State(value)Type of states that are defined in the network state machine. Each step in the packet trace is in a specific state.
Values: STATE_UNSPECIFIED (0): Unspecified state. START_FROM_INSTANCE (1): Initial state: packet originating from a Compute Engine instance. An InstanceInfo is populated with starting instance information. START_FROM_INTERNET (2): Initial state: packet originating from the internet. The endpoint information is populated. START_FROM_GOOGLE_SERVICE (27): Initial state: packet originating from a Google service. The google_service information is populated. START_FROM_PRIVATE_NETWORK (3): Initial state: packet originating from a VPC or on-premises network with internal source IP. If the source is a VPC network visible to the user, a NetworkInfo is populated with details of the network. START_FROM_GKE_MASTER (21): Initial state: packet originating from a Google Kubernetes Engine cluster master. A GKEMasterInfo is populated with starting instance information. START_FROM_CLOUD_SQL_INSTANCE (22): Initial state: packet originating from a Cloud SQL instance. A CloudSQLInstanceInfo is populated with starting instance information. START_FROM_CLOUD_FUNCTION (23): Initial state: packet originating from a Cloud Function. A CloudFunctionInfo is populated with starting function information. START_FROM_APP_ENGINE_VERSION (25): Initial state: packet originating from an App Engine service version. An AppEngineVersionInfo is populated with starting version information. START_FROM_CLOUD_RUN_REVISION (26): Initial state: packet originating from a Cloud Run revision. A CloudRunRevisionInfo is populated with starting revision information. START_FROM_STORAGE_BUCKET (29): Initial state: packet originating from a Storage Bucket. Used only for return traces. The storage_bucket information is populated. START_FROM_PSC_PUBLISHED_SERVICE (30): Initial state: packet originating from a published service that uses Private Service Connect. Used only for return traces. APPLY_INGRESS_FIREWALL_RULE (4): Config checking state: verify ingress firewall rule. APPLY_EGRESS_FIREWALL_RULE (5): Config checking state: verify egress firewall rule. APPLY_ROUTE (6): Config checking state: verify route. APPLY_FORWARDING_RULE (7): Config checking state: match forwarding rule. ANALYZE_LOAD_BALANCER_BACKEND (28): Config checking state: verify load balancer backend configuration. SPOOFING_APPROVED (8): Config checking state: packet sent or received under foreign IP address and allowed. ARRIVE_AT_INSTANCE (9): Forwarding state: arriving at a Compute Engine instance. ARRIVE_AT_INTERNAL_LOAD_BALANCER (10): Forwarding state: arriving at a Compute Engine internal load balancer. ARRIVE_AT_EXTERNAL_LOAD_BALANCER (11): Forwarding state: arriving at a Compute Engine external load balancer. ARRIVE_AT_VPN_GATEWAY (12): Forwarding state: arriving at a Cloud VPN gateway. ARRIVE_AT_VPN_TUNNEL (13): Forwarding state: arriving at a Cloud VPN tunnel. ARRIVE_AT_VPC_CONNECTOR (24): Forwarding state: arriving at a VPC connector. NAT (14): Transition state: packet header translated. PROXY_CONNECTION (15): Transition state: original connection is terminated and a new proxied connection is initiated. DELIVER (16): Final state: packet could be delivered. DROP (17): Final state: packet could be dropped. FORWARD (18): Final state: packet could be forwarded to a network with an unknown configuration. ABORT (19): Final state: analysis is aborted. VIEWER_PERMISSION_MISSING (20): Special state: viewer of the test result does not have permission to see the configuration in this step.