ipset_linux.go

Documentation: github.com/vishvananda/netlink/nl

     1  package nl
     2  
     3  import (
     4  	"strconv"
     5  
     6  	"golang.org/x/sys/unix"
     7  )
     8  
     9  const (
    10  	/* The protocol version */
    11  	IPSET_PROTOCOL = 6
    12  
    13  	/* The max length of strings including NUL: set and type identifiers */
    14  	IPSET_MAXNAMELEN = 32
    15  
    16  	/* The maximum permissible comment length we will accept over netlink */
    17  	IPSET_MAX_COMMENT_SIZE = 255
    18  )
    19  
    20  const (
    21  	_                  = iota
    22  	IPSET_CMD_PROTOCOL /* 1: Return protocol version */
    23  	IPSET_CMD_CREATE   /* 2: Create a new (empty) set */
    24  	IPSET_CMD_DESTROY  /* 3: Destroy a (empty) set */
    25  	IPSET_CMD_FLUSH    /* 4: Remove all elements from a set */
    26  	IPSET_CMD_RENAME   /* 5: Rename a set */
    27  	IPSET_CMD_SWAP     /* 6: Swap two sets */
    28  	IPSET_CMD_LIST     /* 7: List sets */
    29  	IPSET_CMD_SAVE     /* 8: Save sets */
    30  	IPSET_CMD_ADD      /* 9: Add an element to a set */
    31  	IPSET_CMD_DEL      /* 10: Delete an element from a set */
    32  	IPSET_CMD_TEST     /* 11: Test an element in a set */
    33  	IPSET_CMD_HEADER   /* 12: Get set header data only */
    34  	IPSET_CMD_TYPE     /* 13: Get set type */
    35  )
    36  
    37  /* Attributes at command level */
    38  const (
    39  	_                       = iota
    40  	IPSET_ATTR_PROTOCOL     /* 1: Protocol version */
    41  	IPSET_ATTR_SETNAME      /* 2: Name of the set */
    42  	IPSET_ATTR_TYPENAME     /* 3: Typename */
    43  	IPSET_ATTR_REVISION     /* 4: Settype revision */
    44  	IPSET_ATTR_FAMILY       /* 5: Settype family */
    45  	IPSET_ATTR_FLAGS        /* 6: Flags at command level */
    46  	IPSET_ATTR_DATA         /* 7: Nested attributes */
    47  	IPSET_ATTR_ADT          /* 8: Multiple data containers */
    48  	IPSET_ATTR_LINENO       /* 9: Restore lineno */
    49  	IPSET_ATTR_PROTOCOL_MIN /* 10: Minimal supported version number */
    50  
    51  	IPSET_ATTR_SETNAME2     = IPSET_ATTR_TYPENAME     /* Setname at rename/swap */
    52  	IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN /* type rev min */
    53  )
    54  
    55  /* CADT specific attributes */
    56  const (
    57  	IPSET_ATTR_IP          = 1
    58  	IPSET_ATTR_IP_FROM     = 1
    59  	IPSET_ATTR_IP_TO       = 2
    60  	IPSET_ATTR_CIDR        = 3
    61  	IPSET_ATTR_PORT        = 4
    62  	IPSET_ATTR_PORT_FROM   = 4
    63  	IPSET_ATTR_PORT_TO     = 5
    64  	IPSET_ATTR_TIMEOUT     = 6
    65  	IPSET_ATTR_PROTO       = 7
    66  	IPSET_ATTR_CADT_FLAGS  = 8
    67  	IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO /* 9 */
    68  	IPSET_ATTR_MARK        = 10
    69  	IPSET_ATTR_MARKMASK    = 11
    70  
    71  	/* Reserve empty slots */
    72  	IPSET_ATTR_CADT_MAX = 16
    73  
    74  	/* Create-only specific attributes */
    75  	IPSET_ATTR_GC = 3 + iota
    76  	IPSET_ATTR_HASHSIZE
    77  	IPSET_ATTR_MAXELEM
    78  	IPSET_ATTR_NETMASK
    79  	IPSET_ATTR_PROBES
    80  	IPSET_ATTR_RESIZE
    81  	IPSET_ATTR_SIZE
    82  
    83  	/* Kernel-only */
    84  	IPSET_ATTR_ELEMENTS
    85  	IPSET_ATTR_REFERENCES
    86  	IPSET_ATTR_MEMSIZE
    87  
    88  	SET_ATTR_CREATE_MAX
    89  )
    90  
    91  const (
    92  	IPSET_ATTR_IPADDR_IPV4 = 1
    93  	IPSET_ATTR_IPADDR_IPV6 = 2
    94  )
    95  
    96  /* ADT specific attributes */
    97  const (
    98  	IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + iota + 1
    99  	IPSET_ATTR_NAME
   100  	IPSET_ATTR_NAMEREF
   101  	IPSET_ATTR_IP2
   102  	IPSET_ATTR_CIDR2
   103  	IPSET_ATTR_IP2_TO
   104  	IPSET_ATTR_IFACE
   105  	IPSET_ATTR_BYTES
   106  	IPSET_ATTR_PACKETS
   107  	IPSET_ATTR_COMMENT
   108  	IPSET_ATTR_SKBMARK
   109  	IPSET_ATTR_SKBPRIO
   110  	IPSET_ATTR_SKBQUEUE
   111  )
   112  
   113  /* Flags at CADT attribute level, upper half of cmdattrs */
   114  const (
   115  	IPSET_FLAG_BIT_BEFORE        = 0
   116  	IPSET_FLAG_BEFORE            = (1 << IPSET_FLAG_BIT_BEFORE)
   117  	IPSET_FLAG_BIT_PHYSDEV       = 1
   118  	IPSET_FLAG_PHYSDEV           = (1 << IPSET_FLAG_BIT_PHYSDEV)
   119  	IPSET_FLAG_BIT_NOMATCH       = 2
   120  	IPSET_FLAG_NOMATCH           = (1 << IPSET_FLAG_BIT_NOMATCH)
   121  	IPSET_FLAG_BIT_WITH_COUNTERS = 3
   122  	IPSET_FLAG_WITH_COUNTERS     = (1 << IPSET_FLAG_BIT_WITH_COUNTERS)
   123  	IPSET_FLAG_BIT_WITH_COMMENT  = 4
   124  	IPSET_FLAG_WITH_COMMENT      = (1 << IPSET_FLAG_BIT_WITH_COMMENT)
   125  	IPSET_FLAG_BIT_WITH_FORCEADD = 5
   126  	IPSET_FLAG_WITH_FORCEADD     = (1 << IPSET_FLAG_BIT_WITH_FORCEADD)
   127  	IPSET_FLAG_BIT_WITH_SKBINFO  = 6
   128  	IPSET_FLAG_WITH_SKBINFO      = (1 << IPSET_FLAG_BIT_WITH_SKBINFO)
   129  	IPSET_FLAG_CADT_MAX          = 15
   130  )
   131  
   132  const (
   133  	IPSET_ERR_PRIVATE = 4096 + iota
   134  	IPSET_ERR_PROTOCOL
   135  	IPSET_ERR_FIND_TYPE
   136  	IPSET_ERR_MAX_SETS
   137  	IPSET_ERR_BUSY
   138  	IPSET_ERR_EXIST_SETNAME2
   139  	IPSET_ERR_TYPE_MISMATCH
   140  	IPSET_ERR_EXIST
   141  	IPSET_ERR_INVALID_CIDR
   142  	IPSET_ERR_INVALID_NETMASK
   143  	IPSET_ERR_INVALID_FAMILY
   144  	IPSET_ERR_TIMEOUT
   145  	IPSET_ERR_REFERENCED
   146  	IPSET_ERR_IPADDR_IPV4
   147  	IPSET_ERR_IPADDR_IPV6
   148  	IPSET_ERR_COUNTER
   149  	IPSET_ERR_COMMENT
   150  	IPSET_ERR_INVALID_MARKMASK
   151  	IPSET_ERR_SKBINFO
   152  
   153  	/* Type specific error codes */
   154  	IPSET_ERR_TYPE_SPECIFIC = 4352
   155  )
   156  
   157  type IPSetError uintptr
   158  
   159  func (e IPSetError) Error() string {
   160  	switch int(e) {
   161  	case IPSET_ERR_PRIVATE:
   162  		return "private"
   163  	case IPSET_ERR_PROTOCOL:
   164  		return "invalid protocol"
   165  	case IPSET_ERR_FIND_TYPE:
   166  		return "invalid type"
   167  	case IPSET_ERR_MAX_SETS:
   168  		return "max sets reached"
   169  	case IPSET_ERR_BUSY:
   170  		return "busy"
   171  	case IPSET_ERR_EXIST_SETNAME2:
   172  		return "exist_setname2"
   173  	case IPSET_ERR_TYPE_MISMATCH:
   174  		return "type mismatch"
   175  	case IPSET_ERR_EXIST:
   176  		return "exist"
   177  	case IPSET_ERR_INVALID_CIDR:
   178  		return "invalid cidr"
   179  	case IPSET_ERR_INVALID_NETMASK:
   180  		return "invalid netmask"
   181  	case IPSET_ERR_INVALID_FAMILY:
   182  		return "invalid family"
   183  	case IPSET_ERR_TIMEOUT:
   184  		return "timeout"
   185  	case IPSET_ERR_REFERENCED:
   186  		return "referenced"
   187  	case IPSET_ERR_IPADDR_IPV4:
   188  		return "invalid ipv4 address"
   189  	case IPSET_ERR_IPADDR_IPV6:
   190  		return "invalid ipv6 address"
   191  	case IPSET_ERR_COUNTER:
   192  		return "invalid counter"
   193  	case IPSET_ERR_COMMENT:
   194  		return "invalid comment"
   195  	case IPSET_ERR_INVALID_MARKMASK:
   196  		return "invalid markmask"
   197  	case IPSET_ERR_SKBINFO:
   198  		return "skbinfo"
   199  	default:
   200  		return "errno " + strconv.Itoa(int(e))
   201  	}
   202  }
   203  
   204  func GetIpsetFlags(cmd int) int {
   205  	switch cmd {
   206  	case IPSET_CMD_CREATE:
   207  		return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_CREATE
   208  	case IPSET_CMD_DESTROY,
   209  		IPSET_CMD_FLUSH,
   210  		IPSET_CMD_RENAME,
   211  		IPSET_CMD_SWAP,
   212  		IPSET_CMD_TEST:
   213  		return unix.NLM_F_REQUEST | unix.NLM_F_ACK
   214  	case IPSET_CMD_LIST,
   215  		IPSET_CMD_SAVE:
   216  		return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_ROOT | unix.NLM_F_MATCH | unix.NLM_F_DUMP
   217  	case IPSET_CMD_ADD,
   218  		IPSET_CMD_DEL:
   219  		return unix.NLM_F_REQUEST | unix.NLM_F_ACK
   220  	case IPSET_CMD_HEADER,
   221  		IPSET_CMD_TYPE,
   222  		IPSET_CMD_PROTOCOL:
   223  		return unix.NLM_F_REQUEST
   224  	default:
   225  		return 0
   226  	}
   227  }
   228
View as plain text