ipset

package
v0.10.0-rc0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 13, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

SPDX-License-Identifier: Apache-2.0

Copyright Contributors to the Submariner project.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	// ProtocolFamilyIPV4 represents IPv4 protocol.
	ProtocolFamilyIPV4 = "inet"
	// ProtocolFamilyIPV6 represents IPv6 protocol.
	ProtocolFamilyIPV6 = "inet6"
	// ProtocolTCP represents TCP protocol.
	ProtocolTCP = "tcp"
	// ProtocolUDP represents UDP protocol.
	ProtocolUDP = "udp"
)
View Source 
const DefaultPortRange string = "0-65535"

DefaultPortRange defines the default bitmap:port valid port range.

View Source 
const IPSetCmd = "ipset"

IPSetCmd represents the ipset util. We use ipset command for ipset execute.

Variables

View Source 
var EntryMemberPattern = "(?m)^(.*\n)*Members:\n"

EntryMemberPattern is the regular expression pattern of ipset member list. The raw output of ipset command `ipset list {set}` is similar to, Name: foobar Type: hash:ip,port Revision: 2 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 16592 References: 0 Members: 192.168.1.2,tcp:8080 192.168.1.1,udp:53

View Source 
var NewFunc func() Interface
View Source 
var ValidIPSetTypes = []Type{
	HashIP,
	HashIPPort,
	HashIPPortIP,
	BitmapPort,
	HashIPPortNet,
	HashNet,
	HashNetPort,
}

ValidIPSetTypes defines the supported ip set type.

View Source 
var VersionPattern = "v[0-9]+\\.[0-9]+"

VersionPattern is the regular expression pattern of ipset version string. ipset version output is similar to "v6.10".

Functions

func IsNotFoundError 

func IsNotFoundError(err error) bool

IsNotFoundError returns true if the error indicates "not found". It parses the error string looking for known values, which is imperfect but works in practice.

Types

type Entry 

type Entry struct {
	// IP is the entry's IP.  The IP address protocol corresponds to the HashFamily of IPSet.
	// All entries' IP addresses in the same ip set has same the protocol, IPv4 or IPv6.
	IP string
	// Port is the entry's Port.
	Port int
	// Protocol is the entry's Protocol.  The protocols of entries in the same ip set are all
	// the same.  The accepted protocols are TCP and UDP.
	Protocol string
	// Net is the entry's IP network address.  Network address with zero prefix size can NOT
	// be stored.
	Net string
	// IP2 is the entry's second IP.  IP2 may not be empty for `hash:ip,port,ip` type ip set.
	IP2 string
	// SetType is the type of ipset where the entry exists.
	SetType Type
	//  [ timeout value ] [ packets value ] [ bytes value ] [ comment string ] [ skbmark value ] [ skbprio value ] [ skbqueue value ]
	Options []string
}

Entry represents a ipset entry.

func (*Entry) String 

func (e *Entry) String() string

String returns the string format for ipset entry.

func (*Entry) Validate 

func (e *Entry) Validate(set *IPSet) bool

Validate checks if a given ipset entry is valid or not. The set parameter is the ipset that entry belongs to.

type IPSet 

type IPSet struct {
	// Name is the set name.
	Name string
	// SetType specifies the ipset type.
	SetType Type
	// HashFamily specifies the protocol family of the IP addresses to be stored in the set.
	// The default is inet, i.e IPv4.  If users want to use IPv6, they should specify inet6.
	HashFamily string
	// HashSize specifies the hash table size of ipset.
	HashSize int
	// MaxElem specifies the max element number of ipset.
	MaxElem int
	// PortRange specifies the port range of bitmap:port type ipset.
	PortRange string
}

IPSet implements an Interface to an set.

func (*IPSet) Validate 

func (set *IPSet) Validate() bool

#lizard forgives Validate checks if a given ipset is valid or not.

type Interface 

type Interface interface {
	// FlushSet deletes all entries from a named set.
	FlushSet(set string) error
	// DestroySet deletes a named set.
	DestroySet(set string) error
	// DestroyAllSets deletes all sets.
	DestroyAllSets() error
	// CreateSet creates a new set.  It will ignore error when the set already exists if ignoreExistErr=true.
	CreateSet(set *IPSet, ignoreExistErr bool) error
	// AddEntry adds a new entry to the named set.  It will ignore error when the entry already exists if ignoreExistErr=true.
	AddEntry(entry string, set *IPSet, ignoreExistErr bool) error
	// DelEntry deletes one entry from the named set
	DelEntry(entry string, set string) error
	// Test test if an entry exists in the named set
	TestEntry(entry string, set string) (bool, error)
	// ListEntries lists all the entries from a named set
	ListEntries(set string) ([]string, error)
	// ListSets list all set names from kernel
	ListSets() ([]string, error)
	// GetVersion returns the "X.Y" version string for ipset.
	GetVersion() (string, error)

	AddEntryWithOptions(entry *Entry, set *IPSet, ignoreExistErr bool) error

	DelEntryWithOptions(set, entry string, options ...string) error

	ListAllSetInfo() (string, error)
}

Interface is an injectable interface for running ipset commands. Implementations must be goroutine-safe.

func New 

func New(exec utilexec.Interface) Interface

New returns a new Interface which will exec ipset.

type Named 

type Named interface {
	Name() string
	Flush() error
	Destroy() error
	Create(ignoreExistErr bool) error
	AddEntry(entry string, ignoreExistErr bool) error
	DelEntry(entry string) error
	TestEntry(entry string) (bool, error)
	ListEntries() ([]string, error)
}

func NewNamed 

func NewNamed(set IPSet, iface Interface) Named

type Type 

type Type string

Type represents the ipset type 

const (
	HashIP Type = "hash:ip"
	// HashIPPort represents the `hash:ip,port` type ipset.  The hash:ip,port is similar to hash:ip but
	// you can store IP address and protocol-port pairs in it.  TCP, SCTP, UDP, UDPLITE, ICMP and ICMPv6 are supported
	// with port numbers/ICMP(v6) types and other protocol numbers without port information.
	HashIPPort Type = "hash:ip,port"
	// HashIPPortIP represents the `hash:ip,port,ip` type ipset.  The hash:ip,port,ip set type uses a hash to store
	// IP address, port number and a second IP address triples.  The port number is interpreted together with a
	// protocol (default TCP) and zero protocol number cannot be used.
	HashIPPortIP Type = "hash:ip,port,ip"
	// HashIPPortNet represents the `hash:ip,port,net` type ipset.  The hash:ip,port,net set type uses a hash
	// to store IP address, port number and IP network address triples.  The port number is interpreted together
	// with a protocol (default TCP) and zero protocol number cannot be used. Network address with zero prefix
	// size cannot be stored either.
	HashIPPortNet Type = "hash:ip,port,net"
	// BitmapPort represents the `bitmap:port` type ipset.  The bitmap:port set type uses a memory range, where each bit
	// represents one TCP/UDP port.  A bitmap:port type of set can store up to 65535 ports.
	BitmapPort Type = "bitmap:port"

	HashNet Type = "hash:net"

	HashNetPort Type = "hash:net,port"
)

Source Files

View all Source files

Directories

Path Synopsis
SPDX-License-Identifier: Apache-2.0 Copyright Contributors to the Submariner project.
 SPDX-License-Identifier: Apache-2.0 Copyright Contributors to the Submariner project.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.