fuchsia.net.filter

PROTOCOLS

Filter

Defined in fuchsia.net.filter/commands.fidl

Enable

Enable enables the filter if true is passed. It disables the filter if false is passed.

Request

NameType
enabled bool

Response

NameType
status Status

IsEnabled

IsEnabled returns true if the filter is enabled.

Request

NameType

Response

NameType
enabled bool

GetRules

GetRules gets the current rules. They do not include NAT or RDR rules. (use GetNatRules or GetRdrRules instead).

GetRules also returns a generation number associated with the current rules.

Request

NameType

Response

NameType
rules vector<Rule>[128]
generation uint32
status Status

UpdateRules

UpdateRules updates the current rules. It does not update NAT or RDR rules (use UpdateNatRules or UpdateRdrRules instead).

UpdateRules takes a generation number that is previously returned from GetRules. To successfully update the current rules, the generation number passed to UpdateRules needs to be up-to-date.

If somebody else has updated the rules since the previous GetRules, the generation number won't match and err_generation_mismatch will be returned.

Request

NameType
rules vector<Rule>[128]
generation uint32

Response

NameType
status Status

GetNatRules

GetNatRules gets the current NAT rules.

It also returns a generation number that can be passed to UpdateNatRules.

Request

NameType

Response

NameType
rules vector<Nat>[128]
generation uint32
status Status

UpdateNatRules

UpdateNatRules updates the current NAT rules.

It takes a generation number that is returned from GetNatRules. To successfully update the current rules, the generation number passed to UpdateNatRules needs to be up-to-date.

Request

NameType
rules vector<Nat>[128]
generation uint32

Response

NameType
status Status

GetRdrRules

GetRdrRules gets the current RDR rules.

It also returns a generation number that can be passed to UpdateRdrRules.

Request

NameType

Response

NameType
rules vector<Rdr>[128]
generation uint32
status Status

UpdateRdrRules

UpdateRdrRules updates the previous RDR rules with new rules.

It takes a generation number that is returned from GetRdrRules. To successfully update the current rules, the generation number passed to UpdateRdrRules needs to be up-to-date.

Request

NameType
rules vector<Rdr>[128]
generation uint32

Response

NameType
status Status

STRUCTS

PortRange

Defined in fuchsia.net.filter/ruleset.fidl

PortRange specifies an inclusive range of port numbers.

NameTypeDescriptionDefault
start uint16 No default
end uint16 No default

Rule

Defined in fuchsia.net.filter/ruleset.fidl

Rule describes the conditions and the action of a rule.

NameTypeDescriptionDefault
action Action No default
direction Direction No default
quick bool

If true, no more rules will be tested.

No default
proto SocketProtocol No default
src_subnet fuchsia.net/Subnet? No default
src_subnet_invert_match bool

If true, matches any address that is NOT contained in the subnet.

No default
src_port_range PortRange No default
dst_subnet fuchsia.net/Subnet? No default
dst_subnet_invert_match bool

If true, matches any address that is NOT contained in the subnet.

No default
dst_port_range PortRange No default
nic uint32 No default
log bool No default
keep_state bool No default

Nat

Defined in fuchsia.net.filter/ruleset.fidl

NAT is a special rule for Network Address Translation, which rewrites the address of an outgoing packet.

NameTypeDescriptionDefault
proto SocketProtocol No default
src_subnet fuchsia.net/Subnet No default
new_src_addr fuchsia.net/IpAddress No default
nic uint32 No default

Rdr

Defined in fuchsia.net.filter/ruleset.fidl

RDR is a special rule for Redirector, which forwards an incoming packet to a machine inside the firewall.

NameTypeDescriptionDefault
proto SocketProtocol No default
dst_addr fuchsia.net/IpAddress No default
dst_port_range PortRange No default
new_dst_addr fuchsia.net/IpAddress No default
new_dst_port_range PortRange No default
nic uint32 No default

ENUMS

Status

Type: uint32

Defined in fuchsia.net.filter/commands.fidl

Status codes for commands.

NameValueDescription
OK 0
ERR_INTERNAL 1
ERR_GENERATION_MISMATCH 2
ERR_BAD_RULE 3

Direction

Type: uint32

Defined in fuchsia.net.filter/ruleset.fidl

Direction is which way (Incoming or Outgoing) a packet is moving in the stack.

NameValueDescription
INCOMING 0
OUTGOING 1

Action

Type: uint32

Defined in fuchsia.net.filter/ruleset.fidl

NameValueDescription
PASS 0
DROP 1
DROP_RESET 2

SocketProtocol

Type: uint32

Defined in fuchsia.net.filter/ruleset.fidl

NameValueDescription
ANY 0
ICMP 1
TCP 2
UDP 3
ICMPV6 4

CONSTANTS

NameValueTypeDescription
MAX_RULES 128 uint32

The maximum number of rules.