Crate netstack3_filter
source ·Expand description
Packet filtering framework.
Modules§
- Testing-related utilities for use by other crates.
Structs§
- A matcher for IP addresses.
- Data stored in [
conntrack::Connection
] that is only needed by filtering. - The filtering API.
- The “production” implementation of packet filtering.
- An incoming IP packet that is being forwarded.
- A particular entry point for packet processing in which filtering routines are installed.
- Routines that perform ordinary IP filtering.
- Routines that can perform NAT.
- A nested serializer whose inner serializer implements
IpPacket
. - Top-level matcher for IP packets.
- A matcher for transport-layer port numbers.
- A witness type to indicate that the egress filtering hook has been run.
- A sequence of
Rule
s. - IP version-specific filtering routine state.
- A set of criteria (matchers) and a resultant action to take if a given packet matches.
- An incoming IP packet that has been parsed into its constituent parts for either local delivery or forwarding.
- IP version-specific filtering state.
- A matcher for transport-layer protocol or port numbers.
- An outgoing IP packet that has not yet been wrapped into an outer serializer type.
- A handle to a
Routine
that is not installed in a particular hook, and therefore is only run if jumped to from another routine. - Witness type ensuring that the contained filtering state has been validated.
Enums§
- The action to take on a packet.
- A matcher for IP addresses.
- The final result of packet processing at the INGRESS hook.
- A matcher for network interfaces.
- Transparently intercept the packet and deliver it to a local socket without changing the packet header.
- Provided filtering state was invalid.
- The final result of packet processing at a given filtering hook.
Traits§
- Trait aggregating functionality required from bindings.
- Trait defining required types for filtering provided by bindings.
- A context for mutably accessing all filtering state at once, to allow IPv4 and IPv6 filtering state to be modified atomically.
- An implementation of packet filtering logic, providing entry points at various stages of packet processing.
- The IP version-specific execution context for packet filtering.
- A trait for interacting with the pieces of packet metadata that are important for filtering.
- Allows filtering code to match on properties of an interface (ID, name, and device class) without Netstack3 Core (or Bindings, in the case of the device class) having to specifically expose that state.
- An IP packet that provides header inspection.
- A payload of an IP packet that may be a valid transport layer packet.
- A serializer that may also be a valid transport layer packet.
Type Aliases§
- A connection as tracked by conntrack.