expressions

package

v0.0.5 Latest Latest Go to latest Published: Dec 20, 2022 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ngrok/firewall_toolkit

Links

Open Source Insights

Documentation ¶

Overview ¶

A collection of google/nftables expression partials used to compose rules

Index ¶

Constants
func Accept() *expr.Verdict
func CompareDestinationAddress(ip netip.Addr) ([]expr.Any, error)
func CompareDestinationAddressSet(set *nftables.Set) ([]expr.Any, error)
func CompareDestinationAddressSetWithRegister(set *nftables.Set, reg int) ([]expr.Any, error)
func CompareDestinationAddressWithRegister(ip netip.Addr, reg int) ([]expr.Any, error)
func CompareDestinationPort(port int) ([]expr.Any, error)
func CompareDestinationPortSet(set *nftables.Set) ([]expr.Any, error)
func CompareDestinationPortSetWithRegister(set *nftables.Set, reg int) ([]expr.Any, error)
func CompareDestinationPortWithRegister(port int, reg int) ([]expr.Any, error)
func CompareProtocolFamily(proto byte) ([]expr.Any, error)
func CompareProtocolFamilyWithRegister(proto byte, reg int) ([]expr.Any, error)
func CompareSourceAddress(ip netip.Addr) ([]expr.Any, error)
func CompareSourceAddressSet(set *nftables.Set) ([]expr.Any, error)
func CompareSourceAddressSetWithRegister(set *nftables.Set, reg int) ([]expr.Any, error)
func CompareSourceAddressWithRegister(ip netip.Addr, reg int) ([]expr.Any, error)
func CompareSourcePort(port int) ([]expr.Any, error)
func CompareSourcePortSet(set *nftables.Set) ([]expr.Any, error)
func CompareSourcePortSetWithRegister(set *nftables.Set, reg int) ([]expr.Any, error)
func CompareSourcePortWithRegister(port int, reg int) ([]expr.Any, error)
func CompareTransportProtocol(proto byte) ([]expr.Any, error)
func CompareTransportProtocolWithRegister(proto byte, reg int) ([]expr.Any, error)
func Counter() *expr.Counter
func DestinationPort(reg int) *expr.Payload
func Drop() *expr.Verdict
func Equals(data []byte, reg int) *expr.Cmp
func IPSetLookUp(set *nftables.Set, reg int) *expr.Lookup
func IPv4DestinationAddress(reg int) *expr.Payload
func IPv4SourceAddress(reg int) *expr.Payload
func IPv6DestinationAddress(reg int) *expr.Payload
func IPv6SourceAddress(reg int) *expr.Payload
func Match(name string, revision int, info xt.InfoAny) *expr.Match
func MatchBpf(info []byte) *expr.Match
func MatchBpfWithVerdict(info []byte, verdict *expr.Verdict) []expr.Any
func MatchUnknown(name string, revision int, info []byte) *expr.Match
func Meta(meta expr.MetaKey, reg int) *expr.Meta
func PortSetLookUp(set *nftables.Set, reg int) *expr.Lookup
func SourcePort(reg int) *expr.Payload

Constants ¶

View Source

const (
	SrcPortOffset = 0
	DstPortOffset = 2
	PortLen       = 2
)

Transport protocol lengths and offsets

View Source

const (
	IPv4SrcOffset = 12
	IPv4DstOffset = 16
	IPv4AddrLen   = 4
)

IPv4 lengths and offsets

View Source

const (
	IPv6SrcOffest = 8
	IPv6DstOffset = 24
	IPv6AddrLen   = 16
)

IPv6 lengths and offsets

View Source

const (
	DefaultRegister = 1
	BpfRevision     = 1
)

Default register and default xt_bpf version

Variables ¶

This section is empty.

Functions ¶

func Accept ¶

func Accept() *expr.Verdict

Returns an accept verdict expression

func CompareDestinationAddress ¶

func CompareDestinationAddress(ip netip.Addr) ([]expr.Any, error)

Returns a list of expressions that will compare the destination address of traffic

func CompareDestinationAddressSet ¶

func CompareDestinationAddressSet(set *nftables.Set) ([]expr.Any, error)

Returns a list of expressions that will compare the destination address of traffic against a set

func CompareDestinationAddressSetWithRegister ¶

func CompareDestinationAddressSetWithRegister(set *nftables.Set, reg int) ([]expr.Any, error)

Returns a list of expressions that will compare the destnation address of traffic against a set, with a user defined register

func CompareDestinationAddressWithRegister ¶

func CompareDestinationAddressWithRegister(ip netip.Addr, reg int) ([]expr.Any, error)

Returns a list of expressions that will compare the destination address of traffic, with a user defined register

func CompareDestinationPort ¶

func CompareDestinationPort(port int) ([]expr.Any, error)

Returns a list of expressions that will compare the destination port of traffic

func CompareDestinationPortSet ¶

func CompareDestinationPortSet(set *nftables.Set) ([]expr.Any, error)

Returns a list of expressions that will compare the destination port of traffic against a set

func CompareDestinationPortSetWithRegister ¶

func CompareDestinationPortSetWithRegister(set *nftables.Set, reg int) ([]expr.Any, error)

Returns a list of expressions that will compare the destination port of traffic against a set, with a user defined register

func CompareDestinationPortWithRegister ¶

func CompareDestinationPortWithRegister(port int, reg int) ([]expr.Any, error)

Returns a list of expressions that will compare the destination port of traffic, with a user defined register

func CompareProtocolFamily ¶

func CompareProtocolFamily(proto byte) ([]expr.Any, error)

Returns a list of expressions that will compare the netfilter protocol family of traffic

func CompareProtocolFamilyWithRegister ¶

func CompareProtocolFamilyWithRegister(proto byte, reg int) ([]expr.Any, error)

Returns a list of expressions that will compare the protocol family of traffic, with a user defined register

func CompareSourceAddress ¶

func CompareSourceAddress(ip netip.Addr) ([]expr.Any, error)

Returns a list of expressions that will compare the source address of traffic

func CompareSourceAddressSet ¶

func CompareSourceAddressSet(set *nftables.Set) ([]expr.Any, error)

Returns a list of expressions that will compare the source address of traffic against a set

func CompareSourceAddressSetWithRegister ¶

func CompareSourceAddressSetWithRegister(set *nftables.Set, reg int) ([]expr.Any, error)

Returns a list of expressions that will compare the source address of traffic against a set, with a user defined register

func CompareSourceAddressWithRegister ¶

func CompareSourceAddressWithRegister(ip netip.Addr, reg int) ([]expr.Any, error)

Returns a list of expressions that will compare the source address of traffic, with a user defined register

func CompareSourcePort ¶

func CompareSourcePort(port int) ([]expr.Any, error)

Returns a list of expressions that will compare the source port of traffic

func CompareSourcePortSet ¶

func CompareSourcePortSet(set *nftables.Set) ([]expr.Any, error)

Returns a list of expressions that will compare the source port of traffic against a set

func CompareSourcePortSetWithRegister ¶

func CompareSourcePortSetWithRegister(set *nftables.Set, reg int) ([]expr.Any, error)

Returns a list of expressions that will compare the source port of traffic against a set, with a user defined register

func CompareSourcePortWithRegister ¶

func CompareSourcePortWithRegister(port int, reg int) ([]expr.Any, error)

Returns a list of expressions that will compare the source port of traffic, with a user defined register

func CompareTransportProtocol ¶

func CompareTransportProtocol(proto byte) ([]expr.Any, error)

Returns a list of expressions that will compare the transport protocol of traffic

func CompareTransportProtocolWithRegister ¶

func CompareTransportProtocolWithRegister(proto byte, reg int) ([]expr.Any, error)

Returns a list of expressions that will compare the transport protocol of traffic, with a user defined register

func Counter ¶

func Counter() *expr.Counter

Returns a counter expression

func DestinationPort ¶

func DestinationPort(reg int) *expr.Payload

Returns a destination port payload expression

func Drop ¶

func Drop() *expr.Verdict

Returns an drop verdict expression

func Equals ¶

func Equals(data []byte, reg int) *expr.Cmp

Returns an equal comparison expression

func IPSetLookUp ¶

func IPSetLookUp(set *nftables.Set, reg int) *expr.Lookup

Returns an IP set lookup expression

func IPv4DestinationAddress ¶

func IPv4DestinationAddress(reg int) *expr.Payload

Returns a IPv4 destination address payload expression

func IPv4SourceAddress ¶

func IPv4SourceAddress(reg int) *expr.Payload

Returns a IPv4 source address payload expression

func IPv6DestinationAddress ¶

func IPv6DestinationAddress(reg int) *expr.Payload

Returns a IPv6 destination address payload expression

func IPv6SourceAddress ¶

func IPv6SourceAddress(reg int) *expr.Payload

Returns a IPv6 source address payload expression

func Match ¶

func Match(name string, revision int, info xt.InfoAny) *expr.Match

Returns a xtables match expression

func MatchBpf ¶

func MatchBpf(info []byte) *expr.Match

Returns a xtables match bpf expression

func MatchBpfWithVerdict ¶

func MatchBpfWithVerdict(info []byte, verdict *expr.Verdict) []expr.Any

Returns a xtables match bpf expression with a verdict

func MatchUnknown ¶

func MatchUnknown(name string, revision int, info []byte) *expr.Match

Returns a xtables match expression of unknown type

func Meta ¶

func Meta(meta expr.MetaKey, reg int) *expr.Meta

Returns a meta expression

func PortSetLookUp ¶

func PortSetLookUp(set *nftables.Set, reg int) *expr.Lookup

Returns a port set lookup expression

func SourcePort ¶

func SourcePort(reg int) *expr.Payload

Returns a source port payload expression

Types ¶

This section is empty.

Source Files ¶

View all Source files

partials.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL