expressions

package

v0.0.17 Latest Latest Go to latest Published: Aug 22, 2023 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ngrok/firewall_toolkit

Links

Open Source Insights

Documentation ¶

Overview ¶

A collection of google/nftables expression partials used to compose rules

Index ¶

Constants
func Accept() *expr.Verdict
func Bitwise(length uint32, mask []byte, xor []byte) *expr.Bitwise
func BitwiseWithRegisters(sourceRegister uint32, destRegister uint32, length uint32, mask []byte, ...) *expr.Bitwise
func CompareCtState(mask uint32) ([]expr.Any, error)
func CompareCtStateWithRegister(reg uint32, mask uint32) ([]expr.Any, error)
func CompareDestinationAddress(ip netip.Addr) ([]expr.Any, error)
func CompareDestinationAddressSet(set *nftables.Set) ([]expr.Any, error)
func CompareDestinationAddressSetWithRegister(set *nftables.Set, reg uint32) ([]expr.Any, error)
func CompareDestinationAddressWithRegister(ip netip.Addr, reg uint32) ([]expr.Any, error)
func CompareDestinationPort(port uint16) ([]expr.Any, error)
func CompareDestinationPortSet(set *nftables.Set) ([]expr.Any, error)
func CompareDestinationPortSetWithRegister(set *nftables.Set, reg uint32) ([]expr.Any, error)
func CompareDestinationPortWithRegister(port uint16, reg uint32) ([]expr.Any, error)
func CompareProtocolFamily(proto byte) ([]expr.Any, error)
func CompareProtocolFamilyWithRegister(proto byte, reg uint32) ([]expr.Any, error)
func CompareSourceAddress(ip netip.Addr) ([]expr.Any, error)
func CompareSourceAddressSet(set *nftables.Set) ([]expr.Any, error)
func CompareSourceAddressSetWithRegister(set *nftables.Set, reg uint32) ([]expr.Any, error)
func CompareSourceAddressWithRegister(ip netip.Addr, reg uint32) ([]expr.Any, error)
func CompareSourcePort(port uint16) ([]expr.Any, error)
func CompareSourcePortSet(set *nftables.Set) ([]expr.Any, error)
func CompareSourcePortSetWithRegister(set *nftables.Set, reg uint32) ([]expr.Any, error)
func CompareSourcePortWithRegister(port uint16, reg uint32) ([]expr.Any, error)
func CompareTransportProtocol(proto byte) ([]expr.Any, error)
func CompareTransportProtocolWithRegister(proto byte, reg uint32) ([]expr.Any, error)
func Counter() *expr.Counter
func DestinationPort(reg uint32) *expr.Payload
func Drop() *expr.Verdict
func Equals(data []byte, reg uint32) *expr.Cmp
func IPSetLookUp(set *nftables.Set, reg uint32) *expr.Lookup
func IPv4DestinationAddress(reg uint32) *expr.Payload
func IPv4SourceAddress(reg uint32) *expr.Payload
func IPv6DestinationAddress(reg uint32) *expr.Payload
func IPv6SourceAddress(reg uint32) *expr.Payload
func LoadCtByKey(ctKey expr.CtKey) (*expr.Ct, error)
func LoadCtByKeyWithRegister(ctKey expr.CtKey, reg uint32) (*expr.Ct, error)
func Match(name string, revision uint32, info xt.InfoAny) *expr.Match
func MatchBpf(info []byte) *expr.Match
func MatchBpfWithVerdict(info []byte, verdict *expr.Verdict) []expr.Any
func MatchUnknown(name string, revision uint32, info []byte) *expr.Match
func Meta(meta expr.MetaKey, reg uint32) *expr.Meta
func NotEquals(data []byte, reg uint32) *expr.Cmp
func PortSetLookUp(set *nftables.Set, reg uint32) *expr.Lookup
func SourcePort(reg uint32) *expr.Payload
type AddrFamily
type TransportProto

Constants ¶

View Source

const (
	SrcPortOffset = 0
	DstPortOffset = 2
	PortLen       = 2
)

Transport protocol lengths and offsets

View Source

const (
	IPv4SrcOffset = 12
	IPv4DstOffset = 16
	IPv4AddrLen   = 4
)

IPv4 lengths and offsets

View Source

const (
	IPv6SrcOffest = 8
	IPv6DstOffset = 24
	IPv6AddrLen   = 16
)

IPv6 lengths and offsets

Variables ¶

This section is empty.

Functions ¶

func Accept ¶

func Accept() *expr.Verdict

Returns an accept verdict expression

func Bitwise ¶ added in v0.0.12

func Bitwise(length uint32, mask []byte, xor []byte) *expr.Bitwise

func BitwiseWithRegisters ¶ added in v0.0.12

func BitwiseWithRegisters(sourceRegister uint32, destRegister uint32, length uint32, mask []byte, xor []byte) *expr.Bitwise

func CompareCtState ¶ added in v0.0.12

func CompareCtState(mask uint32) ([]expr.Any, error)

func CompareCtStateWithRegister ¶ added in v0.0.12

func CompareCtStateWithRegister(reg uint32, mask uint32) ([]expr.Any, error)

Makes the comparison specified by `mask` to the CT State already loaded in `reg`. Valid values for mask are: expr.CtStateBitInvalid = 1 expr.CtStateBitESTABLISHED = 2 expr.CtStateBitRELATED = 4 expr.CtStateBitNEW = 8 expr.CtStateBitUNTRACKED = 64 Or combinations with a bitwise OR: `expr.CtStateBitNEW | expr.CtStateBitUNTRACKED`

func CompareDestinationAddress ¶

func CompareDestinationAddress(ip netip.Addr) ([]expr.Any, error)

Returns a list of expressions that will compare the destination address of traffic

func CompareDestinationAddressSet ¶

func CompareDestinationAddressSet(set *nftables.Set) ([]expr.Any, error)

Returns a list of expressions that will compare the destination address of traffic against a set

func CompareDestinationAddressSetWithRegister ¶

func CompareDestinationAddressSetWithRegister(set *nftables.Set, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the destnation address of traffic against a set, with a user defined register

func CompareDestinationAddressWithRegister ¶

func CompareDestinationAddressWithRegister(ip netip.Addr, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the destination address of traffic, with a user defined register

func CompareDestinationPort ¶

func CompareDestinationPort(port uint16) ([]expr.Any, error)

Returns a list of expressions that will compare the destination port of traffic

func CompareDestinationPortSet ¶

func CompareDestinationPortSet(set *nftables.Set) ([]expr.Any, error)

Returns a list of expressions that will compare the destination port of traffic against a set

func CompareDestinationPortSetWithRegister ¶

func CompareDestinationPortSetWithRegister(set *nftables.Set, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the destination port of traffic against a set, with a user defined register

func CompareDestinationPortWithRegister ¶

func CompareDestinationPortWithRegister(port uint16, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the destination port of traffic, with a user defined register

func CompareProtocolFamily ¶

func CompareProtocolFamily(proto byte) ([]expr.Any, error)

Returns a list of expressions that will compare the netfilter protocol family of traffic

func CompareProtocolFamilyWithRegister ¶

func CompareProtocolFamilyWithRegister(proto byte, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the protocol family of traffic, with a user defined register

func CompareSourceAddress ¶

func CompareSourceAddress(ip netip.Addr) ([]expr.Any, error)

Returns a list of expressions that will compare the source address of traffic

func CompareSourceAddressSet ¶

func CompareSourceAddressSet(set *nftables.Set) ([]expr.Any, error)

Returns a list of expressions that will compare the source address of traffic against a set

func CompareSourceAddressSetWithRegister ¶

func CompareSourceAddressSetWithRegister(set *nftables.Set, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the source address of traffic against a set, with a user defined register

func CompareSourceAddressWithRegister ¶

func CompareSourceAddressWithRegister(ip netip.Addr, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the source address of traffic, with a user defined register

func CompareSourcePort ¶

func CompareSourcePort(port uint16) ([]expr.Any, error)

Returns a list of expressions that will compare the source port of traffic

func CompareSourcePortSet ¶

func CompareSourcePortSet(set *nftables.Set) ([]expr.Any, error)

Returns a list of expressions that will compare the source port of traffic against a set

func CompareSourcePortSetWithRegister ¶

func CompareSourcePortSetWithRegister(set *nftables.Set, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the source port of traffic against a set, with a user defined register

func CompareSourcePortWithRegister ¶

func CompareSourcePortWithRegister(port uint16, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the source port of traffic, with a user defined register

func CompareTransportProtocol ¶

func CompareTransportProtocol(proto byte) ([]expr.Any, error)

Returns a list of expressions that will compare the transport protocol of traffic

func CompareTransportProtocolWithRegister ¶

func CompareTransportProtocolWithRegister(proto byte, reg uint32) ([]expr.Any, error)

Returns a list of expressions that will compare the transport protocol of traffic, with a user defined register

func Counter ¶

func Counter() *expr.Counter

Returns a counter expression

func DestinationPort ¶

func DestinationPort(reg uint32) *expr.Payload

Returns a destination port payload expression

func Drop ¶

func Drop() *expr.Verdict

Returns an drop verdict expression

func Equals ¶

func Equals(data []byte, reg uint32) *expr.Cmp

Returns an equal comparison expression

func IPSetLookUp ¶

func IPSetLookUp(set *nftables.Set, reg uint32) *expr.Lookup

Returns an IP set lookup expression

func IPv4DestinationAddress ¶

func IPv4DestinationAddress(reg uint32) *expr.Payload

Returns a IPv4 destination address payload expression

func IPv4SourceAddress ¶

func IPv4SourceAddress(reg uint32) *expr.Payload

Returns a IPv4 source address payload expression

func IPv6DestinationAddress ¶

func IPv6DestinationAddress(reg uint32) *expr.Payload

Returns a IPv6 destination address payload expression

func IPv6SourceAddress ¶

func IPv6SourceAddress(reg uint32) *expr.Payload

Returns a IPv6 source address payload expression

func LoadCtByKey ¶ added in v0.0.12

func LoadCtByKey(ctKey expr.CtKey) (*expr.Ct, error)

func LoadCtByKeyWithRegister ¶ added in v0.0.12

func LoadCtByKeyWithRegister(ctKey expr.CtKey, reg uint32) (*expr.Ct, error)

func Match ¶

func Match(name string, revision uint32, info xt.InfoAny) *expr.Match

Returns a xtables match expression

func MatchBpf ¶

func MatchBpf(info []byte) *expr.Match

Returns a xtables match bpf expression

func MatchBpfWithVerdict ¶

func MatchBpfWithVerdict(info []byte, verdict *expr.Verdict) []expr.Any

Returns a xtables match bpf expression with a verdict

func MatchUnknown ¶

func MatchUnknown(name string, revision uint32, info []byte) *expr.Match

Returns a xtables match expression of unknown type

func Meta ¶

func Meta(meta expr.MetaKey, reg uint32) *expr.Meta

Returns a meta expression

func NotEquals ¶ added in v0.0.12

func NotEquals(data []byte, reg uint32) *expr.Cmp

Returns a not-equal comparison expression

func PortSetLookUp ¶

func PortSetLookUp(set *nftables.Set, reg uint32) *expr.Lookup

Returns a port set lookup expression

func SourcePort ¶

func SourcePort(reg uint32) *expr.Payload

Returns a source port payload expression

Types ¶

type AddrFamily ¶ added in v0.0.13

type AddrFamily int8

const (
	AnyFamily AddrFamily = -1
	IPv4      AddrFamily = unix.NFPROTO_IPV4
	IPv6      AddrFamily = unix.NFPROTO_IPV6
)

type TransportProto ¶ added in v0.0.13

type TransportProto int8

const (
	AnyTransport TransportProto = -1
	TCP          TransportProto = unix.IPPROTO_TCP
	UDP          TransportProto = unix.IPPROTO_UDP
)

Source Files ¶

View all Source files

partials.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL