expressions

package
v0.0.16 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 18, 2023 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

A collection of google/nftables expression partials used to compose rules

Index

Constants

View Source 
const (
	SrcPortOffset = 0
	DstPortOffset = 2
	PortLen       = 2
)

Transport protocol lengths and offsets

View Source 
const (
	IPv4SrcOffset = 12
	IPv4DstOffset = 16
	IPv4AddrLen   = 4
)

IPv4 lengths and offsets

View Source 
const (
	IPv6SrcOffest = 8
	IPv6DstOffset = 24
	IPv6AddrLen   = 16
)

IPv6 lengths and offsets

Variables

This section is empty.

Functions

func Accept 

func Accept() *expr.Verdict

Returns an accept verdict expression

func Bitwise added in v0.0.12 

func Bitwise(length uint32, mask []byte, xor []byte) *expr.Bitwise

func BitwiseWithRegisters added in v0.0.12 

func BitwiseWithRegisters(sourceRegister uint32, destRegister uint32, length uint32, mask []byte, xor []byte) *expr.Bitwise

func CompareCtState added in v0.0.12 

func CompareCtState(mask uint32) ([]expr.Any, error)

func CompareCtStateWithRegister added in v0.0.12 

func CompareCtStateWithRegister(reg uint32, mask uint32) ([]expr.Any, error)

Makes the comparison specified by `mask` to the CT State already loaded in `reg`. Valid values for mask are: expr.CtStateBitInvalid = 1 expr.CtStateBitESTABLISHED = 2 expr.CtStateBitRELATED = 4 expr.CtStateBitNEW = 8 expr.CtStateBitUNTRACKED = 64 Or combinations with a bitwise OR: `expr.CtStateBitNEW | expr.CtStateBitUNTRACKED`

func CompareDestinationAddress 

func CompareDestinationAddress(ip netip.Addr) ([]expr.Any, error)

Returns a list of expressions that will compare the destination address of traffic

func CompareDestinationAddressSet 

func CompareDestinationAddressSet(set *nftables.Set) ([]expr.Any, error)

Returns a list of expressions that will compare the destination address of traffic against a set

func CompareDestinationAddressSetWithRegister 

func CompareDestinationAddressSetWithRegister(set *nftables.Set, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the destnation address of traffic against a set, with a user defined register

func CompareDestinationAddressWithRegister 

func CompareDestinationAddressWithRegister(ip netip.Addr, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the destination address of traffic, with a user defined register

func CompareDestinationPort 

func CompareDestinationPort(port uint16) ([]expr.Any, error)

Returns a list of expressions that will compare the destination port of traffic

func CompareDestinationPortSet 

func CompareDestinationPortSet(set *nftables.Set) ([]expr.Any, error)

Returns a list of expressions that will compare the destination port of traffic against a set

func CompareDestinationPortSetWithRegister 

func CompareDestinationPortSetWithRegister(set *nftables.Set, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the destination port of traffic against a set, with a user defined register

func CompareDestinationPortWithRegister 

func CompareDestinationPortWithRegister(port uint16, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the destination port of traffic, with a user defined register

func CompareProtocolFamily 

func CompareProtocolFamily(proto byte) ([]expr.Any, error)

Returns a list of expressions that will compare the netfilter protocol family of traffic

func CompareProtocolFamilyWithRegister 

func CompareProtocolFamilyWithRegister(proto byte, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the protocol family of traffic, with a user defined register

func CompareSourceAddress 

func CompareSourceAddress(ip netip.Addr) ([]expr.Any, error)

Returns a list of expressions that will compare the source address of traffic

func CompareSourceAddressSet 

func CompareSourceAddressSet(set *nftables.Set) ([]expr.Any, error)

Returns a list of expressions that will compare the source address of traffic against a set

func CompareSourceAddressSetWithRegister 

func CompareSourceAddressSetWithRegister(set *nftables.Set, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the source address of traffic against a set, with a user defined register

func CompareSourceAddressWithRegister 

func CompareSourceAddressWithRegister(ip netip.Addr, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the source address of traffic, with a user defined register

func CompareSourcePort 

func CompareSourcePort(port uint16) ([]expr.Any, error)

Returns a list of expressions that will compare the source port of traffic

func CompareSourcePortSet 

func CompareSourcePortSet(set *nftables.Set) ([]expr.Any, error)

Returns a list of expressions that will compare the source port of traffic against a set

func CompareSourcePortSetWithRegister 

func CompareSourcePortSetWithRegister(set *nftables.Set, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the source port of traffic against a set, with a user defined register

func CompareSourcePortWithRegister 

func CompareSourcePortWithRegister(port uint16, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the source port of traffic, with a user defined register

func CompareTransportProtocol 

func CompareTransportProtocol(proto byte) ([]expr.Any, error)

Returns a list of expressions that will compare the transport protocol of traffic

func CompareTransportProtocolWithRegister 

func CompareTransportProtocolWithRegister(proto byte, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the transport protocol of traffic, with a user defined register

func Counter 

func Counter() *expr.Counter

Returns a counter expression

func DestinationPort 

func DestinationPort(reg uint32) *expr.Payload

Returns a destination port payload expression

func Drop 

func Drop() *expr.Verdict

Returns an drop verdict expression

func Equals 

func Equals(data []byte, reg uint32) *expr.Cmp

Returns an equal comparison expression

func IPSetLookUp 

func IPSetLookUp(set *nftables.Set, reg uint32) *expr.Lookup

Returns an IP set lookup expression

func IPv4DestinationAddress 

func IPv4DestinationAddress(reg uint32) *expr.Payload

Returns a IPv4 destination address payload expression

func IPv4SourceAddress 

func IPv4SourceAddress(reg uint32) *expr.Payload

Returns a IPv4 source address payload expression

func IPv6DestinationAddress 

func IPv6DestinationAddress(reg uint32) *expr.Payload

Returns a IPv6 destination address payload expression

func IPv6SourceAddress 

func IPv6SourceAddress(reg uint32) *expr.Payload

Returns a IPv6 source address payload expression

func LoadCtByKey added in v0.0.12 

func LoadCtByKey(ctKey expr.CtKey) (*expr.Ct, error)

func LoadCtByKeyWithRegister added in v0.0.12 

func LoadCtByKeyWithRegister(ctKey expr.CtKey, reg uint32) (*expr.Ct, error)

func Match 

func Match(name string, revision uint32, info xt.InfoAny) *expr.Match

Returns a xtables match expression

func MatchBpf 

func MatchBpf(info []byte) *expr.Match

Returns a xtables match bpf expression

func MatchBpfWithVerdict 

func MatchBpfWithVerdict(info []byte, verdict *expr.Verdict) []expr.Any

Returns a xtables match bpf expression with a verdict

func MatchUnknown 

func MatchUnknown(name string, revision uint32, info []byte) *expr.Match

Returns a xtables match expression of unknown type

func Meta 

func Meta(meta expr.MetaKey, reg uint32) *expr.Meta

Returns a meta expression

func NotEquals added in v0.0.12 

func NotEquals(data []byte, reg uint32) *expr.Cmp

Returns a not-equal comparison expression

func PortSetLookUp 

func PortSetLookUp(set *nftables.Set, reg uint32) *expr.Lookup

Returns a port set lookup expression

func SourcePort 

func SourcePort(reg uint32) *expr.Payload

Returns a source port payload expression

Types

type AddrFamily added in v0.0.13 

type AddrFamily int8
const (
	AnyFamily AddrFamily = -1
	IPv4      AddrFamily = unix.NFPROTO_IPV4
	IPv6      AddrFamily = unix.NFPROTO_IPV6
)

type TransportProto added in v0.0.13 

type TransportProto int8
const (
	AnyTransport TransportProto = -1
	TCP          TransportProto = unix.IPPROTO_TCP
	UDP          TransportProto = unix.IPPROTO_UDP
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.