summaryrefslogtreecommitdiffhomepage
path: root/pkg/tcpip
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/tcpip')
-rw-r--r--pkg/tcpip/iptables/types.go20
1 files changed, 20 insertions, 0 deletions
diff --git a/pkg/tcpip/iptables/types.go b/pkg/tcpip/iptables/types.go
index 9f6906100..4b2a9c294 100644
--- a/pkg/tcpip/iptables/types.go
+++ b/pkg/tcpip/iptables/types.go
@@ -151,6 +151,9 @@ func (table *Table) SetMetadata(metadata interface{}) {
// packets this rule applies to. If there are no matchers in the rule, it
// applies to any packet.
type Rule struct {
+ // IPHeaderFilters holds basic IP filtering fields common to every rule.
+ IPHeaderFilter IPHeaderFilter
+
// Matchers is the list of matchers for this rule.
Matchers []Matcher
@@ -158,6 +161,23 @@ type Rule struct {
Target Target
}
+// TODO: This is gross.
+// TODO: Save this in SetEntries.
+// TODO: Utilize this when traversing tables.
+type IPHeaderFilter struct {
+ Source [4]byte
+ Destination [4]byte
+ SourceMask [4]byte
+ DestinationMask [4]byte
+ OutputInterface string
+ InputInterface string
+ OutputInterfaceMask string
+ InputInterfaceMask string
+ Protocol uint16
+ Flags uint8
+ InverseFlags uint8
+}
+
// A Matcher is the interface for matching packets.
type Matcher interface {
// Match returns whether the packet matches and whether the packet