sdk/fidl/fuchsia.net.filter.deprecated/ruleset.fidl - fuchsia - Git at Google

 // Copyright 2018 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 library fuchsia.net.filter.deprecated;

 using fuchsia.net;
 using fuchsia.hardware.network;

 /// Direction is which way (Incoming or Outgoing) a packet is moving in the stack.
 type Direction = strict enum {
     INCOMING = 0;
     OUTGOING = 1;
 };

 type Action = strict enum {
     PASS = 0;
     DROP = 1;
     DROP_RESET = 2;
 };

 type SocketProtocol = strict enum {
     ANY = 0;
     ICMP = 1;
     TCP = 2;
     UDP = 3;
     ICMPV6 = 4;
 };

 /// PortRange specifies an inclusive range of port numbers.
 type PortRange = struct {
     start uint16;
     end uint16;
 };

 /// Rule describes the conditions and the action of a rule.
 type Rule = struct {
     action Action;
     direction Direction;
     proto SocketProtocol;
     src_subnet box<fuchsia.net.Subnet>;
     /// If true, matches any address that is NOT contained in the subnet.
     src_subnet_invert_match bool;
     src_port_range PortRange;
     dst_subnet box<fuchsia.net.Subnet>;
     /// If true, matches any address that is NOT contained in the subnet.
     dst_subnet_invert_match bool;
     dst_port_range PortRange;
     nic uint32;
     log bool;
     keep_state bool;
     /// Matches on packets originating from or destined to interfaces with
     /// `device_class`.
     ///
     /// If `Rule.direction` is `Direction.OUTGOING`, matches on the output
     /// interface. If it is `Direction.INCOMING`, matches on the input
     /// interface.
     device_class strict union {
         1: any Empty;
         2: match fuchsia.hardware.network.DeviceClass;
     };
 };

 type Empty = struct {};

 /// NAT is a rule for Source Network Address Translation.
 ///
 /// The source address of packets matching the rule will updated to an address
 /// belonging to the outgoing interface.
 type Nat = struct {
     proto SocketProtocol;
     src_subnet fuchsia.net.Subnet;
     outgoing_nic uint32;
 };

 /// RDR is a special rule for Redirector, which forwards an incoming packet
 /// to a machine inside the firewall.
 type Rdr = struct {
     proto SocketProtocol;
     dst_addr fuchsia.net.IpAddress;
     dst_port_range PortRange;
     new_dst_addr fuchsia.net.IpAddress;
     new_dst_port_range PortRange;
     nic uint32;
 };
	// Copyright 2018 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.
	library fuchsia.net.filter.deprecated;

	using fuchsia.net;
	using fuchsia.hardware.network;

	/// Direction is which way (Incoming or Outgoing) a packet is moving in the stack.
	type Direction = strict enum {
	INCOMING = 0;
	OUTGOING = 1;
	};

	type Action = strict enum {
	PASS = 0;
	DROP = 1;
	DROP_RESET = 2;
	};

	type SocketProtocol = strict enum {
	ANY = 0;
	ICMP = 1;
	TCP = 2;
	UDP = 3;
	ICMPV6 = 4;
	};

	/// PortRange specifies an inclusive range of port numbers.
	type PortRange = struct {
	start uint16;
	end uint16;
	};

	/// Rule describes the conditions and the action of a rule.
	type Rule = struct {
	action Action;
	direction Direction;
	proto SocketProtocol;
	src_subnet box<fuchsia.net.Subnet>;
	/// If true, matches any address that is NOT contained in the subnet.
	src_subnet_invert_match bool;
	src_port_range PortRange;
	dst_subnet box<fuchsia.net.Subnet>;
	/// If true, matches any address that is NOT contained in the subnet.
	dst_subnet_invert_match bool;
	dst_port_range PortRange;
	nic uint32;
	log bool;
	keep_state bool;
	/// Matches on packets originating from or destined to interfaces with
	/// `device_class`.
	///
	/// If `Rule.direction` is `Direction.OUTGOING`, matches on the output
	/// interface. If it is `Direction.INCOMING`, matches on the input
	/// interface.
	device_class strict union {
	1: any Empty;
	2: match fuchsia.hardware.network.DeviceClass;
	};
	};

	type Empty = struct {};

	/// NAT is a rule for Source Network Address Translation.
	///
	/// The source address of packets matching the rule will updated to an address
	/// belonging to the outgoing interface.
	type Nat = struct {
	proto SocketProtocol;
	src_subnet fuchsia.net.Subnet;
	outgoing_nic uint32;
	};

	/// RDR is a special rule for Redirector, which forwards an incoming packet
	/// to a machine inside the firewall.
	type Rdr = struct {
	proto SocketProtocol;
	dst_addr fuchsia.net.IpAddress;
	dst_port_range PortRange;
	new_dst_addr fuchsia.net.IpAddress;
	new_dst_port_range PortRange;
	nic uint32;
	};