Documentation
¶
Index ¶
- func GetIcmpNoMatch() []string
- func MakeRuleSpecText(winRuleSpec *WindowsRuleSpec, validate bool) (string, error)
- func ReduceIcmpProtoString(icmpProtoTypeCode string, policyRestrictions []string) ([]string, error)
- func TransformIcmpProtoString(icmpProtoTypeCode string) []string
- func WideCharPointerToString(pszWide *uint16) string
- type WindowsRuleIcmpMatch
- type WindowsRuleMatchSet
- type WindowsRuleRange
- type WindowsRuleSpec
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetIcmpNoMatch ¶
func GetIcmpNoMatch() []string
GetIcmpNoMatch returns a rulespec subsection to indicate that there should be no match
func MakeRuleSpecText ¶
func MakeRuleSpecText(winRuleSpec *WindowsRuleSpec, validate bool) (string, error)
MakeRuleSpecText converts a WindowsRuleSpec back into a string for an iptables rule
func ReduceIcmpProtoString ¶
ReduceIcmpProtoString will look at policyRestrictions and return a rulespec substring for matching. represents the logic: "icmpProtoTypeCode and (policyRestrictions[0] or policyRestrictions[1] or...)" can return empty list if there is a proto match with no restriction. will return error if there is no intersection.
func TransformIcmpProtoString ¶
TransformIcmpProtoString parses icmp/type/code string coming from ACL rule and returns a rulespec subsection
func WideCharPointerToString ¶
WideCharPointerToString converts a pointer to a zero-terminated wide character string to a golang string
Types ¶
type WindowsRuleIcmpMatch ¶
type WindowsRuleIcmpMatch struct {
IcmpType int
IcmpCodeRange *WindowsRuleRange
Nomatch bool
}
WindowsRuleIcmpMatch represents parameters for an ICMP match
func ParseIcmpTypeCode ¶
func ParseIcmpTypeCode(icmpTypeCode string) ([]*WindowsRuleIcmpMatch, error)
ParseIcmpTypeCode parses --icmp-type option string is of the form type/code:code,code,code:code
func (*WindowsRuleIcmpMatch) Equal ¶
func (w *WindowsRuleIcmpMatch) Equal(other *WindowsRuleIcmpMatch) bool
Equal compares a WindowsRuleIcmpMatch to another for equality
type WindowsRuleMatchSet ¶
type WindowsRuleMatchSet struct {
MatchSetName string
MatchSetNegate bool
MatchSetDstIP bool
MatchSetDstPort bool
MatchSetSrcIP bool
MatchSetSrcPort bool
}
WindowsRuleMatchSet represents result of parsed --match-set
func (*WindowsRuleMatchSet) Equal ¶
func (w *WindowsRuleMatchSet) Equal(other *WindowsRuleMatchSet) bool
Equal compares a WindowsRuleMatchSet to another for equality
type WindowsRuleRange ¶
WindowsRuleRange represents a range of values for a rule
func ParsePortString ¶
func ParsePortString(portString string) ([]*WindowsRuleRange, error)
ParsePortString parses comma-separated list of port or port ranges
func (*WindowsRuleRange) Equal ¶
func (w *WindowsRuleRange) Equal(other *WindowsRuleRange) bool
Equal compares a WindowsRuleRange to another for equality
type WindowsRuleSpec ¶
type WindowsRuleSpec struct {
Protocol int
Action int // FilterAction (allow, drop, nfq, proxy)
ProxyPort int
Mark int
Log bool
LogPrefix string
GroupID int
ProcessID int
ProcessIncludeChildren bool
ProcessIncludeChildrenOnly bool
MatchSrcPort []*WindowsRuleRange
MatchDstPort []*WindowsRuleRange
MatchBytesNoMatch bool
MatchBytes []byte
MatchBytesOffset int
MatchSet []*WindowsRuleMatchSet
IcmpMatch []*WindowsRuleIcmpMatch
TCPFlags uint8
TCPFlagsMask uint8
TCPFlagsSpecified bool
TCPOption uint8
TCPOptionSpecified bool
GotoFilterName string
FlowMarkNoMatch bool
FlowMark int
}
WindowsRuleSpec represents result of parsed iptables rule
func ParseRuleSpec ¶
func ParseRuleSpec(rulespec ...string) (*WindowsRuleSpec, error)
ParseRuleSpec parses a windows iptable rule
func (*WindowsRuleSpec) Equal ¶
func (w *WindowsRuleSpec) Equal(other *WindowsRuleSpec) bool
Equal compares a WindowsRuleSpec to another for equality
Source Files