blob: 0e7e65045f22aea718c35870ed5445e31d79842e [file] [log] [blame]
// Copyright 2018 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
library fuchsia.net.filter;
using fuchsia.net;
/// Direction is which way (Incoming or Outgoing) a packet is moving in the stack.
type Direction = strict enum {
INCOMING = 0;
OUTGOING = 1;
};
type Action = strict enum {
PASS = 0;
DROP = 1;
DROP_RESET = 2;
};
type SocketProtocol = strict enum {
ANY = 0;
ICMP = 1;
TCP = 2;
UDP = 3;
ICMPV6 = 4;
};
/// PortRange specifies an inclusive range of port numbers.
type PortRange = struct {
start uint16;
end uint16;
};
/// Rule describes the conditions and the action of a rule.
type Rule = struct {
action Action;
direction Direction;
proto SocketProtocol;
src_subnet box<fuchsia.net.Subnet>;
/// If true, matches any address that is NOT contained in the subnet.
src_subnet_invert_match bool;
src_port_range PortRange;
dst_subnet box<fuchsia.net.Subnet>;
/// If true, matches any address that is NOT contained in the subnet.
dst_subnet_invert_match bool;
dst_port_range PortRange;
nic uint32;
log bool;
keep_state bool;
};
/// NAT is a special rule for Network Address Translation, which rewrites
/// the address of an outgoing packet.
type Nat = struct {
proto SocketProtocol;
src_subnet fuchsia.net.Subnet;
new_src_addr fuchsia.net.IpAddress;
nic uint32;
};
/// RDR is a special rule for Redirector, which forwards an incoming packet
/// to a machine inside the firewall.
type Rdr = struct {
proto SocketProtocol;
dst_addr fuchsia.net.IpAddress;
dst_port_range PortRange;
new_dst_addr fuchsia.net.IpAddress;
new_dst_port_range PortRange;
nic uint32;
};