Documentation
¶
Index ¶
- Constants
- Variables
- func GetDefaultIPv4(iface *Interface) (net.IP, net.IPMask)
- func LookupDefaultIfaceName(ifaces []Interface) string
- func RouteProtocolToString(protocol int) string
- func RouteScopeToString(scope Scope) string
- func RouteTypeToString(routeType int) string
- type AcceptTarget
- type Addr
- type AddrType
- type CallTarget
- type Comment
- type ConnStat
- type Conntrack
- type DNATTarget
- type DropTarget
- type ErrIptablesUnsupported
- type ExtensionTarget
- type GotoTarget
- type Handle
- type IP
- type IPSet
- type IPSetManager
- type IPTableDropError
- type IPTables
- type IPTablesRuleError
- type IPVS
- type IPVSService
- type Interface
- type Mark
- type MarkTarget
- type MasqueradeTarget
- type Matcher
- type MultiPort
- type NFHook
- type Neigh
- type NeighResult
- type Neighbour
- type NetNS
- type NetNSInfo
- type Netfilter
- type NoTrackTarget
- type NopTarget
- type Physdev
- type RPFilter
- type RealServer
- type RejectTarget
- type ReturnTarget
- type Route
- type Router
- type Rule
- type SNATTarget
- type Scope
- type Set
- type SimulateNetfilter
- type SimulateNetfilterContext
- type SimulateRouter
- func (r *SimulateRouter) DefaultRoute(table int) *Route
- func (r *SimulateRouter) Route(packet *model.Packet, iif, oif string) (*Route, error)
- func (r *SimulateRouter) RouteSrc(packet *model.Packet, iif, oif string) (string, *Route, error)
- func (r *SimulateRouter) TableRoute(table int, packet *model.Packet) (*Route, error)
- type SockStat
- type Socket
- type Statistic
- type TCP
- type TPProxyTarget
- type Target
- type Trace
- type UDP
- type Verdict
- type XTablesVerdict
Constants ¶
View Source
const ( RtnUnspec = 0x0 RtnUnicast = 0x1 RtnLocal = 0x2 RtnBroadcast = 0x3 RtnAnycast = 0x4 RtnMulticast = 0x5 RtnBlackhole = 0x6 RtnUnreachable = 0x7 RtnProhibit = 0x8 RtnThrow = 0x9 RtnNat = 0xa RtnXresolve = 0xb )
View Source
const ( LinkUP = iota + 1 LinkDown LinkUnknown )
View Source
const ( LinkDriverVeth = "veth" LinkDriverIPIP = "ipip" )
View Source
const ( NudNone = 0x00 NudIncomplete = 0x01 NudReachable = 0x02 NudStale = 0x04 NudDelay = 0x08 NudProbe = 0x10 NudFailed = 0x20 NudNoarp = 0x40 NudPermanent = 0x80 )
Neighbor Cache Entry States.
View Source
const ( NFHookPreRouting = iota NFHookInput NFHookForward NFHookOutput NFHookPostRouting VerdictAccept Verdict = 0 VerdictDrop Verdict = 1 )
View Source
const ( ContextIPSetKey contextKey = "ipset" ContextRouterKey contextKey = "router" )
View Source
const ( FamilyAll = unix.AF_UNSPEC FamilyV4 = unix.AF_INET FamilyV6 = unix.AF_INET6 RtTableLocal = 0xff RtTableDefault = 0xfd RtTableMain = 0xfe ScopeUniverse Scope = 0x0 ScopeSite Scope = 0xc8 ScopeLink Scope = 0xfd ScopeHost Scope = 0xfe ScopeNowhere Scope = 0xff RTProtBIRD = 0xc RTProtBoot = 0x3 RTProtKernel = 0x2 RTProtOSPF = 0xbc RTProtRA = 0x9 RTProtRedirect = 0x1 RTProtRIP = 0xbd RTProtStatic = 0x4 )
View Source
const ( SockStatListen = iota SockStatEstablish SockStatUnknown )
Variables ¶
View Source
var ActionTypes = map[string]reflect.Type{ "DNAT": reflect.TypeOf(DNATTarget{}), "SNAT": reflect.TypeOf(SNATTarget{}), "MASQUERADE": reflect.TypeOf(MasqueradeTarget{}), "MARK": reflect.TypeOf(MarkTarget{}), "ACCEPT": reflect.TypeOf(AcceptTarget{}), "DROP": reflect.TypeOf(DropTarget{}), "RETURN": reflect.TypeOf(ReturnTarget{}), "REJECT": reflect.TypeOf(RejectTarget{}), "NOTRACK": reflect.TypeOf(NoTrackTarget{}), "TPROXY": reflect.TypeOf(TPProxyTarget{}), }
View Source
var ErrIPTablesUnsupported = errors.New("cannot process iptables")
View Source
var ErrNoRouteToHost = errors.New("no route to host")
View Source
var ModuleTypes = map[string]reflect.Type{ "tcp": reflect.TypeOf(TCP{}), "udp": reflect.TypeOf(UDP{}), "match": reflect.TypeOf(IP{}), "set": reflect.TypeOf(Set{}), "comment": reflect.TypeOf(Comment{}), "multiport": reflect.TypeOf(MultiPort{}), "mark": reflect.TypeOf(Mark{}), "statistic": reflect.TypeOf(Statistic{}), "conntrack": reflect.TypeOf(Conntrack{}), "addrtype": reflect.TypeOf(AddrType{}), "rpfilter": reflect.TypeOf(RPFilter{}), }
Functions ¶
func LookupDefaultIfaceName ¶
func RouteProtocolToString ¶
func RouteScopeToString ¶
func RouteTypeToString ¶
Types ¶
type AcceptTarget ¶
type AcceptTarget struct{}
type CallTarget ¶
type CallTarget struct {
Chain string
}
type DNATTarget ¶
type DNATTarget struct {
ToDestination string `ipt:"--to-destination"`
Random bool `ipt:"--random"`
Persistent bool `ipt:"--persistent"`
}
func (*DNATTarget) Do ¶
func (t *DNATTarget) Do(_ context.Context, _ *model.Packet, _, _ string) (XTablesVerdict, error)
type DropTarget ¶
type DropTarget struct{}
type ErrIptablesUnsupported ¶
type ErrIptablesUnsupported struct {
Message string
}
func (ErrIptablesUnsupported) Error ¶
func (u ErrIptablesUnsupported) Error() string
type ExtensionTarget ¶
type GotoTarget ¶
type GotoTarget struct {
Chain string
}
type IPSet ¶
type IPSet struct {
Name string `json:"n"`
Type string `json:"t"`
Members map[string]string `json:"m"`
}
func ParseIPSet ¶
type IPSetManager ¶
type IPSetManager struct {
// contains filtered or unexported fields
}
func NewIPSetManager ¶
func NewIPSetManager(ipsets []*IPSet) (*IPSetManager, error)
func (*IPSetManager) GetIPSet ¶
func (m *IPSetManager) GetIPSet(name string) *IPSet
type IPTableDropError ¶
type IPTableDropError struct {
Trace Trace
}
func (*IPTableDropError) Error ¶
func (e *IPTableDropError) Error() string
type IPTables ¶
type IPTables interface {
TracePacket(ctx context.Context, hook NFHook, table string, packet *model.Packet, iif, oif string) (Verdict, Trace, error)
Empty() error
DefaultAccept() error
}
func ParseIPTables ¶
type IPTablesRuleError ¶
func (*IPTablesRuleError) Error ¶
func (e *IPTablesRuleError) Error() string
type IPVS ¶
type IPVS struct {
// contains filtered or unexported fields
}
func NewIPVS ¶
func NewIPVS(services map[string]*IPVSService) *IPVS
func (*IPVS) GetService ¶
type IPVSService ¶
type IPVSService struct {
Protocol model.Protocol `json:"pro"`
IP string `json:"ip"`
Port uint16 `json:"p"`
Scheduler string `json:"s"`
RS []RealServer `json:"r"`
}
func (*IPVSService) Service ¶
func (s *IPVSService) Service() string
type Interface ¶
type Interface struct {
Name string `json:"n"`
Index int `json:"i"`
MTU int `json:"m"`
Driver string `json:"d"`
Addrs []Addr `json:"a"`
State int `json:"st"`
DevSysctls map[string]string `json:"s"`
NeighInfo []Neigh `json:"ne"`
FdbInfo []Neigh `json:"f"`
PeerIndex int `json:"p"`
MasterIndex int `json:"mi"`
}
type MarkTarget ¶
type MarkTarget struct {
}
func (*MarkTarget) Do ¶
func (t *MarkTarget) Do(_ context.Context, _ *model.Packet, _, _ string) (XTablesVerdict, error)
type MasqueradeTarget ¶
type MasqueradeTarget struct{}
type NeighResult ¶
type NeighResult struct {
State int
LLAddr net.HardwareAddr
// for vxlan usage
DST net.IP
}
type Neighbour ¶
type Neighbour struct {
// contains filtered or unexported fields
}
func (*Neighbour) ProbeNeigh ¶
type NetNSInfo ¶
type NetNSInfo struct {
Netns string `json:"n"`
NetnsID string `json:"i"`
PID uint32 `json:"p"`
Key string `json:"k"`
Interfaces []Interface `json:"if"`
SysctlInfo map[string]string `json:"s"`
RouteInfo []Route `json:"r"`
RuleInfo []Rule `json:"ru"`
IptablesInfo string `json:"it"`
IpsetInfo []*IPSet `json:"is"`
IPVSInfo map[string]*IPVSService `json:"vs"`
ConnStats []ConnStat `json:"c"`
}
NetNSInfo raw data load from collector
type NoTrackTarget ¶
type NoTrackTarget struct {
}
func (*NoTrackTarget) Do ¶
func (t *NoTrackTarget) Do(_ context.Context, _ *model.Packet, _, _ string) (XTablesVerdict, error)
type RealServer ¶
type RejectTarget ¶
type RejectTarget struct{}
type ReturnTarget ¶
type ReturnTarget struct{}
type Route ¶
type Route struct {
Family int `json:"f"`
OifName string `json:"o"`
IifName string `json:"i"`
Scope Scope `json:"sc"`
Dst *net.IPNet `json:"d"`
Src net.IP `json:"s"`
Gw net.IP `json:"g"`
Protocol int `json:"p"`
Priority int `json:"pr"`
Table int `json:"tb"`
Type int `json:"t"`
Tos int `json:"tos"`
Flags int `json:"fl"`
}
type Rule ¶
type Rule struct {
Priority int `json:"p"`
Family int `json:"f"`
Table int `json:"tb"`
Mark int `json:"m"`
Mask int `json:"ma"`
Tos uint `json:"tos"`
TunID uint `json:"ti"`
Goto int `json:"gt"`
Src *net.IPNet `json:"s"`
Dst *net.IPNet `json:"d"`
Flow int `json:"fl"`
IifName string `json:"i"`
OifName string `json:"o"`
}
type SNATTarget ¶
type SNATTarget struct {
ToSource string `ipt:"--to-source"`
Random bool `ipt:"--random"`
RandomFully bool `ipt:"--random-fully"`
Persistent bool `ipt:"--persistent"`
}
func (*SNATTarget) Do ¶
func (s *SNATTarget) Do(_ context.Context, _ *model.Packet, _, _ string) (XTablesVerdict, error)
type SimulateNetfilter ¶
type SimulateNetfilter struct {
// contains filtered or unexported fields
}
func NewSimulateNetfilter ¶
func NewSimulateNetfilter(netfilterContext SimulateNetfilterContext) *SimulateNetfilter
type SimulateNetfilterContext ¶
type SimulateNetfilterContext struct {
IPTables IPTables
IPSet *IPSetManager
Router Router
IPVS *IPVS
}
type SimulateRouter ¶
type SimulateRouter struct {
// contains filtered or unexported fields
}
func NewSimulateRouter ¶
func NewSimulateRouter(rules []Rule, routes []Route, interfaces []Interface) *SimulateRouter
func (*SimulateRouter) DefaultRoute ¶
func (r *SimulateRouter) DefaultRoute(table int) *Route
func (*SimulateRouter) TableRoute ¶
type TPProxyTarget ¶
type TPProxyTarget struct {
}
func (*TPProxyTarget) Do ¶
func (t *TPProxyTarget) Do(_ context.Context, _ *model.Packet, _, _ string) (XTablesVerdict, error)
type XTablesVerdict ¶
type XTablesVerdict uint
const ( XTablesVerdictAccept XTablesVerdict = 0 XTablesVerdictDrop XTablesVerdict = 1 XTablesVerdictReject XTablesVerdict = 2 XTablesVerdictReturn XTablesVerdict = 3 XTablesVerdictContinue XTablesVerdict = 4 )
Source Files
Click to show internal directories.
Click to hide internal directories.