1 /* 2 * Copyright (c) 2013, Petar Alilovic, 3 * Faculty of Electrical Engineering and Computing, University of Zagreb 4 * All rights reserved 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * 9 * * Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * * Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY 16 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY 19 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 20 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 22 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH 25 * DAMAGE. 26 */ 27 28 module libpcap.nflog; 29 extern (C): 30 31 /* 32 * Structure of an NFLOG header and TLV parts, as described at 33 * http://www.tcpdump.org/linktypes/LINKTYPE_NFLOG.html 34 * 35 * The NFLOG header is big-endian. 36 * 37 * The TLV length and type are in host byte order. The value is either 38 * big-endian or is an array of bytes in some externally-specified byte 39 * order (text string, link-layer address, link-layer header, packet 40 * data, etc.). 41 */ 42 struct nflog_hdr_t { 43 ubyte nflog_family; /* address family */ 44 ubyte nflog_version; /* version */ 45 ushort nflog_rid; /* resource ID */ 46 } 47 48 struct nflog_tlv_t { 49 ushort tlv_length; /* tlv length */ 50 ushort tlv_type; /* tlv type */ 51 /* value follows this */ 52 } 53 54 struct nflog_packet_hdr_t { 55 ushort hw_protocol; /* hw protocol */ 56 ubyte hook; /* netfilter hook */ 57 ubyte pad; /* padding to 32 bits */ 58 } 59 60 struct nflog_hwaddr_t { 61 ushort hw_addrlen; /* address length */ 62 ushort pad; /* padding to 32-bit boundary */ 63 ubyte[8] hw_addr; /* address, up to 8 bytes */ 64 } 65 66 struct nflog_timestamp_t { 67 ulong sec; 68 ulong usec; 69 } 70 71 /* 72 * TLV types. 73 */ 74 immutable NFULA_PACKET_HDR = 1; /* nflog_packet_hdr_t */ 75 immutable NFULA_MARK = 2; /* packet mark from skbuff */ 76 immutable NFULA_TIMESTAMP = 3; /* nflog_timestamp_t for skbuff's time stamp */ 77 immutable NFULA_IFINDEX_INDEV = 4; /* ifindex of device on which packet received (possibly bridge group) */ 78 immutable NFULA_IFINDEX_OUTDEV = 5; /* ifindex of device on which packet transmitted (possibly bridge group) */ 79 immutable NFULA_IFINDEX_PHYSINDEV = 6; /* ifindex of physical device on which packet received (not bridge group) */ 80 immutable NFULA_IFINDEX_PHYSOUTDEV = 7; /* ifindex of physical device on which packet transmitted (not bridge group) */ 81 immutable NFULA_HWADDR = 8; /* nflog_hwaddr_t for hardware address */ 82 immutable NFULA_PAYLOAD = 9; /* packet payload */ 83 immutable NFULA_PREFIX = 10; /* text string - null-terminated, count includes NUL */ 84 immutable NFULA_UID = 11; /* UID owning socket on which packet was sent/received */ 85 immutable NFULA_SEQ = 12; /* sequence number of packets on this NFLOG socket */ 86 immutable NFULA_SEQ_GLOBAL = 13; /* sequence number of pakets on all NFLOG sockets */ 87 immutable NFULA_GID = 14; /* GID owning socket on which packet was sent/received */ 88 immutable NFULA_HWTYPE = 15; /* ARPHRD_ type of skbuff's device */ 89 immutable NFULA_HWHEADER = 16; /* skbuff's MAC-layer header */ 90 immutable NFULA_HWLEN = 17; /* length of skbuff's MAC-layer header */ 91