Expand description
Packet filtering framework.
Modules§
- testutil
- Testing-related utilities for use by other crates.
Structs§
- Address
Matcher - A matcher for IP addresses.
- DynTransport
Serializer - A concrete type around a dynamic reference to a
DynamicTransportSerializer. - Filter
Api - The filtering API.
- Filter
Impl - The “production” implementation of packet filtering.
- Forwarded
Packet - An incoming IP packet that is being forwarded.
- Hook
- A particular entry point for packet processing in which filtering routines are installed.
- IpRoutines
- Routines that perform ordinary IP filtering.
- NatRoutines
- Routines that can perform NAT.
- Packet
Matcher - Top-level matcher for IP packets.
- Port
Matcher - A matcher for transport-layer port numbers.
- Proof
OfEgress Check - A witness type to indicate that the egress filtering hook has been run.
- RawIp
Body - An unsanitized IP packet body.
- Routine
- A sequence of
Rules. - Routines
- IP version-specific filtering routine state.
- Rule
- A set of criteria (matchers) and a resultant action to take if a given packet matches.
- State
- IP version-specific filtering state.
- Table
- Implements a connection tracking subsystem.
- Transport
Protocol Matcher - A matcher for transport-layer protocol or port numbers.
- Tuple
- A tuple for a flow in a single direction.
- TxPacket
- An outgoing IP packet that has not yet been wrapped into an outer serializer type.
- Uninstalled
Routine - A handle to a
Routinethat is not installed in a particular hook, and therefore is only run if jumped to from another routine. - Valid
Routines - Witness type ensuring that the contained filtering state has been validated.
- Weak
Conntrack Connection - A type-erased weak handle to a connection tracking entry.
Enums§
- Action
- The action to take on a packet.
- Address
Matcher Type - A matcher for IP addresses.
- Connection
Direction - The direction of a packet when compared to a given connection.
- Filter
Timer Id - A timer ID for the filtering crate.
- Ingress
Verdict - The final result of packet processing at the INGRESS hook.
- Mark
Action - An action that can be applied to a mark.
- Socket
Egress Filter Result - Result returned from
SocketOpsFilter::on_egress. - Socket
Ingress Filter Result - Result returned from
SocketOpsFilter::on_ingress. - Transparent
Proxy - Transparently intercept the packet and deliver it to a local socket without changing the packet header.
- Transport
Protocol - The IP-agnostic transport protocol of a packet.
- Validation
Error - Provided filtering state was invalid.
- Verdict
- The final result of packet processing at a given filtering hook.
- Weak
Connection Error - An error when attempting to retrieve the underlying conntrack entry from a weak handle to it.
Traits§
- Dynamic
Transport Serializer - A trait allowing transport serializers to be put behind a dyn reference.
- Filter
Bindings Context - Trait aggregating functionality required from bindings.
- Filter
Bindings Types - Trait defining required types for filtering provided by bindings.
- Filter
Context - A context for mutably accessing all filtering state at once, to allow IPv4 and IPv6 filtering state to be modified atomically.
- Filter
Handler - An implementation of packet filtering logic, providing entry points at various stages of packet processing.
- Filter
IpContext - The IP version-specific execution context for packet filtering.
- Filter
IpExt - An IP extension trait for the filtering crate.
- Filter
IpMetadata - A trait for interacting with the pieces of packet metadata that are important for filtering.
- Filter
Mark Metadata - A trait for interacting with packet mark metadata.
- Icmp
Message - An ICMP message type that may allow for transport-layer packet inspection.
- IpPacket
- An IP packet that provides header inspection.
- Maybe
Transport Packet - A payload of an IP packet that may be a valid transport layer packet.
- Maybe
Transport Packet Mut - A payload of an IP packet that may be a valid modifiable transport layer packet.
- NatContext
- The execution context for Network Address Translation (NAT).
- Socket
OpsFilter - Trait for a socket operations filter.
- Socket
OpsFilter Binding Context - Implemented by bindings to provide socket operations filtering.
- Transport
Packet Serializer - A serializer that may also be a valid transport layer packet.
Type Aliases§
- Conntrack
Connection - A connection as tracked by conntrack.