nftables

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 18, 2023 License: BSD-3-Clause Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ChainPolicyDrop   = nft.ChainPolicyDrop
	ChainPolicyAccept = nft.ChainPolicyAccept
)

Possible ChainPolicy values.

View Source 
const MaxChainNameLength = 31
View Source 
const MaxSetNameLength = 15
View Source 
const MaxTableNameLength = 27

Variables

View Source 
var (
	TypeInvalid     = nft.TypeInvalid
	TypeVerdict     = nft.TypeVerdict
	TypeNFProto     = nft.TypeNFProto
	TypeBitmask     = nft.TypeBitmask
	TypeInteger     = nft.TypeInteger
	TypeString      = nft.TypeString
	TypeLLAddr      = nft.TypeLLAddr
	TypeIPAddr      = nft.TypeIPAddr
	TypeIP6Addr     = nft.TypeIP6Addr
	TypeEtherAddr   = nft.TypeEtherAddr
	TypeEtherType   = nft.TypeEtherType
	TypeARPOp       = nft.TypeARPOp
	TypeInetProto   = nft.TypeInetProto
	TypeInetService = nft.TypeInetService
	TypeICMPType    = nft.TypeICMPType
	TypeTCPFlag     = nft.TypeTCPFlag
	TypeDCCPPktType = nft.TypeDCCPPktType
	TypeMHType      = nft.TypeMHType
	TypeTime        = nft.TypeTime
	TypeMark        = nft.TypeMark
	TypeIFIndex     = nft.TypeIFIndex
	TypeARPHRD      = nft.TypeARPHRD
	TypeRealm       = nft.TypeRealm
	TypeClassID     = nft.TypeClassID
	TypeUID         = nft.TypeUID
	TypeGID         = nft.TypeGID
	TypeCTState     = nft.TypeCTState
	TypeCTDir       = nft.TypeCTDir
	TypeCTStatus    = nft.TypeCTStatus
	TypeICMP6Type   = nft.TypeICMP6Type
	TypeCTLabel     = nft.TypeCTLabel
	TypePktType     = nft.TypePktType
	TypeICMPCode    = nft.TypeICMPCode
	TypeICMPV6Code  = nft.TypeICMPV6Code
	TypeICMPXCode   = nft.TypeICMPXCode
	TypeDevGroup    = nft.TypeDevGroup
	TypeDSCP        = nft.TypeDSCP
	TypeECN         = nft.TypeECN
	TypeFIBAddr     = nft.TypeFIBAddr
	TypeBoolean     = nft.TypeBoolean
	TypeCTEventBit  = nft.TypeCTEventBit
	TypeIFName      = nft.TypeIFName
	TypeIGMPType    = nft.TypeIGMPType
	TypeTimeDate    = nft.TypeTimeDate
	TypeTimeHour    = nft.TypeTimeHour
	TypeTimeDay     = nft.TypeTimeDay
	TypeCGroupV2    = nft.TypeCGroupV2
)
View Source 
var ErrChainNotFound = errors.New("chain not found")
View Source 
var ErrRuleNotFound = errors.New("rule not found")
View Source 
var ErrSetNotFound = errors.New("set not found")
View Source 
var ErrTableNotFound = errors.New("table not found")

Functions

func IsNotFound 

func IsNotFound(err error) bool

func NftExePath added in v1.0.0 

func NftExePath() string

NftExePath 查找nftables可执行文件路径

Types

type Chain 

type Chain struct {
	// contains filtered or unexported fields
}

Chain chain object in table

func NewChain 

func NewChain(conn *Conn, rawTable *nft.Table, rawChain *nft.Chain) *Chain

func (*Chain) AddAcceptIPv4Rule 

func (this *Chain) AddAcceptIPv4Rule(ip []byte, userData []byte) (*Rule, error)

func (*Chain) AddAcceptIPv4SetRule 

func (this *Chain) AddAcceptIPv4SetRule(setName string, userData []byte) (*Rule, error)

func (*Chain) AddAcceptIPv6Rule 

func (this *Chain) AddAcceptIPv6Rule(ip []byte, userData []byte) (*Rule, error)

func (*Chain) AddAcceptIPv6SetRule 

func (this *Chain) AddAcceptIPv6SetRule(setName string, userData []byte) (*Rule, error)

func (*Chain) AddAcceptInterfaceRule 

func (this *Chain) AddAcceptInterfaceRule(interfaceName string, userData []byte) (*Rule, error)

func (*Chain) AddDropIPv4Rule 

func (this *Chain) AddDropIPv4Rule(ip []byte, userData []byte) (*Rule, error)

func (*Chain) AddDropIPv4SetRule 

func (this *Chain) AddDropIPv4SetRule(setName string, userData []byte) (*Rule, error)

func (*Chain) AddDropIPv6Rule 

func (this *Chain) AddDropIPv6Rule(ip []byte, userData []byte) (*Rule, error)

func (*Chain) AddDropIPv6SetRule 

func (this *Chain) AddDropIPv6SetRule(setName string, userData []byte) (*Rule, error)

func (*Chain) AddRejectIPv4Rule 

func (this *Chain) AddRejectIPv4Rule(ip []byte, userData []byte) (*Rule, error)

func (*Chain) AddRejectIPv4SetRule 

func (this *Chain) AddRejectIPv4SetRule(setName string, userData []byte) (*Rule, error)

func (*Chain) AddRejectIPv6Rule 

func (this *Chain) AddRejectIPv6Rule(ip []byte, userData []byte) (*Rule, error)

func (*Chain) AddRejectIPv6SetRule 

func (this *Chain) AddRejectIPv6SetRule(setName string, userData []byte) (*Rule, error)

func (*Chain) AddRule 

func (this *Chain) AddRule(options *RuleOptions) (*Rule, error)

func (*Chain) DeleteRule 

func (this *Chain) DeleteRule(rule *Rule) error

func (*Chain) Flush 

func (this *Chain) Flush() error

func (*Chain) GetRuleWithUserData 

func (this *Chain) GetRuleWithUserData(userData []byte) (*Rule, error)

func (*Chain) GetRules 

func (this *Chain) GetRules() ([]*Rule, error)

func (*Chain) Name 

func (this *Chain) Name() string

func (*Chain) Raw 

func (this *Chain) Raw() *nft.Chain

type ChainPolicy 

type ChainPolicy = nft.ChainPolicy

type Conn 

type Conn struct {
	// contains filtered or unexported fields
}

func NewConn 

func NewConn() (*Conn, error)

func (*Conn) AddIPv4Table 

func (this *Conn) AddIPv4Table(name string) (*Table, error)

func (*Conn) AddIPv6Table 

func (this *Conn) AddIPv6Table(name string) (*Table, error)

func (*Conn) AddTable 

func (this *Conn) AddTable(name string, family TableFamily) (*Table, error)

func (*Conn) Commit 

func (this *Conn) Commit() error

func (*Conn) DeleteTable 

func (this *Conn) DeleteTable(name string, family TableFamily) error

func (*Conn) GetTable 

func (this *Conn) GetTable(name string, family TableFamily) (*Table, error)

func (*Conn) Raw 

func (this *Conn) Raw() *nft.Conn

type Element 

type Element struct {
}

type ElementOptions 

type ElementOptions struct {
	Timeout time.Duration
}

type Expiration added in v1.0.4 

type Expiration struct {
	// contains filtered or unexported fields
}

func NewExpiration added in v1.0.4 

func NewExpiration() *Expiration

func (*Expiration) Add added in v1.0.4 

func (this *Expiration) Add(key []byte, expires time.Time)

func (*Expiration) AddUnsafe added in v1.0.4 

func (this *Expiration) AddUnsafe(key []byte, expires time.Time)

func (*Expiration) Contains added in v1.0.4 

func (this *Expiration) Contains(key []byte) bool

func (*Expiration) Remove added in v1.0.4 

func (this *Expiration) Remove(key []byte)

type Installer added in v0.5.3 

type Installer struct {
}

func NewInstaller added in v0.5.3 

func NewInstaller() *Installer

func (*Installer) Install added in v0.5.3 

func (this *Installer) Install() error

type Rule 

type Rule struct {
	// contains filtered or unexported fields
}

func NewRule 

func NewRule(rawRule *nft.Rule) *Rule

func (*Rule) Handle 

func (this *Rule) Handle() uint64

func (*Rule) LookupSetName 

func (this *Rule) LookupSetName() string

func (*Rule) Raw 

func (this *Rule) Raw() *nft.Rule

func (*Rule) UserData 

func (this *Rule) UserData() []byte

func (*Rule) VerDict 

func (this *Rule) VerDict() expr.VerdictKind

type RuleOptions 

type RuleOptions struct {
	Exprs    []expr.Any
	UserData []byte
}

type Set 

type Set struct {
	// contains filtered or unexported fields
}

func NewSet 

func NewSet(conn *Conn, rawSet *nft.Set) *Set

func (*Set) AddElement 

func (this *Set) AddElement(key []byte, options *ElementOptions, overwrite bool) error

func (*Set) AddIPElement 

func (this *Set) AddIPElement(ip string, options *ElementOptions, overwrite bool) error

func (*Set) Batch 

func (this *Set) Batch() *SetBatch

func (*Set) DeleteElement 

func (this *Set) DeleteElement(key []byte) error

func (*Set) DeleteIPElement 

func (this *Set) DeleteIPElement(ip string) error

func (*Set) GetIPElements 

func (this *Set) GetIPElements() ([]string, error)

func (*Set) Name 

func (this *Set) Name() string

func (*Set) Raw 

func (this *Set) Raw() *nft.Set

type SetBatch 

type SetBatch struct {
	// contains filtered or unexported fields
}

func (*SetBatch) AddElement 

func (this *SetBatch) AddElement(key []byte, options *ElementOptions) error

func (*SetBatch) Commit 

func (this *SetBatch) Commit() error

func (*SetBatch) DeleteElement 

func (this *SetBatch) DeleteElement(key []byte) error

type SetDataType 

type SetDataType = nft.SetDatatype

type SetOptions 

type SetOptions struct {
	Id         uint32
	HasTimeout bool
	Timeout    time.Duration
	KeyType    SetDataType
	DataType   SetDataType
	Constant   bool
	Interval   bool
	Anonymous  bool
	IsMap      bool
}

type Table 

type Table struct {
	// contains filtered or unexported fields
}

func NewTable 

func NewTable(conn *Conn, rawTable *nft.Table) *Table

func (*Table) AddAcceptChain 

func (this *Table) AddAcceptChain(name string) (*Chain, error)

func (*Table) AddChain 

func (this *Table) AddChain(name string, chainPolicy *ChainPolicy) (*Chain, error)

func (*Table) AddDropChain 

func (this *Table) AddDropChain(name string) (*Chain, error)

func (*Table) AddSet 

func (this *Table) AddSet(name string, options *SetOptions) (*Set, error)

func (*Table) DeleteChain 

func (this *Table) DeleteChain(name string) error

func (*Table) DeleteSet 

func (this *Table) DeleteSet(name string) error

func (*Table) Family 

func (this *Table) Family() TableFamily

func (*Table) Flush 

func (this *Table) Flush() error

func (*Table) GetChain 

func (this *Table) GetChain(name string) (*Chain, error)

func (*Table) GetSet 

func (this *Table) GetSet(name string) (*Set, error)

func (*Table) Name 

func (this *Table) Name() string

func (*Table) Raw 

func (this *Table) Raw() *nft.Table

type TableFamily 

type TableFamily = nft.TableFamily
const (
	TableFamilyINet   TableFamily = nft.TableFamilyINet
	TableFamilyIPv4   TableFamily = nft.TableFamilyIPv4
	TableFamilyIPv6   TableFamily = nft.TableFamilyIPv6
	TableFamilyARP    TableFamily = nft.TableFamilyARP
	TableFamilyNetdev TableFamily = nft.TableFamilyNetdev
	TableFamilyBridge TableFamily = nft.TableFamilyBridge
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.