netlink/nl/ipset_linux.go

223 lines
5.8 KiB
Go
Raw Normal View History

2018-09-15 14:33:14 +00:00
package nl
import (
"strconv"
"golang.org/x/sys/unix"
)
const (
/* The protocol version */
IPSET_PROTOCOL = 6
/* The max length of strings including NUL: set and type identifiers */
IPSET_MAXNAMELEN = 32
/* The maximum permissible comment length we will accept over netlink */
IPSET_MAX_COMMENT_SIZE = 255
)
const (
_ = iota
IPSET_CMD_PROTOCOL /* 1: Return protocol version */
IPSET_CMD_CREATE /* 2: Create a new (empty) set */
IPSET_CMD_DESTROY /* 3: Destroy a (empty) set */
IPSET_CMD_FLUSH /* 4: Remove all elements from a set */
IPSET_CMD_RENAME /* 5: Rename a set */
IPSET_CMD_SWAP /* 6: Swap two sets */
IPSET_CMD_LIST /* 7: List sets */
IPSET_CMD_SAVE /* 8: Save sets */
IPSET_CMD_ADD /* 9: Add an element to a set */
IPSET_CMD_DEL /* 10: Delete an element from a set */
IPSET_CMD_TEST /* 11: Test an element in a set */
IPSET_CMD_HEADER /* 12: Get set header data only */
IPSET_CMD_TYPE /* 13: Get set type */
)
/* Attributes at command level */
const (
_ = iota
IPSET_ATTR_PROTOCOL /* 1: Protocol version */
IPSET_ATTR_SETNAME /* 2: Name of the set */
IPSET_ATTR_TYPENAME /* 3: Typename */
IPSET_ATTR_REVISION /* 4: Settype revision */
IPSET_ATTR_FAMILY /* 5: Settype family */
IPSET_ATTR_FLAGS /* 6: Flags at command level */
IPSET_ATTR_DATA /* 7: Nested attributes */
IPSET_ATTR_ADT /* 8: Multiple data containers */
IPSET_ATTR_LINENO /* 9: Restore lineno */
IPSET_ATTR_PROTOCOL_MIN /* 10: Minimal supported version number */
IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME /* Setname at rename/swap */
IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN /* type rev min */
)
/* CADT specific attributes */
const (
IPSET_ATTR_IP = 1
IPSET_ATTR_IP_FROM = 1
IPSET_ATTR_IP_TO = 2
IPSET_ATTR_CIDR = 3
IPSET_ATTR_PORT = 4
IPSET_ATTR_PORT_FROM = 4
IPSET_ATTR_PORT_TO = 5
IPSET_ATTR_TIMEOUT = 6
IPSET_ATTR_PROTO = 7
IPSET_ATTR_CADT_FLAGS = 8
IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO /* 9 */
IPSET_ATTR_MARK = 10
IPSET_ATTR_MARKMASK = 11
/* Reserve empty slots */
IPSET_ATTR_CADT_MAX = 16
/* Create-only specific attributes */
IPSET_ATTR_GC = 3 + iota
IPSET_ATTR_HASHSIZE
IPSET_ATTR_MAXELEM
IPSET_ATTR_NETMASK
IPSET_ATTR_PROBES
IPSET_ATTR_RESIZE
IPSET_ATTR_SIZE
/* Kernel-only */
IPSET_ATTR_ELEMENTS
IPSET_ATTR_REFERENCES
IPSET_ATTR_MEMSIZE
SET_ATTR_CREATE_MAX
)
/* ADT specific attributes */
const (
IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + iota + 1
IPSET_ATTR_NAME
IPSET_ATTR_NAMEREF
IPSET_ATTR_IP2
IPSET_ATTR_CIDR2
IPSET_ATTR_IP2_TO
IPSET_ATTR_IFACE
IPSET_ATTR_BYTES
IPSET_ATTR_PACKETS
IPSET_ATTR_COMMENT
IPSET_ATTR_SKBMARK
IPSET_ATTR_SKBPRIO
IPSET_ATTR_SKBQUEUE
)
/* Flags at CADT attribute level, upper half of cmdattrs */
const (
IPSET_FLAG_BIT_BEFORE = 0
IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE)
IPSET_FLAG_BIT_PHYSDEV = 1
IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV)
IPSET_FLAG_BIT_NOMATCH = 2
IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH)
IPSET_FLAG_BIT_WITH_COUNTERS = 3
IPSET_FLAG_WITH_COUNTERS = (1 << IPSET_FLAG_BIT_WITH_COUNTERS)
IPSET_FLAG_BIT_WITH_COMMENT = 4
IPSET_FLAG_WITH_COMMENT = (1 << IPSET_FLAG_BIT_WITH_COMMENT)
IPSET_FLAG_BIT_WITH_FORCEADD = 5
IPSET_FLAG_WITH_FORCEADD = (1 << IPSET_FLAG_BIT_WITH_FORCEADD)
IPSET_FLAG_BIT_WITH_SKBINFO = 6
IPSET_FLAG_WITH_SKBINFO = (1 << IPSET_FLAG_BIT_WITH_SKBINFO)
IPSET_FLAG_CADT_MAX = 15
)
const (
IPSET_ERR_PRIVATE = 4096 + iota
IPSET_ERR_PROTOCOL
IPSET_ERR_FIND_TYPE
IPSET_ERR_MAX_SETS
IPSET_ERR_BUSY
IPSET_ERR_EXIST_SETNAME2
IPSET_ERR_TYPE_MISMATCH
IPSET_ERR_EXIST
IPSET_ERR_INVALID_CIDR
IPSET_ERR_INVALID_NETMASK
IPSET_ERR_INVALID_FAMILY
IPSET_ERR_TIMEOUT
IPSET_ERR_REFERENCED
IPSET_ERR_IPADDR_IPV4
IPSET_ERR_IPADDR_IPV6
IPSET_ERR_COUNTER
IPSET_ERR_COMMENT
IPSET_ERR_INVALID_MARKMASK
IPSET_ERR_SKBINFO
/* Type specific error codes */
IPSET_ERR_TYPE_SPECIFIC = 4352
)
type IPSetError uintptr
func (e IPSetError) Error() string {
switch int(e) {
case IPSET_ERR_PRIVATE:
return "private"
case IPSET_ERR_PROTOCOL:
return "invalid protocol"
case IPSET_ERR_FIND_TYPE:
return "invalid type"
case IPSET_ERR_MAX_SETS:
return "max sets reached"
case IPSET_ERR_BUSY:
return "busy"
case IPSET_ERR_EXIST_SETNAME2:
return "exist_setname2"
case IPSET_ERR_TYPE_MISMATCH:
return "type mismatch"
case IPSET_ERR_EXIST:
return "exist"
case IPSET_ERR_INVALID_CIDR:
return "invalid cidr"
case IPSET_ERR_INVALID_NETMASK:
return "invalid netmask"
case IPSET_ERR_INVALID_FAMILY:
return "invalid family"
case IPSET_ERR_TIMEOUT:
return "timeout"
case IPSET_ERR_REFERENCED:
return "referenced"
case IPSET_ERR_IPADDR_IPV4:
return "invalid ipv4 address"
case IPSET_ERR_IPADDR_IPV6:
return "invalid ipv6 address"
case IPSET_ERR_COUNTER:
return "invalid counter"
case IPSET_ERR_COMMENT:
return "invalid comment"
case IPSET_ERR_INVALID_MARKMASK:
return "invalid markmask"
case IPSET_ERR_SKBINFO:
return "skbinfo"
default:
return "errno " + strconv.Itoa(int(e))
}
}
func GetIpsetFlags(cmd int) int {
switch cmd {
case IPSET_CMD_CREATE:
return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_CREATE
case IPSET_CMD_DESTROY,
IPSET_CMD_FLUSH,
IPSET_CMD_RENAME,
IPSET_CMD_SWAP,
IPSET_CMD_TEST:
return unix.NLM_F_REQUEST | unix.NLM_F_ACK
case IPSET_CMD_LIST,
IPSET_CMD_SAVE:
return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_ROOT | unix.NLM_F_MATCH | unix.NLM_F_DUMP
case IPSET_CMD_ADD,
IPSET_CMD_DEL:
return unix.NLM_F_REQUEST | unix.NLM_F_ACK
case IPSET_CMD_HEADER,
IPSET_CMD_TYPE,
IPSET_CMD_PROTOCOL:
return unix.NLM_F_REQUEST
default:
return 0
}
}