filter

package
v0.99.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 3, 2020 License: BSD-3-Clause Imports: 10 Imported by: 25

Documentation

Overview

Package filter contains a stateful packet filter.

Index

Constants

This section is empty.

Variables

View Source 
var MatchAllowAll = Matches{
	Match{[]NetPortRange{NetPortRangeAny}, []Net{NetAny}},
}

MatchAllowAll matches all packets.

View Source 
var NetAny = Net{0, 0}
View Source 
var NetNone = Net{^packet.IP(0), ^packet.IP(0)}
View Source 
var NetPortRangeAny = NetPortRange{NetAny, PortRangeAny}
View Source 
var PortRangeAny = PortRange{0, 65535}

Functions

func Netmask added in v0.98.1 

func Netmask(bits int) packet.IP

func NewIP 

func NewIP(ip net.IP) packet.IP

Types

type Filter 

type Filter struct {
	// contains filtered or unexported fields
}

Filter is a stateful packet filter.

func New 

func New(matches Matches, localNets []Net, shareStateWith *Filter, logf logger.Logf) *Filter

New creates a new packet filter. The filter enforces that incoming packets must be destined to an IP in localNets, and must be allowed by matches. If shareStateWith is non-nil, the returned filter shares state with the previous one, to enable rules to be changed at runtime without breaking existing flows.

func NewAllowAll 

func NewAllowAll(localNets []Net, logf logger.Logf) *Filter

NewAllowAll returns a packet filter that accepts everything to and from localNets.

func NewAllowNone 

func NewAllowNone(logf logger.Logf) *Filter

NewAllowNone returns a packet filter that rejects everything.

func (*Filter) RunIn 

func (f *Filter) RunIn(b []byte, q *packet.QDecode, rf RunFlags) Response

func (*Filter) RunOut 

func (f *Filter) RunOut(b []byte, q *packet.QDecode, rf RunFlags) Response

type Match 

type Match struct {
	Dsts []NetPortRange
	Srcs []Net
}

func (Match) Clone 

func (m Match) Clone() (res Match)

func (Match) String 

func (m Match) String() string

type Matches 

type Matches []Match

func (Matches) Clone 

func (m Matches) Clone() (res Matches)

type Net added in v0.98.1 

type Net struct {
	IP   packet.IP
	Mask packet.IP
}

func (Net) Bits added in v0.98.1 

func (n Net) Bits() int

func (Net) Includes added in v0.98.1 

func (n Net) Includes(ip packet.IP) bool

func (Net) String added in v0.98.1 

func (n Net) String() string

type NetPortRange added in v0.98.1 

type NetPortRange struct {
	Net   Net
	Ports PortRange
}

func (NetPortRange) String added in v0.98.1 

func (ipr NetPortRange) String() string

type PortRange 

type PortRange struct {
	First, Last uint16
}

func (PortRange) String 

func (pr PortRange) String() string

type Response 

type Response int

Response is a verdict: either a Drop, Accept, or noVerdict skip to continue processing. 

const (
	Drop Response = iota
	Accept
)

func (Response) String 

func (r Response) String() string

type RunFlags 

type RunFlags int

RunFlags controls the filter's debug log verbosity at runtime. 

const (
	LogDrops RunFlags = 1 << iota
	LogAccepts
	HexdumpDrops
	HexdumpAccepts
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.