Documentation ¶
Overview ¶
Package netlink provides a simple library for netlink. Netlink is the interface a user-space program in linux uses to communicate with the kernel. It can be used to add and remove interfaces, set up ip addresses and routes, and confiugre ipsec. Netlink communication requires elevated privileges, so in most cases this code needs to be run as root. The low level primitives for netlink are contained in the nl subpackage. This package attempts to provide a high-level interface that is loosly modeled on the iproute2 cli.
Index ¶
- Constants
- Variables
- func AddrAdd(link Link, addr *Addr) error
- func AddrDel(link Link, addr *Addr) error
- func AddrReplace(link Link, addr *Addr) error
- func AddrSubscribe(ch chan<- AddrUpdate, done <-chan struct{}) error
- func AddrSubscribeAt(ns netns.NsHandle, ch chan<- AddrUpdate, done <-chan struct{}) error
- func AdjustSize(sz uint, mpu uint, linklayer int) uint
- func AlignToAtm(size uint) uint
- func BridgeSetMcastSnoop(link Link, on bool) error
- func BridgeVlanAdd(link Link, vid uint16, pvid, untagged, self, master bool) error
- func BridgeVlanDel(link Link, vid uint16, pvid, untagged, self, master bool) error
- func BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error)
- func CalcRtable(rate *nl.TcRateSpec, rtab [256]uint32, cellLog int, mtu uint32, linklayer int) int
- func ClassAdd(class Class) error
- func ClassChange(class Class) error
- func ClassDel(class Class) error
- func ClassReplace(class Class) error
- func ClockFactor() float64
- func ConntrackDeleteFilter(table ConntrackTableType, family InetFamily, filter CustomConntrackFilter) (uint, error)
- func ConntrackTableFlush(table ConntrackTableType) error
- func DeserializeRtab(b []byte) [256]uint32
- func EncodeActions(attr *nl.RtAttr, actions []Action) error
- func FilterAdd(filter Filter) error
- func FilterDel(filter Filter) error
- func GTPPDPAdd(link Link, pdp *PDP) error
- func GTPPDPDel(link Link, pdp *PDP) error
- func HandleStr(handle uint32) string
- func Hz() float64
- func LinkAdd(link Link) error
- func LinkDel(link Link) error
- func LinkSetARPOff(link Link) error
- func LinkSetARPOn(link Link) error
- func LinkSetAlias(link Link, name string) error
- func LinkSetBrProxyArp(link Link, mode bool) error
- func LinkSetBrProxyArpWiFi(link Link, mode bool) error
- func LinkSetDown(link Link) error
- func LinkSetFastLeave(link Link, mode bool) error
- func LinkSetFlood(link Link, mode bool) error
- func LinkSetGuard(link Link, mode bool) error
- func LinkSetHairpin(link Link, mode bool) error
- func LinkSetHardwareAddr(link Link, hwaddr net.HardwareAddr) error
- func LinkSetLearning(link Link, mode bool) error
- func LinkSetMTU(link Link, mtu int) error
- func LinkSetMaster(link Link, master *Bridge) error
- func LinkSetMasterByIndex(link Link, masterIndex int) error
- func LinkSetName(link Link, name string) error
- func LinkSetNoMaster(link Link) error
- func LinkSetNsFd(link Link, fd int) error
- func LinkSetNsPid(link Link, nspid int) error
- func LinkSetRootBlock(link Link, mode bool) error
- func LinkSetTxQLen(link Link, qlen int) error
- func LinkSetUp(link Link) error
- func LinkSetVfHardwareAddr(link Link, vf int, hwaddr net.HardwareAddr) error
- func LinkSetVfSpoofchk(link Link, vf int, check bool) error
- func LinkSetVfTrust(link Link, vf int, state bool) error
- func LinkSetVfTxRate(link Link, vf, rate int) error
- func LinkSetVfVlan(link Link, vf, vlan int) error
- func LinkSetXdpFd(link Link, fd int) error
- func LinkSetXdpFdWithFlags(link Link, fd, flags int) error
- func LinkSubscribe(ch chan<- LinkUpdate, done <-chan struct{}) error
- func LinkSubscribeAt(ns netns.NsHandle, ch chan<- LinkUpdate, done <-chan struct{}) error
- func MajorMinor(handle uint32) (uint16, uint16)
- func MakeHandle(major, minor uint16) uint32
- func NeighAdd(neigh *Neigh) error
- func NeighAppend(neigh *Neigh) error
- func NeighDel(neigh *Neigh) error
- func NeighSet(neigh *Neigh) error
- func NewIPNet(ip net.IP) *net.IPNet
- func ParseIPNet(s string) (*net.IPNet, error)
- func Percentage2u32(percentage float32) uint32
- func QdiscAdd(qdisc Qdisc) error
- func QdiscChange(qdisc Qdisc) error
- func QdiscDel(qdisc Qdisc) error
- func QdiscReplace(qdisc Qdisc) error
- func RouteAdd(route *Route) error
- func RouteDel(route *Route) error
- func RouteReplace(route *Route) error
- func RouteSubscribe(ch chan<- RouteUpdate, done <-chan struct{}) error
- func RouteSubscribeAt(ns netns.NsHandle, ch chan<- RouteUpdate, done <-chan struct{}) error
- func RuleAdd(rule *Rule) error
- func RuleDel(rule *Rule) error
- func SerializeRtab(rtab [256]uint32) []byte
- func SetPromiscOff(link Link) error
- func SetPromiscOn(link Link) error
- func TickInUsec() float64
- func XfrmMonitor(ch chan<- XfrmMsg, done <-chan struct{}, errorChan chan<- error, ...) error
- func XfrmPolicyAdd(policy *XfrmPolicy) error
- func XfrmPolicyDel(policy *XfrmPolicy) error
- func XfrmPolicyFlush() error
- func XfrmPolicyUpdate(policy *XfrmPolicy) error
- func XfrmStateAdd(state *XfrmState) error
- func XfrmStateDel(state *XfrmState) error
- func XfrmStateFlush(proto Proto) error
- func XfrmStateUpdate(state *XfrmState) error
- func Xmittime(rate uint64, size uint32) float64
- type Action
- type ActionAttrs
- type Addr
- type AddrUpdate
- type Bond
- type BondAdInfo
- type BondAdSelect
- type BondArpAllTargets
- type BondArpValidate
- type BondFailOverMac
- type BondLacpRate
- type BondMode
- type BondPrimaryReselect
- type BondXmitHashPolicy
- type BpfAction
- type BpfFilter
- type BpfProgType
- type Bridge
- type Class
- type ClassAttrs
- type Clsact
- type ConntrackFilter
- type ConntrackFilterType
- type ConntrackFlow
- type ConntrackTableType
- type CustomConntrackFilter
- type Destination
- type Device
- type Dir
- type Dummy
- type Encap
- type EncapType
- type Filter
- type FilterAttrs
- type FilterFwAttrs
- type FqCodel
- type Fw
- type GTP
- type GenericAction
- type GenericClass
- type GenericFilter
- type GenericLink
- type GenericQdisc
- type GenlFamily
- type GenlMulticastGroup
- type GenlOp
- type Gretap
- type Gretun
- type Handle
- func (h *Handle) AddrAdd(link Link, addr *Addr) error
- func (h *Handle) AddrDel(link Link, addr *Addr) error
- func (h *Handle) AddrList(link Link, family int) ([]Addr, error)
- func (h *Handle) AddrReplace(link Link, addr *Addr) error
- func (h *Handle) BridgeSetMcastSnoop(link Link, on bool) error
- func (h *Handle) BridgeVlanAdd(link Link, vid uint16, pvid, untagged, self, master bool) error
- func (h *Handle) BridgeVlanDel(link Link, vid uint16, pvid, untagged, self, master bool) error
- func (h *Handle) BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error)
- func (h *Handle) ClassAdd(class Class) error
- func (h *Handle) ClassChange(class Class) error
- func (h *Handle) ClassDel(class Class) error
- func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error)
- func (h *Handle) ClassReplace(class Class) error
- func (h *Handle) ConntrackDeleteFilter(table ConntrackTableType, family InetFamily, filter CustomConntrackFilter) (uint, error)
- func (h *Handle) ConntrackTableFlush(table ConntrackTableType) error
- func (h *Handle) ConntrackTableList(table ConntrackTableType, family InetFamily) ([]*ConntrackFlow, error)
- func (h *Handle) Delete()
- func (h *Handle) FilterAdd(filter Filter) error
- func (h *Handle) FilterDel(filter Filter) error
- func (h *Handle) FilterList(link Link, parent uint32) ([]Filter, error)
- func (h *Handle) GTPPDPAdd(link Link, pdp *PDP) error
- func (h *Handle) GTPPDPByITEI(link Link, itei int) (*PDP, error)
- func (h *Handle) GTPPDPByMSAddress(link Link, addr net.IP) (*PDP, error)
- func (h *Handle) GTPPDPByTID(link Link, tid int) (*PDP, error)
- func (h *Handle) GTPPDPDel(link Link, pdp *PDP) error
- func (h *Handle) GTPPDPList() ([]*PDP, error)
- func (h *Handle) GenlFamilyGet(name string) (*GenlFamily, error)
- func (h *Handle) GenlFamilyList() ([]*GenlFamily, error)
- func (h *Handle) LinkAdd(link Link) error
- func (h *Handle) LinkByAlias(alias string) (Link, error)
- func (h *Handle) LinkByIndex(index int) (Link, error)
- func (h *Handle) LinkByName(name string) (Link, error)
- func (h *Handle) LinkDel(link Link) error
- func (h *Handle) LinkGetProtinfo(link Link) (Protinfo, error)
- func (h *Handle) LinkList() ([]Link, error)
- func (h *Handle) LinkSetARPOff(link Link) error
- func (h *Handle) LinkSetARPOn(link Link) error
- func (h *Handle) LinkSetAlias(link Link, name string) error
- func (h *Handle) LinkSetBrProxyArp(link Link, mode bool) error
- func (h *Handle) LinkSetBrProxyArpWiFi(link Link, mode bool) error
- func (h *Handle) LinkSetDown(link Link) error
- func (h *Handle) LinkSetFastLeave(link Link, mode bool) error
- func (h *Handle) LinkSetFlood(link Link, mode bool) error
- func (h *Handle) LinkSetGuard(link Link, mode bool) error
- func (h *Handle) LinkSetHairpin(link Link, mode bool) error
- func (h *Handle) LinkSetHardwareAddr(link Link, hwaddr net.HardwareAddr) error
- func (h *Handle) LinkSetLearning(link Link, mode bool) error
- func (h *Handle) LinkSetMTU(link Link, mtu int) error
- func (h *Handle) LinkSetMaster(link Link, master *Bridge) error
- func (h *Handle) LinkSetMasterByIndex(link Link, masterIndex int) error
- func (h *Handle) LinkSetName(link Link, name string) error
- func (h *Handle) LinkSetNoMaster(link Link) error
- func (h *Handle) LinkSetNsFd(link Link, fd int) error
- func (h *Handle) LinkSetNsPid(link Link, nspid int) error
- func (h *Handle) LinkSetRootBlock(link Link, mode bool) error
- func (h *Handle) LinkSetTxQLen(link Link, qlen int) error
- func (h *Handle) LinkSetUp(link Link) error
- func (h *Handle) LinkSetVfHardwareAddr(link Link, vf int, hwaddr net.HardwareAddr) error
- func (h *Handle) LinkSetVfSpoofchk(link Link, vf int, check bool) error
- func (h *Handle) LinkSetVfTrust(link Link, vf int, state bool) error
- func (h *Handle) LinkSetVfTxRate(link Link, vf, rate int) error
- func (h *Handle) LinkSetVfVlan(link Link, vf, vlan int) error
- func (h *Handle) NeighAdd(neigh *Neigh) error
- func (h *Handle) NeighAppend(neigh *Neigh) error
- func (h *Handle) NeighDel(neigh *Neigh) error
- func (h *Handle) NeighList(linkIndex, family int) ([]Neigh, error)
- func (h *Handle) NeighProxyList(linkIndex, family int) ([]Neigh, error)
- func (h *Handle) NeighSet(neigh *Neigh) error
- func (h *Handle) QdiscAdd(qdisc Qdisc) error
- func (h *Handle) QdiscChange(qdisc Qdisc) error
- func (h *Handle) QdiscDel(qdisc Qdisc) error
- func (h *Handle) QdiscList(link Link) ([]Qdisc, error)
- func (h *Handle) QdiscReplace(qdisc Qdisc) error
- func (h *Handle) RouteAdd(route *Route) error
- func (h *Handle) RouteDel(route *Route) error
- func (h *Handle) RouteGet(destination net.IP) ([]Route, error)
- func (h *Handle) RouteList(link Link, family int) ([]Route, error)
- func (h *Handle) RouteListFiltered(family int, filter *Route, filterMask uint64) ([]Route, error)
- func (h *Handle) RouteReplace(route *Route) error
- func (h *Handle) RuleAdd(rule *Rule) error
- func (h *Handle) RuleDel(rule *Rule) error
- func (h *Handle) RuleList(family int) ([]Rule, error)
- func (h *Handle) SetPromiscOff(link Link) error
- func (h *Handle) SetPromiscOn(link Link) error
- func (h *Handle) SetSocketTimeout(to time.Duration) error
- func (h *Handle) SupportsNetlinkFamily(nlFamily int) bool
- func (h *Handle) XfrmPolicyAdd(policy *XfrmPolicy) error
- func (h *Handle) XfrmPolicyDel(policy *XfrmPolicy) error
- func (h *Handle) XfrmPolicyFlush() error
- func (h *Handle) XfrmPolicyGet(policy *XfrmPolicy) (*XfrmPolicy, error)
- func (h *Handle) XfrmPolicyList(family int) ([]XfrmPolicy, error)
- func (h *Handle) XfrmPolicyUpdate(policy *XfrmPolicy) error
- func (h *Handle) XfrmStateAdd(state *XfrmState) error
- func (h *Handle) XfrmStateDel(state *XfrmState) error
- func (h *Handle) XfrmStateFlush(proto Proto) error
- func (h *Handle) XfrmStateGet(state *XfrmState) (*XfrmState, error)
- func (h *Handle) XfrmStateList(family int) ([]XfrmState, error)
- func (h *Handle) XfrmStateUpdate(state *XfrmState) error
- type Htb
- type HtbClass
- type HtbClassAttrs
- type IPVlan
- type IPVlanMode
- type Ifb
- type InetFamily
- type Ingress
- type Iptun
- type Link
- type LinkAttrs
- type LinkNotFoundError
- type LinkOperState
- type LinkStatistics
- type LinkStatistics32
- type LinkStatistics64
- type LinkUpdate
- type LinkXdp
- type MPLSDestination
- type MPLSEncap
- type Macvlan
- type MacvlanMode
- type Macvtap
- type MirredAct
- type MirredAction
- type Mode
- type Mq
- type Ndmsg
- type Neigh
- type Netem
- type NetemQdiscAttrs
- type NextHopFlag
- type NexthopInfo
- type NsFd
- type NsPid
- type PDP
- type PfifoFast
- type Prio
- type Protinfo
- type Proto
- type Qdisc
- type QdiscAttrs
- type Route
- type RouteUpdate
- type Rule
- type Scope
- type Socket
- type SocketID
- type Tbf
- type TcAct
- type TcPolAct
- type TcU32Key
- type TcU32Sel
- type Tuntap
- type TuntapFlag
- type TuntapMode
- type U32
- type Veth
- type Vlan
- type Vrf
- type Vti
- type Vxlan
- type XfrmMark
- type XfrmMsg
- type XfrmMsgExpire
- type XfrmPolicy
- type XfrmPolicyTmpl
- type XfrmState
- type XfrmStateAlgo
- type XfrmStateEncap
- type XfrmStateLimits
Constants ¶
const ( // ConntrackTable Conntrack table // https://github.com/torvalds/linux/blob/master/include/uapi/linux/netfilter/nfnetlink.h -> #define NFNL_SUBSYS_CTNETLINK 1 ConntrackTable = 1 // ConntrackExpectTable Conntrack expect table // https://github.com/torvalds/linux/blob/master/include/uapi/linux/netfilter/nfnetlink.h -> #define NFNL_SUBSYS_CTNETLINK_EXP 2 ConntrackExpectTable = 2 )
const ( // For Parsing Mark TCP_PROTO = 6 UDP_PROTO = 17 )
const ( ConntrackOrigSrcIP = iota // -orig-src ip Source address from original direction ConntrackOrigDstIP // -orig-dst ip Destination address from original direction ConntrackNatSrcIP // -src-nat ip Source NAT ip ConntrackNatDstIP // -dst-nat ip Destination NAT ip ConntrackNatAnyIP // -any-nat ip Source or destination NAT ip )
const ( TC_U32_TERMINAL = nl.TC_U32_TERMINAL TC_U32_OFFSET = nl.TC_U32_OFFSET TC_U32_VAROFFSET = nl.TC_U32_VAROFFSET TC_U32_EAT = nl.TC_U32_EAT )
Constants used in TcU32Sel.Flags.
const ( OperUnknown = iota // Status can't be determined. OperNotPresent // Some component is missing. OperDown // Down. OperLowerLayerDown // Down due to state of lower layer. OperTesting // In some test mode. OperDormant // Not up but pending an external event. OperUp // Up, ready to send packets. )
const ( BOND_MODE_MASK uint64 = 1 << (1 + iota) BOND_ACTIVE_SLAVE_MASK BOND_MIIMON_MASK BOND_UPDELAY_MASK BOND_DOWNDELAY_MASK BOND_USE_CARRIER_MASK BOND_ARP_INTERVAL_MASK BOND_ARP_VALIDATE_MASK BOND_ARP_ALL_TARGETS_MASK BOND_PRIMARY_MASK BOND_PRIMARY_RESELECT_MASK BOND_FAIL_OVER_MAC_MASK BOND_XMIT_HASH_POLICY_MASK BOND_RESEND_IGMP_MASK BOND_NUM_PEER_NOTIF_MASK BOND_ALL_SLAVES_ACTIVE_MASK BOND_MIN_LINKS_MASK BOND_LP_INTERVAL_MASK BOND_PACKETS_PER_SLAVE_MASK BOND_LACP_RATE_MASK BOND_AD_SELECT_MASK )
Flag mask for bond options. Bond.Flagmask must be set to on for option to work.
const ( SizeofLinkStats32 = 0x5c SizeofLinkStats64 = 0xd8 IFLA_STATS64 = 0x17 // syscall pkg does not contain this one )
const ( TUNTAP_MODE_TUN TuntapMode = syscall.IFF_TUN TUNTAP_MODE_TAP TuntapMode = syscall.IFF_TAP TUNTAP_DEFAULTS TuntapFlag = syscall.IFF_TUN_EXCL | syscall.IFF_ONE_QUEUE TUNTAP_VNET_HDR TuntapFlag = syscall.IFF_VNET_HDR TUNTAP_TUN_EXCL TuntapFlag = syscall.IFF_TUN_EXCL TUNTAP_NO_PI TuntapFlag = syscall.IFF_NO_PI TUNTAP_ONE_QUEUE TuntapFlag = syscall.IFF_ONE_QUEUE )
const ( SizeOfIfReq = 40 IFNAMSIZ = 16 )
ideally golang.org/x/sys/unix would define IfReq but it only has IFNAMSIZ, hence this minimalistic implementation
const ( NDA_UNSPEC = iota NDA_DST NDA_LLADDR NDA_CACHEINFO NDA_PROBES NDA_VLAN NDA_PORT NDA_VNI NDA_IFINDEX NDA_MAX = NDA_IFINDEX )
const ( NUD_NONE = 0x00 NUD_INCOMPLETE = 0x01 NUD_REACHABLE = 0x02 NUD_STALE = 0x04 NUD_DELAY = 0x08 NUD_PROBE = 0x10 NUD_FAILED = 0x20 NUD_NOARP = 0x40 NUD_PERMANENT = 0x80 )
Neighbor Cache Entry States.
const ( NTF_USE = 0x01 NTF_SELF = 0x02 NTF_MASTER = 0x04 NTF_PROXY = 0x08 NTF_ROUTER = 0x80 )
Neighbor Flags
const ( FAMILY_ALL = nl.FAMILY_ALL FAMILY_V4 = nl.FAMILY_V4 FAMILY_V6 = nl.FAMILY_V6 FAMILY_MPLS = nl.FAMILY_MPLS )
Family type definitions
const ( HANDLE_NONE = 0 HANDLE_INGRESS = 0xFFFFFFF1 HANDLE_CLSACT = HANDLE_INGRESS HANDLE_ROOT = 0xFFFFFFFF PRIORITY_MAP_LEN = 16 )
const ( HANDLE_MIN_INGRESS = 0xFFFFFFF2 HANDLE_MIN_EGRESS = 0xFFFFFFF3 )
const ( RT_FILTER_PROTOCOL uint64 = 1 << (1 + iota) RT_FILTER_SCOPE RT_FILTER_TYPE RT_FILTER_TOS RT_FILTER_IIF RT_FILTER_OIF RT_FILTER_DST RT_FILTER_SRC RT_FILTER_GW RT_FILTER_TABLE )
const IFA_FLAGS = 0x8
IFA_FLAGS is a u32 attribute.
const (
TIME_UNITS_PER_SEC = 1000000
)
Variables ¶
var ( // ErrNotImplemented is returned when a requested feature is not implemented. ErrNotImplemented = errors.New("not implemented") )
var StringToBondLacpRateMap = map[string]BondLacpRate{ "slow": BOND_LACP_RATE_SLOW, "fast": BOND_LACP_RATE_FAST, }
var StringToBondModeMap = map[string]BondMode{ "balance-rr": BOND_MODE_BALANCE_RR, "active-backup": BOND_MODE_ACTIVE_BACKUP, "balance-xor": BOND_MODE_BALANCE_XOR, "broadcast": BOND_MODE_BROADCAST, "802.3ad": BOND_MODE_802_3AD, "balance-tlb": BOND_MODE_BALANCE_TLB, "balance-alb": BOND_MODE_BALANCE_ALB, }
var StringToBondXmitHashPolicyMap = map[string]BondXmitHashPolicy{ "layer2": BOND_XMIT_HASH_POLICY_LAYER2, "layer3+4": BOND_XMIT_HASH_POLICY_LAYER3_4, "layer2+3": BOND_XMIT_HASH_POLICY_LAYER2_3, "encap2+3": BOND_XMIT_HASH_POLICY_ENCAP2_3, "encap3+4": BOND_XMIT_HASH_POLICY_ENCAP3_4, }
Functions ¶
func AddrAdd ¶
AddrAdd will add an IP address to a link device. Equivalent to: `ip addr add $addr dev $link`
func AddrDel ¶
AddrDel will delete an IP address from a link device. Equivalent to: `ip addr del $addr dev $link`
func AddrReplace ¶
AddrReplace will replace (or, if not present, add) an IP address on a link device. Equivalent to: `ip addr replace $addr dev $link`
func AddrSubscribe ¶
func AddrSubscribe(ch chan<- AddrUpdate, done <-chan struct{}) error
AddrSubscribe takes a chan down which notifications will be sent when addresses change. Close the 'done' chan to stop subscription.
func AddrSubscribeAt ¶
func AddrSubscribeAt(ns netns.NsHandle, ch chan<- AddrUpdate, done <-chan struct{}) error
AddrSubscribeAt works like AddrSubscribe plus it allows the caller to choose the network namespace in which to subscribe (ns).
func AlignToAtm ¶
func BridgeSetMcastSnoop ¶
func BridgeVlanAdd ¶
BridgeVlanAdd adds a new vlan filter entry Equivalent to: `bridge vlan add dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]`
func BridgeVlanDel ¶
BridgeVlanDel adds a new vlan filter entry Equivalent to: `bridge vlan del dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]`
func BridgeVlanList ¶
func BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error)
BridgeVlanList gets a map of device id to bridge vlan infos. Equivalent to: `bridge vlan show`
func CalcRtable ¶
func ClassChange ¶
ClassChange will change a class in place Equivalent to: `tc class change $class` The parent and handle MUST NOT be changed.
func ClassReplace ¶
ClassReplace will replace a class to the system. quivalent to: `tc class replace $class` The handle MAY be changed. If a class already exist with this parent/handle pair, the class is changed. If a class does not already exist with this parent/handle, a new class is created.
func ClockFactor ¶
func ClockFactor() float64
func ConntrackDeleteFilter ¶
func ConntrackDeleteFilter(table ConntrackTableType, family InetFamily, filter CustomConntrackFilter) (uint, error)
ConntrackDeleteFilter deletes entries on the specified table on the base of the filter conntrack -D [table] parameters Delete conntrack or expectation
func ConntrackTableFlush ¶
func ConntrackTableFlush(table ConntrackTableType) error
ConntrackTableFlush flushes all the flows of a specified table conntrack -F [table] Flush table The flush operation applies to all the family types
func DeserializeRtab ¶
func FilterDel ¶
FilterDel will delete a filter from the system. Equivalent to: `tc filter del $filter`
func LinkAdd ¶
LinkAdd adds a new link device. The type and features of the device are taken from the parameters in the link object. Equivalent to: `ip link add $link`
func LinkDel ¶
LinkDel deletes link device. Either Index or Name must be set in the link object for it to be deleted. The other values are ignored. Equivalent to: `ip link del $link`
func LinkSetARPOff ¶
func LinkSetARPOn ¶
func LinkSetAlias ¶
LinkSetAlias sets the alias of the link device. Equivalent to: `ip link set dev $link alias $name`
func LinkSetBrProxyArp ¶
func LinkSetBrProxyArpWiFi ¶
func LinkSetDown ¶
LinkSetDown disables link device. Equivalent to: `ip link set $link down`
func LinkSetFastLeave ¶
func LinkSetFlood ¶
func LinkSetGuard ¶
func LinkSetHairpin ¶
func LinkSetHardwareAddr ¶
func LinkSetHardwareAddr(link Link, hwaddr net.HardwareAddr) error
LinkSetHardwareAddr sets the hardware address of the link device. Equivalent to: `ip link set $link address $hwaddr`
func LinkSetLearning ¶
func LinkSetMTU ¶
LinkSetMTU sets the mtu of the link device. Equivalent to: `ip link set $link mtu $mtu`
func LinkSetMaster ¶
LinkSetMaster sets the master of the link device. Equivalent to: `ip link set $link master $master`
func LinkSetMasterByIndex ¶
LinkSetMasterByIndex sets the master of the link device. Equivalent to: `ip link set $link master $master`
func LinkSetName ¶
LinkSetName sets the name of the link device. Equivalent to: `ip link set $link name $name`
func LinkSetNoMaster ¶
LinkSetNoMaster removes the master of the link device. Equivalent to: `ip link set $link nomaster`
func LinkSetNsFd ¶
LinkSetNsFd puts the device into a new network namespace. The fd must be an open file descriptor to a network namespace. Similar to: `ip link set $link netns $ns`
func LinkSetNsPid ¶
LinkSetNsPid puts the device into a new network namespace. The pid must be a pid of a running process. Equivalent to: `ip link set $link netns $pid`
func LinkSetRootBlock ¶
func LinkSetTxQLen ¶
LinkSetTxQLen sets the transaction queue length for the link. Equivalent to: `ip link set $link txqlen $qlen`
func LinkSetVfHardwareAddr ¶
func LinkSetVfHardwareAddr(link Link, vf int, hwaddr net.HardwareAddr) error
LinkSetVfHardwareAddr sets the hardware address of a vf for the link. Equivalent to: `ip link set $link vf $vf mac $hwaddr`
func LinkSetVfSpoofchk ¶
LinkSetVfSpoofchk enables/disables spoof check on a vf for the link. Equivalent to: `ip link set $link vf $vf spoofchk $check`
func LinkSetVfTrust ¶
LinkSetVfTrust enables/disables trust state on a vf for the link. Equivalent to: `ip link set $link vf $vf trust $state`
func LinkSetVfTxRate ¶
LinkSetVfTxRate sets the tx rate of a vf for the link. Equivalent to: `ip link set $link vf $vf rate $rate`
func LinkSetVfVlan ¶
LinkSetVfVlan sets the vlan of a vf for the link. Equivalent to: `ip link set $link vf $vf vlan $vlan`
func LinkSetXdpFd ¶
LinkSetXdpFd adds a bpf function to the driver. The fd must be a bpf program loaded with bpf(type=BPF_PROG_TYPE_XDP)
func LinkSetXdpFdWithFlags ¶
LinkSetXdpFdWithFlags adds a bpf function to the driver with the given options. The fd must be a bpf program loaded with bpf(type=BPF_PROG_TYPE_XDP)
func LinkSubscribe ¶
func LinkSubscribe(ch chan<- LinkUpdate, done <-chan struct{}) error
LinkSubscribe takes a chan down which notifications will be sent when links change. Close the 'done' chan to stop subscription.
func LinkSubscribeAt ¶
func LinkSubscribeAt(ns netns.NsHandle, ch chan<- LinkUpdate, done <-chan struct{}) error
LinkSubscribeAt works like LinkSubscribe plus it allows the caller to choose the network namespace in which to subscribe (ns).
func MajorMinor ¶
func MakeHandle ¶
func NeighAdd ¶
NeighAdd will add an IP to MAC mapping to the ARP table Equivalent to: `ip neigh add ....`
func NeighAppend ¶
NeighAppend will append an entry to FDB Equivalent to: `bridge fdb append...`
func NeighDel ¶
NeighDel will delete an IP address from a link device. Equivalent to: `ip addr del $addr dev $link`
func NeighSet ¶
NeighSet will add or replace an IP to MAC mapping to the ARP table Equivalent to: `ip neigh replace....`
func ParseIPNet ¶
ParseIPNet parses a string in ip/net format and returns a net.IPNet. This is valuable because addresses in netlink are often IPNets and ParseCIDR returns an IPNet with the IP part set to the base IP of the range.
func Percentage2u32 ¶
func QdiscChange ¶
QdiscChange will change a qdisc in place Equivalent to: `tc qdisc change $qdisc` The parent and handle MUST NOT be changed.
func QdiscReplace ¶
QdiscReplace will replace a qdisc to the system. Equivalent to: `tc qdisc replace $qdisc` The handle MUST change.
func RouteReplace ¶
RouteReplace will add a route to the system. Equivalent to: `ip route replace $route`
func RouteSubscribe ¶
func RouteSubscribe(ch chan<- RouteUpdate, done <-chan struct{}) error
RouteSubscribe takes a chan down which notifications will be sent when routes are added or deleted. Close the 'done' chan to stop subscription.
func RouteSubscribeAt ¶
func RouteSubscribeAt(ns netns.NsHandle, ch chan<- RouteUpdate, done <-chan struct{}) error
RouteSubscribeAt works like RouteSubscribe plus it allows the caller to choose the network namespace in which to subscribe (ns).
func SerializeRtab ¶
func SetPromiscOff ¶
func SetPromiscOn ¶
func TickInUsec ¶
func TickInUsec() float64
func XfrmMonitor ¶
func XfrmMonitor(ch chan<- XfrmMsg, done <-chan struct{}, errorChan chan<- error, types ...nl.XfrmMsgType) error
func XfrmPolicyAdd ¶
func XfrmPolicyAdd(policy *XfrmPolicy) error
XfrmPolicyAdd will add an xfrm policy to the system. Equivalent to: `ip xfrm policy add $policy`
func XfrmPolicyDel ¶
func XfrmPolicyDel(policy *XfrmPolicy) error
XfrmPolicyDel will delete an xfrm policy from the system. Note that the Tmpls are ignored when matching the policy to delete. Equivalent to: `ip xfrm policy del $policy`
func XfrmPolicyFlush ¶
func XfrmPolicyFlush() error
XfrmPolicyFlush will flush the policies on the system. Equivalent to: `ip xfrm policy flush`
func XfrmPolicyUpdate ¶
func XfrmPolicyUpdate(policy *XfrmPolicy) error
XfrmPolicyUpdate will update an xfrm policy to the system. Equivalent to: `ip xfrm policy update $policy`
func XfrmStateAdd ¶
XfrmStateAdd will add an xfrm state to the system. Equivalent to: `ip xfrm state add $state`
func XfrmStateDel ¶
XfrmStateDel will delete an xfrm state from the system. Note that the Algos are ignored when matching the state to delete. Equivalent to: `ip xfrm state del $state`
func XfrmStateFlush ¶
XfrmStateFlush will flush the xfrm state on the system. proto = 0 means any transformation protocols Equivalent to: `ip xfrm state flush [ proto XFRM-PROTO ]`
func XfrmStateUpdate ¶
XfrmStateUpdate will update an xfrm state to the system. Equivalent to: `ip xfrm state update $state`
Types ¶
type Action ¶
type Action interface { Attrs() *ActionAttrs Type() string }
Action represents an action in any supported filter.
type ActionAttrs ¶
func (ActionAttrs) String ¶
func (q ActionAttrs) String() string
type Addr ¶
type Addr struct { *net.IPNet Label string Flags int Scope int Peer *net.IPNet Broadcast net.IP PreferedLft int ValidLft int }
Addr represents an IP address from netlink. Netlink ip addresses include a mask, so it stores the address as a net.IPNet.
func AddrList ¶
AddrList gets a list of IP addresses in the system. Equivalent to: `ip addr show`. The list can be filtered by link and ip family.
func ParseAddr ¶
ParseAddr parses the string representation of an address in the form $ip/$netmask $label. The label portion is optional
type AddrUpdate ¶
type Bond ¶
type Bond struct { LinkAttrs Mode BondMode ActiveSlave int Miimon int UpDelay int DownDelay int UseCarrier int ArpInterval int ArpIpTargets []net.IP ArpValidate BondArpValidate ArpAllTargets BondArpAllTargets Primary int PrimaryReselect BondPrimaryReselect FailOverMac BondFailOverMac XmitHashPolicy BondXmitHashPolicy ResendIgmp int NumPeerNotif int AllSlavesActive int MinLinks int LpInterval int PackersPerSlave int LacpRate BondLacpRate AdSelect BondAdSelect // looking at iproute tool AdInfo can only be retrived. It can't be set. AdInfo *BondAdInfo AdActorSysPrio int AdUserPortKey int AdActorSystem net.HardwareAddr TlbDynamicLb int }
Bond representation
func NewLinkBond ¶
type BondAdInfo ¶
type BondAdInfo struct { AggregatorId int NumPorts int ActorKey int PartnerKey int PartnerMac net.HardwareAddr }
BondAdInfo represents ad info for bond
type BondAdSelect ¶
type BondAdSelect int
BondAdSelect type
const ( BOND_AD_SELECT_STABLE BondAdSelect = iota BOND_AD_SELECT_BANDWIDTH BOND_AD_SELECT_COUNT )
Possible BondAdSelect value
type BondArpAllTargets ¶
type BondArpAllTargets int
BondArpAllTargets type
const ( BOND_ARP_ALL_TARGETS_ANY BondArpAllTargets = iota BOND_ARP_ALL_TARGETS_ALL )
Possible BondArpAllTargets value
type BondArpValidate ¶
type BondArpValidate int
BondArpValidate type
const ( BOND_ARP_VALIDATE_NONE BondArpValidate = iota BOND_ARP_VALIDATE_ACTIVE BOND_ARP_VALIDATE_BACKUP BOND_ARP_VALIDATE_ALL )
Possible BondArpValidate value
type BondFailOverMac ¶
type BondFailOverMac int
BondFailOverMac type
const ( BOND_FAIL_OVER_MAC_NONE BondFailOverMac = iota BOND_FAIL_OVER_MAC_ACTIVE BOND_FAIL_OVER_MAC_FOLLOW )
Possible BondFailOverMac value
type BondLacpRate ¶
type BondLacpRate int
BondLacpRate type
const ( BOND_LACP_RATE_SLOW BondLacpRate = iota BOND_LACP_RATE_FAST BOND_LACP_RATE_UNKNOWN )
Possible BondLacpRate value
func StringToBondLacpRate ¶
func StringToBondLacpRate(s string) BondLacpRate
StringToBondLacpRate returns bond lacp arte, or uknonw is the s is invalid.
func (BondLacpRate) String ¶
func (b BondLacpRate) String() string
type BondMode ¶
type BondMode int
BondMode type
const ( BOND_MODE_BALANCE_RR BondMode = iota BOND_MODE_ACTIVE_BACKUP BOND_MODE_BALANCE_XOR BOND_MODE_BROADCAST BOND_MODE_802_3AD BOND_MODE_BALANCE_TLB BOND_MODE_BALANCE_ALB BOND_MODE_UNKNOWN )
Possible BondMode
func StringToBondMode ¶
StringToBondMode returns bond mode, or uknonw is the s is invalid.
type BondPrimaryReselect ¶
type BondPrimaryReselect int
BondPrimaryReselect type
const ( BOND_PRIMARY_RESELECT_ALWAYS BondPrimaryReselect = iota BOND_PRIMARY_RESELECT_BETTER BOND_PRIMARY_RESELECT_FAILURE )
Possible BondPrimaryReselect value
type BondXmitHashPolicy ¶
type BondXmitHashPolicy int
BondXmitHashPolicy type
const ( BOND_XMIT_HASH_POLICY_LAYER2 BondXmitHashPolicy = iota BOND_XMIT_HASH_POLICY_LAYER3_4 BOND_XMIT_HASH_POLICY_LAYER2_3 BOND_XMIT_HASH_POLICY_ENCAP2_3 BOND_XMIT_HASH_POLICY_ENCAP3_4 BOND_XMIT_HASH_POLICY_UNKNOWN )
Possible BondXmitHashPolicy value
func StringToBondXmitHashPolicy ¶
func StringToBondXmitHashPolicy(s string) BondXmitHashPolicy
StringToBondXmitHashPolicy returns bond lacp arte, or uknonw is the s is invalid.
func (BondXmitHashPolicy) String ¶
func (b BondXmitHashPolicy) String() string
type BpfAction ¶
type BpfAction struct { ActionAttrs Fd int Name string }
func (*BpfAction) Attrs ¶
func (action *BpfAction) Attrs() *ActionAttrs
type BpfFilter ¶
type BpfFilter struct { FilterAttrs ClassId uint32 Fd int Name string DirectAction bool }
func (*BpfFilter) Attrs ¶
func (filter *BpfFilter) Attrs() *FilterAttrs
type BpfProgType ¶
const ( BPF_PROG_TYPE_UNSPEC BpfProgType = iota BPF_PROG_TYPE_SOCKET_FILTER BPF_PROG_TYPE_KPROBE BPF_PROG_TYPE_SCHED_CLS BPF_PROG_TYPE_SCHED_ACT BPF_PROG_TYPE_TRACEPOINT BPF_PROG_TYPE_XDP )
type Class ¶
type Class interface { Attrs() *ClassAttrs Type() string }
type ClassAttrs ¶
ClassAttrs represents a netlink class. A filter is associated with a link, has a handle and a parent. The root filter of a device should have a parent == HANDLE_ROOT.
func (ClassAttrs) String ¶
func (q ClassAttrs) String() string
type Clsact ¶
type Clsact struct {
QdiscAttrs
}
func (*Clsact) Attrs ¶
func (qdisc *Clsact) Attrs() *QdiscAttrs
type ConntrackFilter ¶
type ConntrackFilter struct {
// contains filtered or unexported fields
}
func (*ConntrackFilter) AddIP ¶
func (f *ConntrackFilter) AddIP(tp ConntrackFilterType, ip net.IP) error
AddIP adds an IP to the conntrack filter
func (*ConntrackFilter) MatchConntrackFlow ¶
func (f *ConntrackFilter) MatchConntrackFlow(flow *ConntrackFlow) bool
MatchConntrackFlow applies the filter to the flow and returns true if the flow matches the filter false otherwise
type ConntrackFlow ¶
func ConntrackTableList ¶
func ConntrackTableList(table ConntrackTableType, family InetFamily) ([]*ConntrackFlow, error)
ConntrackTableList returns the flow list of a table of a specific family conntrack -L [table] [options] List conntrack or expectation table
func (*ConntrackFlow) String ¶
func (s *ConntrackFlow) String() string
type ConntrackTableType ¶
type ConntrackTableType uint8
ConntrackTableType Conntrack table for the netlink operation
type CustomConntrackFilter ¶
type CustomConntrackFilter interface { // MatchConntrackFlow applies the filter to the flow and returns true if the flow matches // the filter or false otherwise MatchConntrackFlow(flow *ConntrackFlow) bool }
type Destination ¶
type Device ¶
type Device struct {
LinkAttrs
}
Device links cannot be created via netlink. These links are links created by udev like 'lo' and 'etho0'
type EncapType ¶
type EncapType uint8
EncapType is an enum representing the optional packet encapsulation.
type Filter ¶
type Filter interface { Attrs() *FilterAttrs Type() string }
type FilterAttrs ¶
type FilterAttrs struct { LinkIndex int Handle uint32 Parent uint32 Priority uint16 // lower is higher priority Protocol uint16 // syscall.ETH_P_* }
FilterAttrs represents a netlink filter. A filter is associated with a link, has a handle and a parent. The root filter of a device should have a parent == HANDLE_ROOT.
func (FilterAttrs) String ¶
func (q FilterAttrs) String() string
type FilterFwAttrs ¶
type FqCodel ¶
type FqCodel struct { QdiscAttrs Limit uint32 Flows uint32 Quantum uint32 Target uint32 // Time in µs CeThreshold uint32 // Time in µs Interval uint32 // Time in µs MemoryLimit uint32 Ecn uint32 // 1 or 0. DropBatchSize uint32 }
func (*FqCodel) Attrs ¶
func (qdisc *FqCodel) Attrs() *QdiscAttrs
type Fw ¶
type Fw struct { FilterAttrs ClassId uint32 // TODO remove nl type from interface Police nl.TcPolice InDev string // TODO Action Mask uint32 AvRate uint32 Rtab [256]uint32 Ptab [256]uint32 }
Fw filter filters on firewall marks NOTE: this is in filter_linux because it refers to nl.TcPolice which
is defined in nl/tc_linux.go
func NewFw ¶
func NewFw(attrs FilterAttrs, fattrs FilterFwAttrs) (*Fw, error)
func (*Fw) Attrs ¶
func (filter *Fw) Attrs() *FilterAttrs
type GenericAction ¶
type GenericAction struct {
ActionAttrs
}
func (*GenericAction) Attrs ¶
func (action *GenericAction) Attrs() *ActionAttrs
func (*GenericAction) Type ¶
func (action *GenericAction) Type() string
type GenericClass ¶
type GenericClass struct { ClassAttrs ClassType string }
GenericClass classes represent types that are not currently understood by this netlink library.
func (*GenericClass) Attrs ¶
func (class *GenericClass) Attrs() *ClassAttrs
func (*GenericClass) Type ¶
func (class *GenericClass) Type() string
type GenericFilter ¶
type GenericFilter struct { FilterAttrs FilterType string }
GenericFilter filters represent types that are not currently understood by this netlink library.
func (*GenericFilter) Attrs ¶
func (filter *GenericFilter) Attrs() *FilterAttrs
func (*GenericFilter) Type ¶
func (filter *GenericFilter) Type() string
type GenericLink ¶
GenericLink links represent types that are not currently understood by this netlink library.
func (*GenericLink) Attrs ¶
func (generic *GenericLink) Attrs() *LinkAttrs
func (*GenericLink) Type ¶
func (generic *GenericLink) Type() string
type GenericQdisc ¶
type GenericQdisc struct { QdiscAttrs QdiscType string }
GenericQdisc qdiscs represent types that are not currently understood by this netlink library.
func (*GenericQdisc) Attrs ¶
func (qdisc *GenericQdisc) Attrs() *QdiscAttrs
func (*GenericQdisc) Type ¶
func (qdisc *GenericQdisc) Type() string
type GenlFamily ¶
type GenlFamily struct { ID uint16 HdrSize uint32 Name string Version uint32 MaxAttr uint32 Ops []GenlOp Groups []GenlMulticastGroup }
func GenlFamilyGet ¶
func GenlFamilyGet(name string) (*GenlFamily, error)
func GenlFamilyList ¶
func GenlFamilyList() ([]*GenlFamily, error)
type GenlMulticastGroup ¶
type Gretap ¶
type Gretap struct { LinkAttrs IKey uint32 OKey uint32 EncapSport uint16 EncapDport uint16 Local net.IP Remote net.IP IFlags uint16 OFlags uint16 PMtuDisc uint8 Ttl uint8 Tos uint8 EncapType uint16 EncapFlags uint16 Link uint32 FlowBased bool }
Gretap devices must specify LocalIP and RemoteIP on create
type Gretun ¶
type Handle ¶
type Handle struct {
// contains filtered or unexported fields
}
Handle is an handle for the netlink requests on a specific network namespace. All the requests on the same netlink family share the same netlink socket, which gets released when the handle is deleted.
func NewHandle ¶
NewHandle returns a netlink handle on the current network namespace. Caller may specify the netlink families the handle should support. If no families are specified, all the families the netlink package supports will be automatically added.
func NewHandleAt ¶
NewHandle returns a netlink handle on the network namespace specified by ns. If ns=netns.None(), current network namespace will be assumed
func NewHandleAtFrom ¶
NewHandleAtFrom works as NewHandle but allows client to specify the new and the origin netns Handle.
func (*Handle) AddrAdd ¶
AddrAdd will add an IP address to a link device. Equivalent to: `ip addr add $addr dev $link`
func (*Handle) AddrDel ¶
AddrDel will delete an IP address from a link device. Equivalent to: `ip addr del $addr dev $link`
func (*Handle) AddrList ¶
AddrList gets a list of IP addresses in the system. Equivalent to: `ip addr show`. The list can be filtered by link and ip family.
func (*Handle) AddrReplace ¶
AddrReplace will replace (or, if not present, add) an IP address on a link device. Equivalent to: `ip addr replace $addr dev $link`
func (*Handle) BridgeVlanAdd ¶
BridgeVlanAdd adds a new vlan filter entry Equivalent to: `bridge vlan add dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]`
func (*Handle) BridgeVlanDel ¶
BridgeVlanDel adds a new vlan filter entry Equivalent to: `bridge vlan del dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]`
func (*Handle) BridgeVlanList ¶
func (h *Handle) BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error)
BridgeVlanList gets a map of device id to bridge vlan infos. Equivalent to: `bridge vlan show`
func (*Handle) ClassAdd ¶
ClassAdd will add a class to the system. Equivalent to: `tc class add $class`
func (*Handle) ClassChange ¶
ClassChange will change a class in place Equivalent to: `tc class change $class` The parent and handle MUST NOT be changed.
func (*Handle) ClassDel ¶
ClassDel will delete a class from the system. Equivalent to: `tc class del $class`
func (*Handle) ClassList ¶
ClassList gets a list of classes in the system. Equivalent to: `tc class show`. Generally returns nothing if link and parent are not specified.
func (*Handle) ClassReplace ¶
ClassReplace will replace a class to the system. quivalent to: `tc class replace $class` The handle MAY be changed. If a class already exist with this parent/handle pair, the class is changed. If a class does not already exist with this parent/handle, a new class is created.
func (*Handle) ConntrackDeleteFilter ¶
func (h *Handle) ConntrackDeleteFilter(table ConntrackTableType, family InetFamily, filter CustomConntrackFilter) (uint, error)
ConntrackDeleteFilter deletes entries on the specified table on the base of the filter using the netlink handle passed conntrack -D [table] parameters Delete conntrack or expectation
func (*Handle) ConntrackTableFlush ¶
func (h *Handle) ConntrackTableFlush(table ConntrackTableType) error
ConntrackTableFlush flushes all the flows of a specified table using the netlink handle passed conntrack -F [table] Flush table The flush operation applies to all the family types
func (*Handle) ConntrackTableList ¶
func (h *Handle) ConntrackTableList(table ConntrackTableType, family InetFamily) ([]*ConntrackFlow, error)
ConntrackTableList returns the flow list of a table of a specific family using the netlink handle passed conntrack -L [table] [options] List conntrack or expectation table
func (*Handle) Delete ¶
func (h *Handle) Delete()
Delete releases the resources allocated to this handle
func (*Handle) FilterAdd ¶
FilterAdd will add a filter to the system. Equivalent to: `tc filter add $filter`
func (*Handle) FilterDel ¶
FilterDel will delete a filter from the system. Equivalent to: `tc filter del $filter`
func (*Handle) FilterList ¶
FilterList gets a list of filters in the system. Equivalent to: `tc filter show`. Generally returns nothing if link and parent are not specified.
func (*Handle) GTPPDPByMSAddress ¶
func (*Handle) GTPPDPList ¶
func (*Handle) GenlFamilyGet ¶
func (h *Handle) GenlFamilyGet(name string) (*GenlFamily, error)
func (*Handle) GenlFamilyList ¶
func (h *Handle) GenlFamilyList() ([]*GenlFamily, error)
func (*Handle) LinkAdd ¶
LinkAdd adds a new link device. The type and features of the device are taken fromt the parameters in the link object. Equivalent to: `ip link add $link`
func (*Handle) LinkByAlias ¶
LinkByAlias finds a link by its alias and returns a pointer to the object. If there are multiple links with the alias it returns the first one
func (*Handle) LinkByIndex ¶
LinkByIndex finds a link by index and returns a pointer to the object.
func (*Handle) LinkByName ¶
LinkByName finds a link by name and returns a pointer to the object.
func (*Handle) LinkDel ¶
LinkDel deletes link device. Either Index or Name must be set in the link object for it to be deleted. The other values are ignored. Equivalent to: `ip link del $link`
func (*Handle) LinkSetARPOff ¶
func (*Handle) LinkSetARPOn ¶
func (*Handle) LinkSetAlias ¶
LinkSetAlias sets the alias of the link device. Equivalent to: `ip link set dev $link alias $name`
func (*Handle) LinkSetBrProxyArpWiFi ¶
func (*Handle) LinkSetDown ¶
LinkSetDown disables link device. Equivalent to: `ip link set $link down`
func (*Handle) LinkSetHardwareAddr ¶
func (h *Handle) LinkSetHardwareAddr(link Link, hwaddr net.HardwareAddr) error
LinkSetHardwareAddr sets the hardware address of the link device. Equivalent to: `ip link set $link address $hwaddr`
func (*Handle) LinkSetMTU ¶
LinkSetMTU sets the mtu of the link device. Equivalent to: `ip link set $link mtu $mtu`
func (*Handle) LinkSetMaster ¶
LinkSetMaster sets the master of the link device. Equivalent to: `ip link set $link master $master`
func (*Handle) LinkSetMasterByIndex ¶
LinkSetMasterByIndex sets the master of the link device. Equivalent to: `ip link set $link master $master`
func (*Handle) LinkSetName ¶
LinkSetName sets the name of the link device. Equivalent to: `ip link set $link name $name`
func (*Handle) LinkSetNoMaster ¶
LinkSetNoMaster removes the master of the link device. Equivalent to: `ip link set $link nomaster`
func (*Handle) LinkSetNsFd ¶
LinkSetNsFd puts the device into a new network namespace. The fd must be an open file descriptor to a network namespace. Similar to: `ip link set $link netns $ns`
func (*Handle) LinkSetNsPid ¶
LinkSetNsPid puts the device into a new network namespace. The pid must be a pid of a running process. Equivalent to: `ip link set $link netns $pid`
func (*Handle) LinkSetTxQLen ¶
LinkSetTxQLen sets the transaction queue length for the link. Equivalent to: `ip link set $link txqlen $qlen`
func (*Handle) LinkSetVfHardwareAddr ¶
LinkSetVfHardwareAddr sets the hardware address of a vf for the link. Equivalent to: `ip link set $link vf $vf mac $hwaddr`
func (*Handle) LinkSetVfSpoofchk ¶
LinkSetVfSpookfchk enables/disables spoof check on a vf for the link. Equivalent to: `ip link set $link vf $vf spoofchk $check`
func (*Handle) LinkSetVfTrust ¶
LinkSetVfTrust enables/disables trust state on a vf for the link. Equivalent to: `ip link set $link vf $vf trust $state`
func (*Handle) LinkSetVfTxRate ¶
LinkSetVfTxRate sets the tx rate of a vf for the link. Equivalent to: `ip link set $link vf $vf rate $rate`
func (*Handle) LinkSetVfVlan ¶
LinkSetVfVlan sets the vlan of a vf for the link. Equivalent to: `ip link set $link vf $vf vlan $vlan`
func (*Handle) NeighAdd ¶
NeighAdd will add an IP to MAC mapping to the ARP table Equivalent to: `ip neigh add ....`
func (*Handle) NeighAppend ¶
NeighAppend will append an entry to FDB Equivalent to: `bridge fdb append...`
func (*Handle) NeighDel ¶
NeighDel will delete an IP address from a link device. Equivalent to: `ip addr del $addr dev $link`
func (*Handle) NeighList ¶
NeighList gets a list of IP-MAC mappings in the system (ARP table). Equivalent to: `ip neighbor show`. The list can be filtered by link and ip family.
func (*Handle) NeighProxyList ¶
NeighProxyList gets a list of neighbor proxies in the system. Equivalent to: `ip neighbor show proxy`. The list can be filtered by link, ip family.
func (*Handle) NeighSet ¶
NeighSet will add or replace an IP to MAC mapping to the ARP table Equivalent to: `ip neigh replace....`
func (*Handle) QdiscAdd ¶
QdiscAdd will add a qdisc to the system. Equivalent to: `tc qdisc add $qdisc`
func (*Handle) QdiscChange ¶
QdiscChange will change a qdisc in place Equivalent to: `tc qdisc change $qdisc` The parent and handle MUST NOT be changed.
func (*Handle) QdiscDel ¶
QdiscDel will delete a qdisc from the system. Equivalent to: `tc qdisc del $qdisc`
func (*Handle) QdiscList ¶
QdiscList gets a list of qdiscs in the system. Equivalent to: `tc qdisc show`. The list can be filtered by link.
func (*Handle) QdiscReplace ¶
QdiscReplace will replace a qdisc to the system. Equivalent to: `tc qdisc replace $qdisc` The handle MUST change.
func (*Handle) RouteAdd ¶
RouteAdd will add a route to the system. Equivalent to: `ip route add $route`
func (*Handle) RouteDel ¶
RouteDel will delete a route from the system. Equivalent to: `ip route del $route`
func (*Handle) RouteGet ¶
RouteGet gets a route to a specific destination from the host system. Equivalent to: 'ip route get'.
func (*Handle) RouteList ¶
RouteList gets a list of routes in the system. Equivalent to: `ip route show`. The list can be filtered by link and ip family.
func (*Handle) RouteListFiltered ¶
RouteListFiltered gets a list of routes in the system filtered with specified rules. All rules must be defined in RouteFilter struct
func (*Handle) RouteReplace ¶
RouteReplace will add a route to the system. Equivalent to: `ip route replace $route`
func (*Handle) SetPromiscOff ¶
func (*Handle) SetPromiscOn ¶
func (*Handle) SetSocketTimeout ¶
SetSocketTimeout sets the send and receive timeout for each socket in the netlink handle. Although the socket timeout has granularity of one microsecond, the effective granularity is floored by the kernel timer tick, which default value is four milliseconds.
func (*Handle) SupportsNetlinkFamily ¶
SupportsNetlinkFamily reports whether the passed netlink family is supported by this Handle
func (*Handle) XfrmPolicyAdd ¶
func (h *Handle) XfrmPolicyAdd(policy *XfrmPolicy) error
XfrmPolicyAdd will add an xfrm policy to the system. Equivalent to: `ip xfrm policy add $policy`
func (*Handle) XfrmPolicyDel ¶
func (h *Handle) XfrmPolicyDel(policy *XfrmPolicy) error
XfrmPolicyDel will delete an xfrm policy from the system. Note that the Tmpls are ignored when matching the policy to delete. Equivalent to: `ip xfrm policy del $policy`
func (*Handle) XfrmPolicyFlush ¶
XfrmPolicyFlush will flush the policies on the system. Equivalent to: `ip xfrm policy flush`
func (*Handle) XfrmPolicyGet ¶
func (h *Handle) XfrmPolicyGet(policy *XfrmPolicy) (*XfrmPolicy, error)
XfrmPolicyGet gets a the policy described by the index or selector, if found. Equivalent to: `ip xfrm policy get { SELECTOR | index INDEX } dir DIR [ctx CTX ] [ mark MARK [ mask MASK ] ] [ ptype PTYPE ]`.
func (*Handle) XfrmPolicyList ¶
func (h *Handle) XfrmPolicyList(family int) ([]XfrmPolicy, error)
XfrmPolicyList gets a list of xfrm policies in the system. Equivalent to: `ip xfrm policy show`. The list can be filtered by ip family.
func (*Handle) XfrmPolicyUpdate ¶
func (h *Handle) XfrmPolicyUpdate(policy *XfrmPolicy) error
XfrmPolicyUpdate will update an xfrm policy to the system. Equivalent to: `ip xfrm policy update $policy`
func (*Handle) XfrmStateAdd ¶
XfrmStateAdd will add an xfrm state to the system. Equivalent to: `ip xfrm state add $state`
func (*Handle) XfrmStateDel ¶
XfrmStateDel will delete an xfrm state from the system. Note that the Algos are ignored when matching the state to delete. Equivalent to: `ip xfrm state del $state`
func (*Handle) XfrmStateFlush ¶
XfrmStateFlush will flush the xfrm state on the system. proto = 0 means any transformation protocols Equivalent to: `ip xfrm state flush [ proto XFRM-PROTO ]`
func (*Handle) XfrmStateGet ¶
XfrmStateGet gets the xfrm state described by the ID, if found. Equivalent to: `ip xfrm state get ID [ mark MARK [ mask MASK ] ]`. Only the fields which constitue the SA ID must be filled in: ID := [ src ADDR ] [ dst ADDR ] [ proto XFRM-PROTO ] [ spi SPI ] mark is optional
func (*Handle) XfrmStateList ¶
XfrmStateList gets a list of xfrm states in the system. Equivalent to: `ip xfrm state show`. The list can be filtered by ip family.
func (*Handle) XfrmStateUpdate ¶
XfrmStateUpdate will update an xfrm state to the system. Equivalent to: `ip xfrm state update $state`
type Htb ¶
type Htb struct { QdiscAttrs Version uint32 Rate2Quantum uint32 Defcls uint32 Debug uint32 DirectPkts uint32 }
Htb is a classful qdisc that rate limits based on tokens
func NewHtb ¶
func NewHtb(attrs QdiscAttrs) *Htb
func (*Htb) Attrs ¶
func (qdisc *Htb) Attrs() *QdiscAttrs
type HtbClass ¶
type HtbClass struct { ClassAttrs Rate uint64 Ceil uint64 Buffer uint32 Cbuffer uint32 Quantum uint32 Level uint32 Prio uint32 }
HtbClass represents an Htb class
func NewHtbClass ¶
func NewHtbClass(attrs ClassAttrs, cattrs HtbClassAttrs) *HtbClass
NOTE: function is in here because it uses other linux functions
func (*HtbClass) Attrs ¶
func (q *HtbClass) Attrs() *ClassAttrs
type HtbClassAttrs ¶
type HtbClassAttrs struct { // TODO handle all attributes Rate uint64 Ceil uint64 Buffer uint32 Cbuffer uint32 Quantum uint32 Level uint32 Prio uint32 }
func (HtbClassAttrs) String ¶
func (q HtbClassAttrs) String() string
type IPVlan ¶
type IPVlan struct { LinkAttrs Mode IPVlanMode }
type IPVlanMode ¶
type IPVlanMode uint16
const ( IPVLAN_MODE_L2 IPVlanMode = iota IPVLAN_MODE_L3 IPVLAN_MODE_L3S IPVLAN_MODE_MAX )
type Ingress ¶
type Ingress struct {
QdiscAttrs
}
Ingress is a qdisc for adding ingress filters
func (*Ingress) Attrs ¶
func (qdisc *Ingress) Attrs() *QdiscAttrs
type Iptun ¶
type Link ¶
Link represents a link device from netlink. Shared link attributes like name may be retrieved using the Attrs() method. Unique data can be retrieved by casting the object to the proper type.
func LinkByAlias ¶
LinkByAlias finds a link by its alias and returns a pointer to the object. If there are multiple links with the alias it returns the first one
func LinkByIndex ¶
LinkByIndex finds a link by index and returns a pointer to the object.
func LinkByName ¶
LinkByName finds a link by name and returns a pointer to the object.
func LinkDeserialize ¶
linkDeserialize deserializes a raw message received from netlink into a link object.
type LinkAttrs ¶
type LinkAttrs struct { Index int MTU int TxQLen int // Transmit Queue Length Name string HardwareAddr net.HardwareAddr Flags net.Flags RawFlags uint32 ParentIndex int // index of the parent link device MasterIndex int // must be the index of a bridge Namespace interface{} // nil | NsPid | NsFd Alias string Statistics *LinkStatistics Promisc int Xdp *LinkXdp EncapType string Protinfo *Protinfo OperState LinkOperState }
LinkAttrs represents data shared by most link types
func NewLinkAttrs ¶
func NewLinkAttrs() LinkAttrs
NewLinkAttrs returns LinkAttrs structure filled with default values
type LinkNotFoundError ¶
type LinkNotFoundError struct {
// contains filtered or unexported fields
}
LinkNotFoundError wraps the various not found errors when getting/reading links. This is intended for better error handling by dependent code so that "not found error" can be distinguished from other errors
type LinkOperState ¶
type LinkOperState uint8
LinkOperState represents the values of the IFLA_OPERSTATE link attribute, which contains the RFC2863 state of the interface.
func (LinkOperState) String ¶
func (s LinkOperState) String() string
type LinkStatistics ¶
type LinkStatistics LinkStatistics64
type LinkStatistics32 ¶
type LinkStatistics32 struct { RxPackets uint32 TxPackets uint32 RxBytes uint32 TxBytes uint32 RxErrors uint32 TxErrors uint32 RxDropped uint32 TxDropped uint32 Multicast uint32 Collisions uint32 RxLengthErrors uint32 RxOverErrors uint32 RxCrcErrors uint32 RxFrameErrors uint32 RxFifoErrors uint32 RxMissedErrors uint32 TxAbortedErrors uint32 TxCarrierErrors uint32 TxFifoErrors uint32 TxHeartbeatErrors uint32 TxWindowErrors uint32 RxCompressed uint32 TxCompressed uint32 }
Ref: struct rtnl_link_stats {...}
type LinkStatistics64 ¶
type LinkStatistics64 struct { RxPackets uint64 TxPackets uint64 RxBytes uint64 TxBytes uint64 RxErrors uint64 TxErrors uint64 RxDropped uint64 TxDropped uint64 Multicast uint64 Collisions uint64 RxLengthErrors uint64 RxOverErrors uint64 RxCrcErrors uint64 RxFrameErrors uint64 RxFifoErrors uint64 RxMissedErrors uint64 TxAbortedErrors uint64 TxCarrierErrors uint64 TxFifoErrors uint64 TxHeartbeatErrors uint64 TxWindowErrors uint64 RxCompressed uint64 TxCompressed uint64 }
Ref: struct rtnl_link_stats64 {...}
type LinkUpdate ¶
LinkUpdate is used to pass information back from LinkSubscribe()
type MPLSDestination ¶
type MPLSDestination struct {
Labels []int
}
func (*MPLSDestination) Decode ¶
func (d *MPLSDestination) Decode(buf []byte) error
func (*MPLSDestination) Encode ¶
func (d *MPLSDestination) Encode() ([]byte, error)
func (*MPLSDestination) Family ¶
func (d *MPLSDestination) Family() int
func (*MPLSDestination) String ¶
func (d *MPLSDestination) String() string
type Macvlan ¶
type Macvlan struct { LinkAttrs Mode MacvlanMode }
Macvlan links have ParentIndex set in their Attrs()
type MacvlanMode ¶
type MacvlanMode uint16
const ( MACVLAN_MODE_DEFAULT MacvlanMode = iota MACVLAN_MODE_PRIVATE MACVLAN_MODE_VEPA MACVLAN_MODE_BRIDGE MACVLAN_MODE_PASSTHRU MACVLAN_MODE_SOURCE )
type Macvtap ¶
type Macvtap struct {
Macvlan
}
Macvtap - macvtap is a virtual interfaces based on macvlan
type MirredAction ¶
type MirredAction struct { ActionAttrs MirredAction MirredAct Ifindex int }
func NewMirredAction ¶
func NewMirredAction(redirIndex int) *MirredAction
func (*MirredAction) Attrs ¶
func (action *MirredAction) Attrs() *ActionAttrs
func (*MirredAction) Type ¶
func (action *MirredAction) Type() string
type Neigh ¶
type Neigh struct { LinkIndex int Family int State int Type int Flags int IP net.IP HardwareAddr net.HardwareAddr LLIPAddr net.IP //Used in the case of NHRP }
Neigh represents a link layer neighbor from netlink.
func NeighDeserialize ¶
func NeighList ¶
NeighList gets a list of IP-MAC mappings in the system (ARP table). Equivalent to: `ip neighbor show`. The list can be filtered by link and ip family.
func NeighProxyList ¶
NeighProxyList gets a list of neighbor proxies in the system. Equivalent to: `ip neighbor show proxy`. The list can be filtered by link and ip family.
type Netem ¶
type Netem struct { QdiscAttrs Latency uint32 DelayCorr uint32 Limit uint32 Loss uint32 LossCorr uint32 Gap uint32 Duplicate uint32 DuplicateCorr uint32 Jitter uint32 ReorderProb uint32 ReorderCorr uint32 CorruptProb uint32 CorruptCorr uint32 }
func NewNetem ¶
func NewNetem(attrs QdiscAttrs, nattrs NetemQdiscAttrs) *Netem
NOTE function is here because it uses other linux functions
func (*Netem) Attrs ¶
func (qdisc *Netem) Attrs() *QdiscAttrs
type NetemQdiscAttrs ¶
type NetemQdiscAttrs struct { Latency uint32 // in us DelayCorr float32 // in % Limit uint32 Loss float32 // in % LossCorr float32 // in % Gap uint32 Duplicate float32 // in % DuplicateCorr float32 // in % Jitter uint32 // in us ReorderProb float32 // in % ReorderCorr float32 // in % CorruptProb float32 // in % CorruptCorr float32 // in % }
func (NetemQdiscAttrs) String ¶
func (q NetemQdiscAttrs) String() string
type NextHopFlag ¶
type NextHopFlag int
const ( FLAG_ONLINK NextHopFlag = syscall.RTNH_F_ONLINK FLAG_PERVASIVE NextHopFlag = syscall.RTNH_F_PERVASIVE )
type NexthopInfo ¶
type NexthopInfo struct { LinkIndex int Hops int Gw net.IP Flags int NewDst Destination Encap Encap }
func (*NexthopInfo) ListFlags ¶
func (n *NexthopInfo) ListFlags() []string
func (*NexthopInfo) String ¶
func (n *NexthopInfo) String() string
type PDP ¶
type PDP struct { Version uint32 TID uint64 PeerAddress net.IP MSAddress net.IP Flow uint16 NetNSFD uint32 ITEI uint32 OTEI uint32 }
func GTPPDPList ¶
type PfifoFast ¶
type PfifoFast struct { QdiscAttrs Bands uint8 PriorityMap [PRIORITY_MAP_LEN]uint8 }
PfifoFast is the default qdisc created by the kernel if one has not been defined for the interface
func (*PfifoFast) Attrs ¶
func (qdisc *PfifoFast) Attrs() *QdiscAttrs
type Prio ¶
type Prio struct { QdiscAttrs Bands uint8 PriorityMap [PRIORITY_MAP_LEN]uint8 }
Prio is a basic qdisc that works just like PfifoFast
func NewPrio ¶
func NewPrio(attrs QdiscAttrs) *Prio
func (*Prio) Attrs ¶
func (qdisc *Prio) Attrs() *QdiscAttrs
type Protinfo ¶
type Protinfo struct { Hairpin bool Guard bool FastLeave bool RootBlock bool Learning bool Flood bool ProxyArp bool ProxyArpWiFi bool }
Protinfo represents bridge flags from netlink.
func LinkGetProtinfo ¶
type Proto ¶
type Proto uint8
Proto is an enum representing an ipsec protocol.
const ( XFRM_PROTO_ROUTE2 Proto = syscall.IPPROTO_ROUTING XFRM_PROTO_ESP Proto = syscall.IPPROTO_ESP XFRM_PROTO_AH Proto = syscall.IPPROTO_AH XFRM_PROTO_HAO Proto = syscall.IPPROTO_DSTOPTS XFRM_PROTO_COMP Proto = 0x6c // NOTE not defined on darwin XFRM_PROTO_IPSEC_ANY Proto = syscall.IPPROTO_RAW )
type Qdisc ¶
type Qdisc interface { Attrs() *QdiscAttrs Type() string }
type QdiscAttrs ¶
QdiscAttrs represents a netlink qdisc. A qdisc is associated with a link, has a handle, a parent and a refcnt. The root qdisc of a device should have parent == HANDLE_ROOT.
func (QdiscAttrs) String ¶
func (q QdiscAttrs) String() string
type Route ¶
type Route struct { LinkIndex int ILinkIndex int Scope Scope Dst *net.IPNet Src net.IP Gw net.IP MultiPath []*NexthopInfo Protocol int Priority int Table int Type int Tos int Flags int MPLSDst *int NewDst Destination Encap Encap }
Route represents a netlink route.
func RouteGet ¶
RouteGet gets a route to a specific destination from the host system. Equivalent to: 'ip route get'.
func RouteList ¶
RouteList gets a list of routes in the system. Equivalent to: `ip route show`. The list can be filtered by link and ip family.
func RouteListFiltered ¶
RouteListFiltered gets a list of routes in the system filtered with specified rules. All rules must be defined in RouteFilter struct
func (*Route) ClearFlag ¶
func (r *Route) ClearFlag(flag NextHopFlag)
func (*Route) SetFlag ¶
func (r *Route) SetFlag(flag NextHopFlag)
type RouteUpdate ¶
RouteUpdate is sent when a route changes - type is RTM_NEWROUTE or RTM_DELROUTE
type Rule ¶
type Rule struct { Priority int Family int Table int Mark int Mask int TunID uint Goto int Src *net.IPNet Dst *net.IPNet Flow int IifName string OifName string SuppressIfgroup int SuppressPrefixlen int }
Rule represents a netlink rule.
type Scope ¶
type Scope uint8
Scope is an enum representing a route scope.
const ( SCOPE_UNIVERSE Scope = syscall.RT_SCOPE_UNIVERSE SCOPE_SITE Scope = syscall.RT_SCOPE_SITE SCOPE_LINK Scope = syscall.RT_SCOPE_LINK SCOPE_HOST Scope = syscall.RT_SCOPE_HOST SCOPE_NOWHERE Scope = syscall.RT_SCOPE_NOWHERE )
type Socket ¶
type Socket struct { Family uint8 State uint8 Timer uint8 Retrans uint8 ID SocketID Expires uint32 RQueue uint32 WQueue uint32 UID uint32 INode uint32 }
Socket represents a netlink socket.
type SocketID ¶
type SocketID struct { SourcePort uint16 DestinationPort uint16 Source net.IP Destination net.IP Interface uint32 Cookie [2]uint32 }
SocketID identifies a single socket.
type Tbf ¶
type Tbf struct { QdiscAttrs Rate uint64 Limit uint32 Buffer uint32 Peakrate uint64 Minburst uint32 }
Tbf is a classless qdisc that rate limits based on tokens
func (*Tbf) Attrs ¶
func (qdisc *Tbf) Attrs() *QdiscAttrs
type TcPolAct ¶
type TcPolAct int32
const ( TC_POLICE_UNSPEC TcPolAct = TcPolAct(TC_ACT_UNSPEC) TC_POLICE_OK TcPolAct = TcPolAct(TC_ACT_OK) TC_POLICE_RECLASSIFY TcPolAct = TcPolAct(TC_ACT_RECLASSIFY) TC_POLICE_SHOT TcPolAct = TcPolAct(TC_ACT_SHOT) TC_POLICE_PIPE TcPolAct = TcPolAct(TC_ACT_PIPE) )
type TcU32Key ¶
TcU32Key contained of Sel in the U32 filters. This is the copy and the frontend representation of nl.TcU32Key. It is serialized into chanonical nl.TcU32Sel with the appropriate endianness.
type TcU32Sel ¶
type TcU32Sel struct { Flags uint8 Offshift uint8 Nkeys uint8 Pad uint8 Offmask uint16 Off uint16 Offoff int16 Hoff int16 Hmask uint32 Keys []TcU32Key }
Sel of the U32 filters that contains multiple TcU32Key. This is the copy and the frontend representation of nl.TcU32Sel. It is serialized into canonical nl.TcU32Sel with the appropriate endianness.
type Tuntap ¶
type Tuntap struct { LinkAttrs Mode TuntapMode Flags TuntapFlag }
Tuntap links created via /dev/tun/tap, but can be destroyed via netlink
type TuntapFlag ¶
type TuntapFlag uint16
type TuntapMode ¶
type TuntapMode uint16
type U32 ¶
type U32 struct { FilterAttrs ClassId uint32 RedirIndex int Sel *TcU32Sel Actions []Action }
U32 filters on many packet related properties
func (*U32) Attrs ¶
func (filter *U32) Attrs() *FilterAttrs
type Vxlan ¶
type XfrmMsg ¶
type XfrmMsg interface {
Type() nl.XfrmMsgType
}
type XfrmMsgExpire ¶
func (*XfrmMsgExpire) Type ¶
func (ue *XfrmMsgExpire) Type() nl.XfrmMsgType
type XfrmPolicy ¶
type XfrmPolicy struct { Dst *net.IPNet Src *net.IPNet Proto Proto DstPort int SrcPort int Dir Dir Priority int Index int Mark *XfrmMark Tmpls []XfrmPolicyTmpl }
XfrmPolicy represents an ipsec policy. It represents the overlay network and has a list of XfrmPolicyTmpls representing the base addresses of the policy.
func XfrmPolicyGet ¶
func XfrmPolicyGet(policy *XfrmPolicy) (*XfrmPolicy, error)
XfrmPolicyGet gets a the policy described by the index or selector, if found. Equivalent to: `ip xfrm policy get { SELECTOR | index INDEX } dir DIR [ctx CTX ] [ mark MARK [ mask MASK ] ] [ ptype PTYPE ]`.
func XfrmPolicyList ¶
func XfrmPolicyList(family int) ([]XfrmPolicy, error)
XfrmPolicyList gets a list of xfrm policies in the system. Equivalent to: `ip xfrm policy show`. The list can be filtered by ip family.
func (XfrmPolicy) String ¶
func (p XfrmPolicy) String() string
type XfrmPolicyTmpl ¶
XfrmPolicyTmpl encapsulates a rule for the base addresses of an ipsec policy. These rules are matched with XfrmState to determine encryption and authentication algorithms.
func (XfrmPolicyTmpl) String ¶
func (t XfrmPolicyTmpl) String() string
type XfrmState ¶
type XfrmState struct { Dst net.IP Src net.IP Proto Proto Mode Mode Spi int Reqid int ReplayWindow int Limits XfrmStateLimits Mark *XfrmMark Auth *XfrmStateAlgo Crypt *XfrmStateAlgo Aead *XfrmStateAlgo Encap *XfrmStateEncap ESN bool }
XfrmState represents the state of an ipsec policy. It optionally contains an XfrmStateAlgo for encryption and one for authentication.
func XfrmStateAllocSpi ¶
XfrmStateAllocSpi will allocate an xfrm state in the system. Equivalent to: `ip xfrm state allocspi`
func XfrmStateGet ¶
XfrmStateGet gets the xfrm state described by the ID, if found. Equivalent to: `ip xfrm state get ID [ mark MARK [ mask MASK ] ]`. Only the fields which constitue the SA ID must be filled in: ID := [ src ADDR ] [ dst ADDR ] [ proto XFRM-PROTO ] [ spi SPI ] mark is optional
func XfrmStateList ¶
XfrmStateList gets a list of xfrm states in the system. Equivalent to: `ip [-4|-6] xfrm state show`. The list can be filtered by ip family.
type XfrmStateAlgo ¶
type XfrmStateAlgo struct { Name string Key []byte TruncateLen int // Auth only ICVLen int // AEAD only }
XfrmStateAlgo represents the algorithm to use for the ipsec encryption.
func (XfrmStateAlgo) String ¶
func (a XfrmStateAlgo) String() string
type XfrmStateEncap ¶
XfrmStateEncap represents the encapsulation to use for the ipsec encryption.
func (XfrmStateEncap) String ¶
func (e XfrmStateEncap) String() string
Source Files ¶
- addr.go
- addr_linux.go
- bpf_linux.go
- bridge_linux.go
- class.go
- class_linux.go
- conntrack_linux.go
- filter.go
- filter_linux.go
- genetlink_linux.go
- gtp_linux.go
- handle_linux.go
- link.go
- link_linux.go
- link_tuntap_linux.go
- neigh.go
- neigh_linux.go
- netlink.go
- netlink_linux.go
- order.go
- protinfo.go
- protinfo_linux.go
- qdisc.go
- qdisc_linux.go
- route.go
- route_linux.go
- rule.go
- rule_linux.go
- socket.go
- socket_linux.go
- xfrm.go
- xfrm_monitor_linux.go
- xfrm_policy.go
- xfrm_policy_linux.go
- xfrm_state.go
- xfrm_state_linux.go