| // Copyright 2018 The Fuchsia Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| library fuchsia.net.filter; |
| |
| using fuchsia.net; |
| |
| /// Direction is which way (Incoming or Outgoing) a packet is moving in the stack. |
| enum Direction { |
| INCOMING = 0; |
| OUTGOING = 1; |
| }; |
| |
| enum Action { |
| PASS = 0; |
| DROP = 1; |
| DROP_RESET = 2; |
| }; |
| |
| enum SocketProtocol { |
| ANY = 0; |
| ICMP = 1; |
| TCP = 2; |
| UDP = 3; |
| ICMPV6 = 4; |
| }; |
| |
| /// PortRange specifies an inclusive range of port numbers. |
| struct PortRange { |
| uint16 start; |
| uint16 end; |
| }; |
| |
| /// Rule describes the conditions and the action of a rule. |
| struct Rule { |
| Action action; |
| Direction direction; |
| /// If true, no more rules will be tested. |
| bool quick; |
| SocketProtocol proto; |
| fuchsia.net.Subnet? src_subnet; |
| /// If true, matches any address that is NOT contained in the subnet. |
| bool src_subnet_invert_match; |
| PortRange src_port_range; |
| fuchsia.net.Subnet? dst_subnet; |
| /// If true, matches any address that is NOT contained in the subnet. |
| bool dst_subnet_invert_match; |
| PortRange dst_port_range; |
| uint32 nic; |
| bool log; |
| bool keep_state; |
| }; |
| |
| /// NAT is a special rule for Network Address Translation, which rewrites |
| /// the address of an outgoing packet. |
| struct Nat { |
| SocketProtocol proto; |
| fuchsia.net.Subnet src_subnet; |
| fuchsia.net.IpAddress new_src_addr; |
| uint32 nic; |
| }; |
| |
| /// RDR is a special rule for Redirector, which forwards an incoming packet |
| /// to a machine inside the firewall. |
| struct Rdr { |
| SocketProtocol proto; |
| fuchsia.net.IpAddress dst_addr; |
| PortRange dst_port_range; |
| fuchsia.net.IpAddress new_dst_addr; |
| PortRange new_dst_port_range; |
| uint32 nic; |
| }; |
