.. SPDX-License-Identifier: GPL-2.0
.. NOTE: This document was auto-generated.
==========================================
Family ``conntrack`` netlink specification
==========================================
.. contents:: :depth: 3
-------
Summary
-------
Netfilter connection tracking subsystem over nfnetlink
----------
Operations
----------
.. _conntrack-operation-get:
get
===
get / dump entries
:attribute-set: :ref:`conntrack-attribute-set-conntrack-attrs`
:fixed-header: :ref:`conntrack-definition-nfgenmsg`
:do:
**request**
:attributes: [``tuple-orig``, ``tuple-reply``, ``zone``]
**reply**
:attributes: [``tuple-orig``, ``tuple-reply``, ``status``, ``protoinfo``, ``help``, ``nat-src``, ``nat-dst``, ``timeout``, ``mark``, ``counter-orig``, ``counter-reply``, ``use``, ``id``, ``nat-dst``, ``tuple-master``, ``seq-adj-orig``, ``seq-adj-reply``, ``zone``, ``secctx``, ``labels``, ``synproxy``]
:dump:
**request**
:attributes: [``nfgen-family``, ``mark``, ``filter``, ``status``, ``zone``]
**reply**
:attributes: [``tuple-orig``, ``tuple-reply``, ``status``, ``protoinfo``, ``help``, ``nat-src``, ``nat-dst``, ``timeout``, ``mark``, ``counter-orig``, ``counter-reply``, ``use``, ``id``, ``nat-dst``, ``tuple-master``, ``seq-adj-orig``, ``seq-adj-reply``, ``zone``, ``secctx``, ``labels``, ``synproxy``]
.. _conntrack-operation-get-stats:
get-stats
=========
dump pcpu conntrack stats
:attribute-set: :ref:`conntrack-attribute-set-conntrack-stats-attrs`
:fixed-header: :ref:`conntrack-definition-nfgenmsg`
:dump:
**request**
**reply**
:attributes: [``searched``, ``found``, ``insert``, ``insert-failed``, ``drop``, ``early-drop``, ``error``, ``search-restart``, ``clash-resolve``, ``chain-toolong``]
-----------
Definitions
-----------
.. _conntrack-definition-nfgenmsg:
nfgenmsg
========
:type: struct
:members:
:nfgen-family (``u8``):
:version (``u8``):
:res-id (``u16``):
.. _conntrack-definition-nf-ct-tcp-flags-mask:
nf-ct-tcp-flags-mask
====================
:type: struct
:members:
:flags (``u8``):
:mask (``u8``):
.. _conntrack-definition-nf-ct-tcp-flags:
nf-ct-tcp-flags
===============
:type: flags
:entries:
- ``window-scale``
- ``sack-perm``
- ``close-init``
- ``be-liberal``
- ``unacked``
- ``maxack``
- ``challenge-ack``
- ``simultaneous-open``
.. _conntrack-definition-nf-ct-tcp-state:
nf-ct-tcp-state
===============
:type: enum
:entries:
- ``none``
- ``syn-sent``
- ``syn-recv``
- ``established``
- ``fin-wait``
- ``close-wait``
- ``last-ack``
- ``time-wait``
- ``close``
- ``syn-sent2``
- ``max``
- ``ignore``
- ``retrans``
- ``unack``
- ``timeout-max``
.. _conntrack-definition-nf-ct-sctp-state:
nf-ct-sctp-state
================
:type: enum
:entries:
- ``none``
- ``cloned``
- ``cookie-wait``
- ``cookie-echoed``
- ``established``
- ``shutdown-sent``
- ``shutdown-received``
- ``shutdown-ack-sent``
- ``shutdown-heartbeat-sent``
.. _conntrack-definition-nf-ct-status:
nf-ct-status
============
:type: flags
:entries:
- ``expected``
- ``seen-reply``
- ``assured``
- ``confirmed``
- ``src-nat``
- ``dst-nat``
- ``seq-adj``
- ``src-nat-done``
- ``dst-nat-done``
- ``dying``
- ``fixed-timeout``
- ``template``
- ``nat-clash``
- ``helper``
- ``offload``
- ``hw-offload``
--------------
Attribute sets
--------------
.. _conntrack-attribute-set-counter-attrs:
counter-attrs
=============
packets (``u64``)
~~~~~~~~~~~~~~~~~
:byte-order: big-endian
bytes (``u64``)
~~~~~~~~~~~~~~~
:byte-order: big-endian
packets-old (``u32``)
~~~~~~~~~~~~~~~~~~~~~
bytes-old (``u32``)
~~~~~~~~~~~~~~~~~~~
pad (``pad``)
~~~~~~~~~~~~~
.. _conntrack-attribute-set-tuple-proto-attrs:
tuple-proto-attrs
=================
proto-num (``u8``)
~~~~~~~~~~~~~~~~~~
:doc: l4 protocol number
proto-src-port (``u16``)
~~~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
:doc: l4 source port
proto-dst-port (``u16``)
~~~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
:doc: l4 source port
proto-icmp-id (``u16``)
~~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
:doc: l4 icmp id
proto-icmp-type (``u8``)
~~~~~~~~~~~~~~~~~~~~~~~~
proto-icmp-code (``u8``)
~~~~~~~~~~~~~~~~~~~~~~~~
proto-icmpv6-id (``u16``)
~~~~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
:doc: l4 icmp id
proto-icmpv6-type (``u8``)
~~~~~~~~~~~~~~~~~~~~~~~~~~
proto-icmpv6-code (``u8``)
~~~~~~~~~~~~~~~~~~~~~~~~~~
.. _conntrack-attribute-set-tuple-ip-attrs:
tuple-ip-attrs
==============
ip-v4-src (``u32``)
~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
:display-hint: ipv4
:doc: ipv4 source address
ip-v4-dst (``u32``)
~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
:display-hint: ipv4
:doc: ipv4 destination address
ip-v6-src (``binary``)
~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
:display-hint: ipv6
:doc: ipv6 source address
ip-v6-dst (``binary``)
~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
:display-hint: ipv6
:doc: ipv6 destination address
.. _conntrack-attribute-set-tuple-attrs:
tuple-attrs
===========
tuple-ip (``nest``)
~~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-tuple-ip-attrs`
:doc: conntrack l3 information
tuple-proto (``nest``)
~~~~~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-tuple-proto-attrs`
:doc: conntrack l4 information
tuple-zone (``u16``)
~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
:doc: conntrack zone id
.. _conntrack-attribute-set-protoinfo-tcp-attrs:
protoinfo-tcp-attrs
===================
tcp-state (``u8``)
~~~~~~~~~~~~~~~~~~
:enum: :ref:`conntrack-definition-nf-ct-tcp-state`
:doc: tcp connection state
tcp-wscale-original (``u8``)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:doc: window scaling factor in original direction
tcp-wscale-reply (``u8``)
~~~~~~~~~~~~~~~~~~~~~~~~~
:doc: window scaling factor in reply direction
tcp-flags-original (``binary``)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:struct: :ref:`conntrack-definition-nf-ct-tcp-flags-mask`
tcp-flags-reply (``binary``)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:struct: :ref:`conntrack-definition-nf-ct-tcp-flags-mask`
.. _conntrack-attribute-set-protoinfo-dccp-attrs:
protoinfo-dccp-attrs
====================
dccp-state (``u8``)
~~~~~~~~~~~~~~~~~~~
:doc: dccp connection state
dccp-role (``u8``)
~~~~~~~~~~~~~~~~~~
dccp-handshake-seq (``u64``)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
dccp-pad (``pad``)
~~~~~~~~~~~~~~~~~~
.. _conntrack-attribute-set-protoinfo-sctp-attrs:
protoinfo-sctp-attrs
====================
sctp-state (``u8``)
~~~~~~~~~~~~~~~~~~~
:doc: sctp connection state
:enum: :ref:`conntrack-definition-nf-ct-sctp-state`
vtag-original (``u32``)
~~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
vtag-reply (``u32``)
~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
.. _conntrack-attribute-set-protoinfo-attrs:
protoinfo-attrs
===============
protoinfo-tcp (``nest``)
~~~~~~~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-protoinfo-tcp-attrs`
:doc: conntrack tcp state information
protoinfo-dccp (``nest``)
~~~~~~~~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-protoinfo-dccp-attrs`
:doc: conntrack dccp state information
protoinfo-sctp (``nest``)
~~~~~~~~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-protoinfo-sctp-attrs`
:doc: conntrack sctp state information
.. _conntrack-attribute-set-help-attrs:
help-attrs
==========
help-name (``string``)
~~~~~~~~~~~~~~~~~~~~~~
:doc: helper name
.. _conntrack-attribute-set-nat-proto-attrs:
nat-proto-attrs
===============
nat-port-min (``u16``)
~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
nat-port-max (``u16``)
~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
.. _conntrack-attribute-set-nat-attrs:
nat-attrs
=========
nat-v4-minip (``u32``)
~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
nat-v4-maxip (``u32``)
~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
nat-v6-minip (``binary``)
~~~~~~~~~~~~~~~~~~~~~~~~~
nat-v6-maxip (``binary``)
~~~~~~~~~~~~~~~~~~~~~~~~~
nat-proto (``nest``)
~~~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-nat-proto-attrs`
.. _conntrack-attribute-set-seqadj-attrs:
seqadj-attrs
============
correction-pos (``u32``)
~~~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
offset-before (``u32``)
~~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
offset-after (``u32``)
~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
.. _conntrack-attribute-set-secctx-attrs:
secctx-attrs
============
secctx-name (``string``)
~~~~~~~~~~~~~~~~~~~~~~~~
.. _conntrack-attribute-set-synproxy-attrs:
synproxy-attrs
==============
isn (``u32``)
~~~~~~~~~~~~~
:byte-order: big-endian
its (``u32``)
~~~~~~~~~~~~~
:byte-order: big-endian
tsoff (``u32``)
~~~~~~~~~~~~~~~
:byte-order: big-endian
.. _conntrack-attribute-set-conntrack-attrs:
conntrack-attrs
===============
tuple-orig (``nest``)
~~~~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-tuple-attrs`
:doc: conntrack l3+l4 protocol information, original direction
tuple-reply (``nest``)
~~~~~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-tuple-attrs`
:doc: conntrack l3+l4 protocol information, reply direction
status (``u32``)
~~~~~~~~~~~~~~~~
:byte-order: big-endian
:enum: :ref:`conntrack-definition-nf-ct-status`
:enum-as-flags: True
:doc: conntrack flag bits
protoinfo (``nest``)
~~~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-protoinfo-attrs`
help (``nest``)
~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-help-attrs`
nat-src (``nest``)
~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-nat-attrs`
timeout (``u32``)
~~~~~~~~~~~~~~~~~
:byte-order: big-endian
mark (``u32``)
~~~~~~~~~~~~~~
:byte-order: big-endian
counters-orig (``nest``)
~~~~~~~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-counter-attrs`
counters-reply (``nest``)
~~~~~~~~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-counter-attrs`
use (``u32``)
~~~~~~~~~~~~~
:byte-order: big-endian
id (``u32``)
~~~~~~~~~~~~
:byte-order: big-endian
nat-dst (``nest``)
~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-nat-attrs`
tuple-master (``nest``)
~~~~~~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-tuple-attrs`
seq-adj-orig (``nest``)
~~~~~~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-seqadj-attrs`
seq-adj-reply (``nest``)
~~~~~~~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-seqadj-attrs`
secmark (``binary``)
~~~~~~~~~~~~~~~~~~~~
:doc: obsolete
zone (``u16``)
~~~~~~~~~~~~~~
:byte-order: big-endian
:doc: conntrack zone id
secctx (``nest``)
~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-secctx-attrs`
timestamp (``u64``)
~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
mark-mask (``u32``)
~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
labels (``binary``)
~~~~~~~~~~~~~~~~~~~
labels mask (``binary``)
~~~~~~~~~~~~~~~~~~~~~~~~
synproxy (``nest``)
~~~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-synproxy-attrs`
filter (``nest``)
~~~~~~~~~~~~~~~~~
:nested-attributes: :ref:`conntrack-attribute-set-tuple-attrs`
status-mask (``u32``)
~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
:enum: :ref:`conntrack-definition-nf-ct-status`
:enum-as-flags: True
:doc: conntrack flag bits to change
timestamp-event (``u64``)
~~~~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
.. _conntrack-attribute-set-conntrack-stats-attrs:
conntrack-stats-attrs
=====================
searched (``u32``)
~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
:doc: obsolete
found (``u32``)
~~~~~~~~~~~~~~~
:byte-order: big-endian
new (``u32``)
~~~~~~~~~~~~~
:byte-order: big-endian
:doc: obsolete
invalid (``u32``)
~~~~~~~~~~~~~~~~~
:byte-order: big-endian
:doc: obsolete
ignore (``u32``)
~~~~~~~~~~~~~~~~
:byte-order: big-endian
:doc: obsolete
delete (``u32``)
~~~~~~~~~~~~~~~~
:byte-order: big-endian
:doc: obsolete
delete-list (``u32``)
~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
:doc: obsolete
insert (``u32``)
~~~~~~~~~~~~~~~~
:byte-order: big-endian
insert-failed (``u32``)
~~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
drop (``u32``)
~~~~~~~~~~~~~~
:byte-order: big-endian
early-drop (``u32``)
~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
error (``u32``)
~~~~~~~~~~~~~~~
:byte-order: big-endian
search-restart (``u32``)
~~~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
clash-resolve (``u32``)
~~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian
chain-toolong (``u32``)
~~~~~~~~~~~~~~~~~~~~~~~
:byte-order: big-endian