Module netstack3_core::filter

source ·
Expand description

Framework for packet filtering.


  • A matcher for IP addresses.
  • The filtering API.
  • A particular entry point for packet processing in which filtering routines are installed.
  • Routines that perform ordinary IP filtering.
  • Routines that can perform NAT.
  • Top-level matcher for IP packets.
  • A matcher for transport-layer port numbers.
  • A witness type to indicate that the egress filtering hook has been run.
  • A sequence of Rules.
  • IP version-specific filtering routine state.
  • A set of criteria (matchers) and a resultant action to take if a given packet matches.
  • A matcher for transport-layer protocol or port numbers.
  • A handle to a Routine that is not installed in a particular hook, and therefore is only run if jumped to from another routine.



  • Trait aggregating functionality required from bindings.
  • Trait defining required types for filtering provided by bindings.
  • Allows filtering code to match on properties of an interface (ID, name, and device class) without Netstack3 Core (or Bindings, in the case of the device class) having to specifically expose that state.