1335640Shselasky/*
2335640Shselasky * Copyright (c) 2013, Petar Alilovic,
3335640Shselasky * Faculty of Electrical Engineering and Computing, University of Zagreb
4335640Shselasky * All rights reserved
5335640Shselasky *
6335640Shselasky * Redistribution and use in source and binary forms, with or without
7335640Shselasky * modification, are permitted provided that the following conditions are met:
8335640Shselasky *
9335640Shselasky * * Redistributions of source code must retain the above copyright notice,
10335640Shselasky *	 this list of conditions and the following disclaimer.
11335640Shselasky * * Redistributions in binary form must reproduce the above copyright
12335640Shselasky *	 notice, this list of conditions and the following disclaimer in the
13335640Shselasky *	 documentation and/or other materials provided with the distribution.
14335640Shselasky *
15335640Shselasky * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
16335640Shselasky * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17335640Shselasky * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18335640Shselasky * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
19335640Shselasky * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
20335640Shselasky * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21335640Shselasky * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
22335640Shselasky * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23335640Shselasky * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24335640Shselasky * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
25335640Shselasky * DAMAGE.
26335640Shselasky */
27335640Shselasky
28335640Shselasky#ifndef lib_pcap_nflog_h
29335640Shselasky#define lib_pcap_nflog_h
30335640Shselasky
31335640Shselasky#include <pcap/pcap-inttypes.h>
32335640Shselasky
33335640Shselasky/*
34335640Shselasky * Structure of an NFLOG header and TLV parts, as described at
35356341Scy * https://www.tcpdump.org/linktypes/LINKTYPE_NFLOG.html
36335640Shselasky *
37335640Shselasky * The NFLOG header is big-endian.
38335640Shselasky *
39335640Shselasky * The TLV length and type are in host byte order.  The value is either
40335640Shselasky * big-endian or is an array of bytes in some externally-specified byte
41335640Shselasky * order (text string, link-layer address, link-layer header, packet
42335640Shselasky * data, etc.).
43335640Shselasky */
44335640Shselaskytypedef struct nflog_hdr {
45356341Scy	uint8_t		nflog_family;	/* address family */
46356341Scy	uint8_t		nflog_version;	/* version */
47356341Scy	uint16_t	nflog_rid;	/* resource ID */
48335640Shselasky} nflog_hdr_t;
49335640Shselasky
50335640Shselaskytypedef struct nflog_tlv {
51356341Scy	uint16_t	tlv_length;	/* tlv length */
52356341Scy	uint16_t	tlv_type;	/* tlv type */
53335640Shselasky	/* value follows this */
54335640Shselasky} nflog_tlv_t;
55335640Shselasky
56335640Shselaskytypedef struct nflog_packet_hdr {
57335640Shselasky	uint16_t	hw_protocol;	/* hw protocol */
58356341Scy	uint8_t		hook;		/* netfilter hook */
59356341Scy	uint8_t		pad;		/* padding to 32 bits */
60335640Shselasky} nflog_packet_hdr_t;
61335640Shselasky
62335640Shselaskytypedef struct nflog_hwaddr {
63335640Shselasky	uint16_t	hw_addrlen;	/* address length */
64335640Shselasky	uint16_t	pad;		/* padding to 32-bit boundary */
65356341Scy	uint8_t		hw_addr[8];	/* address, up to 8 bytes */
66335640Shselasky} nflog_hwaddr_t;
67335640Shselasky
68335640Shselaskytypedef struct nflog_timestamp {
69335640Shselasky	uint64_t	sec;
70335640Shselasky	uint64_t	usec;
71335640Shselasky} nflog_timestamp_t;
72335640Shselasky
73335640Shselasky/*
74335640Shselasky * TLV types.
75335640Shselasky */
76335640Shselasky#define NFULA_PACKET_HDR		1	/* nflog_packet_hdr_t */
77335640Shselasky#define NFULA_MARK			2	/* packet mark from skbuff */
78335640Shselasky#define NFULA_TIMESTAMP			3	/* nflog_timestamp_t for skbuff's time stamp */
79335640Shselasky#define NFULA_IFINDEX_INDEV		4	/* ifindex of device on which packet received (possibly bridge group) */
80335640Shselasky#define NFULA_IFINDEX_OUTDEV		5	/* ifindex of device on which packet transmitted (possibly bridge group) */
81335640Shselasky#define NFULA_IFINDEX_PHYSINDEV		6	/* ifindex of physical device on which packet received (not bridge group) */
82335640Shselasky#define NFULA_IFINDEX_PHYSOUTDEV	7	/* ifindex of physical device on which packet transmitted (not bridge group) */
83335640Shselasky#define NFULA_HWADDR			8	/* nflog_hwaddr_t for hardware address */
84335640Shselasky#define NFULA_PAYLOAD			9	/* packet payload */
85335640Shselasky#define NFULA_PREFIX			10	/* text string - null-terminated, count includes NUL */
86335640Shselasky#define NFULA_UID			11	/* UID owning socket on which packet was sent/received */
87335640Shselasky#define NFULA_SEQ			12	/* sequence number of packets on this NFLOG socket */
88335640Shselasky#define NFULA_SEQ_GLOBAL		13	/* sequence number of pakets on all NFLOG sockets */
89335640Shselasky#define NFULA_GID			14	/* GID owning socket on which packet was sent/received */
90335640Shselasky#define NFULA_HWTYPE			15	/* ARPHRD_ type of skbuff's device */
91335640Shselasky#define NFULA_HWHEADER			16	/* skbuff's MAC-layer header */
92335640Shselasky#define NFULA_HWLEN			17	/* length of skbuff's MAC-layer header */
93335640Shselasky
94335640Shselasky#endif
95