summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip/iptables
diff options
context:
space:
mode:
authorKevin Krakauer <krakauer@google.com>2020-01-08 22:10:35 -0800
committerKevin Krakauer <krakauer@google.com>2020-01-08 22:10:35 -0800
commitaeb3a4017b9bc038ebe5630fe270d5ea8691d141 (patch)
treed8192e84ea11e49bd4426880fd8f722fdc571864 /pkg/tcpip/iptables
parent781a68eeb65b4db09ae6591a4273e27a2bf60999 (diff)
Working on filtering by protocol.
Diffstat (limited to 'pkg/tcpip/iptables')
-rw-r--r--pkg/tcpip/iptables/types.go20
1 files changed, 20 insertions, 0 deletions
diff --git a/pkg/tcpip/iptables/types.go b/pkg/tcpip/iptables/types.go
index 9f6906100..4b2a9c294 100644
--- a/pkg/tcpip/iptables/types.go
+++ b/pkg/tcpip/iptables/types.go
@@ -151,6 +151,9 @@ func (table *Table) SetMetadata(metadata interface{}) {
// packets this rule applies to. If there are no matchers in the rule, it
// applies to any packet.
type Rule struct {
+ // IPHeaderFilters holds basic IP filtering fields common to every rule.
+ IPHeaderFilter IPHeaderFilter
+
// Matchers is the list of matchers for this rule.
Matchers []Matcher
@@ -158,6 +161,23 @@ type Rule struct {
Target Target
}
+// TODO: This is gross.
+// TODO: Save this in SetEntries.
+// TODO: Utilize this when traversing tables.
+type IPHeaderFilter struct {
+ Source [4]byte
+ Destination [4]byte
+ SourceMask [4]byte
+ DestinationMask [4]byte
+ OutputInterface string
+ InputInterface string
+ OutputInterfaceMask string
+ InputInterfaceMask string
+ Protocol uint16
+ Flags uint8
+ InverseFlags uint8
+}
+
// A Matcher is the interface for matching packets.
type Matcher interface {
// Match returns whether the packet matches and whether the packet