diff options
author | gVisor bot <gvisor-bot@google.com> | 2020-03-16 11:13:14 -0700 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2020-03-16 11:13:14 -0700 |
commit | 159a230b9b8483317bf7ac6cf3113d73a1dcf702 (patch) | |
tree | deb84b61d0a5ea6866ea4815bceacec97c281f4e /pkg/abi/linux | |
parent | 52758e16e0d1e67b3cdd56e04abfce663607ac42 (diff) | |
parent | 408979e619c4b5df74503c7a887aaaa06fd0d730 (diff) |
Merge pull request #1943 from kevinGC:ipt-filter-ip
PiperOrigin-RevId: 301197007
Diffstat (limited to 'pkg/abi/linux')
-rw-r--r-- | pkg/abi/linux/netfilter.go | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/pkg/abi/linux/netfilter.go b/pkg/abi/linux/netfilter.go index e20c625f7..80dc09aa9 100644 --- a/pkg/abi/linux/netfilter.go +++ b/pkg/abi/linux/netfilter.go @@ -158,10 +158,32 @@ type IPTIP struct { // Flags define matching behavior for the IP header. Flags uint8 - // InverseFlags invert the meaning of fields in struct IPTIP. + // InverseFlags invert the meaning of fields in struct IPTIP. See the + // IPT_INV_* flags. InverseFlags uint8 } +// Flags in IPTIP.InverseFlags. Corresponding constants are in +// include/uapi/linux/netfilter_ipv4/ip_tables.h. +const ( + // Invert the meaning of InputInterface. + IPT_INV_VIA_IN = 0x01 + // Invert the meaning of OutputInterface. + IPT_INV_VIA_OUT = 0x02 + // Unclear what this is, as no references to it exist in the kernel. + IPT_INV_TOS = 0x04 + // Invert the meaning of Src. + IPT_INV_SRCIP = 0x08 + // Invert the meaning of Dst. + IPT_INV_DSTIP = 0x10 + // Invert the meaning of the IPT_F_FRAG flag. + IPT_INV_FRAG = 0x20 + // Invert the meaning of the Protocol field. + IPT_INV_PROTO = 0x40 + // Enable all flags. + IPT_INV_MASK = 0x7F +) + // SizeOfIPTIP is the size of an IPTIP. const SizeOfIPTIP = 84 |