Marshal serializes the specified expression into a byte slice.

Unmarshal fills an expression from the specified byte slice.

Possible CmpOp values.

Possible CmpOp values.

Possible CmpOp values.

Possible CmpOp values.

Possible CmpOp values.

Possible CmpOp values.

Possible PayloadCsumType values.

Possible PayloadCsumType values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

https://sources.debian.org/src//nftables/0.9.8-3/src/ct.c/?hl=39#L39.

Possible CtKey values.

Possible CtKey values.

Possible CtKey values.

https://git.netfilter.org/libnftnl/tree/src/obj/ct_timeout.c?id=116e95aa7b6358c917de8c69f6f173874030b46b#n24.

https://git.netfilter.org/libnftnl/tree/src/obj/ct_timeout.c?id=116e95aa7b6358c917de8c69f6f173874030b46b#n57.

Possible limit unit values.

Possible limit unit values.

Possible limit unit values.

Possible limit unit values.

Possible limit unit values.

Imported from the nft_limit_type enum in netfilter/nf_tables.h.

Imported from the nft_limit_type enum in netfilter/nf_tables.h.

See https://git.netfilter.org/nftables/tree/include/linux/netfilter/nf_log.h?id=5b364657a35f4e4cd5d220ba2a45303d729c8eca.

See https://git.netfilter.org/nftables/tree/include/linux/netfilter/nf_tables.h?id=5b364657a35f4e4cd5d220ba2a45303d729c8eca#n1226.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible MetaKey values.

Possible NATType values.

Possible NATType values.

NF_NAT_RANGE_PERSISTENT defines flag for a persistent masquerade.

NF_NAT_RANGE_PREFIX defines flag for a prefix masquerade.

NF_NAT_RANGE_PROTO_RANDOM defines flag for a random masquerade.

NF_NAT_RANGE_PROTO_RANDOM_FULLY defines flag for a fully random masquerade.

NF_NAT_RANGE_PROTO_SPECIFIED defines flag for a specified range.

From https://github.com/torvalds/linux/blob/521b1e7f4cf0b05a47995b103596978224b380a8/include/uapi/linux/netfilter/nf_synproxy.h#L7-L15 Currently not available in golang.org/x/sys/unix.

From https://github.com/torvalds/linux/blob/521b1e7f4cf0b05a47995b103596978224b380a8/include/uapi/linux/netfilter/nf_synproxy.h#L7-L15 Currently not available in golang.org/x/sys/unix.

From https://github.com/torvalds/linux/blob/521b1e7f4cf0b05a47995b103596978224b380a8/include/uapi/linux/netfilter/nf_synproxy.h#L7-L15 Currently not available in golang.org/x/sys/unix.

From https://github.com/torvalds/linux/blob/521b1e7f4cf0b05a47995b103596978224b380a8/include/uapi/linux/netfilter/nf_synproxy.h#L7-L15 Currently not available in golang.org/x/sys/unix.

From https://github.com/torvalds/linux/blob/521b1e7f4cf0b05a47995b103596978224b380a8/include/uapi/linux/netfilter/nf_synproxy.h#L7-L15 Currently not available in golang.org/x/sys/unix.

Not yet supported by unix package https://cs.opensource.google/go/x/sys/+/c6bc011c:unix/ztypes_linux.go;l=2027-2036.

Per https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=84d12cfacf8ddd857a09435f3d982ab6250d250c#n1167.

From https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=be0bae0ad31b0adb506f96de083f52a2bd0d4fbf#n1601 Currently not available in sys/unix.

From https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=be0bae0ad31b0adb506f96de083f52a2bd0d4fbf#n1601 Currently not available in sys/unix.

From https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=be0bae0ad31b0adb506f96de083f52a2bd0d4fbf#n1601 Currently not available in sys/unix.

From https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=be0bae0ad31b0adb506f96de083f52a2bd0d4fbf#n1601 Currently not available in sys/unix.

From https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=be0bae0ad31b0adb506f96de083f52a2bd0d4fbf#n1601 Currently not available in sys/unix.

Missing ct timeout consts https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=be0bae0ad31b0adb506f96de083f52a2bd0d4fbf#n1592.

Missing ct timeout consts https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=be0bae0ad31b0adb506f96de083f52a2bd0d4fbf#n1592.

Missing ct timeout consts https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=be0bae0ad31b0adb506f96de083f52a2bd0d4fbf#n1592.

Not yet supported by unix package https://cs.opensource.google/go/x/sys/+/c6bc011c:unix/ztypes_linux.go;l=2027-2036.

From https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=be0bae0ad31b0adb506f96de083f52a2bd0d4fbf#n1338.

TODO, Once the constants below are available in golang.org/x/sys/unix, switch to use those.

From https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=be0bae0ad31b0adb506f96de083f52a2bd0d4fbf#n1723 Currently not available in golang.org/x/sys/unix.

From https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=be0bae0ad31b0adb506f96de083f52a2bd0d4fbf#n1723 Currently not available in golang.org/x/sys/unix.

From https://git.netfilter.org/libnftnl/tree/include/linux/netfilter/nf_tables.h?id=be0bae0ad31b0adb506f96de083f52a2bd0d4fbf#n1723 Currently not available in golang.org/x/sys/unix.

NFTA_TPROXY_FAMILY defines attribute for a table family.

NFTA_TPROXY_REG_ADDR defines attribute for a register carrying redirection address value.

NFTA_TPROXY_REG_PORT defines attribute for a register carrying redirection port value.

Possible PayloadBase values.

Possible PayloadBase values.

Possible PayloadBase values.

Possible PayloadOperationType values.

Possible PayloadOperationType values.

Possible QueueAttribute values.

Possible QueueAttribute values.

Possible QueueAttribute values.

Possible QueueAttribute values.

Possible QueueAttribute values.

Possible QueueAttribute values.

Verdicts, as per netfilter.h and netfilter/nf_tables.h.

Verdicts, as per netfilter.h and netfilter/nf_tables.h.

Verdicts, as per netfilter.h and netfilter/nf_tables.h.

Verdicts, as per netfilter.h and netfilter/nf_tables.h.

Verdicts, as per netfilter.h and netfilter/nf_tables.h.

Verdicts, as per netfilter.h and netfilter/nf_tables.h.

Verdicts, as per netfilter.h and netfilter/nf_tables.h.

Verdicts, as per netfilter.h and netfilter/nf_tables.h.

Verdicts, as per netfilter.h and netfilter/nf_tables.h.

Verdicts, as per netfilter.h and netfilter/nf_tables.h.

Verdicts, as per netfilter.h and netfilter/nf_tables.h.

See https://git.netfilter.org/libnftnl/tree/src/expr/target.c?id=09456c720e9c00eecc08e41ac6b7c291b3821ee5#n28.

https://git.netfilter.org/libnftnl/tree/src/obj/ct_timeout.c?id=116e95aa7b6358c917de8c69f6f173874030b46b#n38.

https://git.netfilter.org/libnftnl/tree/src/obj/ct_timeout.c?id=116e95aa7b6358c917de8c69f6f173874030b46b#n57.

Cmp compares a register with the specified data.

Per https://git.netfilter.org/libnftnl/tree/src/expr/connlimit.c?id=84d12cfacf8ddd857a09435f3d982ab6250d250c.

Ct defines type for NFT connection tracking.

Dynset represent a rule dynamically adding or updating a set or a map based on an incoming packet.

Fib defines fib expression structure.

Hash defines type for nftables internal hashing functions.

Limit represents a rate limit expression.

Log defines type for NFT logging See https://git.netfilter.org/libnftnl/tree/src/expr/log.c?id=09456c720e9c00eecc08e41ac6b7c291b3821ee5#n25.

Lookup represents a match against the contents of a set.

Masq (Masquerade) is a special case of SNAT, where the source address is automagically set to the address of the output interface.

See https://git.netfilter.org/libnftnl/tree/src/expr/match.c?id=09456c720e9c00eecc08e41ac6b7c291b3821ee5#n30.

Meta loads packet meta information for later comparisons.

Numgen defines Numgen expression structure.

Quota defines a threshold against a number of bytes.

Range implements range expression.

See https://git.netfilter.org/libnftnl/tree/src/expr/target.c?id=09456c720e9c00eecc08e41ac6b7c291b3821ee5#n30.

TProxy defines struct with parameters for the transparent proxy.

Any is an interface implemented by any expression type.

CmpOp specifies which type of comparison should be performed.

CtKey specifies which piece of conntrack information should be loaded.

LimitTime represents the limit unit.

LimitType represents the type of the limit expression.

MetaKey specifies which piece of meta information should be loaded.