endian
        doc: l4 icmp id
      -
        name: proto-icmp-type
        type: u8
      -
        name: proto-icmp-code
        type: u8
      -
        name: proto-icmpv6-id
        type: u16
        byte-order: big-endian
        doc: l4 icmp id
      -
        name: proto-icmpv6-type
        type: u8
      -
        name: proto-icmpv6-code
        type: u8
  -
    name: tuple-ip-attrs
    attributes:
      -
        name: ip-v4-src
        type: u32
        byte-order: big-endian
        display-hint: ipv4
        doc: ipv4 source address
      -
        name: ip-v4-dst
        type: u32
        byte-order: big-endian
        display-hint: ipv4
        doc: ipv4 destination address
      -
        name: ip-v6-src
        type: binary
        checks:
          min-len: 16
        byte-order: big-endian
        display-hint: ipv6
        doc: ipv6 source address
      -
        name: ip-v6-dst
        type: binary
        checks:
          min-len: 16
        byte-order: big-endian
        display-hint: ipv6
        doc: ipv6 destination address
  -
    name: tuple-attrs
    attributes:
      -
        name: tuple-ip
        type: nest
        nested-attributes: tuple-ip-attrs
        doc: conntrack l3 information
      -
        name: tuple-proto
        type: nest
        nested-attributes: tuple-proto-attrs
        doc: conntrack l4 information
      -
        name: tuple-zone
        type: u16
        byte-order: big-endian
        doc: conntrack zone id
  -
    name: protoinfo-tcp-attrs
    attributes:
      -
        name: tcp-state
        type: u8
        enum: nf-ct-tcp-state
        doc: tcp connection state
      -
        name: tcp-wscale-original
        type: u8
        doc: window scaling factor in original direction
      -
        name: tcp-wscale-reply
        type: u8
        doc: window scaling factor in reply direction
      -
        name: tcp-flags-original
        type: binary
        struct: nf-ct-tcp-flags-mask
      -
        name: tcp-flags-reply
        type: binary
        struct: nf-ct-tcp-flags-mask
  -
    name: protoinfo-dccp-attrs
    attributes:
      -
        name: dccp-state
        type: u8
        doc: dccp connection state
      -
        name: dccp-role
        type: u8
      -
        name: dccp-handshake-seq
        type: u64
        byte-order: big-endian
      -
        name: dccp-pad
        type: pad
  -
    name: protoinfo-sctp-attrs
    attributes:
      -
        name: sctp-state
        type: u8
        doc: sctp connection state
        enum: nf-ct-sctp-state
      -
        name: vtag-original
        type: u32
        byte-order: big-endian
      -
        name: vtag-reply
        type: u32
        byte-order: big-endian
  -
    name: protoinfo-attrs
    attributes:
      -
        name: protoinfo-tcp
        type: nest
        nested-attributes: protoinfo-tcp-attrs
        doc: conntrack tcp state information
      -
        name: protoinfo-dccp
        type: nest
        nested-attributes: protoinfo-dccp-attrs
        doc: conntrack dccp state information
      -
        name: protoinfo-sctp
        type: nest
        nested-attributes: protoinfo-sctp-attrs
        doc: conntrack sctp state information
  -
    name: help-attrs
    attributes:
      -
        name: help-name
        type: string
        doc: helper name
  -
    name: nat-proto-attrs
    attributes:
      -
        name: nat-port-min
        type: u16
        byte-order: big-endian
      -
        name: nat-port-max
        type: u16
        byte-order: big-endian
  -
    name: nat-attrs
    attributes:
      -
        name: nat-v4-minip
        type: u32
        byte-order: big-endian
      -
        name: nat-v4-maxip
        type: u32
        byte-order: big-endian
      -
        name: nat-v6-minip
        type: binary
      -
        name: nat-v6-maxip
        type: binary
      -
        name: nat-proto
        type: nest
        nested-attributes: nat-proto-attrs
  -
    name: seqadj-attrs
    attributes:
      -
        name: correction-pos
        type: u32
        byte-order: big-endian
      -
        name: offset-before
        type: u32
        byte-order: big-endian
      -
        name: offset-after
        type: u32
        byte-order: big-endian
  -
    name: secctx-attrs
    attributes:
      -
        name: secctx-name
        type: string
  -
    name: synproxy-attrs
    attributes:
      -
        name: isn
        type: u32
        byte-order: big-endian
      -
        name: its
        type: u32
        byte-order: big-endian
      -
        name: tsoff
        type: u32
        byte-order: big-endian
  -
    name: conntrack-attrs
    attributes:
      -
        name: tuple-orig
        type: nest
        nested-attributes: tuple-attrs
        doc: conntrack l3+l4 protocol information, original direction
      -
        name: tuple-reply
        type: nest
        nested-attributes: tuple-attrs
        doc: conntrack l3+l4 protocol information, reply direction
      -
        name: status
        type: u32
        byte-order: big-endian
        enum: nf-ct-status
        enum-as-flags: true
        doc: conntrack flag bits
      -
        name: protoinfo
        type: nest
        nested-attributes: protoinfo-attrs
      -
        name: help
        type: nest
        nested-attributes: help-attrs
      -
        name: nat-src
        type: nest
        nested-attributes: nat-attrs
      -
        name: timeout
        type: u32
        byte-order: big-endian
      -
        name: mark
        type: u32
        byte-order: big-endian
      -
        name: counters-orig
        type: nest
        nested-attributes: counter-attrs
      -
        name: counters-reply
        type: nest
        nested-attributes: counter-attrs
      -
        name: use
        type: u32
        byte-order: big-endian
      -
        name: id
        type: u32
        byte-order: big-endian
      -
        name: nat-dst
        type: nest
        nested-attributes: nat-attrs
      -
        name: tuple-master
        type: nest
        nested-attributes: tuple-attrs
      -
        name: seq-adj-orig
        type: nest
        nested-attributes: seqadj-attrs
      -
        name: seq-adj-reply
        type: nest
        nested-attributes: seqadj-attrs
      -
        name: secmark
        type: binary
        doc: obsolete
      -
        name: zone
        type: u16
        byte-order: big-endian
        doc: conntrack zone id
      -
        name: secctx
        type: nest
        nested-attributes: secctx-attrs
      -
        name: timestamp
        type: u64
        byte-order: big-endian
      -
        name: mark-mask
        type: u32
        byte-order: big-endian
      -
        name: labels
        type: binary
      -
        name: labels mask
        type: binary
      -
        name: synproxy
        type: nest
        nested-attributes: synproxy-attrs
      -
        name: filter
        type: nest
        nested-attributes: tuple-attrs
      -
        name: status-mask
        type: u32
        byte-order: big-endian
        enum: nf-ct-status
        enum-as-flags: true
        doc: conntrack flag bits to change
      -
        name: timestamp-event
        type: u64
        byte-order: big-endian
  -
    name: conntrack-stats-attrs
    attributes:
      -
        name: searched
        type: u32
        byte-order: big-endian
        doc: obsolete
      -
        name: found
        type: u32
        byte-order: big-endian
      -
        name: new
        type: u32
        byte-order: big-endian
        doc: obsolete
      -
        name: invalid
        type: u32
        byte-order: big-endian
        doc: obsolete
      -
        name: ignore
        type: u32
        byte-order: big-endian
        doc: obsolete
      -
        name: delete
        type: u32
        byte-order: big-endian
        doc: obsolete
      -
        name: delete-list
        type: u32
        byte-order: big-endian
        doc: obsolete
      -
        name: insert
        type: u32
        byte-order: big-endian
      -
        name: insert-failed
        type: u32
        byte-order: big-endian
      -
        name: drop
        type: u32
        byte-order: big-endian
      -
        name: early-drop
        type: u32
        byte-order: big-endian
      -
        name: error
        type: u32
        byte-order: big-endian
      -
        name: search-restart
        type: u32
        byte-order: big-endian
      -
        name: clash-resolve
        type: u32
        byte-order: big-endian
      -
        name: chain-toolong
        type: u32
        byte-order: big-endian

operations:
  enum-model: directional
  list:
    -
      name: get
      doc: get / dump entries
      attribute-set: conntrack-attrs
      fixed-header: nfgenmsg
      do:
        request:
          value: 0x101
          attributes:
            - tuple-orig
            - tuple-reply
            - zone
        reply:
          value: 0x100
          attributes:
            - tuple-orig
            - tuple-reply
            - status
            - protoinfo
            - help
            - nat-src
            - nat-dst
            - timeout
            - mark
            - counters-orig
            - counters-reply
            - use
            - id
            - nat-dst
            - tuple-master
            - seq-adj-orig
            - seq-adj-reply
            - zone
            - secctx
            - labels
            - synproxy
      dump:
        request:
          value: 0x101
          attributes:
            - mark
            - filter
            - status
            - zone
        reply:
          value: 0x100
          attributes:
            - tuple-orig
            - tuple-reply
            - status
            - protoinfo
            - help
            - nat-src
            - nat-dst
            - timeout
            - mark
            - counters-orig
            - counters-reply
            - use
            - id
            - nat-dst
            - tuple-master
            - seq-adj-orig
            - seq-adj-reply
            - zone
            - secctx
            - labels
            - synproxy
    -
      name: get-stats
      doc: dump pcpu conntrack stats
      attribute-set: conntrack-stats-attrs
      fixed-header: nfgenmsg
      dump:
        request:
          value: 0x104
        reply:
          value: 0x104
          attributes:
            - searched
            - found
            - insert
            - insert-failed
            - drop
            - early-drop
            - error
            - search-restart
            - clash-resolve
            - chain-toolong
