Documentation
¶
Index ¶
- type ConnTrack
- type Hook
- type ICMPRateLimiter
- type IPHeaderFilter
- type IPTables
- type Matcher
- type NUDConfigurations
- type NUDDispatcher
- type NeighborEntry
- type NeighborState
- type NetworkInterface
- type NetworkProtocol
- type PacketBuffer
- type PacketBufferList
- type PacketBufferOptions
- type PrimaryEndpointBehavior
- type RawFactory
- type RawTransportEndpoint
- type ResumableEndpoint
- type Route
- type Rule
- type Stack
- func (s *Stack) AddAddress(id tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address) tcpip.Error
- func (s *Stack) AddAddressWithOptions(id tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address, ...) tcpip.Error
- func (s *Stack) AddProtocolAddressWithOptions(id tcpip.NICID, protocolAddress tcpip.ProtocolAddress, ...) tcpip.Error
- func (s *Stack) NewEndpoint(transport tcpip.TransportProtocolNumber, network tcpip.NetworkProtocolNumber, ...) (tcpip.Endpoint, tcpip.Error)
- func (s *Stack) RemoveAddress(id tcpip.NICID, addr tcpip.Address) tcpip.Error
- func (s *Stack) UniqueID() uint64
- type Table
- type TableID
- type Target
- type TransportEndpoint
- type TransportEndpointID
- type TransportError
- type TransportErrorKind
- type TransportProtocol
- type UniqueID
- type UnknownDestinationPacketDisposition
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ConnTrack ¶
type ConnTrack struct {
// contains filtered or unexported fields
}
ConnTrack tracks all connections created for NAT rules. Most users are expected to only call handlePacket, insertRedirectConn, and maybeInsertNoop.
ConnTrack keeps all connections in a slice of buckets, each of which holds a linked list of tuples. This gives us some desirable properties:
- Each bucket has its own lock, lessening lock contention.
- The slice is large enough that lists stay short (<10 elements on average). Thus traversal is fast.
- During linked list traversal we reap expired connections. This amortizes the cost of reaping them and makes reapUnused faster.
Locks are ordered by their location in the buckets slice. That is, a goroutine that locks buckets[i] can only lock buckets[j] s.t. i < j.
+stateify savable
type Hook ¶
type Hook uint
const ( // Prerouting happens before a packet is routed to applications or to // be forwarded. Prerouting Hook = iota // Input happens before a packet reaches an application. Input // Forward happens once it's decided that a packet should be forwarded // to another host. Forward // Output happens after a packet is written by an application to be // sent out. Output // Postrouting happens just before a packet goes out on the wire. Postrouting // NumHooks is the total number of hooks. NumHooks )
type ICMPRateLimiter ¶
ICMPRateLimiter is a global rate limiter that controls the generation of ICMP messages generated by the stack.
type IPHeaderFilter ¶
type IPHeaderFilter struct {
// Protocol matches the transport protocol.
Protocol tcpip.TransportProtocolNumber
// CheckProtocol determines whether the Protocol field should be
// checked during matching.
CheckProtocol bool
// Dst matches the destination IP address.
Dst tcpip.Address
// DstMask masks bits of the destination IP address when comparing with
// Dst.
DstMask tcpip.Address
// DstInvert inverts the meaning of the destination IP check, i.e. when
// true the filter will match packets that fail the destination
// comparison.
DstInvert bool
// Src matches the source IP address.
Src tcpip.Address
// SrcMask masks bits of the source IP address when comparing with Src.
SrcMask tcpip.Address
// SrcInvert inverts the meaning of the source IP check, i.e. when true the
// filter will match packets that fail the source comparison.
SrcInvert bool
// InputInterface matches the name of the incoming interface for the packet.
InputInterface string
// InputInterfaceMask masks the characters of the interface name when
// comparing with InputInterface.
InputInterfaceMask string
// InputInterfaceInvert inverts the meaning of incoming interface check,
// i.e. when true the filter will match packets that fail the incoming
// interface comparison.
InputInterfaceInvert bool
// OutputInterface matches the name of the outgoing interface for the packet.
OutputInterface string
// OutputInterfaceMask masks the characters of the interface name when
// comparing with OutputInterface.
OutputInterfaceMask string
// OutputInterfaceInvert inverts the meaning of outgoing interface check,
// i.e. when true the filter will match packets that fail the outgoing
// interface comparison.
OutputInterfaceInvert bool
}
IPHeaderFilter performs basic IP header matching common to every rule.
+stateify savable
type IPTables ¶
type IPTables struct {
// contains filtered or unexported fields
}
IPTables holds all the tables for a netstack.
+stateify savable
type Matcher ¶
type Matcher interface {
// Match returns whether the packet matches and whether the packet
// should be "hotdropped", i.e. dropped immediately. This is usually
// used for suspicious packets.
//
// Precondition: packet.NetworkHeader is set.
Match(hook Hook, packet *PacketBuffer, inputInterfaceName, outputInterfaceName string) (matches bool, hotdrop bool)
}
A Matcher is the interface for matching packets.
type NUDConfigurations ¶
type NUDConfigurations struct {
// BaseReachableTime is the base duration for computing the random reachable
// time.
//
// Reachable time is the duration for which a neighbor is considered
// reachable after a positive reachability confirmation is received. It is a
// function of uniformly distributed random value between minRandomFactor and
// maxRandomFactor multiplied by baseReachableTime. Using a random component
// eliminates the possibility that Neighbor Unreachability Detection messages
// will synchronize with each other.
//
// After this time, a neighbor entry will transition from REACHABLE to STALE
// state.
//
// Must be greater than 0.
BaseReachableTime time.Duration
// LearnBaseReachableTime enables learning BaseReachableTime during runtime
// from the neighbor discovery protocol, if supported.
//
// TODO(gvisor.dev/issue/2240): Implement this NUD configuration option.
LearnBaseReachableTime bool
// MinRandomFactor is the minimum value of the random factor used for
// computing reachable time.
//
// See BaseReachbleTime for more information on computing the reachable time.
//
// Must be greater than 0.
MinRandomFactor float32
// MaxRandomFactor is the maximum value of the random factor used for
// computing reachabile time.
//
// See BaseReachbleTime for more information on computing the reachable time.
//
// Must be great than or equal to MinRandomFactor.
MaxRandomFactor float32
// RetransmitTimer is the duration between retransmission of reachability
// probes in the PROBE state.
RetransmitTimer time.Duration
// LearnRetransmitTimer enables learning RetransmitTimer during runtime from
// the neighbor discovery protocol, if supported.
//
// TODO(gvisor.dev/issue/2241): Implement this NUD configuration option.
LearnRetransmitTimer bool
// DelayFirstProbeTime is the duration to wait for a non-Neighbor-Discovery
// related protocol to reconfirm reachability after entering the DELAY state.
// After this time, a reachability probe will be sent and the entry will
// transition to the PROBE state.
//
// Must be greater than 0.
DelayFirstProbeTime time.Duration
// MaxMulticastProbes is the number of reachability probes to send before
// concluding negative reachability and deleting the neighbor entry from the
// INCOMPLETE state.
//
// Must be greater than 0.
MaxMulticastProbes uint32
// MaxUnicastProbes is the number of reachability probes to send before
// concluding retransmission from within the PROBE state should cease and
// entry SHOULD be deleted.
//
// Must be greater than 0.
MaxUnicastProbes uint32
// MaxAnycastDelayTime is the time in which the stack SHOULD delay sending a
// response for a random time between 0 and this time, if the target address
// is an anycast address.
//
// TODO(gvisor.dev/issue/2242): Use this option when sending solicited
// neighbor confirmations to anycast addresses and proxying neighbor
// confirmations.
MaxAnycastDelayTime time.Duration
// MaxReachabilityConfirmations is the number of unsolicited reachability
// confirmation messages a node MAY send to all-node multicast address when
// it determines its link-layer address has changed.
//
// TODO(gvisor.dev/issue/2246): Discuss if implementation of this NUD
// configuration option is necessary.
MaxReachabilityConfirmations uint32
}
NUDConfigurations is the NUD configurations for the netstack. This is used by the neighbor cache to operate the NUD state machine on each device in the local network.
type NUDDispatcher ¶
type NUDDispatcher interface {
// OnNeighborAdded will be called when a new entry is added to a NIC's (with
// ID nicID) neighbor table.
//
// This function is permitted to block indefinitely without interfering with
// the stack's operation.
//
// May be called concurrently.
OnNeighborAdded(tcpip.NICID, NeighborEntry)
// OnNeighborChanged will be called when an entry in a NIC's (with ID nicID)
// neighbor table changes state and/or link address.
//
// This function is permitted to block indefinitely without interfering with
// the stack's operation.
//
// May be called concurrently.
OnNeighborChanged(tcpip.NICID, NeighborEntry)
// OnNeighborRemoved will be called when an entry is removed from a NIC's
// (with ID nicID) neighbor table.
//
// This function is permitted to block indefinitely without interfering with
// the stack's operation.
//
// May be called concurrently.
OnNeighborRemoved(tcpip.NICID, NeighborEntry)
}
NUDDispatcher is the interface integrators of netstack must implement to receive and handle NUD related events.
type NeighborEntry ¶
type NeighborEntry struct {
Addr tcpip.Address
LinkAddr tcpip.LinkAddress
State NeighborState
UpdatedAt time.Time
}
NeighborEntry describes a neighboring device in the local network.
type NeighborState ¶
type NeighborState uint8
NeighborState defines the state of a NeighborEntry within the Neighbor Unreachability Detection state machine, as per RFC 4861 section 7.3.2 and RFC 7048.
type NetworkInterface ¶
type NetworkInterface interface {
NetworkLinkEndpoint
// ID returns the interface's ID.
ID() tcpip.NICID
// IsLoopback returns true if the interface is a loopback interface.
IsLoopback() bool
// Name returns the name of the interface.
//
// May return an empty string if the interface is not configured with a name.
Name() string
// Enabled returns true if the interface is enabled.
Enabled() bool
// Promiscuous returns true if the interface is in promiscuous mode.
//
// When in promiscuous mode, the interface should accept all packets.
Promiscuous() bool
// Spoofing returns true if the interface is in spoofing mode.
//
// When in spoofing mode, the interface should consider all addresses as
// assigned to it.
Spoofing() bool
// PrimaryAddress returns the primary address associated with the interface.
//
// PrimaryAddress will return the first non-deprecated address if such an
// address exists. If no non-deprecated addresses exist, the first deprecated
// address will be returned. If no deprecated addresses exist, the zero value
// will be returned.
PrimaryAddress(tcpip.NetworkProtocolNumber) (tcpip.AddressWithPrefix, tcpip.Error)
// CheckLocalAddress returns true if the address exists on the interface.
CheckLocalAddress(tcpip.NetworkProtocolNumber, tcpip.Address) bool
// WritePacketToRemote writes the packet to the given remote link address.
WritePacketToRemote(tcpip.LinkAddress, tcpip.NetworkProtocolNumber, *PacketBuffer) tcpip.Error
// WritePacket writes a packet with the given protocol through the given
// route.
//
// WritePacket takes ownership of the packet buffer. The packet buffer's
// network and transport header must be set.
WritePacket(*Route, tcpip.NetworkProtocolNumber, *PacketBuffer) tcpip.Error
// WritePackets writes packets with the given protocol through the given
// route. Must not be called with an empty list of packet buffers.
//
// WritePackets takes ownership of the packet buffers.
//
// Right now, WritePackets is used only when the software segmentation
// offload is enabled. If it will be used for something else, syscall filters
// may need to be updated.
WritePackets(*Route, PacketBufferList, tcpip.NetworkProtocolNumber) (int, tcpip.Error)
// HandleNeighborProbe processes an incoming neighbor probe (e.g. ARP
// request or NDP Neighbor Solicitation).
//
// HandleNeighborProbe assumes that the probe is valid for the network
// interface the probe was received on.
HandleNeighborProbe(tcpip.NetworkProtocolNumber, tcpip.Address, tcpip.LinkAddress) tcpip.Error
// HandleNeighborConfirmation processes an incoming neighbor confirmation
// (e.g. ARP reply or NDP Neighbor Advertisement).
HandleNeighborConfirmation(tcpip.NetworkProtocolNumber, tcpip.Address, tcpip.LinkAddress, ReachabilityConfirmationFlags) tcpip.Error
}
NetworkInterface is a network interface.
type NetworkProtocol ¶
type NetworkProtocol interface {
// Number returns the network protocol number.
Number() tcpip.NetworkProtocolNumber
// MinimumPacketSize returns the minimum valid packet size of this
// network protocol. The stack automatically drops any packets smaller
// than this targeted at this protocol.
MinimumPacketSize() int
// DefaultPrefixLen returns the protocol's default prefix length.
DefaultPrefixLen() int
// ParseAddresses returns the source and destination addresses stored in a
// packet of this protocol.
ParseAddresses(v buffer.View) (src, dst tcpip.Address)
// NewEndpoint creates a new endpoint of this protocol.
NewEndpoint(nic NetworkInterface, dispatcher TransportDispatcher) NetworkEndpoint
// SetOption allows enabling/disabling protocol specific features.
// SetOption returns an error if the option is not supported or the
// provided option value is invalid.
SetOption(option tcpip.SettableNetworkProtocolOption) tcpip.Error
// Option allows retrieving protocol specific option values.
// Option returns an error if the option is not supported or the
// provided option value is invalid.
Option(option tcpip.GettableNetworkProtocolOption) tcpip.Error
// Close requests that any worker goroutines owned by the protocol
// stop.
Close()
// Wait waits for any worker goroutines owned by the protocol to stop.
Wait()
// Parse sets pkt.NetworkHeader and trims pkt.Data appropriately. It
// returns:
// - The encapsulated protocol, if present.
// - Whether there is an encapsulated transport protocol payload (e.g. ARP
// does not encapsulate anything).
// - Whether pkt.Data was large enough to parse and set pkt.NetworkHeader.
Parse(pkt *PacketBuffer) (proto tcpip.TransportProtocolNumber, hasTransportHdr bool, ok bool)
}
NetworkProtocol is the interface that needs to be implemented by network protocols (e.g., ipv4, ipv6) that want to be part of the networking stack.
type PacketBuffer ¶
type PacketBuffer struct {
// PacketBufferEntry is used to build an intrusive list of
// PacketBuffers.
PacketBufferEntry
// NetworkProtocolNumber is only valid when NetworkHeader().View().IsEmpty()
// returns false.
// TODO(gvisor.dev/issue/3574): Remove the separately passed protocol
// numbers in registration APIs that take a PacketBuffer.
NetworkProtocolNumber tcpip.NetworkProtocolNumber
// TransportProtocol is only valid if it is non zero.
// TODO(gvisor.dev/issue/3810): This and the network protocol number should
// be moved into the headerinfo. This should resolve the validity issue.
TransportProtocolNumber tcpip.TransportProtocolNumber
// Hash is the transport layer hash of this packet. A value of zero
// indicates no valid hash has been set.
Hash uint32
// Owner is implemented by task to get the uid and gid.
// Only set for locally generated packets.
Owner tcpip.PacketOwner
// The following fields are only set by the qdisc layer when the packet
// is added to a queue.
EgressRoute RouteInfo
GSOOptions GSO
// NatDone indicates if the packet has been manipulated as per NAT
// iptables rule.
NatDone bool
// PktType indicates the SockAddrLink.PacketType of the packet as defined in
// https://www.man7.org/linux/man-pages/man7/packet.7.html.
PktType tcpip.PacketType
// NICID is the ID of the last interface the network packet was handled at.
NICID tcpip.NICID
// RXTransportChecksumValidated indicates that transport checksum verification
// may be safely skipped.
RXTransportChecksumValidated bool
// NetworkPacketInfo holds an incoming packet's network-layer information.
NetworkPacketInfo NetworkPacketInfo
// contains filtered or unexported fields
}
A PacketBuffer contains all the data of a network packet.
As a PacketBuffer traverses up the stack, it may be necessary to pass it to multiple endpoints.
The whole packet is expected to be a series of bytes in the following order: LinkHeader, NetworkHeader, TransportHeader, and Data. Any of them can be empty. Use of PacketBuffer in any other order is unsupported.
PacketBuffer must be created with NewPacketBuffer.
Internal structure: A PacketBuffer holds a pointer to buffer.Buffer, which exposes a logically-contiguous byte storage. The underlying storage structure is abstracted out, and should not be a concern here for most of the time.
|- reserved ->|
|--->| consumed (incoming)
0 V V +--------+----+----+--------------------+ | | | | current data ... | (buf) +--------+----+----+--------------------+
^ | |<---| pushed (outgoing)
When a PacketBuffer is created, a `reserved` header region can be specified, which stack pushes headers in this region for an outgoing packet. There could be no such region for an incoming packet, and `reserved` is 0. The value of `reserved` never changes in the entire lifetime of the packet.
Outgoing Packet: When a header is pushed, `pushed` gets incremented by the pushed length, and the current value is stored for each header. PacketBuffer substracts this value from `reserved` to compute the starting offset of each header in `buf`.
Incoming Packet: When a header is consumed (a.k.a. parsed), the current `consumed` value is stored for each header, and it gets incremented by the consumed length. PacketBuffer adds this value to `reserved` to compute the starting offset of each header in `buf`.
func (*PacketBuffer) Views ¶
func (pk *PacketBuffer) Views() []tcpipbuffer.View
Views returns the underlying storage of the whole packet.
type PacketBufferList ¶
type PacketBufferList struct {
// contains filtered or unexported fields
}
List is an intrusive list. Entries can be added to or removed from the list in O(1) time and with no additional memory allocations.
The zero value for List is an empty list ready to use.
To iterate over a list (where l is a List):
for e := l.Front(); e != nil; e = e.Next() {
// do something with e.
}
+stateify savable
type PacketBufferOptions ¶
type PacketBufferOptions struct {
// ReserveHeaderBytes is the number of bytes to reserve for headers. Total
// number of bytes pushed onto the headers must not exceed this value.
ReserveHeaderBytes int
// Data is the initial unparsed data for the new packet. If set, it will be
// owned by the new packet.
Data tcpipbuffer.VectorisedView
// IsForwardedPacket identifies that the PacketBuffer being created is for a
// forwarded packet.
IsForwardedPacket bool
}
PacketBufferOptions specifies options for PacketBuffer creation.
type PrimaryEndpointBehavior ¶
type PrimaryEndpointBehavior int
PrimaryEndpointBehavior is an enumeration of an AddressEndpoint's primary behavior.
const ( // CanBePrimaryEndpoint indicates the endpoint can be used as a primary // endpoint for new connections with no local address. This is the // default when calling NIC.AddAddress. CanBePrimaryEndpoint PrimaryEndpointBehavior = iota // FirstPrimaryEndpoint indicates the endpoint should be the first // primary endpoint considered. If there are multiple endpoints with // this behavior, they are ordered by recency. FirstPrimaryEndpoint // NeverPrimaryEndpoint indicates the endpoint should never be a // primary endpoint. NeverPrimaryEndpoint )
type RawFactory ¶
type RawFactory interface {
// NewUnassociatedEndpoint produces endpoints for writing packets not
// associated with a particular transport protocol. Such endpoints can
// be used to write arbitrary packets that include the network header.
NewUnassociatedEndpoint(stack *Stack, netProto tcpip.NetworkProtocolNumber, transProto tcpip.TransportProtocolNumber, waiterQueue *waiter.Queue) (tcpip.Endpoint, tcpip.Error)
// NewPacketEndpoint produces endpoints for reading and writing packets
// that include network and (when cooked is false) link layer headers.
NewPacketEndpoint(stack *Stack, cooked bool, netProto tcpip.NetworkProtocolNumber, waiterQueue *waiter.Queue) (tcpip.Endpoint, tcpip.Error)
}
RawFactory produces endpoints for writing various types of raw packets.
type RawTransportEndpoint ¶
type RawTransportEndpoint interface {
// HandlePacket is called by the stack when new packets arrive to
// this transport endpoint. The packet contains all data from the link
// layer up.
//
// HandlePacket takes ownership of the packet.
HandlePacket(*PacketBuffer)
}
RawTransportEndpoint is the interface that needs to be implemented by raw transport protocol endpoints. RawTransportEndpoints receive the entire packet - including the network and transport headers - as delivered to netstack.
type ResumableEndpoint ¶
type ResumableEndpoint interface {
// Resume resumes an endpoint after restore. This can be used to restart
// background workers such as protocol goroutines. This must be called after
// all indirect dependencies of the endpoint has been restored, which
// generally implies at the end of the restore process.
Resume(*Stack)
}
ResumableEndpoint is an endpoint that needs to be resumed after restore.
type Route ¶
type Route struct {
// contains filtered or unexported fields
}
Route represents a route through the networking stack to a given destination.
It is safe to call Route's methods from multiple goroutines.
type Rule ¶
type Rule struct {
// Filter holds basic IP filtering fields common to every rule.
Filter IPHeaderFilter
// Matchers is the list of matchers for this rule.
Matchers []Matcher
// Target is the action to invoke if all the matchers match the packet.
Target Target
}
A Rule is a packet processing rule. It consists of two pieces. First it contains zero or more matchers, each of which is a specification of which packets this rule applies to. If there are no matchers in the rule, it applies to any packet.
+stateify savable
type Stack ¶
type Stack struct {
*ports.PortManager
// contains filtered or unexported fields
}
Stack is a networking stack, with all supported protocols, NICs, and route table.
func (*Stack) AddAddress ¶
func (s *Stack) AddAddress(id tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address) tcpip.Error
AddAddress adds a new network-layer address to the specified NIC.
func (*Stack) AddAddressWithOptions ¶
func (s *Stack) AddAddressWithOptions(id tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address, peb PrimaryEndpointBehavior) tcpip.Error
AddAddressWithOptions is the same as AddAddress, but allows you to specify whether the new endpoint can be primary or not.
func (*Stack) AddProtocolAddressWithOptions ¶
func (s *Stack) AddProtocolAddressWithOptions(id tcpip.NICID, protocolAddress tcpip.ProtocolAddress, peb PrimaryEndpointBehavior) tcpip.Error
AddProtocolAddressWithOptions is the same as AddProtocolAddress, but allows you to specify whether the new endpoint can be primary or not.
func (*Stack) NewEndpoint ¶
func (s *Stack) NewEndpoint(transport tcpip.TransportProtocolNumber, network tcpip.NetworkProtocolNumber, waiterQueue *waiter.Queue) (tcpip.Endpoint, tcpip.Error)
NewEndpoint creates a new transport layer endpoint of the given protocol.
func (*Stack) RemoveAddress ¶
RemoveAddress removes an existing network-layer address from the specified NIC.
type Table ¶
type Table struct {
// Rules holds the rules that make up the table.
Rules []Rule
// BuiltinChains maps builtin chains to their entrypoint rule in Rules.
BuiltinChains [NumHooks]int
// Underflows maps builtin chains to their underflow rule in Rules
// (i.e. the rule to execute if the chain returns without a verdict).
Underflows [NumHooks]int
}
A Table defines a set of chains and hooks into the network stack.
It is a list of Rules, entry points (BuiltinChains), and error handlers (Underflows). As packets traverse netstack, they hit hooks. When a packet hits a hook, iptables compares it to Rules starting from that hook's entry point. So if a packet hits the Input hook, we look up the corresponding entry point in BuiltinChains and jump to that point.
If the Rule doesn't match the packet, iptables continues to the next Rule. If a Rule does match, it can issue a verdict on the packet (e.g. RuleAccept or RuleDrop) that causes the packet to stop traversing iptables. It can also jump to other rules or perform custom actions based on Rule.Target.
Underflow Rules are invoked when a chain returns without reaching a verdict.
+stateify savable
type Target ¶
type Target interface {
// Action takes an action on the packet and returns a verdict on how
// traversal should (or should not) continue. If the return value is
// Jump, it also returns the index of the rule to jump to.
Action(*PacketBuffer, *ConnTrack, Hook, *Route, tcpip.Address) (RuleVerdict, int)
}
A Target is the interface for taking an action for a packet.
type TransportEndpoint ¶
type TransportEndpoint interface {
// UniqueID returns an unique ID for this transport endpoint.
UniqueID() uint64
// HandlePacket is called by the stack when new packets arrive to this
// transport endpoint. It sets the packet buffer's transport header.
//
// HandlePacket takes ownership of the packet.
HandlePacket(TransportEndpointID, *PacketBuffer)
// HandleError is called when the transport endpoint receives an error.
//
// HandleError takes ownership of the packet buffer.
HandleError(TransportError, *PacketBuffer)
// Abort initiates an expedited endpoint teardown. It puts the endpoint
// in a closed state and frees all resources associated with it. This
// cleanup may happen asynchronously. Wait can be used to block on this
// asynchronous cleanup.
Abort()
// Wait waits for any worker goroutines owned by the endpoint to stop.
//
// An endpoint can be requested to stop its worker goroutines by calling
// its Close method.
//
// Wait will not block if the endpoint hasn't started any goroutines
// yet, even if it might later.
Wait()
}
TransportEndpoint is the interface that needs to be implemented by transport protocol (e.g., tcp, udp) endpoints that can handle packets.
type TransportEndpointID ¶
type TransportEndpointID struct {
// LocalPort is the local port associated with the endpoint.
LocalPort uint16
// LocalAddress is the local [network layer] address associated with
// the endpoint.
LocalAddress tcpip.Address
// RemotePort is the remote port associated with the endpoint.
RemotePort uint16
// RemoteAddress it the remote [network layer] address associated with
// the endpoint.
RemoteAddress tcpip.Address
}
TransportEndpointID is the identifier of a transport layer protocol endpoint.
+stateify savable
type TransportError ¶
type TransportError interface {
tcpip.SockErrorCause
// Kind returns the type of the transport error.
Kind() TransportErrorKind
}
TransportError is a marker interface for errors that may be handled by the transport layer.
type TransportErrorKind ¶
type TransportErrorKind int
TransportErrorKind enumerates error types that are handled by the transport layer.
type TransportProtocol ¶
type TransportProtocol interface {
// Number returns the transport protocol number.
Number() tcpip.TransportProtocolNumber
// NewEndpoint creates a new endpoint of the transport protocol.
NewEndpoint(netProto tcpip.NetworkProtocolNumber, waitQueue *waiter.Queue) (tcpip.Endpoint, tcpip.Error)
// NewRawEndpoint creates a new raw endpoint of the transport protocol.
NewRawEndpoint(netProto tcpip.NetworkProtocolNumber, waitQueue *waiter.Queue) (tcpip.Endpoint, tcpip.Error)
// MinimumPacketSize returns the minimum valid packet size of this
// transport protocol. The stack automatically drops any packets smaller
// than this targeted at this protocol.
MinimumPacketSize() int
// ParsePorts returns the source and destination ports stored in a
// packet of this protocol.
ParsePorts(v buffer.View) (src, dst uint16, err tcpip.Error)
// HandleUnknownDestinationPacket handles packets targeted at this
// protocol that don't match any existing endpoint. For example,
// it is targeted at a port that has no listeners.
//
// HandleUnknownDestinationPacket takes ownership of the packet if it handles
// the issue.
HandleUnknownDestinationPacket(TransportEndpointID, *PacketBuffer) UnknownDestinationPacketDisposition
// SetOption allows enabling/disabling protocol specific features.
// SetOption returns an error if the option is not supported or the
// provided option value is invalid.
SetOption(option tcpip.SettableTransportProtocolOption) tcpip.Error
// Option allows retrieving protocol specific option values.
// Option returns an error if the option is not supported or the
// provided option value is invalid.
Option(option tcpip.GettableTransportProtocolOption) tcpip.Error
// Close requests that any worker goroutines owned by the protocol
// stop.
Close()
// Wait waits for any worker goroutines owned by the protocol to stop.
Wait()
// Parse sets pkt.TransportHeader and trims pkt.Data appropriately. It does
// neither and returns false if pkt.Data is too small, i.e. pkt.Data.Size() <
// MinimumPacketSize()
Parse(pkt *PacketBuffer) (ok bool)
}
TransportProtocol is the interface that needs to be implemented by transport protocols (e.g., tcp, udp) that want to be part of the networking stack.
type UniqueID ¶
type UniqueID interface {
UniqueID() uint64
}
UniqueID is an abstract generator of unique identifiers.
type UnknownDestinationPacketDisposition ¶
type UnknownDestinationPacketDisposition int
UnknownDestinationPacketDisposition enumerates the possible return values from HandleUnknownDestinationPacket().
Source Files