Google is committed to advancing racial equity for Black communities. See how.

fuchsia.net.filter

PROTOCOLS

Filter

Defined in fuchsia.net.filter/commands.fidl

A protocol for filtering TCP/IP traffic and Network Address Translation.

DisableInterface

Disable the filter on a specific interface.

The filter is disabled by default. If the filter is already disabled, no error is returned.

  • request id The id of the network interface.
  • error Reports NOT_FOUND if id is not a valid interface.

Request

NameType
id fuchsia.net/interface_id

Response

NameType
result Filter_DisableInterface_Result

EnableInterface

Enable the filter on a specific interface.

The filter is disabled by default. If the filter is already enabled, no error is returned.

  • request id The id of the network interface.
  • error Reports NOT_FOUND if id is not a valid interface.

Request

NameType
id fuchsia.net/interface_id

Response

NameType
result Filter_EnableInterface_Result

GetNatRules

GetNatRules gets the current NAT rules.

  • response rules The current NAT rules.
  • response generation The generation number associated with the current NAT rules.

Request

<EMPTY>

Response

NameType
result Filter_GetNatRules_Result

GetRdrRules

GetRdrRules gets the current RDR rules.

  • response rules The current RDR rules.
  • response generation The generation number associated with the current RDR rules.

Request

<EMPTY>

Response

NameType
result Filter_GetRdrRules_Result

GetRules

GetRules gets the current rules. They do not include NAT or RDR rules. (use GetNatRules or GetRdrRules instead).

  • response rules The current filter rules.
  • response generation The generation number associated with the current rules.

Request

<EMPTY>

Response

NameType
result Filter_GetRules_Result

UpdateNatRules

UpdateNatRules updates the current NAT rules.

UpdateNatRules takes a generation number that is previously returned from GetRules. The generation number has to be up-to-date, i.e. it has to match with the one associated with the current NAT rules. The service will assign a new generation number to the new NAT rules.

  • request rules The new NAT rules to install.
  • request generation The generation number previously returned from GetNATRules.
  • error Reports NOT_SUPPORTED if the operation is not supported.

Request

NameType
rules vector<Nat>[128]
generation uint32

Response

NameType
result Filter_UpdateNatRules_Result

UpdateRdrRules

UpdateRdrRules updates the previous RDR rules with new rules.

UpdateRdrRules takes a generation number that is previously returned from GetRules. The generation number has to be up-to-date, i.e. it has to match with the one associated with the current RDR rules. The service will assign a new generation number to the new RDR rules.

  • request rules The new RDR rules to install.
  • request generation The generation number previously returned from GetRDRRules.
  • error Reports NOT_SUPPORTED if the operation is not supported.

Request

NameType
rules vector<Rdr>[128]
generation uint32

Response

NameType
result Filter_UpdateRdrRules_Result

UpdateRules

UpdateRules updates the current rules. It does not update NAT or RDR rules (use UpdateNatRules or UpdateRdrRules instead).

UpdateRules takes a generation number that is previously returned from GetRules. The generation number has to be up-to-date, i.e. it has to match with the one associated with the current rules. The service will assign a new generation number to the new rules.

  • request rules The new filter rules to install.
  • request generation The generation number previously returned from GetRules.
  • error Reports INTERNAL if the service had an internal error.
  • error Reports GENERATION_MISMATCH if generation is not the generation number for the current rules.
  • error Reports BAD_RULE if rules are not valid.

Request

NameType
rules vector<Rule>[128]
generation uint32

Response

NameType
result Filter_UpdateRules_Result

STRUCTS

Filter_DisableInterface_Response

Defined in fuchsia.net.filter/commands.fidl

<EMPTY>

Filter_EnableInterface_Response

Defined in fuchsia.net.filter/commands.fidl

<EMPTY>

Filter_GetNatRules_Response

Defined in fuchsia.net.filter/commands.fidl

FieldTypeDescriptionDefault
rules vector<Nat>[128] No default
generation uint32 No default

Filter_GetRdrRules_Response

Defined in fuchsia.net.filter/commands.fidl

FieldTypeDescriptionDefault
rules vector<Rdr>[128] No default
generation uint32 No default

Filter_GetRules_Response

Defined in fuchsia.net.filter/commands.fidl

FieldTypeDescriptionDefault
rules vector<Rule>[128] No default
generation uint32 No default

Filter_UpdateNatRules_Response

Defined in fuchsia.net.filter/commands.fidl

<EMPTY>

Filter_UpdateRdrRules_Response

Defined in fuchsia.net.filter/commands.fidl

<EMPTY>

Filter_UpdateRules_Response

Defined in fuchsia.net.filter/commands.fidl

<EMPTY>

Nat

Defined in fuchsia.net.filter/ruleset.fidl

NAT is a special rule for Network Address Translation, which rewrites the address of an outgoing packet.

FieldTypeDescriptionDefault
proto SocketProtocol No default
src_subnet fuchsia.net/Subnet No default
new_src_addr fuchsia.net/IpAddress No default
nic uint32 No default

PortRange

Defined in fuchsia.net.filter/ruleset.fidl

PortRange specifies an inclusive range of port numbers.

FieldTypeDescriptionDefault
start uint16 No default
end uint16 No default

Rdr

Defined in fuchsia.net.filter/ruleset.fidl

RDR is a special rule for Redirector, which forwards an incoming packet to a machine inside the firewall.

FieldTypeDescriptionDefault
proto SocketProtocol No default
dst_addr fuchsia.net/IpAddress No default
dst_port_range PortRange No default
new_dst_addr fuchsia.net/IpAddress No default
new_dst_port_range PortRange No default
nic uint32 No default

Rule

Defined in fuchsia.net.filter/ruleset.fidl

Rule describes the conditions and the action of a rule.

FieldTypeDescriptionDefault
action Action No default
direction Direction No default
proto SocketProtocol No default
src_subnet fuchsia.net/Subnet? No default
src_subnet_invert_match bool

If true, matches any address that is NOT contained in the subnet.

No default
src_port_range PortRange No default
dst_subnet fuchsia.net/Subnet? No default
dst_subnet_invert_match bool

If true, matches any address that is NOT contained in the subnet.

No default
dst_port_range PortRange No default
nic uint32 No default
log bool No default
keep_state bool No default

ENUMS

Action strict

Type: uint32

Defined in fuchsia.net.filter/ruleset.fidl

NameValueDescription
PASS 0
DROP 1
DROP_RESET 2

Direction strict

Type: uint32

Defined in fuchsia.net.filter/ruleset.fidl

Direction is which way (Incoming or Outgoing) a packet is moving in the stack.

NameValueDescription
INCOMING 0
OUTGOING 1

Filter_DisableInterface_Error strict

Type: uint32

Defined in fuchsia.net.filter/commands.fidl

NameValueDescription
NOT_FOUND 1

Filter_EnableInterface_Error strict

Type: uint32

Defined in fuchsia.net.filter/commands.fidl

NameValueDescription
NOT_FOUND 1

Filter_GetNatRules_Error strict

Type: uint32

Defined in fuchsia.net.filter/commands.fidl

NameValueDescription
RESERVED 0

Filter_GetRdrRules_Error strict

Type: uint32

Defined in fuchsia.net.filter/commands.fidl

NameValueDescription
RESERVED 0

Filter_GetRules_Error strict

Type: uint32

Defined in fuchsia.net.filter/commands.fidl

NameValueDescription
RESERVED 0

Filter_UpdateNatRules_Error strict

Type: uint32

Defined in fuchsia.net.filter/commands.fidl

NameValueDescription
NOT_SUPPORTED 1

Filter_UpdateRdrRules_Error strict

Type: uint32

Defined in fuchsia.net.filter/commands.fidl

NameValueDescription
NOT_SUPPORTED 1

Filter_UpdateRules_Error strict

Type: uint32

Defined in fuchsia.net.filter/commands.fidl

NameValueDescription
INTERNAL 1
GENERATION_MISMATCH 2
BAD_RULE 3

SocketProtocol strict

Type: uint32

Defined in fuchsia.net.filter/ruleset.fidl

NameValueDescription
ANY 0
ICMP 1
TCP 2
UDP 3
ICMPV6 4

UNIONS

Filter_DisableInterface_Result strict

Defined in fuchsia.net.filter/commands.fidl

Ordinal
VariantTypeDescription
1 response Filter_DisableInterface_Response
2 err Filter_DisableInterface_Error

Filter_EnableInterface_Result strict

Defined in fuchsia.net.filter/commands.fidl

Ordinal
VariantTypeDescription
1 response Filter_EnableInterface_Response
2 err Filter_EnableInterface_Error

Filter_GetNatRules_Result strict

Defined in fuchsia.net.filter/commands.fidl

Ordinal
VariantTypeDescription
1 response Filter_GetNatRules_Response
2 err Filter_GetNatRules_Error

Filter_GetRdrRules_Result strict

Defined in fuchsia.net.filter/commands.fidl

Ordinal
VariantTypeDescription
1 response Filter_GetRdrRules_Response
2 err Filter_GetRdrRules_Error

Filter_GetRules_Result strict

Defined in fuchsia.net.filter/commands.fidl

Ordinal
VariantTypeDescription
1 response Filter_GetRules_Response
2 err Filter_GetRules_Error

Filter_UpdateNatRules_Result strict

Defined in fuchsia.net.filter/commands.fidl

Ordinal
VariantTypeDescription
1 response Filter_UpdateNatRules_Response
2 err Filter_UpdateNatRules_Error

Filter_UpdateRdrRules_Result strict

Defined in fuchsia.net.filter/commands.fidl

Ordinal
VariantTypeDescription
1 response Filter_UpdateRdrRules_Response
2 err Filter_UpdateRdrRules_Error

Filter_UpdateRules_Result strict

Defined in fuchsia.net.filter/commands.fidl

Ordinal
VariantTypeDescription
1 response Filter_UpdateRules_Response
2 err Filter_UpdateRules_Error

CONSTANTS

NameValueTypeDescription
MAX_RULES 128 uint32

The maximum number of rules.