Difference between revisions of "Data types"
Jump to navigation
Jump to search
(Initial incomplete list, mostly copied from man page.) |
m (→Data types used in Netfilter: alphabetized) |
||
Line 8: | Line 8: | ||
! Data Type | ! Data Type | ||
! style="text-align:left;" | Description | ! style="text-align:left;" | Description | ||
! style="text-align:left;" | nft Selector | ! style="text-align:left;" | nft Selector(s) | ||
! style="text-align:left;" | Notes | ! style="text-align:left;" | Notes | ||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
| | | day | ||
| | | Either a day of week ("Monday", "Tuesday", etc.), or an integer between 0 and 6. Strings are matched case-insensitively, and a full match is not expected (e.g. "Mon" would match "Monday"). When an integer is given, 0 is Sunday and 6 is Saturday. | ||
| [[Matching_packet_metainformation |meta]] | |||
| | |||
|- style="vertical-align:top;" | |||
| devgroup_type | |||
| Device group (32 bit number). | |||
| [[Matching_packet_metainformation |meta]] | | [[Matching_packet_metainformation |meta]] | ||
| Can be specified numerically or as name | | Can be specified numerically or as symbolic name defined in /etc/iproute2/group. | ||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
| | | gid | ||
| | | Group ID (32 bit integer). | ||
| [[Matching_packet_metainformation |meta]] | | [[Matching_packet_metainformation |meta]] | ||
| | | Can be specified numerically or as group name. | ||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
| | | hour | ||
| | | A string representing an hour in 24-hour format. Seconds can optionally be specified. For example, 17:00 and 17:00:00 would be equivalent. | ||
| [[Matching_packet_metainformation |meta]] | | [[Matching_packet_metainformation |meta]] | ||
| | | | ||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
| | | iface_index | ||
| | | Interface index (32 bit integer). | ||
| [[Matching_packet_metainformation |meta]] | | [[Matching_packet_metainformation |meta]] | ||
| Can be specified numerically or as | | Can be specified numerically or as name of an existing interface. | ||
Use ifname instead for interfaces whose name and/or index can change (i.e. those that appear / disappear dynamically). | |||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
| | | iface_type | ||
| | | Interface type (16 bit integer). | ||
| [[Matching_packet_metainformation |meta]] | | [[Matching_packet_metainformation |meta]] | ||
| | | | ||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
| | | ifkind | ||
| | | Interface kind (16 byte string). | ||
| [[Matching_packet_metainformation |meta]] | | [[Matching_packet_metainformation |meta]] | ||
| | | List of ifkinds is in man 8 ip-link TYPES section. | ||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
| | | ifname | ||
| | | Interface name (16 byte string). | ||
| [[Matching_packet_metainformation |meta]] | | [[Matching_packet_metainformation |meta]] | ||
| | | Does not have to exist. | ||
Slower than iface_index but good for interfaces that can dynamically appear / disappear. | |||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
Line 68: | Line 74: | ||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
| | | realm | ||
| | | Routing Realm (32 bit integer). | ||
| [[Matching_packet_metainformation |meta]] | | [[Matching_packet_metainformation |meta]] | ||
| | | Can be specified numerically or as symbolic name defined in /etc/iproute2/rt_realms. | ||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
Line 80: | Line 86: | ||
|- style="vertical-align:top;" | |- style="vertical-align:top;" | ||
| | | uid | ||
| | | User ID (32 bit integer). | ||
| [[Matching_packet_metainformation |meta]] | | [[Matching_packet_metainformation |meta]] | ||
| | | Can be specified numerically or as user name. | ||
|} | |} |
Revision as of 02:50, 5 February 2021
Data types used in Netfilter
The following data types are used in nft selectors:
Netfilter Data Types | |||
---|---|---|---|
Data Type | Description | nft Selector(s) | Notes |
day | Either a day of week ("Monday", "Tuesday", etc.), or an integer between 0 and 6. Strings are matched case-insensitively, and a full match is not expected (e.g. "Mon" would match "Monday"). When an integer is given, 0 is Sunday and 6 is Saturday. | meta | |
devgroup_type | Device group (32 bit number). | meta | Can be specified numerically or as symbolic name defined in /etc/iproute2/group. |
gid | Group ID (32 bit integer). | meta | Can be specified numerically or as group name. |
hour | A string representing an hour in 24-hour format. Seconds can optionally be specified. For example, 17:00 and 17:00:00 would be equivalent. | meta | |
iface_index | Interface index (32 bit integer). | meta | Can be specified numerically or as name of an existing interface.
Use ifname instead for interfaces whose name and/or index can change (i.e. those that appear / disappear dynamically). |
iface_type | Interface type (16 bit integer). | meta | |
ifkind | Interface kind (16 byte string). | meta | List of ifkinds is in man 8 ip-link TYPES section. |
ifname | Interface name (16 byte string). | meta | Does not have to exist.
Slower than iface_index but good for interfaces that can dynamically appear / disappear. |
pkt_type | Packet type:
|
meta | |
realm | Routing Realm (32 bit integer). | meta | Can be specified numerically or as symbolic name defined in /etc/iproute2/rt_realms. |
time | Either an integer or a date in ISO format. For example: "2019-06-06 17:00". Hour and seconds are optional and can be omitted if desired. If omitted, midnight will be assumed. The following three would be equivalent: "2019-06-06", "2019-06-06 00:00" and "2019-06-06 00:00:00". When an integer is given, it is assumed to be a UNIX timestamp. | meta | |
uid | User ID (32 bit integer). | meta | Can be specified numerically or as user name. |