fuchsia.net.filter

PROTOCOLS

Filter

Defined in fuchsia.net.filter/commands.fidl

Enable

Enable enables the filter if true is passed. It disables the filter if false is passed.

Request

NameType
enabled bool

Response

NameType
status Status

IsEnabled

IsEnabled returns true if the filter is enabled.

Request

NameType

Response

NameType
enabled bool

GetRules

GetRules gets the current rules. They do not include NAT or RDR rules. (use GetNATRules or GetRDRRules instead).

GetRules also returns a generation number associated with the current rules.

Request

NameType

Response

NameType
rules vector<Rule>
generation uint32
status Status

UpdateRules

UpdateRules updates the current rules. It does not update NAT or RDR rules (use UpdateNATRules or UpdateRDRRules instead).

UpdateRules takes a generation number that is previously returned from GetRules. To successfully update the current rules, the generation number passed to UpdateRules needs to be up-to-date.

If somebody else has updated the rules since the previous GetRules, the generation number won't match and err_generation_mismatch will be returned.

Request

NameType
rules vector<Rule>
generation uint32

Response

NameType
status Status

GetNATRules

GetNATRules gets the current NAT rules.

It also returns a generation number that can be passed to UpdateNATRules.

Request

NameType

Response

NameType
rules vector<NAT>
generation uint32
status Status

UpdateNATRules

UpdateNATRules updates the current NAT rules.

It takes a generation number that is returned from GetNATRules. To successfully update the current rules, the generation number passed to UpdateNATRules needs to be up-to-date.

Request

NameType
rules vector<NAT>
generation uint32

Response

NameType
status Status

GetRDRRules

GetRDRRules gets the current RDR rules.

It also returns a generation number that can be passed to UpdateRDRRules.

Request

NameType

Response

NameType
rules vector<RDR>
generation uint32
status Status

UpdateRDRRules

UpdateRDRRules updates the previous RDR rules with new rules.

It takes a generation number that is returned from GetRDRRules. To successfully update the current rules, the generation number passed to UpdateRDRRules needs to be up-to-date.

Request

NameType
rules vector<RDR>
generation uint32

Response

NameType
status Status

STRUCTS

Rule

Defined in fuchsia.net.filter/ruleset.fidl

Rule describes the conditions and the action of a rule.

NameTypeDescriptionDefault
action Action No default
direction Direction No default
quick bool If true, no more rules will be tested. No default
proto SocketProtocol No default
src_subnet fuchsia.net/Subnet? No default
src_subnet_invert_match bool If true, matches any address that is NOT contained in the subnet. No default
src_port uint16 No default
dst_subnet fuchsia.net/Subnet? No default
dst_subnet_invert_match bool If true, matches any address that is NOT contained in the subnet. No default
dst_port uint16 No default
nic uint32 No default
log bool No default
keepState bool No default

NAT

Defined in fuchsia.net.filter/ruleset.fidl

NAT is a special rule for Network Address Translation, which rewrites the address of an outgoing packet.

NameTypeDescriptionDefault
proto SocketProtocol No default
src_subnet fuchsia.net/Subnet No default
new_src_addr fuchsia.net/IpAddress No default
nic uint32 No default

RDR

Defined in fuchsia.net.filter/ruleset.fidl

RDR is a special rule for Redirector, which forwards an incoming packet to a machine inside the firewall.

NameTypeDescriptionDefault
proto SocketProtocol No default
dst_addr fuchsia.net/IpAddress No default
dst_port uint16 No default
new_dst_addr fuchsia.net/IpAddress No default
new_dst_port uint16 No default
nic uint32 No default

ENUMS

Status

Type: uint32

Defined in fuchsia.net.filter/commands.fidl

NameValueDescription
ok 0
err_internal 1
err_generation_mismatch 2
err_bad_rule 3

Direction

Type: uint32

Defined in fuchsia.net.filter/ruleset.fidl

Direction is which way (Incoming or Outgoing) a packet is moving in the stack.

NameValueDescription
incoming 0
outgoing 1

Action

Type: uint32

Defined in fuchsia.net.filter/ruleset.fidl

NameValueDescription
pass 0
drop 1
drop_reset 2

SocketProtocol

Type: uint32

Defined in fuchsia.net.filter/ruleset.fidl

NameValueDescription
ip 0
icmp 1
tcp 6
udp 17
ipv6 41
icmpv6 58