starnix_uapi/
iptables_flags.rs1use crate::uapi;
6use bitflags::bitflags;
7
8bitflags! {
9 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, Hash)]
11 pub struct IptIpInverseFlags: u32 {
12 const INPUT_INTERFACE = uapi::IPT_INV_VIA_IN;
13 const OUTPUT_INTERFACE = uapi::IPT_INV_VIA_OUT;
14 const TOS = uapi::IPT_INV_TOS;
15 const SOURCE_IP_ADDRESS = uapi::IPT_INV_SRCIP;
16 const DESTINATION_IP_ADDRESS = uapi::IPT_INV_DSTIP;
17 const FRAGMENT = uapi::IPT_INV_FRAG;
18 const PROTOCOL = uapi::IPT_INV_PROTO;
19 }
20}
21
22impl From<IptIpInverseFlags> for u64 {
23 fn from(value: IptIpInverseFlags) -> u64 {
24 value.bits() as u64
25 }
26}
27
28#[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, Hash)]
29pub enum IptIpFlags {
30 V4(IptIpFlagsV4),
31 V6(IptIpFlagsV6),
32}
33
34bitflags! {
35 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, Hash)]
36 pub struct IptIpFlagsV4: u32 {
37 const FRAGMENT = uapi::IPT_F_FRAG;
38 const GOTO = uapi::IPT_F_GOTO;
39 }
40}
41
42bitflags! {
43 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, Hash)]
44 pub struct IptIpFlagsV6: u32 {
45 const PROTOCOL = uapi::IP6T_F_PROTO;
46 const TOS = uapi::IP6T_F_TOS;
47 const GOTO = uapi::IP6T_F_GOTO;
48 }
49}
50
51bitflags! {
52 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, Hash)]
53 pub struct NfIpHooks: u32 {
54 const PREROUTING = 1 << uapi::NF_IP_PRE_ROUTING;
55 const INPUT = 1 << uapi::NF_IP_LOCAL_IN;
56 const FORWARD = 1 << uapi::NF_IP_FORWARD;
57 const OUTPUT = 1 << uapi::NF_IP_LOCAL_OUT;
58 const POSTROUTING = 1 << uapi::NF_IP_POST_ROUTING;
59
60 const FILTER = Self::INPUT.bits() | Self::FORWARD.bits() | Self::OUTPUT.bits();
61 const MANGLE = Self::PREROUTING.bits() | Self::INPUT.bits() | Self::FORWARD.bits() |
62 Self::OUTPUT.bits() | Self::POSTROUTING.bits();
63 const NAT = Self::PREROUTING.bits() | Self::INPUT.bits() | Self::OUTPUT.bits() |
64 Self::POSTROUTING.bits();
65 const RAW = Self::PREROUTING.bits() | Self::OUTPUT.bits();
66
67 }
68}
69
70bitflags! {
71 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, Hash)]
72 pub struct NfNatRangeFlags: u32 {
73 const MAP_IPS = uapi::NF_NAT_RANGE_MAP_IPS;
74 const PROTO_SPECIFIED = uapi::NF_NAT_RANGE_PROTO_SPECIFIED;
75 const PROTO_RANDOM = uapi::NF_NAT_RANGE_PROTO_RANDOM;
76 const PERSISTENT = uapi::NF_NAT_RANGE_PERSISTENT;
77 const PROTO_RANDOM_FULLY = uapi::NF_NAT_RANGE_PROTO_RANDOM_FULLY;
78 const PROTO_OFFSET = uapi::NF_NAT_RANGE_PROTO_OFFSET;
79 const NET_MAP = uapi::NF_NAT_RANGE_NETMAP;
80
81 const PROTO_RANDOM_ALL = uapi::NF_NAT_RANGE_PROTO_RANDOM_ALL;
83 }
84}
85
86bitflags! {
87 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, Hash)]
88 pub struct XtTcpInverseFlags: u32 {
89 const SOURCE_PORT = uapi::XT_TCP_INV_SRCPT;
90 const DESTINATION_PORT = uapi::XT_TCP_INV_DSTPT;
91 const FLAGS = uapi::XT_TCP_INV_FLAGS;
92 const OPTION = uapi::XT_TCP_INV_OPTION;
93 }
94}
95
96bitflags! {
97 #[derive(Clone, Copy, Debug, PartialEq, Eq, PartialOrd, Ord, Hash)]
98 pub struct XtUdpInverseFlags: u32 {
99 const SOURCE_PORT = uapi::XT_UDP_INV_SRCPT;
100 const DESTINATION_PORT = uapi::XT_UDP_INV_DSTPT;
101 }
102}
103
104#[cfg(test)]
105mod tests {
106 use super::*;
107
108 #[::fuchsia::test]
109 fn all_known_bits_same_as_mask() {
110 assert_eq!(IptIpInverseFlags::all().bits(), uapi::IPT_INV_MASK);
111 assert_eq!(IptIpFlagsV4::all().bits(), uapi::IPT_F_MASK);
112 assert_eq!(IptIpFlagsV6::all().bits(), uapi::IP6T_F_MASK);
113 assert_eq!(NfIpHooks::all().bits().count_ones(), uapi::NF_IP_NUMHOOKS);
114 assert_eq!(NfNatRangeFlags::all().bits(), uapi::NF_NAT_RANGE_MASK);
115 assert_eq!(XtTcpInverseFlags::all().bits(), uapi::XT_TCP_INV_MASK);
116 assert_eq!(XtUdpInverseFlags::all().bits(), uapi::XT_UDP_INV_MASK);
117 }
118}