class Action
Defined at line 2452 of file fidling/gen/sdk/fidl/fuchsia.net.filter/fuchsia.net.filter/cpp/fidl/fuchsia.net.filter/cpp/natural_types.h
The action to take on a packet.
Public Methods
void Action (Action && other)Action & operator= (Action && other)void Action (const Action & other)Action & operator= (const Action & other)bool operator== (const Action & other)bool operator!= (const Action & other)bool IsUnknown ()::fuchsia_net_filter::Action::Tag Which ()Action WithAccept (::fuchsia_net_filter::Empty val)const ::fidl::internal::UnionMemberView<1, Storage_> accept ()::fidl::internal::UnionMemberView<1, Storage_> accept ()Action & accept (::fuchsia_net_filter::Empty value)Accept the packet.
This is a terminal action for the current *installed* routine, i.e. no
further rules will be evaluated for this packet in the installed routine
(or any subroutines) in which this rule is installed. Subsequent
routines installed on the same hook will still be evaluated.
Action WithDrop (::fuchsia_net_filter::Empty val)const ::fidl::internal::UnionMemberView<2, Storage_> drop ()::fidl::internal::UnionMemberView<2, Storage_> drop ()Action & drop (::fuchsia_net_filter::Empty value)Drop the packet.
This is a terminal action, i.e. no further rules will be evaluated for
this packet, even in other routines on the same hook.
Action WithJump (::std::string val)const ::fidl::internal::UnionMemberView<3, Storage_> jump ()::fidl::internal::UnionMemberView<3, Storage_> jump ()Action & jump (::std::string value)Jump from the current routine to the routine identified by the provided
name.
The target routine must be in the same namespace as the calling routine,
and it cannot be installed on a hook; it must be an uninstalled routine.
Action WithReturn_ (::fuchsia_net_filter::Empty val)const ::fidl::internal::UnionMemberView<4, Storage_> return_ ()::fidl::internal::UnionMemberView<4, Storage_> return_ ()Action & return_ (::fuchsia_net_filter::Empty value)Stop evaluation of the current routine and return to the calling routine
(the routine from which the current routine was jumped), continuing
evaluation at the next rule.
If invoked in an installed routine, equivalent to `accept`, given packets
are accepted by default in the absence of any matching rules.
Action WithTransparentProxy (::fuchsia_net_filter::TransparentProxy val)const ::fidl::internal::UnionMemberView<5, Storage_> transparent_proxy ()::fidl::internal::UnionMemberView<5, Storage_> transparent_proxy ()Action & transparent_proxy (::fuchsia_net_filter::TransparentProxy value)Redirect the packet to a local socket without changing the packet header
in any way.
This is a terminal action for the current hook, i.e. no further rules
will be evaluated for this packet, even in other routines on the same
hook. However, note that this does not preclude actions on *other* hooks
from having an effect on this packet; for example, a packet that hits
TransparentProxy in INGRESS could still be dropped in LOCAL_INGRESS.
This action is only valid in the INGRESS hook. This action is also only
valid in a rule that ensures the presence of a TCP or UDP header by
matching on the transport protocol, so that the packet can be properly
dispatched.
Also note that transparently proxied packets will only be delivered to
sockets with the transparent socket option enabled. If no such socket
exists, the packet will be dropped.
This is analogous to the `tproxy` statement in Netfilter.
Action WithRedirect (::fuchsia_net_filter::Redirect val)const ::fidl::internal::UnionMemberView<6, Storage_> redirect ()::fidl::internal::UnionMemberView<6, Storage_> redirect ()Action & redirect (::fuchsia_net_filter::Redirect value)A special case of destination NAT (DNAT) that redirects the packet to
the local host.
This is a terminal action for all NAT routines on the current hook. The
packet is redirected by rewriting the destination IP address to one
owned by the ingress interface (if operating on incoming traffic in
INGRESS) or the loopback address (if operating on locally-generated
traffic in LOCAL_EGRESS). If this rule is installed on INGRESS and no IP
address is assigned to the incoming interface, the packet is dropped.
As with all DNAT actions, this action is only valid in the INGRESS and
LOCAL_EGRESS hooks. If a destination port is specified, this action is
only valid in a rule that ensures the presence of a TCP or UDP header by
matching on the transport protocol, so that the destination port can be
rewritten.
This is analogous to the `redirect` statement in Netfilter.
Action WithMasquerade (::fuchsia_net_filter::Masquerade val)const ::fidl::internal::UnionMemberView<7, Storage_> masquerade ()::fidl::internal::UnionMemberView<7, Storage_> masquerade ()Action & masquerade (::fuchsia_net_filter::Masquerade value)A special case of source NAT (SNAT) that reassigns the source IP address
of the packet to an address that is assigned to the outgoing interface.
This is a terminal action for all NAT routines on the current hook. If
no address is assigned to the outgoing interface, the packet will be
dropped.
This action is only valid in the EGRESS hook. If a source port range is
specified, this action is only valid in a rule that ensures the presence
of a TCP or UDP header by matching on the transport protocol, so that
the source port can be rewritten.
This is analogous to the `masquerade` statement in Netfilter.
Action WithMark (::fuchsia_net_filter::Mark val)const ::fidl::internal::UnionMemberView<8, Storage_> mark ()::fidl::internal::UnionMemberView<8, Storage_> mark ()Action & mark (::fuchsia_net_filter::Mark value)Applies the mark action to the given mark domain.
This is a non-terminal action for both routines and hooks. This is also
only available in [`IpRoutines`] because [`NatRoutines`] only runs on
the first packet in a connection and it is likely a misconfiguration
that packets after the first are marked differently or unmarked.
Note: If we find use cases that justify this being in [`NatRoutines`] we
should relax this limitation and support it.
This is analogous to the `mark` statement in Netfilter.
Action WithNone (::fuchsia_net_filter::Empty val)const ::fidl::internal::UnionMemberView<9, Storage_> none ()::fidl::internal::UnionMemberView<9, Storage_> none ()Action & none (::fuchsia_net_filter::Empty value)A non-terminal action that does nothing. Useful to run matchers that may
have side-effects, particularly eBPF matchers.
void Action (::fidl::internal::DefaultConstructPossiblyInvalidObjectTag )Enumerations
enum Tag| Name | Value |
|---|---|
| kAccept | 1 |
| kDrop | 2 |
| kJump | 3 |
| kReturn | 4 |
| kTransparentProxy | 5 |
| kRedirect | 6 |
| kMasquerade | 7 |
| kMark | 8 |
| kNone | 9 |
| _do_not_handle_this__write_a_default_case_instead | ::std::numeric_limits<::fidl_union_tag_t>::max() |
TODO: share union tag types between wire
&
natural.
Defined at line 2469 of file fidling/gen/sdk/fidl/fuchsia.net.filter/fuchsia.net.filter/cpp/fidl/fuchsia.net.filter/cpp/natural_types.h
Friends
class NaturalUnionCodingTraits