ipsets

package
v0.0.0-...-501ccff Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 25, 2023 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// ProtocolFamilyIPv4 represents IPv4 protocol.
	ProtocolFamilyIPv4 = "inet"
	// ProtocolFamilyIPv6 represents IPv6 protocol.
	ProtocolFamilyIPv6 = "inet6"
)
View Source 
const (
	// ProtocolTCP represents TCP protocol.
	ProtocolTCP = "tcp"
	// ProtocolUDP represents UDP protocol.
	ProtocolUDP = "udp"
	// ProtocolSCTP represents SCTP protocol.
	ProtocolSCTP = "sctp"
)
View Source 
const DefaultPortRange string = "0-65535"

DefaultPortRange defines the default bitmap:port valid port range.

View Source 
const IPSetCmd = "ipset"

IPSetCmd represents the ipset util. We use ipset command for ipset execute.

Variables

View Source 
var EntryMemberPattern = "(?m)^(.*\n)*Members:\n"

EntryMemberPattern is the regular expression pattern of ipset member list. The raw output of ipset command `ipset list {set}` is similar to, Name: foobar Type: hash:ip,port Revision: 2 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16592 References: 0 Members: 192.168.1.2,tcp:8080 192.168.1.1,udp:53

View Source 
var ValidIPSetTypes = []SetType{
	HashIPPort,
	HashIPPortIP,
	BitmapPort,
	HashIPPortNet,
}

ValidIPSetTypes defines the supported ip set type.

View Source 
var VersionPattern = "v[0-9]+\\.[0-9]+"

VersionPattern is the regular expression pattern of ipset version string. ipset version output is similar to "v6.10".

Functions

This section is empty.

Types

type Entry 

type Entry struct {
	// IP is the entry's IP.  The IP address protocol corresponds to the HashFamily of Set.
	// All entries' IP addresses in the same ip set has same the protocol, IPv4 or IPv6.
	IP string
	// Port is the entry's Port.
	Port int
	// Protocol is the entry's Protocol.  The protocols of entries in the same ip set are all
	// the same.  The accepted protocols are TCP, UDP and SCTP.
	Protocol localv1.Protocol
	// Net is the entry's IP network address.  Network address with zero prefix size can NOT
	// be stored.
	Net string
	// IP2 is the entry's second IP.  IP2 may not be empty for `hash:ip,port,ip` type ip set.
	IP2 string
	// SetType is the type of ipset where the entry exists.
	SetType SetType
	// contains filtered or unexported fields
}

Entry represents an ipset entry.

func (*Entry) String 

func (e *Entry) String() string

String returns the string format for ipset entry.

func (*Entry) Validate 

func (e *Entry) Validate(set *Set) bool

Validate checks if a given ipset entry is valid or not. The set parameter is the ipset that entry belongs to.

type IPSet 

type IPSet struct {
	// Name is the set name.
	Name string
	// SetType specifies the ipset type.
	SetType SetType
	// HashFamily specifies the protocol family of the IP addresses to be stored in the set.
	// The default is inet, i.e IPv4.  If users want to use IPv6, they should specify inet6.
	HashFamily ProtocolFamily
	// HashSize specifies the hash table size of ipset.
	HashSize int
	// MaxElem specifies the max element number of ipset.
	MaxElem int
	// PortRange specifies the port range of bitmap:port type ipset.
	PortRange string
	// comment message for ipset
	Comment string
}

IPSet implements an Interface to a set.

func (*IPSet) Validate 

func (set *IPSet) Validate() bool

Validate checks if a given ipset is valid or not.

type Interface 

type Interface interface {
	// FlushSet deletes all entries from a named set.
	FlushSet(set string) error
	// DestroySet deletes a named set.
	DestroySet(set string) error
	// DestroyAllSets deletes all sets.
	DestroyAllSets() error
	// CreateSet creates a new set.  It will ignore error when the set already exists if ignoreExistErr=true.
	CreateSet(set *IPSet, ignoreExistErr bool) error
	// AddEntry adds a new entry to the named set.  It will ignore error when the entry already exists if ignoreExistErr=true.
	AddEntry(entry string, set *IPSet, ignoreExistErr bool) error
	// DelEntry deletes one entry from the named set
	DelEntry(entry string, set string) error
	// Test test if an entry exists in the named set
	TestEntry(entry string, set string) (bool, error)
	// ListEntries lists all the entries from a named set
	ListEntries(set string) ([]string, error)
	// ListSets list all set names from kernel
	ListSets() ([]string, error)
	// GetVersion returns the "X.Y" version string for ipset.
	GetVersion() (string, error)
}

Interface is an injectable interface for running ipset commands. Implementations must be goroutine-safe.

func New 

func New(exec exec.Interface) Interface

New returns a new Interface which will exec ipset.

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager acts as a proxy between backend and IPSET operations, leverages diffstore to maintain state, executes only the changes when triggered by backend.

func NewManager 

func NewManager() *Manager

func (*Manager) AddEntry 

func (m *Manager) AddEntry(entry *Entry, set *Set)

AddEntry instead of directly adding entry to ipset, adds it to entry diffstore, actions will be taken only in case of create and delete.

func (*Manager) Apply 

func (m *Manager) Apply()

Apply has side effects. Apply should be called after processing fullstate callback, done will iterate over changes from all the diffstores and create, update and delete required objects accordingly.

func (*Manager) CreateSet 

func (m *Manager) CreateSet(name string, setType SetType, protocolFamily ProtocolFamily, comment string) (*Set, error)

CreateSet doesn't use diffstore, straightaway creates the set and add it to ipsetMap.

func (*Manager) Done 

func (m *Manager) Done()

Done calls Done on all diffstores for computing diffs.

func (*Manager) GetSetByName 

func (m *Manager) GetSetByName(setName string) *Set

GetSetByName returns all sets by set name.

func (*Manager) Reset 

func (m *Manager) Reset()

func (*Manager) Setup 

func (m *Manager) Setup() error

type Protocol 

type Protocol string

func (Protocol) String 

func (p Protocol) String() string

type ProtocolFamily 

type ProtocolFamily string

func (ProtocolFamily) String 

func (p ProtocolFamily) String() string

type Set 

type Set struct {
	IPSet
	// contains filtered or unexported fields
}

func (*Set) GetComment 

func (set *Set) GetComment() string

func (*Set) GetName 

func (set *Set) GetName() string

type SetType 

type SetType string

SetType represents the ipset type 

const (
	// HashIPPort represents the `hash:ip,port` type ipset.  The hash:ip,port is similar to hash:ip but
	// you can store IP address and protocol-port pairs in it.  TCP, SCTP, UDP, UDPLITE, ICMP and ICMPv6 are supported
	// with port numbers/ICMP(v6) types and other protocol numbers without port information.
	HashIPPort SetType = "hash:ip,port"
	// HashIPPortIP represents the `hash:ip,port,ip` type ipset.  The hash:ip,port,ip set type uses a hash to store
	// IP address, port number and a second IP address triples.  The port number is interpreted together with a
	// protocol (default TCP) and zero protocol number cannot be used.
	HashIPPortIP SetType = "hash:ip,port,ip"
	// HashIPPortNet represents the `hash:ip,port,net` type ipset.  The hash:ip,port,net set type uses a hash to store IP address, port number and IP network address triples.  The port
	// number is interpreted together with a protocol (default TCP) and zero protocol number cannot be used.   Network address
	// with zero prefix size cannot be stored either.
	HashIPPortNet SetType = "hash:ip,port,net"
	// BitmapPort represents the `bitmap:port` type ipset.  The bitmap:port set type uses a memory range, where each bit
	// represents one TCP/UDP port.  A bitmap:port type of set can store up to 65535 ports.
	BitmapPort SetType = "bitmap:port"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.