Documentation
¶
Overview ¶
Package nettools includes a set of helpers that operate on raw system commands related to networking. This currently includes iptables, 'ip route', conntrack and loading IP and interface info
Index ¶
- Constants
- func MustExistNamedRoutingTable(tableName string, ioOp SimpleFileOperator) (bool, error)
- func OffsetAddr(n net.IPNet, offset int32) (net.IP, error)
- type ConntrackHelper
- type IPRouteEntry
- type IPRouteHelper
- type IPRule
- type IPSetHelper
- type IPTablesHelper
- type IPTablesRuleArgs
- type Interface
- type InterfaceLister
- type InterfaceProvider
- func NewChanInterfaceProvider(updateChan chan time.Time, lister InterfaceLister, ...) (InterfaceProvider, error)
- func NewInterfaceProvider(lister InterfaceLister, managedInterfacesRegexp string, autoRefresh bool, ...) (InterfaceProvider, error)
- func NewNetInterfaceProvider(managedInterfacesRegexp string, autoRefresh bool, ...) (InterfaceProvider, error)
- type NetPort
- type Protocol
- type SimpleFileOperator
Constants ¶
const ( // AwkIptablesSaveMagicFilter defines awk program that filters the content of a // single chain in a table from iptables-save command output AwkIptablesSaveMagicFilter = "awk -v table=%s -v chain=%s " + `'$0 ~ "^*"table"$" {in_table=1};$1 ~ "^COMMIT$" {in_table=0};in_table == 1 && $2 ~ "^"chain"$" {print $0}'` )
const (
// IPSetListWithAwk is a string to execute an ipset list command and filter out results with awk
IPSetListWithAwk = "ipset list %s | awk " + `'$0 ~ "^Members:$" {found=1; ln=NR}; NR>ln && found == 1 {print $1}'`
)
const RTTablesFilename = "/etc/iproute2/rt_tables"
RTTablesFilename contains path to the file with ID to routing tables IDs mapping in Linux
Variables ¶
This section is empty.
Functions ¶
func MustExistNamedRoutingTable ¶
func MustExistNamedRoutingTable(tableName string, ioOp SimpleFileOperator) (bool, error)
MustExistNamedRoutingTable gets a routing table name as string tableName and creates a 32 int ID for that routing table. The pair [ID, tableName] is then written to the /etc/iproute2/rt_tables file to make it possible to reference by name the routing table tableName in "ip rule" command. It returns true if an entry was added to the file, false otherwise or when error.
func OffsetAddr ¶
OffsetAddr returns new net.IP address that is an offset of the subnet address of n. If the offset is positive, the result is the subnet address of IP in n plus the offset. If the offset is negative, the result is the broadcast address of IP in n minus the offset. Offset equal 0 returns the subnet address of IP in n.
Types ¶
type ConntrackHelper ¶
ConntrackHelper provides operations backed up by the system "conntrack" command
RemoveEntriesDNATingToIP removes all entries in the conntrack table, that describe connections running with DNAT and having destination IP equal to ip. If returned error is nil, then time.Duration returned type is used to let the caller know how long it took to execute the command.
func NewExecConntrackHelper ¶
func NewExecConntrackHelper(executor command.Executor) ConntrackHelper
NewExecConntrackHelper creates new ConntrackHelper implemented by executing linux `conntrack` command
type IPRouteEntry ¶
type IPRouteEntry struct {
TableName, TargetPrefix, Mode, Gateway, Options string
}
IPRouteEntry represents one routing information entry in a configured route table
func (IPRouteEntry) String ¶
func (e IPRouteEntry) String() string
type IPRouteHelper ¶
type IPRouteHelper interface {
InitializeRoutingTablesPerInterface(ifaces []Interface) (time.Duration, error)
EnsureOnlyOneIPRuleExistsForSourceIP(rule IPRule) ([]IPRule, time.Duration, error)
RemoveIPRuleForSourceIP(rule IPRule) (time.Duration, error)
RemoveAllIPRulesForAddressesInSubnet(sourceSubnet net.IPNet) ([]IPRule, time.Duration, error)
RemoveAllIPRulesForAddress(ip net.IP) ([]IPRule, time.Duration, error)
EnsureOnlyOneIPRuleExistsForFwMark(rule IPRule) ([]IPRule, time.Duration, error)
EnsureRoutes(entries []IPRouteEntry) (time.Duration, error)
}
IPRouteHelper implements various iproute2 tool related actions.
InitializeRoutingTablesPerInterface creates entries in the '/etc/iproute2/rt_tables' file for each of the interfaces passed in ifaces slice. The name of the created routing table entry will be the same as the name of the interface. Additionally, it creates a routing rule for each of the IP addresses assigned to each of the passed interfaces to use route table created for this specific interface.
EnsureOnlyOneIPRuleExistsForSourceIP adds an "ip rule" entry for the SourceIP included in rule to use the routing table RouteTableName. The routing table must have been created earlier by a call to InitializeRoutingTablesPerInterface(). If there are already other ip rules for the same SourceIP but different RouteTableName than in the rule, the entries are removed, so that the only currently matching rule for SourceIP selects route table RouteTableName.
RemoveIPRuleForSourceIP removes ip rule entry for the SourceIP and RouteTableName specified in rule. If the entry doesn't exist, no error is returned.
RemoveAllIPRulesForAddressesInSubnet removes any rules existing for any source IP within the sourceSubnet. No error is returned if no entries were removed.
RemoveAllIPRulesForAddress removes any rules existing for the specific IP address. No error is returned if no entries were removed.
EnsureOnlyOneIPRuleExistsForFwMark adds an "ip rule" entry for the FwMark included in rule to use the routing table RouteTableName. The routing table must have been created earlier by a call to InitializeRoutingTablesPerInterface(). If there are already other ip rules for the same FwMark but different RouteTableName than in the rule, the entries are removed, so that the only currently matching rule for FwMark selects route table RouteTableName.
EnsureRoute ensures that in the routing table tableName there is a route entry that has the form "targetPrefix" "mode" "gateway" "options", like: "10.10.10.0/24" "via" "10.10.20.1" "" or "10.10.10.0/24" "dev" "eth0" "scope link"
func NewExecIPRouteHelper ¶
func NewExecIPRouteHelper(executor command.Executor, ioOp SimpleFileOperator) IPRouteHelper
NewExecIPRouteHelper returns new IPRouterHelper implemented using command execution in the operating system.
type IPRule ¶
IPRule represents a single ip routing rule based on source IP and selecting a named routing table.
func NewIPRuleForFwMark ¶
NewIPRuleForFwMark creates a new IPRule with source IP and with default No of 0
func NewIPRuleForSourceIP ¶
NewIPRuleForSourceIP creates a new IPRule with source IP and with default No of 0
func (*IPRule) FwMarkHexed ¶
FwMarkHexed returns string representing FWMark in hexadecimal format
func (*IPRule) GrepEscaped ¶
GrepEscaped returns IP address and route table name with "." escaped for use with `grep` command
type IPSetHelper ¶
type IPSetHelper interface {
EnsureSetExists(name, setType string) error
DeleteSet(name string) error
EnsureSetHasOnly(name string, ips []net.IP) error
GetIPs(name string) ([]net.IP, error)
EnsureSetHasOnlyNetPort(name string, netports []NetPort) error
GetNetPorts(name string) ([]NetPort, error)
}
IPSetHelper provides methods to manage ipset sets.
EnsureSetExists creates the named ipset if it doesn't exist.
DeleteSet removes the ipset with name. Returns error if it doesn't exist.
EnsureSetHasOnly makes sure that IP addresses from ips are the only ones present in the set name.
GetIPs returns a slice of IP addresses from set name. Returns error if it doesn't exist.
func NewExecIPSetHelper ¶
func NewExecIPSetHelper(exec command.Executor) IPSetHelper
NewExecIPSetHelper returns new IPSetHelper based on Linux command `ipset`
type IPTablesHelper ¶
type IPTablesHelper interface {
// EnsureChainExists makes sure the chain customChainName exists in table
EnsureChainExists(table, customChainName string) error
// EnsureJumpToChainExists makes sure a jump instruction from baseChainName to
// customChainName exists in table
EnsureJumpToChainExists(table, customChainName, baseChainName string) error
// EnsureExistsInsert makes sure the rule exists. It is inserted at the start of
// the chain, if the exact same rule doesn't exist; nothing happens otherwise.
EnsureExistsInsert(args IPTablesRuleArgs) error
// EnsureExistsAppend makes sure the rule exists. It is appended at the end of
// the chain, if the exact same rule doesn't exist; nothing happens otherwise.
EnsureExistsAppend(args IPTablesRuleArgs) error
// EnsureExistsOnlyAppend checks if the exact same rule already exists. If not,
// the rule is appended to the selected chain. If other rules with exactly the
// same comment exist, they are removed.
EnsureExistsOnlyAppend(args IPTablesRuleArgs) error
// Delete removes the exact same rule. Returns error if it doesn't exist.
Delete(args IPTablesRuleArgs) error
// DeleteByComment removes all rules in the specified table and chain that have
// the same comment.
DeleteByComment(table, chain, comment string) error
// FlushChain removes all rules in chain chainName in table tableName. Returns error
// if the chain doesn't exist.
FlushChain(tableName, chainName string) error
// DeleteChain removes the chain chainName in table tableName. Returns error
// if the chain doesn't exist.
DeleteChain(tableName, chainName string) error
// LoadRules loads all rules from the specified table and chain. Returns error
// if the chain doesn't exist.
LoadRules(tableName, chainName string) ([]*IPTablesRuleArgs, error)
}
IPTablesHelper provides interface to some operations on system's firewall system using the iptables command
func NewExecIPTablesHelper ¶
func NewExecIPTablesHelper(exec command.Executor, lockTime time.Duration) IPTablesHelper
NewExecIPTablesHelper returns IPTablesHelper implemented by executing linux iptables command
type IPTablesRuleArgs ¶
type IPTablesRuleArgs struct {
Table string
ChainName string
Selector []string
Action []string
Comment string
}
IPTablesRuleArgs provides arguments for an iptables rule
func (IPTablesRuleArgs) GetSelectorAndAction ¶
func (args IPTablesRuleArgs) GetSelectorAndAction() (string, string)
GetSelectorAndAction returns strings that are ready to be used with iptables command for selector and action
type Interface ¶
type Interface interface {
GetIndex() int
Addrs() ([]net.IPNet, error)
GetName() string
Copy() Interface
}
Interface provides addresses and name of a single local network interface
Addrs() gets a slice with all addresses assigned to this interface ¶
GetName() returns name of the interfaces, as presented in the operating system
Copy() returns a full deep copy of the Interface object
func FilteredInterfaces ¶
func FilteredInterfaces(nameRegExp *regexp.Regexp, lister InterfaceLister) ([]Interface, error)
FilteredInterfaces returns interfaces like net.Interfaces(), but only those whose names match the given nameRegExp
type InterfaceLister ¶
InterfaceLister lists all network interfaces in the Operating System, together with their assigned IP addresses
type InterfaceProvider ¶
type InterfaceProvider interface {
etime.Refresher
Interfaces() ([]Interface, error)
IsLocalIP(ip net.IP) bool
GetInterfaceForLocalIP(ip net.IP) (Interface, error)
}
InterfaceProvider delivers information about local interfaces and assigned IP addresses. It also periodically refreshes this information in the background to stay in sync with changes in the Operating System.
Interfaces() lists all discovered networking interfaces ¶
IsLocalIP() checks if the ip passed as parameter is assigned to any discovered interface
GetInterfaceForLocalIP() returns Interface which has ip assigned. If no such interface is found, error must be set.
func NewChanInterfaceProvider ¶
func NewChanInterfaceProvider(updateChan chan time.Time, lister InterfaceLister, managedInterfacesRegexp string, autoRefresh bool) (InterfaceProvider, error)
NewChanInterfaceProvider creates a new InterfaceProvider that delivers information about local interfaces matching specific Regexp and with optional auto-refresh and refreshes this information every time a message is received on the update chan
func NewInterfaceProvider ¶
func NewInterfaceProvider(lister InterfaceLister, managedInterfacesRegexp string, autoRefresh bool, autoRefreshPeriod time.Duration) (InterfaceProvider, error)
NewInterfaceProvider creates a new InterfaceProvider that delivers information about local interfaces matching specific Regexp and with optional auto-refresh
func NewNetInterfaceProvider ¶
func NewNetInterfaceProvider(managedInterfacesRegexp string, autoRefresh bool, autoRefreshPeriod time.Duration) (InterfaceProvider, error)
NewNetInterfaceProvider creates a new InterfaceProvider that delivers information about local interfaces in the real Operating System using golang's net standard package
type NetPort ¶ added in v0.2.0
NetPort allows to store net.IPNet and a port number with protocol for ipsets based on that data.
type Protocol ¶ added in v0.2.0
type Protocol string
Protocol is the type to provide different protocol names constants.
func ParseProtocol ¶ added in v0.2.0
ParseProtocol parses string and returns no error and a known Protocol. If the protocol name is unknown, returns Unknown and error.
type SimpleFileOperator ¶
type SimpleFileOperator interface {
ReadFile(fileName string) ([]byte, error)
AppendToFile(fileName, textToAppend string) error
}
SimpleFileOperator provides simple subset of typical text file IO operations
ReadFile reads the contents of a whole file and returns it as []byte
AppendToFile tries to appens string textToAppend at the end of file named fileName
func NewIOSimpleFileOperator ¶
func NewIOSimpleFileOperator() SimpleFileOperator
NewIOSimpleFileOperator returns new instance of SimpleFileOperator implemented with real IO operations from ioutil package
Source Files
Directories