File: ipset_linux.go

package info (click to toggle)
golang-github-vishvananda-netlink 1.3.1-1
  • links: PTS, VCS
  • area: main
  • in suites: experimental, forky, sid
  • size: 1,648 kB
  • sloc: makefile: 25
file content (227 lines) | stat: -rw-r--r-- 5,978 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
 
package nl

import (
	"strconv"

	"golang.org/x/sys/unix"
)

const (
	/* The protocol version */
	IPSET_PROTOCOL = 6

	/* The max length of strings including NUL: set and type identifiers */
	IPSET_MAXNAMELEN = 32

	/* The maximum permissible comment length we will accept over netlink */
	IPSET_MAX_COMMENT_SIZE = 255
)

const (
	_                  = iota
	IPSET_CMD_PROTOCOL /* 1: Return protocol version */
	IPSET_CMD_CREATE   /* 2: Create a new (empty) set */
	IPSET_CMD_DESTROY  /* 3: Destroy a (empty) set */
	IPSET_CMD_FLUSH    /* 4: Remove all elements from a set */
	IPSET_CMD_RENAME   /* 5: Rename a set */
	IPSET_CMD_SWAP     /* 6: Swap two sets */
	IPSET_CMD_LIST     /* 7: List sets */
	IPSET_CMD_SAVE     /* 8: Save sets */
	IPSET_CMD_ADD      /* 9: Add an element to a set */
	IPSET_CMD_DEL      /* 10: Delete an element from a set */
	IPSET_CMD_TEST     /* 11: Test an element in a set */
	IPSET_CMD_HEADER   /* 12: Get set header data only */
	IPSET_CMD_TYPE     /* 13: Get set type */
)

/* Attributes at command level */
const (
	_                       = iota
	IPSET_ATTR_PROTOCOL     /* 1: Protocol version */
	IPSET_ATTR_SETNAME      /* 2: Name of the set */
	IPSET_ATTR_TYPENAME     /* 3: Typename */
	IPSET_ATTR_REVISION     /* 4: Settype revision */
	IPSET_ATTR_FAMILY       /* 5: Settype family */
	IPSET_ATTR_FLAGS        /* 6: Flags at command level */
	IPSET_ATTR_DATA         /* 7: Nested attributes */
	IPSET_ATTR_ADT          /* 8: Multiple data containers */
	IPSET_ATTR_LINENO       /* 9: Restore lineno */
	IPSET_ATTR_PROTOCOL_MIN /* 10: Minimal supported version number */

	IPSET_ATTR_SETNAME2     = IPSET_ATTR_TYPENAME     /* Setname at rename/swap */
	IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN /* type rev min */
)

/* CADT specific attributes */
const (
	IPSET_ATTR_IP          = 1
	IPSET_ATTR_IP_FROM     = 1
	IPSET_ATTR_IP_TO       = 2
	IPSET_ATTR_CIDR        = 3
	IPSET_ATTR_PORT        = 4
	IPSET_ATTR_PORT_FROM   = 4
	IPSET_ATTR_PORT_TO     = 5
	IPSET_ATTR_TIMEOUT     = 6
	IPSET_ATTR_PROTO       = 7
	IPSET_ATTR_CADT_FLAGS  = 8
	IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO /* 9 */
	IPSET_ATTR_MARK        = 10
	IPSET_ATTR_MARKMASK    = 11

	/* Reserve empty slots */
	IPSET_ATTR_CADT_MAX = 16

	/* Create-only specific attributes */
	IPSET_ATTR_GC = 3 + iota
	IPSET_ATTR_HASHSIZE
	IPSET_ATTR_MAXELEM
	IPSET_ATTR_NETMASK
	IPSET_ATTR_PROBES
	IPSET_ATTR_RESIZE
	IPSET_ATTR_SIZE

	/* Kernel-only */
	IPSET_ATTR_ELEMENTS
	IPSET_ATTR_REFERENCES
	IPSET_ATTR_MEMSIZE

	SET_ATTR_CREATE_MAX
)

const (
	IPSET_ATTR_IPADDR_IPV4 = 1
	IPSET_ATTR_IPADDR_IPV6 = 2
)

/* ADT specific attributes */
const (
	IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + iota + 1
	IPSET_ATTR_NAME
	IPSET_ATTR_NAMEREF
	IPSET_ATTR_IP2
	IPSET_ATTR_CIDR2
	IPSET_ATTR_IP2_TO
	IPSET_ATTR_IFACE
	IPSET_ATTR_BYTES
	IPSET_ATTR_PACKETS
	IPSET_ATTR_COMMENT
	IPSET_ATTR_SKBMARK
	IPSET_ATTR_SKBPRIO
	IPSET_ATTR_SKBQUEUE
)

/* Flags at CADT attribute level, upper half of cmdattrs */
const (
	IPSET_FLAG_BIT_BEFORE        = 0
	IPSET_FLAG_BEFORE            = (1 << IPSET_FLAG_BIT_BEFORE)
	IPSET_FLAG_BIT_PHYSDEV       = 1
	IPSET_FLAG_PHYSDEV           = (1 << IPSET_FLAG_BIT_PHYSDEV)
	IPSET_FLAG_BIT_NOMATCH       = 2
	IPSET_FLAG_NOMATCH           = (1 << IPSET_FLAG_BIT_NOMATCH)
	IPSET_FLAG_BIT_WITH_COUNTERS = 3
	IPSET_FLAG_WITH_COUNTERS     = (1 << IPSET_FLAG_BIT_WITH_COUNTERS)
	IPSET_FLAG_BIT_WITH_COMMENT  = 4
	IPSET_FLAG_WITH_COMMENT      = (1 << IPSET_FLAG_BIT_WITH_COMMENT)
	IPSET_FLAG_BIT_WITH_FORCEADD = 5
	IPSET_FLAG_WITH_FORCEADD     = (1 << IPSET_FLAG_BIT_WITH_FORCEADD)
	IPSET_FLAG_BIT_WITH_SKBINFO  = 6
	IPSET_FLAG_WITH_SKBINFO      = (1 << IPSET_FLAG_BIT_WITH_SKBINFO)
	IPSET_FLAG_CADT_MAX          = 15
)

const (
	IPSET_ERR_PRIVATE = 4096 + iota
	IPSET_ERR_PROTOCOL
	IPSET_ERR_FIND_TYPE
	IPSET_ERR_MAX_SETS
	IPSET_ERR_BUSY
	IPSET_ERR_EXIST_SETNAME2
	IPSET_ERR_TYPE_MISMATCH
	IPSET_ERR_EXIST
	IPSET_ERR_INVALID_CIDR
	IPSET_ERR_INVALID_NETMASK
	IPSET_ERR_INVALID_FAMILY
	IPSET_ERR_TIMEOUT
	IPSET_ERR_REFERENCED
	IPSET_ERR_IPADDR_IPV4
	IPSET_ERR_IPADDR_IPV6
	IPSET_ERR_COUNTER
	IPSET_ERR_COMMENT
	IPSET_ERR_INVALID_MARKMASK
	IPSET_ERR_SKBINFO

	/* Type specific error codes */
	IPSET_ERR_TYPE_SPECIFIC = 4352
)

type IPSetError uintptr

func (e IPSetError) Error() string {
	switch int(e) {
	case IPSET_ERR_PRIVATE:
		return "private"
	case IPSET_ERR_PROTOCOL:
		return "invalid protocol"
	case IPSET_ERR_FIND_TYPE:
		return "invalid type"
	case IPSET_ERR_MAX_SETS:
		return "max sets reached"
	case IPSET_ERR_BUSY:
		return "busy"
	case IPSET_ERR_EXIST_SETNAME2:
		return "exist_setname2"
	case IPSET_ERR_TYPE_MISMATCH:
		return "type mismatch"
	case IPSET_ERR_EXIST:
		return "exist"
	case IPSET_ERR_INVALID_CIDR:
		return "invalid cidr"
	case IPSET_ERR_INVALID_NETMASK:
		return "invalid netmask"
	case IPSET_ERR_INVALID_FAMILY:
		return "invalid family"
	case IPSET_ERR_TIMEOUT:
		return "timeout"
	case IPSET_ERR_REFERENCED:
		return "referenced"
	case IPSET_ERR_IPADDR_IPV4:
		return "invalid ipv4 address"
	case IPSET_ERR_IPADDR_IPV6:
		return "invalid ipv6 address"
	case IPSET_ERR_COUNTER:
		return "invalid counter"
	case IPSET_ERR_COMMENT:
		return "invalid comment"
	case IPSET_ERR_INVALID_MARKMASK:
		return "invalid markmask"
	case IPSET_ERR_SKBINFO:
		return "skbinfo"
	default:
		return "errno " + strconv.Itoa(int(e))
	}
}

func GetIpsetFlags(cmd int) int {
	switch cmd {
	case IPSET_CMD_CREATE:
		return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_CREATE
	case IPSET_CMD_DESTROY,
		IPSET_CMD_FLUSH,
		IPSET_CMD_RENAME,
		IPSET_CMD_SWAP,
		IPSET_CMD_TEST:
		return unix.NLM_F_REQUEST | unix.NLM_F_ACK
	case IPSET_CMD_LIST,
		IPSET_CMD_SAVE:
		return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_ROOT | unix.NLM_F_MATCH | unix.NLM_F_DUMP
	case IPSET_CMD_ADD,
		IPSET_CMD_DEL:
		return unix.NLM_F_REQUEST | unix.NLM_F_ACK
	case IPSET_CMD_HEADER,
		IPSET_CMD_TYPE,
		IPSET_CMD_PROTOCOL:
		return unix.NLM_F_REQUEST
	default:
		return 0
	}
}