Documentation
¶
Index ¶
- Constants
- type Chain
- type Counter
- type Dnat
- type Expression
- type Flags
- type FloatRange
- type IPPrefix
- type Masquerade
- type Match
- type Metainfo
- type Nat
- type Nftable
- type Objects
- type Payload
- type Prefix
- type Range
- type Redirect
- type Root
- type Rule
- type SetElement
- type SimpleVerdict
- type Snat
- type Statement
- type Table
- type ToTarget
- type Verdict
Constants ¶
View Source
const ( TypeFilter = "filter" TypeNAT = "nat" TypeRoute = "route" )
Chain Types
View Source
const ( HookPreRouting = "prerouting" HookInput = "input" HookOutput = "output" HookForward = "forward" HookPostRouting = "postrouting" HookIngress = "ingress" )
Chain Hooks
View Source
const ( PolicyAccept = "accept" PolicyDrop = "drop" )
Chain Policies
View Source
const ( NATFlagRandom = "random" NATFlagFullyRandom = "fully-random" NATFlagPersistent = "persistent" )
NAT Flags
View Source
const ( VerdictAccept = "accept" VerdictContinue = "continue" VerdictDrop = "drop" VerdictReturn = "return" )
Verdict Operations
View Source
const ( OperAND = "&" // Binary AND OperOR = "|" // Binary OR OperXOR = "^" // Binary XOR OperLSH = "<<" // Left shift OperRSH = ">>" // Right shift OperEQ = "==" // Equal OperNEQ = "!=" // Not equal OperLS = "<" // Less than OperGR = ">" // Greater than OperLSE = "<=" // Less than or equal to OperGRE = ">=" // Greater than or equal to OperIN = "in" // Perform a lookup, i.e. test if bits on RHS are contained in LHS value )
Match Operators
View Source
const ( PayloadKey = "payload" // Ethernet PayloadProtocolEther = "ether" PayloadFieldEtherDAddr = "daddr" PayloadFieldEtherSAddr = "saddr" PayloadFieldEtherType = "type" // IP (common) PayloadFieldIPVer = "version" PayloadFieldIPDscp = "dscp" PayloadFieldIPEcn = "ecn" PayloadFieldIPLen = "length" PayloadFieldIPSAddr = "saddr" PayloadFieldIPDAddr = "daddr" // IPv4 PayloadProtocolIP4 = "ip" PayloadFieldIP4HdrLen = "hdrlength" PayloadFieldIP4Id = "id" PayloadFieldIP4FragOff = "frag-off" PayloadFieldIP4Ttl = "ttl" PayloadFieldIP4Protocol = "protocol" PayloadFieldIP4Chksum = "checksum" // IPv6 PayloadProtocolIP6 = "ip6" PayloadFieldIP6FlowLabel = "flowlabel" PayloadFieldIP6NextHdr = "nexthdr" PayloadFieldIP6HopLimit = "hoplimit" )
Payload Expressions
View Source
const ( FamilyIP = "ip" // IPv4 address AddressFamily. FamilyIP6 = "ip6" // IPv6 address AddressFamily. FamilyINET = "inet" // Internet (IPv4/IPv6) address AddressFamily. FamilyARP = "arp" // ARP address AddressFamily, handling IPv4 ARP packets. FamilyBridge = "bridge" // Bridge address AddressFamily, handling packets which traverse a bridge device. FamilyNETDEV = "netdev" // Netdev address AddressFamily, handling packets from ingress. )
Table Address Families
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Dnat ¶
type Dnat struct {
Addr *Expression `json:"addr,omitempty"`
Family *string `json:"family,omitempty"`
Port *Expression `json:"port,omitempty"`
Flags *Flags `json:"flags,omitempty"`
}
type Expression ¶
type Expression struct {
String *string `json:"-"`
Bool *bool `json:"-"`
Float64 *float64 `json:"-"`
Payload *Payload `json:"payload,omitempty"`
// RowData accepts arbitrary data which cannot be composed from the existing schema.
// Use `json.RawMessage()` or `[]byte()` for the value.
// Example:
// `schema.Expression{RowData: json.RawMessage(`{"meta":{"key":"iifname"}}`)}`
RowData json.RawMessage `json:"-"`
Set *[]SetElement `json:"set,omitempty"`
}
func (Expression) MarshalJSON ¶
func (e Expression) MarshalJSON() ([]byte, error)
func (*Expression) UnmarshalJSON ¶
func (e *Expression) UnmarshalJSON(data []byte) error
type Flags ¶
type Flags struct {
Flags []string `json:"-"`
}
func (Flags) MarshalJSON ¶
func (*Flags) UnmarshalJSON ¶
type FloatRange ¶ added in v1.0.5
type FloatRange struct {
FloatRange [2]float64 `json:"range,omitempty"`
}
type Masquerade ¶
type Masquerade struct {
Enabled bool `json:"-"`
Port *Expression `json:"port,omitempty"`
Flags *Flags `json:"flags,omitempty"`
}
type Match ¶
type Match struct {
Op string `json:"op"`
Left Expression `json:"left"`
Right Expression `json:"right"`
}
type Nat ¶
type Nat struct {
Snat *Snat `json:"snat,omitempty"`
Dnat *Dnat `json:"dnat,omitempty"`
Masquerade *Masquerade `json:"masquerade,omitempty"`
Redirect *Redirect `json:"redirect,omitempty"`
}
type Objects ¶
type Objects struct {
Table *Table `json:"table,omitempty"`
Chain *Chain `json:"chain,omitempty"`
Rule *Rule `json:"rule,omitempty"`
Ruleset bool `json:"-"`
}
func (Objects) MarshalJSON ¶
type Redirect ¶
type Redirect struct {
Enabled bool `json:"-"`
Port *Expression `json:"port,omitempty"`
Flags *Flags `json:"flags,omitempty"`
}
type SetElement ¶ added in v1.0.4
type SetElement struct {
Value string `json:"-"`
Float64Value float64 `json:"-"`
Range *Range `json:"-"`
Float64Range *FloatRange `json:"-"`
IPPrefix *IPPrefix `json:"-"`
}
func (SetElement) MarshalJSON ¶ added in v1.0.4
func (s SetElement) MarshalJSON() ([]byte, error)
func (*SetElement) UnmarshalJSON ¶ added in v1.0.4
func (s *SetElement) UnmarshalJSON(data []byte) error
type SimpleVerdict ¶
type Snat ¶
type Snat struct {
Addr *Expression `json:"addr,omitempty"`
Family *string `json:"family,omitempty"`
Port *Expression `json:"port,omitempty"`
Flags *Flags `json:"flags,omitempty"`
}
type Statement ¶
type Statement struct {
Counter *Counter `json:"counter,omitempty"`
Match *Match `json:"match,omitempty"`
Verdict
Nat
RawData json.RawMessage `json:"-"`
}
func (Statement) MarshalJSON ¶
func (*Statement) UnmarshalJSON ¶
Source Files
Click to show internal directories.
Click to hide internal directories.