Crate netstack3_filter

Packet filtering framework.

Structs

AddressMatcher

A matcher for IP addresses.

FilterApi

The filtering API.

FilterImpl

The “production” implementation of packet filtering.

ForwardedPacket

An incoming IP packet that is being forwarded.

Hook

A particular entry point for packet processing in which filtering routines are installed.

IpRoutines

Routines that perform ordinary IP filtering.

NatRoutines

Routines that can perform NAT.

PacketMatcher

Top-level matcher for IP packets.

PortMatcher

A matcher for transport-layer port numbers.

ProofOfEgressCheck

A witness type to indicate that the egress filtering hook has been run.

RawIpBody

An unsanitized IP packet body.

Routine

A sequence of Rules.

Routines

IP version-specific filtering routine state.

Rule

A set of criteria (matchers) and a resultant action to take if a given packet matches.

State

IP version-specific filtering state.

Table

Implements a connection tracking subsystem.

TransportProtocolMatcher

A matcher for transport-layer protocol or port numbers.

Tuple

A tuple for a flow in a single direction.

TxPacket

An outgoing IP packet that has not yet been wrapped into an outer serializer type.

UninstalledRoutine

A handle to a Routine that is not installed in a particular hook, and therefore is only run if jumped to from another routine.

ValidRoutines

Witness type ensuring that the contained filtering state has been validated.

WeakConntrackConnection

A type-erased weak handle to a connection tracking entry.

Enums

Action

The action to take on a packet.

AddressMatcherType

A matcher for IP addresses.

ConnectionDirection

The direction of a packet when compared to a given connection.

FilterTimerId

A timer ID for the filtering crate.

IngressVerdict

The final result of packet processing at the INGRESS hook.

InterfaceMatcher

A matcher for network interfaces.

MarkAction

An action that can be applied to a mark.

TransparentProxy

Transparently intercept the packet and deliver it to a local socket without changing the packet header.

TransportProtocol

The IP-agnostic transport protocol of a packet.

ValidationError

Provided filtering state was invalid.

Verdict

The final result of packet processing at a given filtering hook.

WeakConnectionError

An error when attempting to retrieve the underlying conntrack entry from a weak handle to it.

Traits

FilterBindingsContext

Trait aggregating functionality required from bindings.

FilterBindingsTypes

Trait defining required types for filtering provided by bindings.

FilterContext

A context for mutably accessing all filtering state at once, to allow IPv4 and IPv6 filtering state to be modified atomically.

FilterHandler

An implementation of packet filtering logic, providing entry points at various stages of packet processing.

FilterIpContext

The IP version-specific execution context for packet filtering.

FilterIpExt

An IP extension trait for the filtering crate.

FilterIpMetadata

A trait for interacting with the pieces of packet metadata that are important for filtering.

FilterMarkMetadata

A trait for interacting with packet mark metadata.

IcmpMessage

An ICMP message type that may allow for transport-layer packet inspection.

InterfaceProperties

Allows filtering code to match on properties of an interface (ID, name, and device class) without Netstack3 Core (or Bindings, in the case of the device class) having to specifically expose that state.

IpPacket

An IP packet that provides header inspection.

MaybeTransportPacket

A payload of an IP packet that may be a valid transport layer packet.

MaybeTransportPacketMut

A payload of an IP packet that may be a valid modifiable transport layer packet.

NatContext

The execution context for Network Address Translation (NAT).

TransportPacketSerializer

A serializer that may also be a valid transport layer packet.

Type Aliases

ConntrackConnection

A connection as tracked by conntrack.