Enum fidl_fuchsia_net_filter::Action
source · pub enum Action {
Accept(Empty),
Drop(Empty),
Jump(String),
Return_(Empty),
TransparentProxy(TransparentProxy_),
Redirect(Redirect),
Masquerade(Masquerade),
// some variants omitted
}
Expand description
The action to take on a packet.
Variants§
Accept(Empty)
Accept the packet.
This is a terminal action for the current installed routine, i.e. no further rules will be evaluated for this packet in the installed routine (or any subroutines) in which this rule is installed. Subsequent routines installed on the same hook will still be evaluated.
Drop(Empty)
Drop the packet.
This is a terminal action, i.e. no further rules will be evaluated for this packet, even in other routines on the same hook.
Jump(String)
Jump from the current routine to the routine identified by the provided name.
The target routine must be in the same namespace as the calling routine, and it cannot be installed on a hook; it must be an uninstalled routine.
Return_(Empty)
Stop evaluation of the current routine and return to the calling routine (the routine from which the current routine was jumped), continuing evaluation at the next rule.
If invoked in an installed routine, equivalent to accept
, given packets
are accepted by default in the absence of any matching rules.
TransparentProxy(TransparentProxy_)
Redirect the packet to a local socket without changing the packet header in any way.
This is a terminal action for the current hook, i.e. no further rules will be evaluated for this packet, even in other routines on the same hook. However, note that this does not preclude actions on other hooks from having an effect on this packet; for example, a packet that hits TransparentProxy in INGRESS could still be dropped in LOCAL_INGRESS.
This action is only valid in the INGRESS hook. This action is also only valid in a rule that ensures the presence of a TCP or UDP header by matching on the transport protocol, so that the packet can be properly dispatched.
Also note that transparently proxied packets will only be delivered to sockets with the transparent socket option enabled. If no such socket exists, the packet will be dropped.
This is analogous to the tproxy
statement in Netfilter.
Redirect(Redirect)
A special case of destination NAT (DNAT) that redirects the packet to the local host.
This is a terminal action for all NAT routines on the current hook. The packet is redirected by rewriting the destination IP address to one owned by the ingress interface (if operating on incoming traffic in INGRESS) or the loopback address (if operating on locally-generated traffic in LOCAL_EGRESS). If this rule is installed on INGRESS and no IP address is assigned to the incoming interface, the packet is dropped.
As with all DNAT actions, this action is only valid in the INGRESS and LOCAL_EGRESS hooks. If a destination port is specified, this action is only valid in a rule that ensures the presence of a TCP or UDP header by matching on the transport protocol, so that the destination port can be rewritten.
This is analogous to the redirect
statement in Netfilter.
Masquerade(Masquerade)
A special case of source NAT (SNAT) that reassigns the source IP address of the packet to an address that is assigned to the outgoing interface.
This is a terminal action for all NAT routines on the current hook. If no address is assigned to the outgoing interface, the packet will be dropped.
This action is only valid in the EGRESS hook. If a source port range is specified, this action is only valid in a rule that ensures the presence of a TCP or UDP header by matching on the transport protocol, so that the source port can be rewritten.
This is analogous to the masquerade
statement in Netfilter.
Implementations§
Trait Implementations§
source§impl<D: ResourceDialect> Decode<Action, D> for Action
impl<D: ResourceDialect> Decode<Action, D> for Action
source§impl PartialEq for Action
impl PartialEq for Action
source§impl TypeMarker for Action
impl TypeMarker for Action
source§fn inline_align(_context: Context) -> usize
fn inline_align(_context: Context) -> usize
source§fn inline_size(_context: Context) -> usize
fn inline_size(_context: Context) -> usize
inline_align
.§fn encode_is_copy() -> bool
fn encode_is_copy() -> bool
Self::Owned
matches the FIDL wire
format and encoding requires no validation. When true, we can optimize
encoding arrays and vectors of Self::Owned
to a single memcpy. Read more§fn decode_is_copy() -> bool
fn decode_is_copy() -> bool
Self::Owned
matches the FIDL wire
format and decoding requires no validation. When true, we can optimize
decoding arrays and vectors of Self::Owned
to a single memcpy.source§impl ValueTypeMarker for Action
impl ValueTypeMarker for Action
impl Persistable for Action
Auto Trait Implementations§
impl Freeze for Action
impl RefUnwindSafe for Action
impl Send for Action
impl Sync for Action
impl Unpin for Action
impl UnwindSafe for Action
Blanket Implementations§
§impl<T> Body for Twhere
T: Persistable,
impl<T> Body for Twhere
T: Persistable,
§type MarkerAtTopLevel = T
type MarkerAtTopLevel = T
§type MarkerInResultUnion = T
type MarkerInResultUnion = T
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§default unsafe fn clone_to_uninit(&self, dst: *mut T)
default unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)