forked from go-freebsd/pf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
rule.go
118 lines (97 loc) · 2.89 KB
/
rule.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package pf
// #include <net/if.h>
// #include <net/pfvar.h>
import "C"
import "unsafe"
// Rule wraps the pf rule (cgo)
type Rule struct {
wrap C.struct_pfioc_rule
}
// RuleStats contains usefule pf rule statistics
type RuleStats struct {
Evaluations uint64
PacketIn, PacketOut uint64
BytesIn, BytesOut uint64
MaxStates uint32
StatesCurrent uint64
StatesTotal uint64
}
// Stats copies the rule statistics into the passed
// RuleStats struct
func (r Rule) Stats(stats *RuleStats) {
stats.Evaluations = uint64(r.wrap.rule.evaluations)
stats.PacketIn = uint64(r.wrap.rule.packets[0])
stats.PacketOut = uint64(r.wrap.rule.packets[1])
stats.BytesIn = uint64(r.wrap.rule.bytes[0])
stats.BytesOut = uint64(r.wrap.rule.bytes[1])
stats.MaxStates = uint32(r.wrap.rule.max_states)
stats.StatesCurrent = uint64(r.wrap.rule.u_states_cur)
stats.StatesTotal = uint64(r.wrap.rule.u_states_tot)
}
// SetProtocol sets the protocol matcher of the rule if the
func (r *Rule) SetProtocol(p Protocol) {
r.wrap.rule.proto = C.u_int8_t(p)
}
// Protocol that is matched by the rule
func (r Rule) Protocol() Protocol {
return Protocol(r.wrap.rule.proto)
}
// SetLog enables logging of packets to the log interface
func (r *Rule) SetLog(enabled bool) {
if enabled {
r.wrap.rule.log = 1
} else {
r.wrap.rule.log = 0
}
}
// Log returns true if matching packets are logged
func (r Rule) Log() bool {
return r.wrap.rule.log == 1
}
// SetQuick skips further evaluations if packet matched
func (r *Rule) SetQuick(enabled bool) {
if enabled {
r.wrap.rule.quick = 1
} else {
r.wrap.rule.quick = 0
}
}
// Quick returns true if matching packets are last to evaluate in the rule list
func (r Rule) Quick() bool {
return r.wrap.rule.quick == 1
}
// SetState sets if the rule keeps state or not
func (r *Rule) SetState(s State) {
r.wrap.rule.keep_state = C.u_int8_t(s)
}
// State returns the state tracking configuration of the rule
func (r Rule) State() State {
return State(r.wrap.rule.keep_state)
}
// SetDirection sets the direction the traffic flows
func (r *Rule) SetDirection(dir Direction) {
r.wrap.rule.direction = C.u_int8_t(dir)
}
// Direction returns the rule matching direction
func (r Rule) Direction() Direction {
return Direction(r.wrap.rule.direction)
}
// SetAction sets the action on the traffic flow
func (r *Rule) SetAction(a Action) {
r.wrap.rule.action = C.u_int8_t(a)
}
// Action returns the action that is performed when rule matches
func (r Rule) Action() Action {
return Action(r.wrap.rule.action)
}
// SetAddressFamily sets the address family to match on
func (r *Rule) SetAddressFamily(af AddressFamily) {
r.wrap.rule.af = C.sa_family_t(af)
}
// AddressFamily returns the address family that is matched on
func (r Rule) AddressFamily() AddressFamily {
return AddressFamily(r.wrap.rule.af)
}
func (r Rule) Label() string {
return C.GoString((*C.char)(unsafe.Pointer(&r.wrap.rule.label)))
}