1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
|
// Copyright (c) Tailscale Inc & AUTHORS
// SPDX-License-Identifier: BSD-3-Clause
// TODO(#8502): add support for more architectures
//go:build linux && (arm64 || amd64)
package linuxfw
import (
"github.com/google/nftables/expr"
"github.com/google/nftables/xt"
)
var metaKeyNames = map[expr.MetaKey]string{
expr.MetaKeyLEN: "LEN",
expr.MetaKeyPROTOCOL: "PROTOCOL",
expr.MetaKeyPRIORITY: "PRIORITY",
expr.MetaKeyMARK: "MARK",
expr.MetaKeyIIF: "IIF",
expr.MetaKeyOIF: "OIF",
expr.MetaKeyIIFNAME: "IIFNAME",
expr.MetaKeyOIFNAME: "OIFNAME",
expr.MetaKeyIIFTYPE: "IIFTYPE",
expr.MetaKeyOIFTYPE: "OIFTYPE",
expr.MetaKeySKUID: "SKUID",
expr.MetaKeySKGID: "SKGID",
expr.MetaKeyNFTRACE: "NFTRACE",
expr.MetaKeyRTCLASSID: "RTCLASSID",
expr.MetaKeySECMARK: "SECMARK",
expr.MetaKeyNFPROTO: "NFPROTO",
expr.MetaKeyL4PROTO: "L4PROTO",
expr.MetaKeyBRIIIFNAME: "BRIIIFNAME",
expr.MetaKeyBRIOIFNAME: "BRIOIFNAME",
expr.MetaKeyPKTTYPE: "PKTTYPE",
expr.MetaKeyCPU: "CPU",
expr.MetaKeyIIFGROUP: "IIFGROUP",
expr.MetaKeyOIFGROUP: "OIFGROUP",
expr.MetaKeyCGROUP: "CGROUP",
expr.MetaKeyPRANDOM: "PRANDOM",
}
var cmpOpNames = map[expr.CmpOp]string{
expr.CmpOpEq: "EQ",
expr.CmpOpNeq: "NEQ",
expr.CmpOpLt: "LT",
expr.CmpOpLte: "LTE",
expr.CmpOpGt: "GT",
expr.CmpOpGte: "GTE",
}
var verdictNames = map[expr.VerdictKind]string{
expr.VerdictReturn: "RETURN",
expr.VerdictGoto: "GOTO",
expr.VerdictJump: "JUMP",
expr.VerdictBreak: "BREAK",
expr.VerdictContinue: "CONTINUE",
expr.VerdictDrop: "DROP",
expr.VerdictAccept: "ACCEPT",
expr.VerdictStolen: "STOLEN",
expr.VerdictQueue: "QUEUE",
expr.VerdictRepeat: "REPEAT",
expr.VerdictStop: "STOP",
}
var payloadOperationTypeNames = map[expr.PayloadOperationType]string{
expr.PayloadLoad: "LOAD",
expr.PayloadWrite: "WRITE",
}
var payloadBaseNames = map[expr.PayloadBase]string{
expr.PayloadBaseLLHeader: "ll-header",
expr.PayloadBaseNetworkHeader: "network-header",
expr.PayloadBaseTransportHeader: "transport-header",
}
var packetTypeNames = map[int]string{
0 /* PACKET_HOST */ : "unicast",
1 /* PACKET_BROADCAST */ : "broadcast",
2 /* PACKET_MULTICAST */ : "multicast",
}
var addrTypeFlagNames = map[xt.AddrTypeFlags]string{
xt.AddrTypeUnspec: "unspec",
xt.AddrTypeUnicast: "unicast",
xt.AddrTypeLocal: "local",
xt.AddrTypeBroadcast: "broadcast",
xt.AddrTypeAnycast: "anycast",
xt.AddrTypeMulticast: "multicast",
xt.AddrTypeBlackhole: "blackhole",
xt.AddrTypeUnreachable: "unreachable",
xt.AddrTypeProhibit: "prohibit",
xt.AddrTypeThrow: "throw",
xt.AddrTypeNat: "nat",
xt.AddrTypeXresolve: "xresolve",
}
|
