netstack

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 18, 2024 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RtnUnspec      = 0x0
	RtnUnicast     = 0x1
	RtnLocal       = 0x2
	RtnBroadcast   = 0x3
	RtnAnycast     = 0x4
	RtnMulticast   = 0x5
	RtnBlackhole   = 0x6
	RtnUnreachable = 0x7
	RtnProhibit    = 0x8
	RtnThrow       = 0x9
	RtnNat         = 0xa
	RtnXresolve    = 0xb
)
View Source 
const (
	LinkUP = iota + 1
	LinkDown
	LinkUnknown
)
View Source 
const (
	LinkDriverVeth = "veth"
	LinkDriverIPIP = "ipip"
)
View Source 
const (
	NudNone       = 0x00
	NudIncomplete = 0x01
	NudReachable  = 0x02
	NudStale      = 0x04
	NudDelay      = 0x08
	NudProbe      = 0x10
	NudFailed     = 0x20
	NudNoarp      = 0x40
	NudPermanent  = 0x80
)

Neighbor Cache Entry States.

View Source 
const (
	NFHookPreRouting = iota
	NFHookInput
	NFHookForward
	NFHookOutput
	NFHookPostRouting

	VerdictAccept Verdict = 0
	VerdictDrop   Verdict = 1
)
View Source 
const (
	ContextIPSetKey  contextKey = "ipset"
	ContextRouterKey contextKey = "router"
)
View Source 
const (
	FamilyAll = unix.AF_UNSPEC
	FamilyV4  = unix.AF_INET
	FamilyV6  = unix.AF_INET6

	RtTableLocal   = 0xff
	RtTableDefault = 0xfd
	RtTableMain    = 0xfe

	ScopeUniverse Scope = 0x0
	ScopeSite     Scope = 0xc8
	ScopeLink     Scope = 0xfd
	ScopeHost     Scope = 0xfe
	ScopeNowhere  Scope = 0xff

	RTProtBIRD     = 0xc
	RTProtBoot     = 0x3
	RTProtKernel   = 0x2
	RTProtOSPF     = 0xbc
	RTProtRA       = 0x9
	RTProtRedirect = 0x1
	RTProtRIP      = 0xbd
	RTProtStatic   = 0x4
)
View Source 
const (
	SockStatListen = iota
	SockStatEstablish
	SockStatUnknown
)

Variables

View Source 
var ActionTypes = map[string]reflect.Type{
	"DNAT":       reflect.TypeOf(DNATTarget{}),
	"SNAT":       reflect.TypeOf(SNATTarget{}),
	"MASQUERADE": reflect.TypeOf(MasqueradeTarget{}),
	"MARK":       reflect.TypeOf(MarkTarget{}),
	"ACCEPT":     reflect.TypeOf(AcceptTarget{}),
	"DROP":       reflect.TypeOf(DropTarget{}),
	"RETURN":     reflect.TypeOf(ReturnTarget{}),
	"REJECT":     reflect.TypeOf(RejectTarget{}),
	"NOTRACK":    reflect.TypeOf(NoTrackTarget{}),
	"TPROXY":     reflect.TypeOf(TPProxyTarget{}),
}
View Source 
var ErrIPTablesUnsupported = errors.New("cannot process iptables")
View Source 
var ErrNoRouteToHost = errors.New("no route to host")
View Source 
var ModuleTypes = map[string]reflect.Type{
	"tcp":       reflect.TypeOf(TCP{}),
	"udp":       reflect.TypeOf(UDP{}),
	"match":     reflect.TypeOf(IP{}),
	"set":       reflect.TypeOf(Set{}),
	"comment":   reflect.TypeOf(Comment{}),
	"multiport": reflect.TypeOf(MultiPort{}),
	"mark":      reflect.TypeOf(Mark{}),
	"statistic": reflect.TypeOf(Statistic{}),
	"conntrack": reflect.TypeOf(Conntrack{}),
	"addrtype":  reflect.TypeOf(AddrType{}),
	"rpfilter":  reflect.TypeOf(RPFilter{}),
}

Functions

func GetDefaultIPv4 

func GetDefaultIPv4(iface *Interface) (net.IP, net.IPMask)

func LookupDefaultIfaceName 

func LookupDefaultIfaceName(ifaces []Interface) string

func RouteProtocolToString 

func RouteProtocolToString(protocol int) string

func RouteScopeToString 

func RouteScopeToString(scope Scope) string

func RouteTypeToString 

func RouteTypeToString(routeType int) string

Types

type AcceptTarget 

type AcceptTarget struct{}

type Addr 

type Addr struct {
	*net.IPNet
}

type AddrType 

type AddrType struct {
	Option string
	Value  string
}

func (*AddrType) Match 

func (t *AddrType) Match(ctx context.Context, packet *model.Packet, iif, oif string) (bool, error)

func (*AddrType) String 

func (t *AddrType) String() string

type CallTarget 

type CallTarget struct {
	Chain string
}

type Comment 

type Comment struct {
	Option string
	Value  string
}

func (*Comment) Match 

func (c *Comment) Match(_ context.Context, _ *model.Packet, _, _ string) (bool, error)

func (*Comment) String 

func (c *Comment) String() string

type ConnStat 

type ConnStat struct {
	LocalIP    string         `json:"l"`
	LocalPort  uint16         `json:"lp"`
	RemoteIP   string         `json:"r"`
	RemotePort uint16         `json:"rp"`
	Protocol   model.Protocol `json:"p"`
	State      SockStat       `json:"st"`
}

type Conntrack 

type Conntrack struct {
	Option string
	Value  string
}

func (*Conntrack) Match 

func (conntrack *Conntrack) Match(_ context.Context, _ *model.Packet, _, _ string) (bool, error)

func (*Conntrack) String 

func (conntrack *Conntrack) String() string

type DNATTarget 

type DNATTarget struct {
	ToDestination string `ipt:"--to-destination"`
	Random        bool   `ipt:"--random"`
	Persistent    bool   `ipt:"--persistent"`
}

func (*DNATTarget) Do 

func (t *DNATTarget) Do(_ context.Context, _ *model.Packet, _, _ string) (XTablesVerdict, error)

type DropTarget 

type DropTarget struct{}

type ErrIptablesUnsupported 

type ErrIptablesUnsupported struct {
	Message string
}

func (ErrIptablesUnsupported) Error 

func (u ErrIptablesUnsupported) Error() string

type ExtensionTarget 

type ExtensionTarget interface {
	Do(ctx context.Context, packet *model.Packet, iif, oif string) (XTablesVerdict, error)
}

type GotoTarget 

type GotoTarget struct {
	Chain string
}

type Handle 

type Handle func(hook NFHook, packet *model.Packet, iif, oif string) (Verdict, Trace, error)

type IP 

type IP struct {
	Option string
	Value  string
}

func (*IP) Match 

func (ip *IP) Match(_ context.Context, packet *model.Packet, iif, oif string) (bool, error)

func (*IP) String 

func (ip *IP) String() string

type IPSet 

type IPSet struct {
	Name    string            `json:"n"`
	Type    string            `json:"t"`
	Members map[string]string `json:"m"`
}

func ParseIPSet 

func ParseIPSet(dump string) ([]*IPSet, error)

type IPSetManager 

type IPSetManager struct {
	// contains filtered or unexported fields
}

func NewIPSetManager 

func NewIPSetManager(ipsets []*IPSet) (*IPSetManager, error)

func (*IPSetManager) GetIPSet 

func (m *IPSetManager) GetIPSet(name string) *IPSet

type IPTableDropError 

type IPTableDropError struct {
	Trace Trace
}

func (*IPTableDropError) Error 

func (e *IPTableDropError) Error() string

type IPTables 

type IPTables interface {
	TracePacket(ctx context.Context, hook NFHook, table string, packet *model.Packet, iif, oif string) (Verdict, Trace, error)
	Empty() error
	DefaultAccept() error
}

func ParseIPTables 

func ParseIPTables(dump string) (ipt IPTables)

type IPTablesRuleError 

type IPTablesRuleError struct {
	Rule    string
	Message string
}

func (*IPTablesRuleError) Error 

func (e *IPTablesRuleError) Error() string

type IPVS 

type IPVS struct {
	// contains filtered or unexported fields
}

func NewIPVS 

func NewIPVS(services map[string]*IPVSService) *IPVS

func ParseIPVS 

func ParseIPVS(dump []string) (*IPVS, error)

func (*IPVS) GetService 

func (ipvs *IPVS) GetService(proto model.Protocol, ip string, port uint16) *IPVSService

type IPVSService 

type IPVSService struct {
	Protocol  model.Protocol `json:"pro"`
	IP        string         `json:"ip"`
	Port      uint16         `json:"p"`
	Scheduler string         `json:"s"`
	RS        []RealServer   `json:"r"`
}

func (*IPVSService) Service 

func (s *IPVSService) Service() string

type Interface 

type Interface struct {
	Name        string            `json:"n"`
	Index       int               `json:"i"`
	MTU         int               `json:"m"`
	Driver      string            `json:"d"`
	Addrs       []Addr            `json:"a"`
	State       int               `json:"st"`
	DevSysctls  map[string]string `json:"s"`
	NeighInfo   []Neigh           `json:"ne"`
	FdbInfo     []Neigh           `json:"f"`
	PeerIndex   int               `json:"p"`
	MasterIndex int               `json:"mi"`
}

type Mark 

type Mark struct {
	Option string
	Value  string
}

func (*Mark) Match 

func (m *Mark) Match(_ context.Context, packet *model.Packet, _, _ string) (bool, error)

func (*Mark) String 

func (m *Mark) String() string

type MarkTarget 

type MarkTarget struct {
}

func (*MarkTarget) Do 

func (t *MarkTarget) Do(_ context.Context, _ *model.Packet, _, _ string) (XTablesVerdict, error)

type MasqueradeTarget 

type MasqueradeTarget struct{}

type Matcher 

type Matcher interface {
	Match(ctx context.Context, packet *model.Packet, iif, oif string) (bool, error)
}

type MultiPort 

type MultiPort struct {
	Option string
	Value  string
}

func (*MultiPort) Match 

func (mp *MultiPort) Match(_ context.Context, packet *model.Packet, _, _ string) (bool, error)

func (*MultiPort) String 

func (mp *MultiPort) String() string

type NFHook 

type NFHook uint8

func (NFHook) String 

func (h NFHook) String() string

type Neigh 

type Neigh struct {
	Family       int
	LinkIndex    int
	State        int
	Type         int
	Flags        int
	IP           net.IP
	HardwareAddr net.HardwareAddr
}

type NeighResult 

type NeighResult struct {
	State  int
	LLAddr net.HardwareAddr
	// for vxlan usage
	DST net.IP
}

type Neighbour 

type Neighbour struct {
	// contains filtered or unexported fields
}

func NewNeigh 

func NewNeigh(interfaces []Interface) *Neighbour

func (*Neighbour) ProbeNeigh 

func (n *Neighbour) ProbeNeigh(ip net.IP, linkIndex int) (*NeighResult, error)

type NetNS 

type NetNS struct {
	NetNSInfo    *NetNSInfo
	Interfaces   []Interface
	Router       Router
	IPSetManager *IPSetManager
	IPTables     IPTables
	IPVS         *IPVS
	Netfilter    Netfilter
	Neighbour    *Neighbour
}

type NetNSInfo 

type NetNSInfo struct {
	Netns        string                  `json:"n"`
	NetnsID      string                  `json:"i"`
	PID          uint32                  `json:"p"`
	Key          string                  `json:"k"`
	Interfaces   []Interface             `json:"if"`
	SysctlInfo   map[string]string       `json:"s"`
	RouteInfo    []Route                 `json:"r"`
	RuleInfo     []Rule                  `json:"ru"`
	IptablesInfo string                  `json:"it"`
	IpsetInfo    []*IPSet                `json:"is"`
	IPVSInfo     map[string]*IPVSService `json:"vs"`
	ConnStats    []ConnStat              `json:"c"`
}

NetNSInfo raw data load from collector

type Netfilter 

type Netfilter interface {
	Hook(hook NFHook, packet model.Packet, iif string, oif string) (Verdict, model.Packet, error)
}

type NoTrackTarget 

type NoTrackTarget struct {
}

func (*NoTrackTarget) Do 

func (t *NoTrackTarget) Do(_ context.Context, _ *model.Packet, _, _ string) (XTablesVerdict, error)

type NopTarget 

type NopTarget struct{}

type Physdev 

type Physdev struct {
	Option string
	Value  string
}

func (*Physdev) Match 

func (physdev *Physdev) Match(_ context.Context, _ *model.Packet, _, _ string) (bool, error)

func (*Physdev) String 

func (physdev *Physdev) String() string

type RPFilter 

type RPFilter struct {
	Option string
	Value  string
}

func (*RPFilter) Match 

func (rp *RPFilter) Match(ctx context.Context, packet *model.Packet, iif, oif string) (bool, error)

func (*RPFilter) String 

func (rp *RPFilter) String() string

type RealServer 

type RealServer struct {
	Service    string `json:"s,omitempty"`
	IP         string `json:"ip"`
	Port       uint16 `json:"p"`
	Masquerade bool   `json:"m"`
	Weight     int    `json:"w"`
}

type RejectTarget 

type RejectTarget struct{}

type ReturnTarget 

type ReturnTarget struct{}

type Route 

type Route struct {
	Family   int        `json:"f"`
	OifName  string     `json:"o"`
	IifName  string     `json:"i"`
	Scope    Scope      `json:"sc"`
	Dst      *net.IPNet `json:"d"`
	Src      net.IP     `json:"s"`
	Gw       net.IP     `json:"g"`
	Protocol int        `json:"p"`
	Priority int        `json:"pr"`
	Table    int        `json:"tb"`
	Type     int        `json:"t"`
	Tos      int        `json:"tos"`
	Flags    int        `json:"fl"`
}

func (Route) String 

func (r Route) String() string

type Router 

type Router interface {
	RouteSrc(packet *model.Packet, iif, oif string) (string, *Route, error)
	Route(packet *model.Packet, iif, oif string) (*Route, error)
	TableRoute(tableID int, packet *model.Packet) (*Route, error)
	DefaultRoute(table int) *Route
}

type Rule 

type Rule struct {
	Priority int        `json:"p"`
	Family   int        `json:"f"`
	Table    int        `json:"tb"`
	Mark     int        `json:"m"`
	Mask     int        `json:"ma"`
	Tos      uint       `json:"tos"`
	TunID    uint       `json:"ti"`
	Goto     int        `json:"gt"`
	Src      *net.IPNet `json:"s"`
	Dst      *net.IPNet `json:"d"`
	Flow     int        `json:"fl"`
	IifName  string     `json:"i"`
	OifName  string     `json:"o"`
}

type SNATTarget 

type SNATTarget struct {
	ToSource    string `ipt:"--to-source"`
	Random      bool   `ipt:"--random"`
	RandomFully bool   `ipt:"--random-fully"`
	Persistent  bool   `ipt:"--persistent"`
}

func (*SNATTarget) Do 

func (s *SNATTarget) Do(_ context.Context, _ *model.Packet, _, _ string) (XTablesVerdict, error)

type Scope 

type Scope uint8

type Set 

type Set struct {
	Option string
	Value  string
}

func (*Set) Match 

func (set *Set) Match(ctx context.Context, packet *model.Packet, _, _ string) (bool, error)

func (*Set) String 

func (set *Set) String() string

type SimulateNetfilter 

type SimulateNetfilter struct {
	// contains filtered or unexported fields
}

func NewSimulateNetfilter 

func NewSimulateNetfilter(netfilterContext SimulateNetfilterContext) *SimulateNetfilter

func (*SimulateNetfilter) Hook 

func (nf *SimulateNetfilter) Hook(hook NFHook, packet model.Packet, iif string, oif string) (Verdict, model.Packet, error)

type SimulateNetfilterContext 

type SimulateNetfilterContext struct {
	IPTables IPTables
	IPSet    *IPSetManager
	Router   Router
	IPVS     *IPVS
}

type SimulateRouter 

type SimulateRouter struct {
	// contains filtered or unexported fields
}

func NewSimulateRouter 

func NewSimulateRouter(rules []Rule, routes []Route, interfaces []Interface) *SimulateRouter

func (*SimulateRouter) DefaultRoute 

func (r *SimulateRouter) DefaultRoute(table int) *Route

func (*SimulateRouter) Route 

func (r *SimulateRouter) Route(packet *model.Packet, iif, oif string) (*Route, error)

func (*SimulateRouter) RouteSrc 

func (r *SimulateRouter) RouteSrc(packet *model.Packet, iif, oif string) (string, *Route, error)

func (*SimulateRouter) TableRoute 

func (r *SimulateRouter) TableRoute(table int, packet *model.Packet) (*Route, error)

type SockStat 

type SockStat int

type Socket 

type Socket struct {
	Option string
	Value  string
}

func (*Socket) Socket 

func (s *Socket) Socket(_ context.Context, _ *model.Packet, _, _ string) (bool, error)

func (*Socket) String 

func (s *Socket) String() string

type Statistic 

type Statistic struct {
	Option string
	Value  string
}

func (*Statistic) Match 

func (s *Statistic) Match(_ context.Context, _ *model.Packet, _, _ string) (bool, error)

func (*Statistic) String 

func (s *Statistic) String() string

type TCP 

type TCP struct {
	Option string
	Value  uint16
}

func (*TCP) Match 

func (t *TCP) Match(_ context.Context, packet *model.Packet, _, _ string) (bool, error)

func (*TCP) String 

func (t *TCP) String() string

type TPProxyTarget 

type TPProxyTarget struct {
}

func (*TPProxyTarget) Do 

func (t *TPProxyTarget) Do(_ context.Context, _ *model.Packet, _, _ string) (XTablesVerdict, error)

type Target 

type Target interface{}

type Trace 

type Trace []string

func (Trace) String 

func (t Trace) String() string

type UDP 

type UDP struct {
	Option string
	Value  uint16
}

func (*UDP) Match 

func (udp *UDP) Match(_ context.Context, packet *model.Packet, _, _ string) (bool, error)

func (*UDP) String 

func (udp *UDP) String() string

type Verdict 

type Verdict uint8

type XTablesVerdict 

type XTablesVerdict uint
const (
	XTablesVerdictAccept   XTablesVerdict = 0
	XTablesVerdictDrop     XTablesVerdict = 1
	XTablesVerdictReject   XTablesVerdict = 2
	XTablesVerdictReturn   XTablesVerdict = 3
	XTablesVerdictContinue XTablesVerdict = 4
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.