.. SPDX-License-Identifier: GPL-2.0 .. NOTE: This document was auto-generated. ========================================== Family ``conntrack`` netlink specification ========================================== .. contents:: :depth: 3 ------- Summary ------- Netfilter connection tracking subsystem over nfnetlink ---------- Operations ---------- .. _conntrack-operation-get: get === get / dump entries :attribute-set: :ref:`conntrack-attribute-set-conntrack-attrs` :fixed-header: :ref:`conntrack-definition-nfgenmsg` :do: **request** :attributes: [``tuple-orig``, ``tuple-reply``, ``zone``] **reply** :attributes: [``tuple-orig``, ``tuple-reply``, ``status``, ``protoinfo``, ``help``, ``nat-src``, ``nat-dst``, ``timeout``, ``mark``, ``counter-orig``, ``counter-reply``, ``use``, ``id``, ``nat-dst``, ``tuple-master``, ``seq-adj-orig``, ``seq-adj-reply``, ``zone``, ``secctx``, ``labels``, ``synproxy``] :dump: **request** :attributes: [``nfgen-family``, ``mark``, ``filter``, ``status``, ``zone``] **reply** :attributes: [``tuple-orig``, ``tuple-reply``, ``status``, ``protoinfo``, ``help``, ``nat-src``, ``nat-dst``, ``timeout``, ``mark``, ``counter-orig``, ``counter-reply``, ``use``, ``id``, ``nat-dst``, ``tuple-master``, ``seq-adj-orig``, ``seq-adj-reply``, ``zone``, ``secctx``, ``labels``, ``synproxy``] .. _conntrack-operation-get-stats: get-stats ========= dump pcpu conntrack stats :attribute-set: :ref:`conntrack-attribute-set-conntrack-stats-attrs` :fixed-header: :ref:`conntrack-definition-nfgenmsg` :dump: **request** **reply** :attributes: [``searched``, ``found``, ``insert``, ``insert-failed``, ``drop``, ``early-drop``, ``error``, ``search-restart``, ``clash-resolve``, ``chain-toolong``] ----------- Definitions ----------- .. _conntrack-definition-nfgenmsg: nfgenmsg ======== :type: struct :members: :nfgen-family (``u8``): :version (``u8``): :res-id (``u16``): .. _conntrack-definition-nf-ct-tcp-flags-mask: nf-ct-tcp-flags-mask ==================== :type: struct :members: :flags (``u8``): :mask (``u8``): .. _conntrack-definition-nf-ct-tcp-flags: nf-ct-tcp-flags =============== :type: flags :entries: - ``window-scale`` - ``sack-perm`` - ``close-init`` - ``be-liberal`` - ``unacked`` - ``maxack`` - ``challenge-ack`` - ``simultaneous-open`` .. _conntrack-definition-nf-ct-tcp-state: nf-ct-tcp-state =============== :type: enum :entries: - ``none`` - ``syn-sent`` - ``syn-recv`` - ``established`` - ``fin-wait`` - ``close-wait`` - ``last-ack`` - ``time-wait`` - ``close`` - ``syn-sent2`` - ``max`` - ``ignore`` - ``retrans`` - ``unack`` - ``timeout-max`` .. _conntrack-definition-nf-ct-sctp-state: nf-ct-sctp-state ================ :type: enum :entries: - ``none`` - ``cloned`` - ``cookie-wait`` - ``cookie-echoed`` - ``established`` - ``shutdown-sent`` - ``shutdown-received`` - ``shutdown-ack-sent`` - ``shutdown-heartbeat-sent`` .. _conntrack-definition-nf-ct-status: nf-ct-status ============ :type: flags :entries: - ``expected`` - ``seen-reply`` - ``assured`` - ``confirmed`` - ``src-nat`` - ``dst-nat`` - ``seq-adj`` - ``src-nat-done`` - ``dst-nat-done`` - ``dying`` - ``fixed-timeout`` - ``template`` - ``nat-clash`` - ``helper`` - ``offload`` - ``hw-offload`` -------------- Attribute sets -------------- .. _conntrack-attribute-set-counter-attrs: counter-attrs ============= packets (``u64``) ~~~~~~~~~~~~~~~~~ :byte-order: big-endian bytes (``u64``) ~~~~~~~~~~~~~~~ :byte-order: big-endian packets-old (``u32``) ~~~~~~~~~~~~~~~~~~~~~ bytes-old (``u32``) ~~~~~~~~~~~~~~~~~~~ pad (``pad``) ~~~~~~~~~~~~~ .. _conntrack-attribute-set-tuple-proto-attrs: tuple-proto-attrs ================= proto-num (``u8``) ~~~~~~~~~~~~~~~~~~ :doc: l4 protocol number proto-src-port (``u16``) ~~~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: l4 source port proto-dst-port (``u16``) ~~~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: l4 source port proto-icmp-id (``u16``) ~~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: l4 icmp id proto-icmp-type (``u8``) ~~~~~~~~~~~~~~~~~~~~~~~~ proto-icmp-code (``u8``) ~~~~~~~~~~~~~~~~~~~~~~~~ proto-icmpv6-id (``u16``) ~~~~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: l4 icmp id proto-icmpv6-type (``u8``) ~~~~~~~~~~~~~~~~~~~~~~~~~~ proto-icmpv6-code (``u8``) ~~~~~~~~~~~~~~~~~~~~~~~~~~ .. _conntrack-attribute-set-tuple-ip-attrs: tuple-ip-attrs ============== ip-v4-src (``u32``) ~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :display-hint: ipv4 :doc: ipv4 source address ip-v4-dst (``u32``) ~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :display-hint: ipv4 :doc: ipv4 destination address ip-v6-src (``binary``) ~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :display-hint: ipv6 :doc: ipv6 source address ip-v6-dst (``binary``) ~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :display-hint: ipv6 :doc: ipv6 destination address .. _conntrack-attribute-set-tuple-attrs: tuple-attrs =========== tuple-ip (``nest``) ~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-tuple-ip-attrs` :doc: conntrack l3 information tuple-proto (``nest``) ~~~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-tuple-proto-attrs` :doc: conntrack l4 information tuple-zone (``u16``) ~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: conntrack zone id .. _conntrack-attribute-set-protoinfo-tcp-attrs: protoinfo-tcp-attrs =================== tcp-state (``u8``) ~~~~~~~~~~~~~~~~~~ :enum: :ref:`conntrack-definition-nf-ct-tcp-state` :doc: tcp connection state tcp-wscale-original (``u8``) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :doc: window scaling factor in original direction tcp-wscale-reply (``u8``) ~~~~~~~~~~~~~~~~~~~~~~~~~ :doc: window scaling factor in reply direction tcp-flags-original (``binary``) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :struct: :ref:`conntrack-definition-nf-ct-tcp-flags-mask` tcp-flags-reply (``binary``) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :struct: :ref:`conntrack-definition-nf-ct-tcp-flags-mask` .. _conntrack-attribute-set-protoinfo-dccp-attrs: protoinfo-dccp-attrs ==================== dccp-state (``u8``) ~~~~~~~~~~~~~~~~~~~ :doc: dccp connection state dccp-role (``u8``) ~~~~~~~~~~~~~~~~~~ dccp-handshake-seq (``u64``) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian dccp-pad (``pad``) ~~~~~~~~~~~~~~~~~~ .. _conntrack-attribute-set-protoinfo-sctp-attrs: protoinfo-sctp-attrs ==================== sctp-state (``u8``) ~~~~~~~~~~~~~~~~~~~ :doc: sctp connection state :enum: :ref:`conntrack-definition-nf-ct-sctp-state` vtag-original (``u32``) ~~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian vtag-reply (``u32``) ~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian .. _conntrack-attribute-set-protoinfo-attrs: protoinfo-attrs =============== protoinfo-tcp (``nest``) ~~~~~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-protoinfo-tcp-attrs` :doc: conntrack tcp state information protoinfo-dccp (``nest``) ~~~~~~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-protoinfo-dccp-attrs` :doc: conntrack dccp state information protoinfo-sctp (``nest``) ~~~~~~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-protoinfo-sctp-attrs` :doc: conntrack sctp state information .. _conntrack-attribute-set-help-attrs: help-attrs ========== help-name (``string``) ~~~~~~~~~~~~~~~~~~~~~~ :doc: helper name .. _conntrack-attribute-set-nat-proto-attrs: nat-proto-attrs =============== nat-port-min (``u16``) ~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian nat-port-max (``u16``) ~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian .. _conntrack-attribute-set-nat-attrs: nat-attrs ========= nat-v4-minip (``u32``) ~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian nat-v4-maxip (``u32``) ~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian nat-v6-minip (``binary``) ~~~~~~~~~~~~~~~~~~~~~~~~~ nat-v6-maxip (``binary``) ~~~~~~~~~~~~~~~~~~~~~~~~~ nat-proto (``nest``) ~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-nat-proto-attrs` .. _conntrack-attribute-set-seqadj-attrs: seqadj-attrs ============ correction-pos (``u32``) ~~~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian offset-before (``u32``) ~~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian offset-after (``u32``) ~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian .. _conntrack-attribute-set-secctx-attrs: secctx-attrs ============ secctx-name (``string``) ~~~~~~~~~~~~~~~~~~~~~~~~ .. _conntrack-attribute-set-synproxy-attrs: synproxy-attrs ============== isn (``u32``) ~~~~~~~~~~~~~ :byte-order: big-endian its (``u32``) ~~~~~~~~~~~~~ :byte-order: big-endian tsoff (``u32``) ~~~~~~~~~~~~~~~ :byte-order: big-endian .. _conntrack-attribute-set-conntrack-attrs: conntrack-attrs =============== tuple-orig (``nest``) ~~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-tuple-attrs` :doc: conntrack l3+l4 protocol information, original direction tuple-reply (``nest``) ~~~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-tuple-attrs` :doc: conntrack l3+l4 protocol information, reply direction status (``u32``) ~~~~~~~~~~~~~~~~ :byte-order: big-endian :enum: :ref:`conntrack-definition-nf-ct-status` :enum-as-flags: True :doc: conntrack flag bits protoinfo (``nest``) ~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-protoinfo-attrs` help (``nest``) ~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-help-attrs` nat-src (``nest``) ~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-nat-attrs` timeout (``u32``) ~~~~~~~~~~~~~~~~~ :byte-order: big-endian mark (``u32``) ~~~~~~~~~~~~~~ :byte-order: big-endian counters-orig (``nest``) ~~~~~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-counter-attrs` counters-reply (``nest``) ~~~~~~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-counter-attrs` use (``u32``) ~~~~~~~~~~~~~ :byte-order: big-endian id (``u32``) ~~~~~~~~~~~~ :byte-order: big-endian nat-dst (``nest``) ~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-nat-attrs` tuple-master (``nest``) ~~~~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-tuple-attrs` seq-adj-orig (``nest``) ~~~~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-seqadj-attrs` seq-adj-reply (``nest``) ~~~~~~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-seqadj-attrs` secmark (``binary``) ~~~~~~~~~~~~~~~~~~~~ :doc: obsolete zone (``u16``) ~~~~~~~~~~~~~~ :byte-order: big-endian :doc: conntrack zone id secctx (``nest``) ~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-secctx-attrs` timestamp (``u64``) ~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian mark-mask (``u32``) ~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian labels (``binary``) ~~~~~~~~~~~~~~~~~~~ labels mask (``binary``) ~~~~~~~~~~~~~~~~~~~~~~~~ synproxy (``nest``) ~~~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-synproxy-attrs` filter (``nest``) ~~~~~~~~~~~~~~~~~ :nested-attributes: :ref:`conntrack-attribute-set-tuple-attrs` status-mask (``u32``) ~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :enum: :ref:`conntrack-definition-nf-ct-status` :enum-as-flags: True :doc: conntrack flag bits to change timestamp-event (``u64``) ~~~~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian .. _conntrack-attribute-set-conntrack-stats-attrs: conntrack-stats-attrs ===================== searched (``u32``) ~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: obsolete found (``u32``) ~~~~~~~~~~~~~~~ :byte-order: big-endian new (``u32``) ~~~~~~~~~~~~~ :byte-order: big-endian :doc: obsolete invalid (``u32``) ~~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: obsolete ignore (``u32``) ~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: obsolete delete (``u32``) ~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: obsolete delete-list (``u32``) ~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian :doc: obsolete insert (``u32``) ~~~~~~~~~~~~~~~~ :byte-order: big-endian insert-failed (``u32``) ~~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian drop (``u32``) ~~~~~~~~~~~~~~ :byte-order: big-endian early-drop (``u32``) ~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian error (``u32``) ~~~~~~~~~~~~~~~ :byte-order: big-endian search-restart (``u32``) ~~~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian clash-resolve (``u32``) ~~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian chain-toolong (``u32``) ~~~~~~~~~~~~~~~~~~~~~~~ :byte-order: big-endian