nettools

package
v0.2.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 27, 2019 License: Apache-2.0 Imports: 20 Imported by: 10

Documentation

Overview

Package nettools includes a set of helpers that operate on raw system commands related to networking. This currently includes iptables, 'ip route', conntrack and loading IP and interface info

Index

Constants

View Source 
const (

	// AwkIptablesSaveMagicFilter defines awk program that filters the content of a
	// single chain in a table from iptables-save command output
	AwkIptablesSaveMagicFilter = "awk -v table=%s -v chain=%s " +
		`'$0 ~ "^*"table"$" {in_table=1};$1 ~ "^COMMIT$" {in_table=0};in_table == 1 && $2 ~ "^"chain"$" {print $0}'`
)
View Source 
const (
	// IPSetListWithAwk is a string to execute an ipset list command and filter out results with awk
	IPSetListWithAwk = "ipset list %s | awk " + `'$0 ~ "^Members:$" {found=1; ln=NR}; NR>ln && found == 1 {print $1}'`
)
View Source 
const RTTablesFilename = "/etc/iproute2/rt_tables"

RTTablesFilename contains path to the file with ID to routing tables IDs mapping in Linux

Variables

This section is empty.

Functions

func MustExistNamedRoutingTable 

func MustExistNamedRoutingTable(tableName string, ioOp SimpleFileOperator) (bool, error)

MustExistNamedRoutingTable gets a routing table name as string tableName and creates a 32 int ID for that routing table. The pair [ID, tableName] is then written to the /etc/iproute2/rt_tables file to make it possible to reference by name the routing table tableName in "ip rule" command. It returns true if an entry was added to the file, false otherwise or when error.

func OffsetAddr 

func OffsetAddr(n net.IPNet, offset int32) (net.IP, error)

OffsetAddr returns new net.IP address that is an offset of the subnet address of n. If the offset is positive, the result is the subnet address of IP in n plus the offset. If the offset is negative, the result is the broadcast address of IP in n minus the offset. Offset equal 0 returns the subnet address of IP in n.

Types

type ConntrackHelper 

type ConntrackHelper interface {
	RemoveEntriesDNATingToIP(ip net.IP) (time.Duration, error)
}

ConntrackHelper provides operations backed up by the system "conntrack" command

RemoveEntriesDNATingToIP removes all entries in the conntrack table, that describe connections running with DNAT and having destination IP equal to ip. If returned error is nil, then time.Duration returned type is used to let the caller know how long it took to execute the command.

func NewExecConntrackHelper 

func NewExecConntrackHelper(executor command.Executor) ConntrackHelper

NewExecConntrackHelper creates new ConntrackHelper implemented by executing linux `conntrack` command

type IPRouteEntry 

type IPRouteEntry struct {
	TableName, TargetPrefix, Mode, Gateway, Options string
}

IPRouteEntry represents one routing information entry in a configured route table

func (IPRouteEntry) String 

func (e IPRouteEntry) String() string

type IPRouteHelper 

type IPRouteHelper interface {
	InitializeRoutingTablesPerInterface(ifaces []Interface) (time.Duration, error)
	EnsureOnlyOneIPRuleExistsForSourceIP(rule IPRule) ([]IPRule, time.Duration, error)
	RemoveIPRuleForSourceIP(rule IPRule) (time.Duration, error)
	RemoveAllIPRulesForAddressesInSubnet(sourceSubnet net.IPNet) ([]IPRule, time.Duration, error)
	RemoveAllIPRulesForAddress(ip net.IP) ([]IPRule, time.Duration, error)
	EnsureOnlyOneIPRuleExistsForFwMark(rule IPRule) ([]IPRule, time.Duration, error)
	EnsureRoutes(entries []IPRouteEntry) (time.Duration, error)
}

IPRouteHelper implements various iproute2 tool related actions.

InitializeRoutingTablesPerInterface creates entries in the '/etc/iproute2/rt_tables' file for each of the interfaces passed in ifaces slice. The name of the created routing table entry will be the same as the name of the interface. Additionally, it creates a routing rule for each of the IP addresses assigned to each of the passed interfaces to use route table created for this specific interface.

EnsureOnlyOneIPRuleExistsForSourceIP adds an "ip rule" entry for the SourceIP included in rule to use the routing table RouteTableName. The routing table must have been created earlier by a call to InitializeRoutingTablesPerInterface(). If there are already other ip rules for the same SourceIP but different RouteTableName than in the rule, the entries are removed, so that the only currently matching rule for SourceIP selects route table RouteTableName.

RemoveIPRuleForSourceIP removes ip rule entry for the SourceIP and RouteTableName specified in rule. If the entry doesn't exist, no error is returned.

RemoveAllIPRulesForAddressesInSubnet removes any rules existing for any source IP within the sourceSubnet. No error is returned if no entries were removed.

RemoveAllIPRulesForAddress removes any rules existing for the specific IP address. No error is returned if no entries were removed.

EnsureOnlyOneIPRuleExistsForFwMark adds an "ip rule" entry for the FwMark included in rule to use the routing table RouteTableName. The routing table must have been created earlier by a call to InitializeRoutingTablesPerInterface(). If there are already other ip rules for the same FwMark but different RouteTableName than in the rule, the entries are removed, so that the only currently matching rule for FwMark selects route table RouteTableName.

EnsureRoute ensures that in the routing table tableName there is a route entry that has the form "targetPrefix" "mode" "gateway" "options", like: "10.10.10.0/24" "via" "10.10.20.1" "" or "10.10.10.0/24" "dev" "eth0" "scope link"

func NewExecIPRouteHelper 

func NewExecIPRouteHelper(executor command.Executor, ioOp SimpleFileOperator) IPRouteHelper

NewExecIPRouteHelper returns new IPRouterHelper implemented using command execution in the operating system.

type IPRule 

type IPRule struct {
	No             int
	FwMark         int
	SourceIP       net.IP
	RouteTableName string
}

IPRule represents a single ip routing rule based on source IP and selecting a named routing table.

func NewIPRuleForFwMark 

func NewIPRuleForFwMark(mark int, tableName string) IPRule

NewIPRuleForFwMark creates a new IPRule with source IP and with default No of 0

func NewIPRuleForSourceIP 

func NewIPRuleForSourceIP(cidrAddress, tableName string) IPRule

NewIPRuleForSourceIP creates a new IPRule with source IP and with default No of 0

func (*IPRule) Copy 

func (r *IPRule) Copy() IPRule

Copy returns a copy of IPRule using new memory.

func (*IPRule) FwMarkHexed 

func (r *IPRule) FwMarkHexed() string

FwMarkHexed returns string representing FWMark in hexadecimal format

func (*IPRule) GrepEscaped 

func (r *IPRule) GrepEscaped() (string, string)

GrepEscaped returns IP address and route table name with "." escaped for use with `grep` command

func (*IPRule) ToString 

func (r *IPRule) ToString() string

ToString return a string representation of the rule, as used in "ip" command

type IPSetHelper 

type IPSetHelper interface {
	EnsureSetExists(name, setType string) error
	DeleteSet(name string) error
	EnsureSetHasOnly(name string, ips []net.IP) error
	GetIPs(name string) ([]net.IP, error)
	EnsureSetHasOnlyNetPort(name string, netports []NetPort) error
	GetNetPorts(name string) ([]NetPort, error)
}

IPSetHelper provides methods to manage ipset sets.

EnsureSetExists creates the named ipset if it doesn't exist.

DeleteSet removes the ipset with name. Returns error if it doesn't exist.

EnsureSetHasOnly makes sure that IP addresses from ips are the only ones present in the set name.

GetIPs returns a slice of IP addresses from set name. Returns error if it doesn't exist.

func NewExecIPSetHelper 

func NewExecIPSetHelper(exec command.Executor) IPSetHelper

NewExecIPSetHelper returns new IPSetHelper based on Linux command `ipset`

type IPTablesHelper 

type IPTablesHelper interface {
	// EnsureChainExists makes sure the chain customChainName exists in table
	EnsureChainExists(table, customChainName string) error
	// EnsureJumpToChainExists makes sure a jump instruction from baseChainName to
	// customChainName exists in table
	EnsureJumpToChainExists(table, customChainName, baseChainName string) error
	// EnsureExistsInsert makes sure the rule exists. It is inserted at the start of
	// the chain, if the exact same rule doesn't exist; nothing happens otherwise.
	EnsureExistsInsert(args IPTablesRuleArgs) error
	// EnsureExistsAppend makes sure the rule exists. It is appended at the end of
	// the chain, if the exact same rule doesn't exist; nothing happens otherwise.
	EnsureExistsAppend(args IPTablesRuleArgs) error
	// EnsureExistsOnlyAppend checks if the exact same rule already exists. If not,
	// the rule is appended to the selected chain. If other rules with exactly the
	// same comment exist, they are removed.
	EnsureExistsOnlyAppend(args IPTablesRuleArgs) error
	// Delete removes the exact same rule. Returns error if it doesn't exist.
	Delete(args IPTablesRuleArgs) error
	// DeleteByComment removes all rules in the specified table and chain that have
	// the same comment.
	DeleteByComment(table, chain, comment string) error
	// FlushChain removes all rules in chain chainName in table tableName. Returns error
	// if the chain doesn't exist.
	FlushChain(tableName, chainName string) error
	// DeleteChain removes the chain chainName in table tableName. Returns error
	// if the chain doesn't exist.
	DeleteChain(tableName, chainName string) error
	// LoadRules loads all rules from the specified table and chain. Returns error
	// if the chain doesn't exist.
	LoadRules(tableName, chainName string) ([]*IPTablesRuleArgs, error)
}

IPTablesHelper provides interface to some operations on system's firewall system using the iptables command

func NewExecIPTablesHelper 

func NewExecIPTablesHelper(exec command.Executor, lockTime time.Duration) IPTablesHelper

NewExecIPTablesHelper returns IPTablesHelper implemented by executing linux iptables command

type IPTablesRuleArgs 

type IPTablesRuleArgs struct {
	Table     string
	ChainName string
	Selector  []string
	Action    []string
	Comment   string
}

IPTablesRuleArgs provides arguments for an iptables rule

func (IPTablesRuleArgs) GetSelectorAndAction 

func (args IPTablesRuleArgs) GetSelectorAndAction() (string, string)

GetSelectorAndAction returns strings that are ready to be used with iptables command for selector and action

type Interface 

type Interface interface {
	GetIndex() int
	Addrs() ([]net.IPNet, error)
	GetName() string
	Copy() Interface
}

Interface provides addresses and name of a single local network interface

Addrs() gets a slice with all addresses assigned to this interface

GetName() returns name of the interfaces, as presented in the operating system

Copy() returns a full deep copy of the Interface object

func FilteredInterfaces 

func FilteredInterfaces(nameRegExp *regexp.Regexp, lister InterfaceLister) ([]Interface, error)

FilteredInterfaces returns interfaces like net.Interfaces(), but only those whose names match the given nameRegExp

type InterfaceLister 

type InterfaceLister interface {
	GetInterfaces() ([]Interface, error)
}

InterfaceLister lists all network interfaces in the Operating System, together with their assigned IP addresses

type InterfaceProvider 

type InterfaceProvider interface {
	etime.Refresher
	Interfaces() ([]Interface, error)
	IsLocalIP(ip net.IP) bool
	GetInterfaceForLocalIP(ip net.IP) (Interface, error)
}

InterfaceProvider delivers information about local interfaces and assigned IP addresses. It also periodically refreshes this information in the background to stay in sync with changes in the Operating System.

Interfaces() lists all discovered networking interfaces

IsLocalIP() checks if the ip passed as parameter is assigned to any discovered interface

GetInterfaceForLocalIP() returns Interface which has ip assigned. If no such interface is found, error must be set.

func NewChanInterfaceProvider 

func NewChanInterfaceProvider(updateChan chan time.Time, lister InterfaceLister,
	managedInterfacesRegexp string, autoRefresh bool) (InterfaceProvider, error)

NewChanInterfaceProvider creates a new InterfaceProvider that delivers information about local interfaces matching specific Regexp and with optional auto-refresh and refreshes this information every time a message is received on the update chan

func NewInterfaceProvider 

func NewInterfaceProvider(lister InterfaceLister, managedInterfacesRegexp string,
	autoRefresh bool, autoRefreshPeriod time.Duration) (InterfaceProvider, error)

NewInterfaceProvider creates a new InterfaceProvider that delivers information about local interfaces matching specific Regexp and with optional auto-refresh

func NewNetInterfaceProvider 

func NewNetInterfaceProvider(managedInterfacesRegexp string,
	autoRefresh bool, autoRefreshPeriod time.Duration) (InterfaceProvider, error)

NewNetInterfaceProvider creates a new InterfaceProvider that delivers information about local interfaces in the real Operating System using golang's net standard package

type NetPort added in v0.2.0 

type NetPort struct {
	Net      net.IPNet
	Protocol Protocol
	Port     uint16
}

NetPort allows to store net.IPNet and a port number with protocol for ipsets based on that data.

func (NetPort) Equal added in v0.2.0 

func (np NetPort) Equal(np2 NetPort) bool

Equal returns true only if the NetPort has exactly the same values as the parameter NetPort.

func (NetPort) String added in v0.2.0 

func (np NetPort) String() string

String returns a format accepted by ipset, ie. 10.0.0.0/8,tcp:80

type Protocol added in v0.2.0 

type Protocol string

Protocol is the type to provide different protocol names constants. 

const (
	// Unknown is the Protocol returned for unknown protocols
	Unknown Protocol = "unknown"
	// TCP is the name of the tcp protocol, as used in go's net library
	TCP Protocol = "tcp"
	// UDP is the name of the udp protocol, as used in go's net library
	UDP Protocol = "udp"
)

func ParseProtocol added in v0.2.0 

func ParseProtocol(proto string) (Protocol, error)

ParseProtocol parses string and returns no error and a known Protocol. If the protocol name is unknown, returns Unknown and error.

type SimpleFileOperator 

type SimpleFileOperator interface {
	ReadFile(fileName string) ([]byte, error)
	AppendToFile(fileName, textToAppend string) error
}

SimpleFileOperator provides simple subset of typical text file IO operations

ReadFile reads the contents of a whole file and returns it as []byte

AppendToFile tries to appens string textToAppend at the end of file named fileName

func NewIOSimpleFileOperator 

func NewIOSimpleFileOperator() SimpleFileOperator

NewIOSimpleFileOperator returns new instance of SimpleFileOperator implemented with real IO operations from ioutil package

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.