diff options
author | Kevin Krakauer <krakauer@google.com> | 2020-01-08 22:10:35 -0800 |
---|---|---|
committer | Kevin Krakauer <krakauer@google.com> | 2020-01-08 22:10:35 -0800 |
commit | aeb3a4017b9bc038ebe5630fe270d5ea8691d141 (patch) | |
tree | d8192e84ea11e49bd4426880fd8f722fdc571864 /pkg/tcpip/iptables | |
parent | 781a68eeb65b4db09ae6591a4273e27a2bf60999 (diff) |
Working on filtering by protocol.
Diffstat (limited to 'pkg/tcpip/iptables')
-rw-r--r-- | pkg/tcpip/iptables/types.go | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/pkg/tcpip/iptables/types.go b/pkg/tcpip/iptables/types.go index 9f6906100..4b2a9c294 100644 --- a/pkg/tcpip/iptables/types.go +++ b/pkg/tcpip/iptables/types.go @@ -151,6 +151,9 @@ func (table *Table) SetMetadata(metadata interface{}) { // packets this rule applies to. If there are no matchers in the rule, it // applies to any packet. type Rule struct { + // IPHeaderFilters holds basic IP filtering fields common to every rule. + IPHeaderFilter IPHeaderFilter + // Matchers is the list of matchers for this rule. Matchers []Matcher @@ -158,6 +161,23 @@ type Rule struct { Target Target } +// TODO: This is gross. +// TODO: Save this in SetEntries. +// TODO: Utilize this when traversing tables. +type IPHeaderFilter struct { + Source [4]byte + Destination [4]byte + SourceMask [4]byte + DestinationMask [4]byte + OutputInterface string + InputInterface string + OutputInterfaceMask string + InputInterfaceMask string + Protocol uint16 + Flags uint8 + InverseFlags uint8 +} + // A Matcher is the interface for matching packets. type Matcher interface { // Match returns whether the packet matches and whether the packet |