[PATCH v1 4/6] netlink_netfilter: decode enums and flags
Mathis Marion
Mathis.Marion at silabs.com
Thu Jun 12 09:56:04 UTC 2025
From: Mathis Marion <mathis.marion at silabs.com>
Signed-off-by: Mathis Marion <mathis.marion at silabs.com>
---
src/netlink_netfilter.c | 131 +++++++++++++++++++++++------
src/xlat/nft_chain_flags.in | 4 +
src/xlat/nft_cmp_ops.in | 8 ++
src/xlat/nft_flowtable_flags.in | 3 +
src/xlat/nft_meta_keys.in | 38 +++++++++
src/xlat/nft_objects.in | 12 +++
src/xlat/nft_payload_bases.in | 7 ++
src/xlat/nft_payload_csum_flags.in | 2 +
src/xlat/nft_payload_csum_types.in | 5 ++
src/xlat/nft_registers.in | 23 +++++
src/xlat/nft_set_elem_flags.in | 3 +
src/xlat/nft_set_flags.in | 10 +++
src/xlat/nft_set_policies.in | 4 +
src/xlat/nft_table_flags.in | 4 +
src/xlat/nft_trace_types.in | 6 ++
src/xlat/nft_verdicts.in | 12 +++
16 files changed, 246 insertions(+), 26 deletions(-)
create mode 100644 src/xlat/nft_chain_flags.in
create mode 100644 src/xlat/nft_cmp_ops.in
create mode 100644 src/xlat/nft_flowtable_flags.in
create mode 100644 src/xlat/nft_meta_keys.in
create mode 100644 src/xlat/nft_objects.in
create mode 100644 src/xlat/nft_payload_bases.in
create mode 100644 src/xlat/nft_payload_csum_flags.in
create mode 100644 src/xlat/nft_payload_csum_types.in
create mode 100644 src/xlat/nft_registers.in
create mode 100644 src/xlat/nft_set_elem_flags.in
create mode 100644 src/xlat/nft_set_flags.in
create mode 100644 src/xlat/nft_set_policies.in
create mode 100644 src/xlat/nft_table_flags.in
create mode 100644 src/xlat/nft_trace_types.in
create mode 100644 src/xlat/nft_verdicts.in
diff --git a/src/netlink_netfilter.c b/src/netlink_netfilter.c
index f2556c0a5..8fe11882c 100644
--- a/src/netlink_netfilter.c
+++ b/src/netlink_netfilter.c
@@ -14,35 +14,99 @@
#include "netlink.h"
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nf_tables.h>
+#include <linux/netfilter.h>
#include "xlat/netfilter_versions.h"
#include "xlat/nl_netfilter_msg_types.h"
#include "xlat/nl_netfilter_subsys_ids.h"
+#include "xlat/nft_chain_flags.h"
+#include "xlat/nft_flowtable_flags.h"
#include "xlat/nft_chain_attrs.h"
#include "xlat/nft_cmp_attrs.h"
+#include "xlat/nft_cmp_ops.h"
#include "xlat/nft_data_attrs.h"
#include "xlat/nft_expr_attrs.h"
#include "xlat/nft_flowtable_attrs.h"
#include "xlat/nft_gen_attrs.h"
#include "xlat/nft_obj_attrs.h"
+#include "xlat/nft_objects.h"
#include "xlat/nft_immediate_attrs.h"
#include "xlat/nft_list_attrs.h"
#include "xlat/nft_lookup_attrs.h"
#include "xlat/nft_meta_attrs.h"
+#include "xlat/nft_meta_keys.h"
#include "xlat/nft_payload_attrs.h"
+#include "xlat/nft_registers.h"
#include "xlat/nft_rule_attrs.h"
#include "xlat/nft_set_attrs.h"
#include "xlat/nft_set_elem_attrs.h"
#include "xlat/nft_set_elem_list_attrs.h"
+#include "xlat/nft_set_flags.h"
+#include "xlat/nft_set_elem_flags.h"
+#include "xlat/nft_set_policies.h"
#include "xlat/nft_table_attrs.h"
+#include "xlat/nft_table_flags.h"
#include "xlat/nft_trace_attrs.h"
+#include "xlat/nft_trace_types.h"
+#include "xlat/nft_payload_bases.h"
+#include "xlat/nft_payload_csum_flags.h"
+#include "xlat/nft_payload_csum_types.h"
+#include "xlat/nft_verdicts.h"
#include "xlat/nft_verdict_attrs.h"
+static bool decode_u32(struct tcb *tcp, kernel_ulong_t addr, unsigned int len,
+ const struct xlat *xlat, const char *dflt, bool is_flags)
+{
+ uint32_t val;
+
+ if (len < sizeof(val))
+ return false;
+ else if (!umove_or_printaddr(tcp, addr, &val)) {
+ tprints_arg_begin("htonl");
+ if (is_flags)
+ printflags(xlat, ntohl(val), dflt);
+ else
+ printxval(xlat, ntohl(val), dflt);
+ tprint_arg_end();
+ }
+ return true;
+}
+
+#define DEFINE_U32_DECODER(name, xlat, dflt, is_flags) \
+ static bool decode_##name(struct tcb *tcp, \
+ kernel_ulong_t addr, \
+ unsigned int len, \
+ const void *opaque_data) \
+ { \
+ return decode_u32(tcp, addr, len, xlat, dflt, is_flags); \
+ }
+
+#define DEFINE_ENUM_DECODER(name, xlat, dflt) \
+ DEFINE_U32_DECODER(name, xlat, dflt, false)
+#define DEFINE_FLAGS_DECODER(name, xlat, dflt) \
+ DEFINE_U32_DECODER(name, xlat, dflt, true)
+
+DEFINE_ENUM_DECODER(reg, nft_registers, "NFT_REG_???")
+DEFINE_ENUM_DECODER(verdict_code, nft_verdicts, "NF_???")
+DEFINE_ENUM_DECODER(cmp_op, nft_cmp_ops, "NFT_CMP_???")
+DEFINE_ENUM_DECODER(meta_key, nft_meta_keys, "NFT_META_???")
+DEFINE_ENUM_DECODER(payload_base, nft_payload_bases, "NFT_PAYLOAD_???");
+DEFINE_ENUM_DECODER(payload_csum_type, nft_payload_csum_types, "NFT_PAYLOAD_CSUM_???")
+DEFINE_FLAGS_DECODER(payload_csum_flags, nft_payload_csum_flags, "NFT_PAYLOAD_???")
+DEFINE_FLAGS_DECODER(table_flags, nft_table_flags, "NFT_TABLE_???")
+DEFINE_FLAGS_DECODER(chain_flags, nft_chain_flags, "NFT_CHAIN_???")
+DEFINE_FLAGS_DECODER(set_flags, nft_set_flags, "NFT_SET_???")
+DEFINE_ENUM_DECODER(set_policy, nft_set_policies, "NFT_SET_POL_???")
+DEFINE_FLAGS_DECODER(set_elem_flags, nft_set_elem_flags, "NFT_SET_ELEM_???")
+DEFINE_ENUM_DECODER(trace_type, nft_trace_types, "NFT_TRACETYPE_???")
+DEFINE_ENUM_DECODER(obj_type, nft_objects, "NFT_OBJECT_???")
+DEFINE_FLAGS_DECODER(flowtable_flags, nft_flowtable_flags, "NFT_FLOWTABLE_???")
+
static bool decode_verdict(struct tcb *tcp, kernel_ulong_t addr,
unsigned int len, const void *opaque_data)
{
static const nla_decoder_t decoders[] = {
- [NFTA_VERDICT_CODE] = decode_nla_be32,
+ [NFTA_VERDICT_CODE] = decode_verdict_code,
[NFTA_VERDICT_CHAIN] = decode_nla_str,
[NFTA_VERDICT_CHAIN_ID] = decode_nla_be32,
};
@@ -66,39 +130,39 @@ static bool decode_data(struct tcb *tcp, kernel_ulong_t addr,
}
static const nla_decoder_t nfta_cmp_decoders[] = {
- [NFTA_CMP_SREG] = decode_nla_be32,
- [NFTA_CMP_OP] = decode_nla_be32,
+ [NFTA_CMP_SREG] = decode_reg,
+ [NFTA_CMP_OP] = decode_cmp_op,
[NFTA_CMP_DATA] = decode_data,
};
static const nla_decoder_t nfta_immediate_decoders[] = {
- [NFTA_IMMEDIATE_DREG] = decode_nla_be32,
+ [NFTA_IMMEDIATE_DREG] = decode_reg,
[NFTA_IMMEDIATE_DATA] = decode_data,
};
static const nla_decoder_t nfta_meta_decoders[] = {
- [NFTA_META_DREG] = decode_nla_be32,
- [NFTA_META_KEY] = decode_nla_be32,
- [NFTA_META_SREG] = decode_nla_be32,
+ [NFTA_META_DREG] = decode_reg,
+ [NFTA_META_KEY] = decode_meta_key,
+ [NFTA_META_SREG] = decode_reg,
};
static const nla_decoder_t nfta_lookup_decoders[] = {
[NFTA_LOOKUP_SET] = decode_nla_str,
- [NFTA_LOOKUP_SREG] = decode_nla_be32,
- [NFTA_LOOKUP_DREG] = decode_nla_be32,
+ [NFTA_LOOKUP_SREG] = decode_reg,
+ [NFTA_LOOKUP_DREG] = decode_reg,
[NFTA_LOOKUP_SET_ID] = decode_nla_be32,
[NFTA_LOOKUP_FLAGS] = decode_nla_be32,
};
static const nla_decoder_t nfta_payload_decoders[] = {
- [NFTA_PAYLOAD_DREG] = decode_nla_be32,
- [NFTA_PAYLOAD_BASE] = decode_nla_be32,
+ [NFTA_PAYLOAD_DREG] = decode_reg,
+ [NFTA_PAYLOAD_BASE] = decode_payload_base,
[NFTA_PAYLOAD_OFFSET] = decode_nla_be32,
[NFTA_PAYLOAD_LEN] = decode_nla_be32,
- [NFTA_PAYLOAD_SREG] = decode_nla_be32,
- [NFTA_PAYLOAD_CSUM_TYPE] = decode_nla_be32,
+ [NFTA_PAYLOAD_SREG] = decode_reg,
+ [NFTA_PAYLOAD_CSUM_TYPE] = decode_payload_csum_type,
[NFTA_PAYLOAD_CSUM_OFFSET] = decode_nla_be32,
- [NFTA_PAYLOAD_CSUM_FLAGS] = decode_nla_be32,
+ [NFTA_PAYLOAD_CSUM_FLAGS] = decode_payload_csum_flags,
};
struct nlta_expr_data_decoder {
@@ -206,7 +270,7 @@ struct nfta_decoder {
static const nla_decoder_t nfta_table_decoders[] = {
[NFTA_TABLE_NAME] = decode_nla_str,
- [NFTA_TABLE_FLAGS] = decode_nla_be32,
+ [NFTA_TABLE_FLAGS] = decode_table_flags,
[NFTA_TABLE_USE] = decode_nla_be32,
[NFTA_TABLE_HANDLE] = decode_nla_be64,
[NFTA_TABLE_PAD] = NULL,
@@ -226,12 +290,12 @@ static const nla_decoder_t nfta_chain_decoders[] = {
[NFTA_CHAIN_HANDLE] = decode_nla_be64,
[NFTA_CHAIN_NAME] = decode_nla_str,
[NFTA_CHAIN_HOOK] = NULL, // TODO
- [NFTA_CHAIN_POLICY] = decode_nla_be32,
+ [NFTA_CHAIN_POLICY] = decode_verdict_code,
[NFTA_CHAIN_USE] = decode_nla_be32,
[NFTA_CHAIN_TYPE] = decode_nla_str,
[NFTA_CHAIN_COUNTERS] = NULL, // TODO
[NFTA_CHAIN_PAD] = NULL,
- [NFTA_CHAIN_FLAGS] = decode_nla_be32,
+ [NFTA_CHAIN_FLAGS] = decode_chain_flags,
[NFTA_CHAIN_ID] = decode_nla_be32,
[NFTA_CHAIN_USERDATA] = NULL,
};
@@ -267,19 +331,19 @@ static const struct nfta_decoder nfta_rule_decoder = {
static const nla_decoder_t nfta_set_decoders[] = {
[NFTA_SET_TABLE] = decode_nla_str,
[NFTA_SET_NAME] = decode_nla_str,
- [NFTA_SET_FLAGS] = decode_nla_be32,
+ [NFTA_SET_FLAGS] = decode_set_flags,
[NFTA_SET_KEY_TYPE] = decode_nla_be32,
[NFTA_SET_KEY_LEN] = decode_nla_be32,
[NFTA_SET_DATA_TYPE] = decode_nla_be32,
[NFTA_SET_DATA_LEN] = decode_nla_be32,
- [NFTA_SET_POLICY] = decode_nla_be32,
+ [NFTA_SET_POLICY] = decode_set_policy,
[NFTA_SET_DESC] = NULL, // TODO
[NFTA_SET_ID] = decode_nla_be32,
[NFTA_SET_TIMEOUT] = decode_nla_be64,
[NFTA_SET_GC_INTERVAL] = decode_nla_be32,
[NFTA_SET_USERDATA] = NULL,
[NFTA_SET_PAD] = NULL,
- [NFTA_SET_OBJ_TYPE] = decode_nla_be32,
+ [NFTA_SET_OBJ_TYPE] = decode_obj_type,
[NFTA_SET_HANDLE] = decode_nla_be64,
[NFTA_SET_EXPR] = decode_expr,
[NFTA_SET_EXPRESSIONS] = decode_exprs,
@@ -298,7 +362,7 @@ static bool decode_set_elem(struct tcb *tcp, kernel_ulong_t addr,
static const nla_decoder_t decoders[] = {
[NFTA_SET_ELEM_KEY] = decode_data,
[NFTA_SET_ELEM_DATA] = NULL,
- [NFTA_SET_ELEM_FLAGS] = decode_nla_be32,
+ [NFTA_SET_ELEM_FLAGS] = decode_set_elem_flags,
[NFTA_SET_ELEM_TIMEOUT] = decode_nla_be64,
[NFTA_SET_ELEM_EXPIRATION] = decode_nla_be64,
[NFTA_SET_ELEM_USERDATA] = NULL,
@@ -340,20 +404,35 @@ static const struct nfta_decoder nfta_setelem_decoder = {
.size = ARRAY_SIZE(nfta_set_elem_list_decoders),
};
+static bool decode_iftype(struct tcb *tcp, kernel_ulong_t addr,
+ unsigned int len, const void *opaque_data)
+{
+ uint16_t val;
+
+ if (len < sizeof(val))
+ return false;
+ else if (!umove_or_printaddr(tcp, addr, &val)) {
+ tprints_arg_begin("htons");
+ printxval(arp_hardware_types, ntohs(val), "ARPHRD_???");
+ tprint_arg_end();
+ }
+ return true;
+}
+
static const nla_decoder_t nfta_trace_decoders[] = {
[NFTA_TRACE_TABLE] = decode_nla_str,
[NFTA_TRACE_CHAIN] = decode_nla_str,
[NFTA_TRACE_RULE_HANDLE] = decode_nla_be64,
- [NFTA_TRACE_TYPE] = decode_nla_be32,
+ [NFTA_TRACE_TYPE] = decode_trace_type,
[NFTA_TRACE_VERDICT] = decode_verdict,
[NFTA_TRACE_ID] = decode_nla_u32,
[NFTA_TRACE_LL_HEADER] = NULL,
[NFTA_TRACE_NETWORK_HEADER] = NULL,
[NFTA_TRACE_TRANSPORT_HEADER] = NULL,
[NFTA_TRACE_IIF] = decode_nla_be32,
- [NFTA_TRACE_IIFTYPE] = decode_nla_be16,
+ [NFTA_TRACE_IIFTYPE] = decode_iftype,
[NFTA_TRACE_OIF] = decode_nla_be32,
- [NFTA_TRACE_OIFTYPE] = decode_nla_be16,
+ [NFTA_TRACE_OIFTYPE] = decode_iftype,
[NFTA_TRACE_MARK] = decode_nla_be32,
[NFTA_TRACE_NFPROTO] = decode_nla_be32,
[NFTA_TRACE_POLICY] = decode_nla_be32,
@@ -383,7 +462,7 @@ static const struct nfta_decoder nfta_gen_decoder = {
static const nla_decoder_t nfta_obj_decoders[] = {
[NFTA_OBJ_TABLE] = decode_nla_str,
[NFTA_OBJ_NAME] = decode_nla_str,
- [NFTA_OBJ_TYPE] = decode_nla_be32,
+ [NFTA_OBJ_TYPE] = decode_obj_type,
[NFTA_OBJ_DATA] = NULL,
[NFTA_OBJ_USE] = decode_nla_be32,
[NFTA_OBJ_HANDLE] = decode_nla_be64,
@@ -405,7 +484,7 @@ static const nla_decoder_t nfta_flowtable_decoders[] = {
[NFTA_FLOWTABLE_USE] = decode_nla_be32,
[NFTA_FLOWTABLE_HANDLE] = decode_nla_be64,
[NFTA_FLOWTABLE_PAD] = NULL,
- [NFTA_FLOWTABLE_FLAGS] = decode_nla_be32,
+ [NFTA_FLOWTABLE_FLAGS] = decode_flowtable_flags,
};
static const struct nfta_decoder nfta_flowtable_decoder = {
diff --git a/src/xlat/nft_chain_flags.in b/src/xlat/nft_chain_flags.in
new file mode 100644
index 000000000..499754012
--- /dev/null
+++ b/src/xlat/nft_chain_flags.in
@@ -0,0 +1,4 @@
+#unconditional
+NFT_CHAIN_BASE (1 << 0)
+NFT_CHAIN_HW_OFFLOAD (1 << 1)
+NFT_CHAIN_BINDING (1 << 2)
diff --git a/src/xlat/nft_cmp_ops.in b/src/xlat/nft_cmp_ops.in
new file mode 100644
index 000000000..9f24d225f
--- /dev/null
+++ b/src/xlat/nft_cmp_ops.in
@@ -0,0 +1,8 @@
+#unconditional
+#value_indexed
+NFT_CMP_EQ
+NFT_CMP_NEQ
+NFT_CMP_LT
+NFT_CMP_LTE
+NFT_CMP_GT
+NFT_CMP_GTE
diff --git a/src/xlat/nft_flowtable_flags.in b/src/xlat/nft_flowtable_flags.in
new file mode 100644
index 000000000..7d2f6c0ab
--- /dev/null
+++ b/src/xlat/nft_flowtable_flags.in
@@ -0,0 +1,3 @@
+#unconditional
+NFT_FLOWTABLE_HW_OFFLOAD 0x1
+NFT_FLOWTABLE_COUNTER 0x2
diff --git a/src/xlat/nft_meta_keys.in b/src/xlat/nft_meta_keys.in
new file mode 100644
index 000000000..98a772117
--- /dev/null
+++ b/src/xlat/nft_meta_keys.in
@@ -0,0 +1,38 @@
+#unconditional
+#value_indexed
+NFT_META_LEN
+NFT_META_PROTOCOL
+NFT_META_PRIORITY
+NFT_META_MARK
+NFT_META_IIF
+NFT_META_OIF
+NFT_META_IIFNAME
+NFT_META_OIFNAME
+NFT_META_IFTYPE
+NFT_META_OIFTYPE
+NFT_META_SKUID
+NFT_META_SKGID
+NFT_META_NFTRACE
+NFT_META_RTCLASSID
+NFT_META_SECMARK
+NFT_META_NFPROTO
+NFT_META_L4PROTO
+NFT_META_BRI_IIFNAME
+NFT_META_BRI_OIFNAME
+NFT_META_PKTTYPE
+NFT_META_CPU
+NFT_META_IIFGROUP
+NFT_META_OIFGROUP
+NFT_META_CGROUP
+NFT_META_PRANDOM
+NFT_META_SECPATH
+NFT_META_IIFKIND
+NFT_META_OIFKIND
+NFT_META_BRI_IIFPVID
+NFT_META_BRI_IIFVPROTO
+NFT_META_TIME_NS
+NFT_META_TIME_DAY
+NFT_META_TIME_HOUR
+NFT_META_SDIF
+NFT_META_SDIFNAME
+NFT_META_BRI_BROUTE
diff --git a/src/xlat/nft_objects.in b/src/xlat/nft_objects.in
new file mode 100644
index 000000000..f5980612f
--- /dev/null
+++ b/src/xlat/nft_objects.in
@@ -0,0 +1,12 @@
+#unconditional
+NFT_OBJECT_UNSPEC 0
+NFT_OBJECT_COUNTER 1
+NFT_OBJECT_QUOTA 2
+NFT_OBJECT_CT_HELPER 3
+NFT_OBJECT_LIMIT 4
+NFT_OBJECT_CONNLIMIT 5
+NFT_OBJECT_TUNNEL 6
+NFT_OBJECT_CT_TIMEOUT 7
+NFT_OBJECT_SECMARK 8
+NFT_OBJECT_CT_EXPECT 9
+NFT_OBJECT_SYNPROXY 10
diff --git a/src/xlat/nft_payload_bases.in b/src/xlat/nft_payload_bases.in
new file mode 100644
index 000000000..9240cbcbf
--- /dev/null
+++ b/src/xlat/nft_payload_bases.in
@@ -0,0 +1,7 @@
+#unconditional
+#value_indexed
+NFT_PAYLOAD_LL_HEADER
+NFT_PAYLOAD_NETWORK_HEADER
+NFT_PAYLOAD_TRANSPORT_HEADER
+NFT_PAYLOAD_INNER_HEADER
+NFT_PAYLOAD_TUN_HEADER
diff --git a/src/xlat/nft_payload_csum_flags.in b/src/xlat/nft_payload_csum_flags.in
new file mode 100644
index 000000000..3d63e6ea5
--- /dev/null
+++ b/src/xlat/nft_payload_csum_flags.in
@@ -0,0 +1,2 @@
+#unconditional
+NFT_PAYLOAD_L4CSUM_PSEUDOHDR (1 << 0)
diff --git a/src/xlat/nft_payload_csum_types.in b/src/xlat/nft_payload_csum_types.in
new file mode 100644
index 000000000..eff42c47e
--- /dev/null
+++ b/src/xlat/nft_payload_csum_types.in
@@ -0,0 +1,5 @@
+#unconditional
+#value_indexed
+NFT_PAYLOAD_CSUM_NONE
+NFT_PAYLOAD_CSUM_INET
+NFT_PAYLOAD_CSUM_SCTP
diff --git a/src/xlat/nft_registers.in b/src/xlat/nft_registers.in
new file mode 100644
index 000000000..56ff995f7
--- /dev/null
+++ b/src/xlat/nft_registers.in
@@ -0,0 +1,23 @@
+#unconditional
+#value_indexed
+NFT_REG_VERDICT
+NFT_REG_1
+NFT_REG_2
+NFT_REG_3
+NFT_REG_4
+NFT_REG32_00 8
+NFT_REG32_01
+NFT_REG32_02
+NFT_REG32_03
+NFT_REG32_04
+NFT_REG32_05
+NFT_REG32_06
+NFT_REG32_07
+NFT_REG32_08
+NFT_REG32_09
+NFT_REG32_10
+NFT_REG32_11
+NFT_REG32_12
+NFT_REG32_13
+NFT_REG32_14
+NFT_REG32_15
diff --git a/src/xlat/nft_set_elem_flags.in b/src/xlat/nft_set_elem_flags.in
new file mode 100644
index 000000000..1b07f1770
--- /dev/null
+++ b/src/xlat/nft_set_elem_flags.in
@@ -0,0 +1,3 @@
+#unconditional
+NFT_SET_ELEM_INTERVAL_END 0x1
+NFT_SET_ELEM_CATCHALL 0x2
diff --git a/src/xlat/nft_set_flags.in b/src/xlat/nft_set_flags.in
new file mode 100644
index 000000000..03b9afa5e
--- /dev/null
+++ b/src/xlat/nft_set_flags.in
@@ -0,0 +1,10 @@
+#unconditional
+NFT_SET_ANONYMOUS 0x1
+NFT_SET_CONSTANT 0x2
+NFT_SET_INTERVAL 0x4
+NFT_SET_MAP 0x8
+NFT_SET_TIMEOUT 0x10
+NFT_SET_EVAL 0x20
+NFT_SET_OBJECT 0x40
+NFT_SET_CONCAT 0x80
+NFT_SET_EXPR 0x100
diff --git a/src/xlat/nft_set_policies.in b/src/xlat/nft_set_policies.in
new file mode 100644
index 000000000..816f7977f
--- /dev/null
+++ b/src/xlat/nft_set_policies.in
@@ -0,0 +1,4 @@
+#unconditional
+#value_indexed
+NFT_SET_POL_PERFORMANCE
+NFT_SET_POL_MEMORY
diff --git a/src/xlat/nft_table_flags.in b/src/xlat/nft_table_flags.in
new file mode 100644
index 000000000..91a9acbdc
--- /dev/null
+++ b/src/xlat/nft_table_flags.in
@@ -0,0 +1,4 @@
+#unconditional
+NFT_TABLE_F_DORMANT 0x1
+NFT_TABLE_F_OWNER 0x2
+NFT_TABLE_F_PERSIST 0x4
diff --git a/src/xlat/nft_trace_types.in b/src/xlat/nft_trace_types.in
new file mode 100644
index 000000000..16698afca
--- /dev/null
+++ b/src/xlat/nft_trace_types.in
@@ -0,0 +1,6 @@
+#unconditional
+#value_indexed
+NFT_TRACETYPE_UNSPEC
+NFT_TRACETYPE_POLICY
+NFT_TRACETYPE_RETURN
+NFT_TRACETYPE_RULE
diff --git a/src/xlat/nft_verdicts.in b/src/xlat/nft_verdicts.in
new file mode 100644
index 000000000..18d1b77e0
--- /dev/null
+++ b/src/xlat/nft_verdicts.in
@@ -0,0 +1,12 @@
+#unconditional
+NF_DROP 0
+NF_ACCEPT 1
+NF_STOLEN 2
+NF_QUEUE 3
+NF_REPEAT 4
+NF_STOP 5
+NFT_CONTINUE -1
+NFT_BREAK -2
+NFT_JUMP -3
+NFT_GOTO -4
+NFT_RETURN -5
--
2.47.2
More information about the Strace-devel
mailing list