Documentation ¶
Overview ¶
Package stack provides the glue between networking protocols and the consumers of the networking stack.
For consumers, the only function of interest is New(), everything else is provided by the tcpip/public package.
Index ¶
- Constants
- func BufferSince(h PacketHeader) buffer.Buffer
- func MergeFragment(dst, frag *PacketBuffer)
- func PayloadSince(h PacketHeader) *buffer.View
- type AcceptTarget
- type AddressAssignmentState
- type AddressConfigType
- type AddressDispatcher
- type AddressEndpoint
- type AddressKind
- type AddressLifetimes
- type AddressProperties
- type AddressRemovalReason
- type AddressableEndpoint
- type AddressableEndpointState
- func (a *AddressableEndpointState) AcquireAssignedAddress(localAddr tcpip.Address, allowTemp bool, tempPEB PrimaryEndpointBehavior, ...) AddressEndpoint
- func (a *AddressableEndpointState) AcquireAssignedAddressOrMatching(localAddr tcpip.Address, f func(AddressEndpoint) bool, allowTemp bool, ...) AddressEndpoint
- func (a *AddressableEndpointState) AcquireOutgoingPrimaryAddress(remoteAddr tcpip.Address, srcHint tcpip.Address, allowExpired bool) AddressEndpoint
- func (a *AddressableEndpointState) AddAndAcquireAddress(addr tcpip.AddressWithPrefix, properties AddressProperties, kind AddressKind) (AddressEndpoint, tcpip.Error)
- func (a *AddressableEndpointState) AddAndAcquirePermanentAddress(addr tcpip.AddressWithPrefix, properties AddressProperties) (AddressEndpoint, tcpip.Error)
- func (a *AddressableEndpointState) AddAndAcquireTemporaryAddress(addr tcpip.AddressWithPrefix, peb PrimaryEndpointBehavior) (AddressEndpoint, tcpip.Error)
- func (a *AddressableEndpointState) Cleanup()
- func (a *AddressableEndpointState) ForEachEndpoint(f func(AddressEndpoint) bool)
- func (a *AddressableEndpointState) ForEachPrimaryEndpoint(f func(AddressEndpoint) bool)
- func (a *AddressableEndpointState) GetAddress(addr tcpip.Address) AddressEndpoint
- func (a *AddressableEndpointState) Init(networkEndpoint NetworkEndpoint, options AddressableEndpointStateOptions)
- func (a *AddressableEndpointState) MainAddress() tcpip.AddressWithPrefix
- func (a *AddressableEndpointState) OnNetworkEndpointEnabledChanged()
- func (a *AddressableEndpointState) PermanentAddresses() []tcpip.AddressWithPrefix
- func (a *AddressableEndpointState) PrimaryAddresses() []tcpip.AddressWithPrefix
- func (a *AddressableEndpointState) RemovePermanentAddress(addr tcpip.Address) tcpip.Error
- func (a *AddressableEndpointState) RemovePermanentEndpoint(ep AddressEndpoint, reason AddressRemovalReason) tcpip.Error
- func (a *AddressableEndpointState) SetDeprecated(addr tcpip.Address, deprecated bool) tcpip.Error
- func (a *AddressableEndpointState) SetLifetimes(addr tcpip.Address, lifetimes AddressLifetimes) tcpip.Error
- type AddressableEndpointStateOptions
- type AssignableAddressEndpoint
- type BridgeEndpoint
- func (b *BridgeEndpoint) ARPHardwareType() header.ARPHardwareType
- func (b *BridgeEndpoint) AddHeader(pkt *PacketBuffer)
- func (b *BridgeEndpoint) AddNIC(n *nic) tcpip.Error
- func (b *BridgeEndpoint) Attach(dispatcher NetworkDispatcher)
- func (b *BridgeEndpoint) Capabilities() LinkEndpointCapabilities
- func (b *BridgeEndpoint) Close()
- func (b *BridgeEndpoint) DelNIC(nic *nic) tcpip.Error
- func (b *BridgeEndpoint) FindFDBEntry(addr tcpip.LinkAddress) BridgeFDBEntry
- func (b *BridgeEndpoint) IsAttached() bool
- func (b *BridgeEndpoint) LinkAddress() tcpip.LinkAddress
- func (b *BridgeEndpoint) MTU() uint32
- func (b *BridgeEndpoint) MaxHeaderLength() uint16
- func (b *BridgeEndpoint) ParseHeader(*PacketBuffer) bool
- func (b *BridgeEndpoint) SetLinkAddress(addr tcpip.LinkAddress)
- func (b *BridgeEndpoint) SetMTU(mtu uint32)
- func (b *BridgeEndpoint) SetOnCloseAction(func())
- func (b *BridgeEndpoint) Wait()
- func (b *BridgeEndpoint) WritePackets(pkts PacketBufferList) (int, tcpip.Error)
- type BridgeFDBEntry
- type BridgeFDBKey
- type ConnTrack
- type CoordinatorNIC
- type DADAborted
- type DADCheckAddressDisposition
- type DADCompletionHandler
- type DADConfigurations
- type DADDupAddrDetected
- type DADError
- type DADResult
- type DADSucceeded
- type DNATTarget
- type DropTarget
- type DuplicateAddressDetector
- type ErrorTarget
- type ForwardingNetworkEndpoint
- type GSO
- type GSOEndpoint
- type GSOType
- type GroupAddressableEndpoint
- type Hook
- type ICMPRateLimiter
- type IPHeaderFilter
- type IPNetworkEndpointStats
- type IPTables
- func (it *IPTables) CheckForward(pkt *PacketBuffer, inNicName, outNicName string) bool
- func (it *IPTables) CheckInput(pkt *PacketBuffer, inNicName string) bool
- func (it *IPTables) CheckOutput(pkt *PacketBuffer, r *Route, outNicName string) bool
- func (it *IPTables) CheckPostrouting(pkt *PacketBuffer, r *Route, addressEP AddressableEndpoint, outNicName string) bool
- func (it *IPTables) CheckPrerouting(pkt *PacketBuffer, addressEP AddressableEndpoint, inNicName string) bool
- func (it *IPTables) ForceReplaceTable(id TableID, table Table, ipv6 bool)
- func (it *IPTables) GetTable(id TableID, ipv6 bool) Table
- func (it *IPTables) Modified() bool
- func (it *IPTables) OriginalDst(epID TransportEndpointID, netProto tcpip.NetworkProtocolNumber, ...) (tcpip.Address, uint16, tcpip.Error)
- func (it *IPTables) ReplaceTable(id TableID, table Table, ipv6 bool)
- func (it *IPTables) VisitTargets(transform func(Target) Target)
- type InjectableLinkEndpoint
- type LinkAddressResolver
- type LinkEndpoint
- type LinkEndpointCapabilities
- type LinkResolutionResult
- type LinkResolvableNetworkEndpoint
- type LinkWriter
- type MasqueradeTarget
- type Matcher
- type MulticastForwardingEventDispatcher
- type MulticastForwardingNetworkEndpoint
- type MulticastForwardingNetworkProtocol
- type MulticastPacketContext
- type MulticastRoute
- type MulticastRouteOutgoingInterface
- type NDPEndpoint
- type NICContext
- type NICInfo
- type NICOptions
- type NICStateFlags
- type NUDConfigurations
- type NUDDispatcher
- type NUDState
- type NeighborEntry
- type NeighborState
- type NeighborStats
- type NetworkDispatcher
- type NetworkEndpoint
- type NetworkEndpointID
- type NetworkEndpointStats
- type NetworkHeaderParams
- type NetworkInterface
- type NetworkLinkEndpoint
- type NetworkPacketInfo
- type NetworkProtocol
- type NetworkProtocolFactory
- type Options
- type PacketBuffer
- func (pk *PacketBuffer) AsSlices() [][]byte
- func (pk *PacketBuffer) AsViewList() (buffer.ViewList, int)
- func (pk *PacketBuffer) AvailableHeaderBytes() int
- func (pk *PacketBuffer) Clone() *PacketBuffer
- func (pk *PacketBuffer) CloneToInbound() *PacketBuffer
- func (pk *PacketBuffer) Data() PacketData
- func (pk *PacketBuffer) DecRef()
- func (pk *PacketBuffer) DeepCopyForForwarding(reservedHeaderBytes int) *PacketBuffer
- func (pk *PacketBuffer) HeaderSize() int
- func (pk *PacketBuffer) ID() uintptr
- func (pk *PacketBuffer) IncRef() *PacketBuffer
- func (pk *PacketBuffer) LinkHeader() PacketHeader
- func (pk *PacketBuffer) MemSize() int
- func (pk *PacketBuffer) Network() header.Network
- func (pk *PacketBuffer) NetworkHeader() PacketHeader
- func (pk *PacketBuffer) ReserveHeaderBytes(reserved int)
- func (pk *PacketBuffer) ReservedHeaderBytes() int
- func (pk *PacketBuffer) Size() int
- func (pk *PacketBuffer) ToBuffer() buffer.Buffer
- func (pk *PacketBuffer) ToView() *buffer.View
- func (pk *PacketBuffer) TransportHeader() PacketHeader
- func (pk *PacketBuffer) VirtioNetHeader() PacketHeader
- type PacketBufferList
- type PacketBufferOptions
- type PacketData
- func (d PacketData) AppendView(v *buffer.View)
- func (d PacketData) AsRange() Range
- func (d PacketData) CapLength(length int)
- func (d PacketData) Checksum() uint16
- func (d PacketData) ChecksumAtOffset(offset int) uint16
- func (d PacketData) Consume(size int) ([]byte, bool)
- func (d PacketData) Merge(oth PacketData)
- func (d PacketData) MergeBuffer(b *buffer.Buffer)
- func (d PacketData) PullUp(size int) (b []byte, ok bool)
- func (d PacketData) ReadFrom(src *buffer.Buffer, count int) int
- func (d PacketData) ReadFromPacketData(oth PacketData, count int)
- func (d PacketData) ReadTo(dst io.Writer, peek bool) (int, error)
- func (d PacketData) Size() int
- func (d PacketData) ToBuffer() buffer.Buffer
- func (d PacketData) TrimFront(count int)
- type PacketEndpoint
- type PacketHeader
- type PacketLooping
- type ParseResult
- type PrimaryEndpointBehavior
- type QueueingDiscipline
- type Range
- type RawFactory
- type RawTransportEndpoint
- type ReachabilityConfirmationFlags
- type ReceiveBufferSizeOption
- type RedirectTarget
- type RejectIPv4Target
- type RejectIPv4WithHandler
- type RejectIPv4WithICMPType
- type RejectIPv6Target
- type RejectIPv6WithHandler
- type RejectIPv6WithICMPType
- type ResolvedFieldsResult
- type RestoredEndpoint
- type ResumableEndpoint
- type ReturnTarget
- type Route
- func (r *Route) Acquire()
- func (r *Route) ConfirmReachable()
- func (r *Route) DefaultTTL() uint8
- func (r *Route) Fields() RouteInfo
- func (r *Route) GSOMaxSize() uint32
- func (r *Route) HasDisconnectOkCapability() bool
- func (r *Route) HasGVisorGSOCapability() bool
- func (r *Route) HasHostGSOCapability() bool
- func (r *Route) HasSaveRestoreCapability() bool
- func (r *Route) IsOutboundBroadcast() bool
- func (r *Route) IsResolutionRequired() bool
- func (r *Route) LocalAddress() tcpip.Address
- func (r *Route) LocalLinkAddress() tcpip.LinkAddress
- func (r *Route) Loop() PacketLooping
- func (r *Route) MTU() uint32
- func (r *Route) MaxHeaderLength() uint16
- func (r *Route) NICID() tcpip.NICID
- func (r *Route) NetProto() tcpip.NetworkProtocolNumber
- func (r *Route) NextHop() tcpip.Address
- func (r *Route) OutgoingNIC() tcpip.NICID
- func (r *Route) PseudoHeaderChecksum(protocol tcpip.TransportProtocolNumber, totalLen uint16) uint16
- func (r *Route) Release()
- func (r *Route) RemoteAddress() tcpip.Address
- func (r *Route) RemoteLinkAddress() tcpip.LinkAddress
- func (r *Route) RequiresTXTransportChecksum() bool
- func (r *Route) ResolveWith(addr tcpip.LinkAddress)
- func (r *Route) ResolvedFields(afterResolve func(ResolvedFieldsResult)) tcpip.Error
- func (r *Route) Stack() *Stack
- func (r *Route) Stats() tcpip.Stats
- func (r *Route) WriteHeaderIncludedPacket(pkt *PacketBuffer) tcpip.Error
- func (r *Route) WritePacket(params NetworkHeaderParams, pkt *PacketBuffer) tcpip.Error
- type RouteInfo
- type Rule
- type RuleVerdict
- type SNATTarget
- type SendBufSizeProto
- type Stack
- func (s *Stack) AddMulticastRoute(protocol tcpip.NetworkProtocolNumber, ...) tcpip.Error
- func (s *Stack) AddProtocolAddress(id tcpip.NICID, protocolAddress tcpip.ProtocolAddress, ...) tcpip.Error
- func (s *Stack) AddRoute(route tcpip.Route)
- func (s *Stack) AddStaticNeighbor(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address, ...) tcpip.Error
- func (s *Stack) AllAddresses() map[tcpip.NICID][]tcpip.ProtocolAddress
- func (s *Stack) AllowICMPMessage() bool
- func (s *Stack) CheckDuplicateAddress(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address, ...) (DADCheckAddressDisposition, tcpip.Error)
- func (s *Stack) CheckLocalAddress(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address) tcpip.NICID
- func (s *Stack) CheckNIC(id tcpip.NICID) bool
- func (s *Stack) CheckNetworkProtocol(protocol tcpip.NetworkProtocolNumber) bool
- func (s *Stack) CheckRegisterTransportEndpoint(netProtos []tcpip.NetworkProtocolNumber, ...) tcpip.Error
- func (s *Stack) CleanupEndpoints() []TransportEndpoint
- func (s *Stack) ClearNeighbors(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber) tcpip.Error
- func (s *Stack) Clock() tcpip.Clock
- func (s *Stack) Close()
- func (s *Stack) CompleteTransportEndpointCleanup(ep TransportEndpoint)
- func (s *Stack) CreateNIC(id tcpip.NICID, ep LinkEndpoint) tcpip.Error
- func (s *Stack) CreateNICWithOptions(id tcpip.NICID, ep LinkEndpoint, opts NICOptions) tcpip.Error
- func (s *Stack) Destroy()
- func (s *Stack) DisableMulticastForwardingForProtocol(protocol tcpip.NetworkProtocolNumber) tcpip.Error
- func (s *Stack) DisableNIC(id tcpip.NICID) tcpip.Error
- func (s *Stack) EnableMulticastForwardingForProtocol(protocol tcpip.NetworkProtocolNumber, disp MulticastForwardingEventDispatcher) (bool, tcpip.Error)
- func (s *Stack) EnableNIC(id tcpip.NICID) tcpip.Error
- func (s *Stack) EnableSaveRestore()
- func (s *Stack) FindNICNameFromID(id tcpip.NICID) string
- func (s *Stack) FindRoute(id tcpip.NICID, localAddr, remoteAddr tcpip.Address, ...) (*Route, tcpip.Error)
- func (s *Stack) FindTransportEndpoint(netProto tcpip.NetworkProtocolNumber, transProto tcpip.TransportProtocolNumber, ...) TransportEndpoint
- func (s *Stack) GetLinkAddress(nicID tcpip.NICID, addr, localAddr tcpip.Address, ...) tcpip.Error
- func (s *Stack) GetLinkEndpointByName(name string) LinkEndpoint
- func (s *Stack) GetMainNICAddress(id tcpip.NICID, protocol tcpip.NetworkProtocolNumber) (tcpip.AddressWithPrefix, tcpip.Error)
- func (s *Stack) GetNICByID(id tcpip.NICID) (*nic, tcpip.Error)
- func (s *Stack) GetNetworkEndpoint(nicID tcpip.NICID, proto tcpip.NetworkProtocolNumber) (NetworkEndpoint, tcpip.Error)
- func (s *Stack) GetRouteTable() []tcpip.Route
- func (s *Stack) HandleLocal() bool
- func (s *Stack) HasNIC(id tcpip.NICID) bool
- func (s *Stack) ICMPBurst() int
- func (s *Stack) ICMPLimit() rate.Limit
- func (s *Stack) IPTables() *IPTables
- func (s *Stack) InsecureRNG() *rand.Rand
- func (s *Stack) IsInGroup(nicID tcpip.NICID, multicastAddr tcpip.Address) (bool, tcpip.Error)
- func (s *Stack) IsSaveRestoreEnabled() bool
- func (s *Stack) IsSubnetBroadcast(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address) bool
- func (s *Stack) JoinGroup(protocol tcpip.NetworkProtocolNumber, nicID tcpip.NICID, ...) tcpip.Error
- func (s *Stack) LeaveGroup(protocol tcpip.NetworkProtocolNumber, nicID tcpip.NICID, ...) tcpip.Error
- func (s *Stack) MulticastRouteLastUsedTime(protocol tcpip.NetworkProtocolNumber, ...) (tcpip.MonotonicTime, tcpip.Error)
- func (s *Stack) NICForwarding(id tcpip.NICID, protocol tcpip.NetworkProtocolNumber) (bool, tcpip.Error)
- func (s *Stack) NICInfo() map[tcpip.NICID]NICInfo
- func (s *Stack) NICMulticastForwarding(id tcpip.NICID, protocol tcpip.NetworkProtocolNumber) (bool, tcpip.Error)
- func (s *Stack) NUDConfigurations(id tcpip.NICID, proto tcpip.NetworkProtocolNumber) (NUDConfigurations, tcpip.Error)
- func (s *Stack) Neighbors(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber) ([]NeighborEntry, tcpip.Error)
- func (s *Stack) NetworkProtocolInstance(num tcpip.NetworkProtocolNumber) NetworkProtocol
- func (s *Stack) NetworkProtocolOption(network tcpip.NetworkProtocolNumber, ...) tcpip.Error
- func (s *Stack) NewEndpoint(transport tcpip.TransportProtocolNumber, network tcpip.NetworkProtocolNumber, ...) (tcpip.Endpoint, tcpip.Error)
- func (s *Stack) NewPacketEndpoint(cooked bool, netProto tcpip.NetworkProtocolNumber, waiterQueue *waiter.Queue) (tcpip.Endpoint, tcpip.Error)
- func (s *Stack) NewRawEndpoint(transport tcpip.TransportProtocolNumber, network tcpip.NetworkProtocolNumber, ...) (tcpip.Endpoint, tcpip.Error)
- func (s *Stack) NewRouteForMulticast(nicID tcpip.NICID, remoteAddr tcpip.Address, ...) *Route
- func (s *Stack) NextNICID() tcpip.NICID
- func (s *Stack) Option(option any) tcpip.Error
- func (s *Stack) PacketEndpointWriteSupported() bool
- func (s *Stack) ParsePacketBufferTransport(protocol tcpip.TransportProtocolNumber, pkt *PacketBuffer) ParseResult
- func (s *Stack) Pause()
- func (s *Stack) PortRange() (uint16, uint16)
- func (s *Stack) RegisterPacketEndpoint(nicID tcpip.NICID, netProto tcpip.NetworkProtocolNumber, ep PacketEndpoint) tcpip.Error
- func (s *Stack) RegisterRawTransportEndpoint(netProto tcpip.NetworkProtocolNumber, transProto tcpip.TransportProtocolNumber, ...) tcpip.Error
- func (s *Stack) RegisterRestoredEndpoint(e RestoredEndpoint)
- func (s *Stack) RegisterResumableEndpoint(e ResumableEndpoint)
- func (s *Stack) RegisterTransportEndpoint(netProtos []tcpip.NetworkProtocolNumber, ...) tcpip.Error
- func (s *Stack) RegisteredEndpoints() []TransportEndpoint
- func (s *Stack) RemoveAddress(id tcpip.NICID, addr tcpip.Address) tcpip.Error
- func (s *Stack) RemoveMulticastRoute(protocol tcpip.NetworkProtocolNumber, ...) tcpip.Error
- func (s *Stack) RemoveNIC(id tcpip.NICID) tcpip.Error
- func (s *Stack) RemoveNeighbor(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address) tcpip.Error
- func (s *Stack) RemoveRoutes(match func(tcpip.Route) bool) int
- func (s *Stack) ReplaceConfig(st *Stack)
- func (s *Stack) ReplaceRoute(route tcpip.Route)
- func (s *Stack) Restore()
- func (s *Stack) RestoreCleanupEndpoints(es []TransportEndpoint)
- func (s *Stack) Resume()
- func (s *Stack) SecureRNG() cryptorand.RNG
- func (s *Stack) Seed() uint32
- func (s *Stack) SetAddressLifetimes(id tcpip.NICID, addr tcpip.Address, lifetimes AddressLifetimes) tcpip.Error
- func (s *Stack) SetForwardingDefaultAndAllNICs(protocol tcpip.NetworkProtocolNumber, enable bool) tcpip.Error
- func (s *Stack) SetICMPBurst(burst int)
- func (s *Stack) SetICMPLimit(newLimit rate.Limit)
- func (s *Stack) SetNICAddress(id tcpip.NICID, addr tcpip.LinkAddress) tcpip.Error
- func (s *Stack) SetNICCoordinator(id tcpip.NICID, mid tcpip.NICID) tcpip.Error
- func (s *Stack) SetNICForwarding(id tcpip.NICID, protocol tcpip.NetworkProtocolNumber, enable bool) (bool, tcpip.Error)
- func (s *Stack) SetNICMTU(id tcpip.NICID, mtu uint32) tcpip.Error
- func (s *Stack) SetNICMulticastForwarding(id tcpip.NICID, protocol tcpip.NetworkProtocolNumber, enable bool) (bool, tcpip.Error)
- func (s *Stack) SetNICName(id tcpip.NICID, name string) tcpip.Error
- func (s *Stack) SetNICStack(id tcpip.NICID, peer *Stack) (tcpip.NICID, tcpip.Error)
- func (s *Stack) SetNUDConfigurations(id tcpip.NICID, proto tcpip.NetworkProtocolNumber, c NUDConfigurations) tcpip.Error
- func (s *Stack) SetNetworkProtocolOption(network tcpip.NetworkProtocolNumber, ...) tcpip.Error
- func (s *Stack) SetOption(option any) tcpip.Error
- func (s *Stack) SetPortRange(start uint16, end uint16) tcpip.Error
- func (s *Stack) SetPromiscuousMode(nicID tcpip.NICID, enable bool) tcpip.Error
- func (s *Stack) SetRouteTable(table []tcpip.Route)
- func (s *Stack) SetSpoofing(nicID tcpip.NICID, enable bool) tcpip.Error
- func (s *Stack) SetTransportProtocolHandler(p tcpip.TransportProtocolNumber, ...)
- func (s *Stack) SetTransportProtocolOption(transport tcpip.TransportProtocolNumber, ...) tcpip.Error
- func (s *Stack) StartTransportEndpointCleanup(netProtos []tcpip.NetworkProtocolNumber, ...)
- func (s *Stack) Stats() tcpip.Stats
- func (s *Stack) TCPSendBufferLimits() tcpip.TCPSendBufferSizeRangeOption
- func (s *Stack) TransportProtocolInstance(num tcpip.TransportProtocolNumber) TransportProtocol
- func (s *Stack) TransportProtocolOption(transport tcpip.TransportProtocolNumber, ...) tcpip.Error
- func (s *Stack) UnregisterPacketEndpoint(nicID tcpip.NICID, netProto tcpip.NetworkProtocolNumber, ep PacketEndpoint)
- func (s *Stack) UnregisterRawTransportEndpoint(netProto tcpip.NetworkProtocolNumber, transProto tcpip.TransportProtocolNumber, ...)
- func (s *Stack) UnregisterTransportEndpoint(netProtos []tcpip.NetworkProtocolNumber, ...)
- func (s *Stack) Wait()
- func (s *Stack) WritePacketToRemote(nicID tcpip.NICID, remote tcpip.LinkAddress, ...) tcpip.Error
- func (s *Stack) WriteRawPacket(nicID tcpip.NICID, proto tcpip.NetworkProtocolNumber, payload buffer.Buffer) tcpip.Error
- type SupportedGSO
- type TCPInvalidRateLimitOption
- type Table
- type TableID
- type Target
- type TransportDispatcher
- type TransportEndpoint
- type TransportEndpointID
- type TransportEndpointInfo
- type TransportError
- type TransportErrorKind
- type TransportPacketDisposition
- type TransportProtocol
- type TransportProtocolFactory
- type UnicastSourceAndMulticastDestination
- type UnknownDestinationPacketDisposition
- type UserChainTarget
Constants ¶
const ( // MinBufferSize is the smallest size of a receive or send buffer. MinBufferSize = 4 << 10 // 4 KiB // DefaultBufferSize is the default size of the send/recv buffer for a // transport endpoint. DefaultBufferSize = 212 << 10 // 212 KiB // DefaultMaxBufferSize is the default maximum permitted size of a // send/receive buffer. DefaultMaxBufferSize = 4 << 20 // 4 MiB )
const ( // CtxRestoreStack is a Context.Value key for the stack to be used in restore. CtxRestoreStack contextID = iota )
const (
// DefaultTOS is the default type of service value for network endpoints.
DefaultTOS = 0
)
const GVisorGSOMaxSize = 1 << 16
GVisorGSOMaxSize is a maximum allowed size of a software GSO segment. This isn't a hard limit, because it is never set into packet headers.
const HookUnset = -1
HookUnset indicates that there is no hook set for an entrypoint or underflow.
const NeighborCacheSize = 512 // max entries per interface
NeighborCacheSize is the size of the neighborCache. Exceeding this size will result in the least recently used entry being evicted.
const PacketBufferStructSize = int(unsafe.Sizeof(PacketBuffer{}))
PacketBufferStructSize is the minimal size of the packet buffer overhead.
Variables ¶
This section is empty.
Functions ¶
func BufferSince ¶
func BufferSince(h PacketHeader) buffer.Buffer
BufferSince returns a caller-owned view containing the packet payload starting from and including a particular header.
func MergeFragment ¶
func MergeFragment(dst, frag *PacketBuffer)
MergeFragment appends the data portion of frag to dst. It modifies frag and frag should not be used again.
func PayloadSince ¶
func PayloadSince(h PacketHeader) *buffer.View
PayloadSince returns a caller-owned view containing the payload starting from and including a particular header.
Types ¶
type AcceptTarget ¶
type AcceptTarget struct { // NetworkProtocol is the network protocol the target is used with. NetworkProtocol tcpip.NetworkProtocolNumber }
AcceptTarget accepts packets.
+stateify savable
func (*AcceptTarget) Action ¶
func (*AcceptTarget) Action(*PacketBuffer, Hook, *Route, AddressableEndpoint) (RuleVerdict, int)
Action implements Target.Action.
type AddressAssignmentState ¶
type AddressAssignmentState int
AddressAssignmentState is an address' assignment state.
const ( // AddressDisabled indicates the NIC the address is assigned to is disabled. AddressDisabled AddressAssignmentState // AddressTentative indicates an address is yet to pass DAD (IPv4 addresses // are never tentative). AddressTentative // AddressAssigned indicates an address is assigned. AddressAssigned )
func (AddressAssignmentState) String ¶
func (state AddressAssignmentState) String() string
type AddressConfigType ¶
type AddressConfigType int
AddressConfigType is the method used to add an address.
const ( // AddressConfigStatic is a statically configured address endpoint that was // added by some user-specified action (adding an explicit address, joining a // multicast group). AddressConfigStatic AddressConfigType = iota // AddressConfigSlaac is an address endpoint added by SLAAC, as per RFC 4862 // section 5.5.3. AddressConfigSlaac )
type AddressDispatcher ¶
type AddressDispatcher interface { // OnChanged is called with an address' properties when they change. // // OnChanged is called once when the address is added with the initial state, // and every time a property changes. // // The PreferredUntil and ValidUntil fields in AddressLifetimes must be // considered informational, i.e. one must not consider an address to be // deprecated/invalid even if the monotonic clock timestamp is past these // deadlines. The Deprecated field indicates whether an address is // preferred or not; and OnRemoved will be called when an address is // removed due to invalidation. OnChanged(AddressLifetimes, AddressAssignmentState) // OnRemoved is called when an address is removed with the removal reason. OnRemoved(AddressRemovalReason) }
AddressDispatcher is the interface integrators can implement to receive address-related events.
type AddressEndpoint ¶
type AddressEndpoint interface { AssignableAddressEndpoint // GetKind returns the address kind for this endpoint. GetKind() AddressKind // SetKind sets the address kind for this endpoint. SetKind(AddressKind) // ConfigType returns the method used to add the address. ConfigType() AddressConfigType // Deprecated returns whether or not this endpoint is deprecated. Deprecated() bool // SetDeprecated sets this endpoint's deprecated status. SetDeprecated(bool) // Lifetimes returns this endpoint's lifetimes. Lifetimes() AddressLifetimes // SetLifetimes sets this endpoint's lifetimes. // // Note that setting preferred-until and valid-until times do not result in // deprecation/invalidation jobs to be scheduled by the stack. SetLifetimes(AddressLifetimes) // Temporary returns whether or not this endpoint is temporary. Temporary() bool // RegisterDispatcher registers an address dispatcher. // // OnChanged will be called immediately on the provided address dispatcher // with this endpoint's current state. RegisterDispatcher(AddressDispatcher) }
AddressEndpoint is an endpoint representing an address assigned to an AddressableEndpoint.
type AddressKind ¶
type AddressKind int
AddressKind is the kind of an address.
See the values of AddressKind for more details.
const ( // PermanentTentative is a permanent address endpoint that is not yet // considered to be fully bound to an interface in the traditional // sense. That is, the address is associated with a NIC, but packets // destined to the address MUST NOT be accepted and MUST be silently // dropped, and the address MUST NOT be used as a source address for // outgoing packets. For IPv6, addresses are of this kind until NDP's // Duplicate Address Detection (DAD) resolves. If DAD fails, the address // is removed. PermanentTentative AddressKind = iota // Permanent is a permanent endpoint (vs. a temporary one) assigned to the // NIC. Its reference count is biased by 1 to avoid removal when no route // holds a reference to it. It is removed by explicitly removing the address // from the NIC. Permanent // PermanentExpired is a permanent endpoint that had its address removed from // the NIC, and it is waiting to be removed once no references to it are held. // // If the address is re-added before the endpoint is removed, its type // changes back to Permanent. PermanentExpired // Temporary is an endpoint, created on a one-off basis to temporarily // consider the NIC bound an an address that it is not explicitly bound to // (such as a permanent address). Its reference count must not be biased by 1 // so that the address is removed immediately when references to it are no // longer held. // // A temporary endpoint may be promoted to permanent if the address is added // permanently. Temporary )
func (AddressKind) IsPermanent ¶
func (k AddressKind) IsPermanent() bool
IsPermanent returns true if the AddressKind represents a permanent address.
type AddressLifetimes ¶
type AddressLifetimes struct { // Deprecated is whether the address is deprecated. Deprecated bool // PreferredUntil is the time at which the address will be deprecated. // // Note that for certain addresses, deprecating the address at the // PreferredUntil time is not handled as a scheduled job by the stack, but // is information provided by the owner as an indication of when it will // deprecate the address. // // PreferredUntil should be ignored if Deprecated is true. If Deprecated // is false, and PreferredUntil is the zero value, no information about // the preferred lifetime can be inferred. PreferredUntil tcpip.MonotonicTime // ValidUntil is the time at which the address will be invalidated. // // Note that for certain addresses, invalidating the address at the // ValidUntil time is not handled as a scheduled job by the stack, but // is information provided by the owner as an indication of when it will // invalidate the address. // // If ValidUntil is the zero value, no information about the valid lifetime // can be inferred. ValidUntil tcpip.MonotonicTime }
AddressLifetimes encodes an address' preferred and valid lifetimes, as well as if the address is deprecated.
+stateify savable
type AddressProperties ¶
type AddressProperties struct { PEB PrimaryEndpointBehavior ConfigType AddressConfigType // Lifetimes encodes the address' lifetimes. // // Lifetimes.PreferredUntil and Lifetimes.ValidUntil are informational, i.e. // the stack will not deprecated nor invalidate the address upon reaching // these timestamps. // // If Lifetimes.Deprecated is true, the address will be added as deprecated. Lifetimes AddressLifetimes // Temporary is as defined in RFC 4941, but applies not only to addresses // added via SLAAC, e.g. DHCPv6 can also add temporary addresses. Temporary // addresses are short-lived and are not to be valid (or preferred) // forever; hence the term temporary. Temporary bool Disp AddressDispatcher }
AddressProperties contains additional properties that can be configured when adding an address.
type AddressRemovalReason ¶
type AddressRemovalReason int
AddressRemovalReason is the reason an address was removed.
const ( // AddressRemovalManualAction indicates the address was removed explicitly // using the stack API. AddressRemovalManualAction AddressRemovalReason // AddressRemovalInterfaceRemoved indicates the address was removed because // the NIC it is assigned to was removed. AddressRemovalInterfaceRemoved // AddressRemovalDADFailed indicates the address was removed because DAD // failed. AddressRemovalDADFailed // AddressRemovalInvalidated indicates the address was removed because it // was invalidated. AddressRemovalInvalidated )
func (AddressRemovalReason) String ¶
func (reason AddressRemovalReason) String() string
type AddressableEndpoint ¶
type AddressableEndpoint interface { // AddAndAcquirePermanentAddress adds the passed permanent address. // // Returns *tcpip.ErrDuplicateAddress if the address exists. // // Acquires and returns the AddressEndpoint for the added address. AddAndAcquirePermanentAddress(addr tcpip.AddressWithPrefix, properties AddressProperties) (AddressEndpoint, tcpip.Error) // RemovePermanentAddress removes the passed address if it is a permanent // address. // // Returns *tcpip.ErrBadLocalAddress if the endpoint does not have the passed // permanent address. RemovePermanentAddress(addr tcpip.Address) tcpip.Error // SetLifetimes sets an address' lifetimes (strictly informational) and // whether it should be deprecated or preferred. // // Returns *tcpip.ErrBadLocalAddress if the endpoint does not have the passed // address. SetLifetimes(addr tcpip.Address, lifetimes AddressLifetimes) tcpip.Error // MainAddress returns the endpoint's primary permanent address. MainAddress() tcpip.AddressWithPrefix // AcquireAssignedAddress returns an address endpoint for the passed address // that is considered bound to the endpoint, optionally creating a temporary // endpoint if requested and no existing address exists. // // The returned endpoint's reference count is incremented if readOnly is // false. // // Returns nil if the specified address is not local to this endpoint. AcquireAssignedAddress(localAddr tcpip.Address, allowTemp bool, tempPEB PrimaryEndpointBehavior, readOnly bool) AddressEndpoint // AcquireOutgoingPrimaryAddress returns a primary address that may be used as // a source address when sending packets to the passed remote address. // // If allowExpired is true, expired addresses may be returned. // // The returned endpoint's reference count is incremented. // // Returns nil if a primary address is not available. AcquireOutgoingPrimaryAddress(remoteAddr, srcHint tcpip.Address, allowExpired bool) AddressEndpoint // PrimaryAddresses returns the primary addresses. PrimaryAddresses() []tcpip.AddressWithPrefix // PermanentAddresses returns all the permanent addresses. PermanentAddresses() []tcpip.AddressWithPrefix }
AddressableEndpoint is an endpoint that supports addressing.
An endpoint is considered to support addressing when the endpoint may associate itself with an identifier (address).
type AddressableEndpointState ¶
type AddressableEndpointState struct {
// contains filtered or unexported fields
}
AddressableEndpointState is an implementation of an AddressableEndpoint.
+stateify savable
func (*AddressableEndpointState) AcquireAssignedAddress ¶
func (a *AddressableEndpointState) AcquireAssignedAddress(localAddr tcpip.Address, allowTemp bool, tempPEB PrimaryEndpointBehavior, readOnly bool) AddressEndpoint
AcquireAssignedAddress implements AddressableEndpoint.
func (*AddressableEndpointState) AcquireAssignedAddressOrMatching ¶
func (a *AddressableEndpointState) AcquireAssignedAddressOrMatching(localAddr tcpip.Address, f func(AddressEndpoint) bool, allowTemp bool, tempPEB PrimaryEndpointBehavior, readOnly bool) AddressEndpoint
AcquireAssignedAddressOrMatching returns an address endpoint that is considered assigned to the addressable endpoint.
If the address is an exact match with an existing address, that address is returned. Otherwise, if f is provided, f is called with each address and the address that f returns true for is returned.
If there is no matching address, a temporary address will be returned if allowTemp is true.
If readOnly is true, the address will be returned without an extra reference. In this case it is not safe to modify the endpoint, only read attributes like subnet.
Regardless how the address was obtained, it will be acquired before it is returned.
func (*AddressableEndpointState) AcquireOutgoingPrimaryAddress ¶
func (a *AddressableEndpointState) AcquireOutgoingPrimaryAddress(remoteAddr tcpip.Address, srcHint tcpip.Address, allowExpired bool) AddressEndpoint
AcquireOutgoingPrimaryAddress implements AddressableEndpoint.
func (*AddressableEndpointState) AddAndAcquireAddress ¶
func (a *AddressableEndpointState) AddAndAcquireAddress(addr tcpip.AddressWithPrefix, properties AddressProperties, kind AddressKind) (AddressEndpoint, tcpip.Error)
AddAndAcquireAddress adds an address with the specified kind.
Returns *tcpip.ErrDuplicateAddress if the address exists.
func (*AddressableEndpointState) AddAndAcquirePermanentAddress ¶
func (a *AddressableEndpointState) AddAndAcquirePermanentAddress(addr tcpip.AddressWithPrefix, properties AddressProperties) (AddressEndpoint, tcpip.Error)
AddAndAcquirePermanentAddress implements AddressableEndpoint.
func (*AddressableEndpointState) AddAndAcquireTemporaryAddress ¶
func (a *AddressableEndpointState) AddAndAcquireTemporaryAddress(addr tcpip.AddressWithPrefix, peb PrimaryEndpointBehavior) (AddressEndpoint, tcpip.Error)
AddAndAcquireTemporaryAddress adds a temporary address.
Returns *tcpip.ErrDuplicateAddress if the address exists.
The temporary address's endpoint is acquired and returned.
func (*AddressableEndpointState) Cleanup ¶
func (a *AddressableEndpointState) Cleanup()
Cleanup forcefully leaves all groups and removes all permanent addresses.
func (*AddressableEndpointState) ForEachEndpoint ¶
func (a *AddressableEndpointState) ForEachEndpoint(f func(AddressEndpoint) bool)
ForEachEndpoint calls f for each address.
Once f returns false, f will no longer be called.
func (*AddressableEndpointState) ForEachPrimaryEndpoint ¶
func (a *AddressableEndpointState) ForEachPrimaryEndpoint(f func(AddressEndpoint) bool)
ForEachPrimaryEndpoint calls f for each primary address.
Once f returns false, f will no longer be called.
func (*AddressableEndpointState) GetAddress ¶
func (a *AddressableEndpointState) GetAddress(addr tcpip.Address) AddressEndpoint
GetAddress returns the AddressEndpoint for the passed address.
GetAddress does not increment the address's reference count or check if the address is considered bound to the endpoint.
Returns nil if the passed address is not associated with the endpoint.
func (*AddressableEndpointState) Init ¶
func (a *AddressableEndpointState) Init(networkEndpoint NetworkEndpoint, options AddressableEndpointStateOptions)
Init initializes the AddressableEndpointState with networkEndpoint.
Must be called before calling any other function on m.
func (*AddressableEndpointState) MainAddress ¶
func (a *AddressableEndpointState) MainAddress() tcpip.AddressWithPrefix
MainAddress implements AddressableEndpoint.
func (*AddressableEndpointState) OnNetworkEndpointEnabledChanged ¶
func (a *AddressableEndpointState) OnNetworkEndpointEnabledChanged()
OnNetworkEndpointEnabledChanged must be called every time the NetworkEndpoint this AddressableEndpointState belongs to is enabled or disabled so that any AddressDispatchers can be notified of the NIC enabled change.
func (*AddressableEndpointState) PermanentAddresses ¶
func (a *AddressableEndpointState) PermanentAddresses() []tcpip.AddressWithPrefix
PermanentAddresses implements AddressableEndpoint.
func (*AddressableEndpointState) PrimaryAddresses ¶
func (a *AddressableEndpointState) PrimaryAddresses() []tcpip.AddressWithPrefix
PrimaryAddresses implements AddressableEndpoint.
func (*AddressableEndpointState) RemovePermanentAddress ¶
func (a *AddressableEndpointState) RemovePermanentAddress(addr tcpip.Address) tcpip.Error
RemovePermanentAddress implements AddressableEndpoint.
func (*AddressableEndpointState) RemovePermanentEndpoint ¶
func (a *AddressableEndpointState) RemovePermanentEndpoint(ep AddressEndpoint, reason AddressRemovalReason) tcpip.Error
RemovePermanentEndpoint removes the passed endpoint if it is associated with a and permanent.
func (*AddressableEndpointState) SetDeprecated ¶
SetDeprecated implements stack.AddressableEndpoint.
func (*AddressableEndpointState) SetLifetimes ¶
func (a *AddressableEndpointState) SetLifetimes(addr tcpip.Address, lifetimes AddressLifetimes) tcpip.Error
SetLifetimes implements stack.AddressableEndpoint.
type AddressableEndpointStateOptions ¶
type AddressableEndpointStateOptions struct { // HiddenWhileDisabled determines whether addresses should be returned to // callers while the NetworkEndpoint this AddressableEndpointState belongs // to is disabled. HiddenWhileDisabled bool }
AddressableEndpointStateOptions contains options used to configure an AddressableEndpointState.
+stateify savable
type AssignableAddressEndpoint ¶
type AssignableAddressEndpoint interface { // AddressWithPrefix returns the endpoint's address. AddressWithPrefix() tcpip.AddressWithPrefix // Subnet returns the subnet of the endpoint's address. Subnet() tcpip.Subnet // IsAssigned returns whether or not the endpoint is considered bound // to its NetworkEndpoint. IsAssigned(allowExpired bool) bool // TryIncRef tries to increment this endpoint's reference count. // // Returns true if it was successfully incremented. If it returns false, then // the endpoint is considered expired and should no longer be used. TryIncRef() bool // DecRef decrements this endpoint's reference count. DecRef() }
AssignableAddressEndpoint is a reference counted address endpoint that may be assigned to a NetworkEndpoint.
type BridgeEndpoint ¶
type BridgeEndpoint struct {
// contains filtered or unexported fields
}
BridgeEndpoint is a bridge endpoint.
+stateify savable
func NewBridgeEndpoint ¶
func NewBridgeEndpoint(mtu uint32) *BridgeEndpoint
NewBridgeEndpoint creates a new bridge endpoint.
func (*BridgeEndpoint) ARPHardwareType ¶
func (b *BridgeEndpoint) ARPHardwareType() header.ARPHardwareType
ARPHardwareType implements stack.LinkEndpoint.ARPHardwareType.
func (*BridgeEndpoint) AddHeader ¶
func (b *BridgeEndpoint) AddHeader(pkt *PacketBuffer)
AddHeader implements stack.LinkEndpoint.AddHeader.
func (*BridgeEndpoint) AddNIC ¶
func (b *BridgeEndpoint) AddNIC(n *nic) tcpip.Error
AddNIC adds the specified NIC to the bridge.
func (*BridgeEndpoint) Attach ¶
func (b *BridgeEndpoint) Attach(dispatcher NetworkDispatcher)
Attach implements stack.LinkEndpoint.Attach.
func (*BridgeEndpoint) Capabilities ¶
func (b *BridgeEndpoint) Capabilities() LinkEndpointCapabilities
Capabilities implements stack.LinkEndpoint.Capabilities.
func (*BridgeEndpoint) Close ¶
func (b *BridgeEndpoint) Close()
Close implements stack.LinkEndpoint.Close.
func (*BridgeEndpoint) DelNIC ¶
func (b *BridgeEndpoint) DelNIC(nic *nic) tcpip.Error
DelNIC remove the specified NIC from the bridge.
func (*BridgeEndpoint) FindFDBEntry ¶
func (b *BridgeEndpoint) FindFDBEntry(addr tcpip.LinkAddress) BridgeFDBEntry
FindFDBEntry find the FDB entry for the given address. If it doesn't exist, it will return an empty entry.
func (*BridgeEndpoint) IsAttached ¶
func (b *BridgeEndpoint) IsAttached() bool
IsAttached implements stack.LinkEndpoint.IsAttached.
func (*BridgeEndpoint) LinkAddress ¶
func (b *BridgeEndpoint) LinkAddress() tcpip.LinkAddress
LinkAddress implements stack.LinkEndpoint.LinkAddress.
func (*BridgeEndpoint) MTU ¶
func (b *BridgeEndpoint) MTU() uint32
MTU implements stack.LinkEndpoint.MTU.
func (*BridgeEndpoint) MaxHeaderLength ¶
func (b *BridgeEndpoint) MaxHeaderLength() uint16
MaxHeaderLength implements stack.LinkEndpoint.
func (*BridgeEndpoint) ParseHeader ¶
func (b *BridgeEndpoint) ParseHeader(*PacketBuffer) bool
ParseHeader implements stack.LinkEndpoint.ParseHeader.
func (*BridgeEndpoint) SetLinkAddress ¶
func (b *BridgeEndpoint) SetLinkAddress(addr tcpip.LinkAddress)
SetLinkAddress implements stack.LinkEndpoint.SetLinkAddress.
func (*BridgeEndpoint) SetMTU ¶
func (b *BridgeEndpoint) SetMTU(mtu uint32)
SetMTU implements stack.LinkEndpoint.SetMTU.
func (*BridgeEndpoint) SetOnCloseAction ¶
func (b *BridgeEndpoint) SetOnCloseAction(func())
SetOnCloseAction implements stack.LinkEndpoint.Close.
func (*BridgeEndpoint) Wait ¶
func (b *BridgeEndpoint) Wait()
Wait implements stack.LinkEndpoint.Wait.
func (*BridgeEndpoint) WritePackets ¶
func (b *BridgeEndpoint) WritePackets(pkts PacketBufferList) (int, tcpip.Error)
WritePackets implements stack.LinkEndpoint.WritePackets.
type BridgeFDBEntry ¶
type BridgeFDBEntry struct {
// contains filtered or unexported fields
}
BridgeFDBEntry consists of all metadata for a FDB record.
func (BridgeFDBEntry) PortLinkAddress ¶
func (e BridgeFDBEntry) PortLinkAddress() tcpip.LinkAddress
PortLinkAddress returns the mac address of the device that is bound to the bridge port.
type BridgeFDBKey ¶
type BridgeFDBKey tcpip.LinkAddress
BridgeFDBKey is the MAC address of a device which a bridge port is associated with.
type ConnTrack ¶
type ConnTrack struct {
// contains filtered or unexported fields
}
ConnTrack tracks all connections created for NAT rules. Most users are expected to only call handlePacket, insertRedirectConn, and maybeInsertNoop.
ConnTrack keeps all connections in a slice of buckets, each of which holds a linked list of tuples. This gives us some desirable properties:
- Each bucket has its own lock, lessening lock contention.
- The slice is large enough that lists stay short (<10 elements on average). Thus traversal is fast.
- During linked list traversal we reap expired connections. This amortizes the cost of reaping them and makes reapUnused faster.
Locks are ordered by their location in the buckets slice. That is, a goroutine that locks buckets[i] can only lock buckets[j] s.t. i < j.
+stateify savable
type CoordinatorNIC ¶
type CoordinatorNIC interface { // AddNIC adds the specified NIC device. AddNIC(n *nic) tcpip.Error // DelNIC deletes the specified NIC device. DelNIC(n *nic) tcpip.Error }
CoordinatorNIC represents NetworkLinkEndpoint that can join multiple network devices.
type DADCheckAddressDisposition ¶
type DADCheckAddressDisposition int
DADCheckAddressDisposition enumerates the possible return values from DAD.CheckDuplicateAddress.
const ( // DADDisabled indicates that DAD is disabled. DADDisabled DADCheckAddressDisposition // DADStarting indicates that DAD is starting for an address. DADStarting // DADAlreadyRunning indicates that DAD was already started for an address. DADAlreadyRunning )
type DADCompletionHandler ¶
type DADCompletionHandler func(DADResult)
DADCompletionHandler is a handler for DAD completion.
type DADConfigurations ¶
type DADConfigurations struct { // The number of Neighbor Solicitation messages to send when doing // Duplicate Address Detection for a tentative address. // // Note, a value of zero effectively disables DAD. DupAddrDetectTransmits uint8 // The amount of time to wait between sending Neighbor Solicitation // messages. // // Must be greater than or equal to 1ms. RetransmitTimer time.Duration }
DADConfigurations holds configurations for duplicate address detection.
+stateify savable
func DefaultDADConfigurations ¶
func DefaultDADConfigurations() DADConfigurations
DefaultDADConfigurations returns the default DAD configurations.
func (*DADConfigurations) Validate ¶
func (c *DADConfigurations) Validate()
Validate modifies the configuration with valid values. If invalid values are present in the configurations, the corresponding default values are used instead.
type DADDupAddrDetected ¶
type DADDupAddrDetected struct { // HolderLinkAddress is the link address of the node that holds the duplicate // address. HolderLinkAddress tcpip.LinkAddress }
DADDupAddrDetected indicates DAD detected a duplicate address.
type DADResult ¶
type DADResult interface {
// contains filtered or unexported methods
}
DADResult is a marker interface for the result of a duplicate address detection process.
type DADSucceeded ¶
type DADSucceeded struct{}
DADSucceeded indicates DAD completed without finding any duplicate addresses.
type DNATTarget ¶
type DNATTarget struct { // The new destination address for packets. // // Immutable. Addr tcpip.Address // The new destination port for packets. // // Immutable. Port uint16 // NetworkProtocol is the network protocol the target is used with. // // Immutable. NetworkProtocol tcpip.NetworkProtocolNumber // ChangeAddress indicates whether we should check addresses. // // Immutable. ChangeAddress bool // ChangePort indicates whether we should check ports. // // Immutable. ChangePort bool }
DNATTarget modifies the destination port/IP of packets.
+stateify savable
func (*DNATTarget) Action ¶
func (rt *DNATTarget) Action(pkt *PacketBuffer, hook Hook, r *Route, addressEP AddressableEndpoint) (RuleVerdict, int)
Action implements Target.Action.
type DropTarget ¶
type DropTarget struct { // NetworkProtocol is the network protocol the target is used with. NetworkProtocol tcpip.NetworkProtocolNumber }
DropTarget drops packets.
+stateify savable
func (*DropTarget) Action ¶
func (*DropTarget) Action(*PacketBuffer, Hook, *Route, AddressableEndpoint) (RuleVerdict, int)
Action implements Target.Action.
type DuplicateAddressDetector ¶
type DuplicateAddressDetector interface { // CheckDuplicateAddress checks if an address is assigned to a neighbor. // // If DAD is already being performed for the address, the handler will be // called with the result of the original DAD request. CheckDuplicateAddress(tcpip.Address, DADCompletionHandler) DADCheckAddressDisposition // SetDADConfigurations sets the configurations for DAD. SetDADConfigurations(c DADConfigurations) // DuplicateAddressProtocol returns the network protocol the receiver can // perform duplicate address detection for. DuplicateAddressProtocol() tcpip.NetworkProtocolNumber }
DuplicateAddressDetector handles checking if an address is already assigned to some neighboring node on the link.
type ErrorTarget ¶
type ErrorTarget struct { // NetworkProtocol is the network protocol the target is used with. NetworkProtocol tcpip.NetworkProtocolNumber }
ErrorTarget logs an error and drops the packet. It represents a target that should be unreachable.
+stateify savable
func (*ErrorTarget) Action ¶
func (*ErrorTarget) Action(*PacketBuffer, Hook, *Route, AddressableEndpoint) (RuleVerdict, int)
Action implements Target.Action.
type ForwardingNetworkEndpoint ¶
type ForwardingNetworkEndpoint interface { NetworkEndpoint // Forwarding returns the forwarding configuration. Forwarding() bool // SetForwarding sets the forwarding configuration. // // Returns the previous forwarding configuration. SetForwarding(bool) bool }
ForwardingNetworkEndpoint is a network endpoint that may forward packets.
type GSO ¶
type GSO struct { // Type is one of GSONone, GSOTCPv4, etc. Type GSOType // NeedsCsum is set if the checksum offload is enabled. NeedsCsum bool // CsumOffset is offset after that to place checksum. CsumOffset uint16 // Mss is maximum segment size. MSS uint16 // L3Len is L3 (IP) header length. L3HdrLen uint16 // MaxSize is maximum GSO packet size. MaxSize uint32 }
GSO contains generic segmentation offload properties.
+stateify savable
type GSOEndpoint ¶
type GSOEndpoint interface { // GSOMaxSize returns the maximum GSO packet size. GSOMaxSize() uint32 // SupportedGSO returns the supported segmentation offloading. SupportedGSO() SupportedGSO }
GSOEndpoint provides access to GSO properties.
type GroupAddressableEndpoint ¶
type GroupAddressableEndpoint interface { // JoinGroup joins the specified group. JoinGroup(group tcpip.Address) tcpip.Error // LeaveGroup attempts to leave the specified group. LeaveGroup(group tcpip.Address) tcpip.Error // IsInGroup returns true if the endpoint is a member of the specified group. IsInGroup(group tcpip.Address) bool }
GroupAddressableEndpoint is an endpoint that supports group addressing.
An endpoint is considered to support group addressing when one or more endpoints may associate themselves with the same identifier (group address).
type Hook ¶
type Hook uint
A Hook specifies one of the hooks built into the network stack.
Userspace app Userspace app ^ | | v [Input] [Output] ^ | | v | routing | | | v ----->[Prerouting]----->routing----->[Forward]---------[Postrouting]----->
const ( // Prerouting happens before a packet is routed to applications or to // be forwarded. Prerouting Hook = iota // Input happens before a packet reaches an application. Input // Forward happens once it's decided that a packet should be forwarded // to another host. Forward // Output happens after a packet is written by an application to be // sent out. Output // Postrouting happens just before a packet goes out on the wire. Postrouting // NumHooks is the total number of hooks. NumHooks )
type ICMPRateLimiter ¶
type ICMPRateLimiter struct {
// contains filtered or unexported fields
}
ICMPRateLimiter is a global rate limiter that controls the generation of ICMP messages generated by the stack.
+stateify savable
func NewICMPRateLimiter ¶
func NewICMPRateLimiter(clock tcpip.Clock) *ICMPRateLimiter
NewICMPRateLimiter returns a global rate limiter for controlling the rate at which ICMP messages are generated by the stack. The returned limiter does not apply limits to any ICMP types by default.
func (*ICMPRateLimiter) Allow ¶
func (l *ICMPRateLimiter) Allow() bool
Allow reports whether one ICMP message may be sent now.
func (*ICMPRateLimiter) Burst ¶
func (l *ICMPRateLimiter) Burst() int
Burst returns the maximum burst size.
func (*ICMPRateLimiter) Limit ¶
func (l *ICMPRateLimiter) Limit() rate.Limit
Limit returns the maximum overall event rate.
func (*ICMPRateLimiter) SetBurst ¶
func (l *ICMPRateLimiter) SetBurst(burst int)
SetBurst sets a new burst size for the limiter.
func (*ICMPRateLimiter) SetLimit ¶
func (l *ICMPRateLimiter) SetLimit(limit rate.Limit)
SetLimit sets a new Limit for the limiter.
type IPHeaderFilter ¶
type IPHeaderFilter struct { // Protocol matches the transport protocol. Protocol tcpip.TransportProtocolNumber // CheckProtocol determines whether the Protocol field should be // checked during matching. CheckProtocol bool // Dst matches the destination IP address. Dst tcpip.Address // DstMask masks bits of the destination IP address when comparing with // Dst. DstMask tcpip.Address // DstInvert inverts the meaning of the destination IP check, i.e. when // true the filter will match packets that fail the destination // comparison. DstInvert bool // Src matches the source IP address. Src tcpip.Address // SrcMask masks bits of the source IP address when comparing with Src. SrcMask tcpip.Address // SrcInvert inverts the meaning of the source IP check, i.e. when true the // filter will match packets that fail the source comparison. SrcInvert bool // InputInterface matches the name of the incoming interface for the packet. InputInterface string // InputInterfaceMask masks the characters of the interface name when // comparing with InputInterface. InputInterfaceMask string // InputInterfaceInvert inverts the meaning of incoming interface check, // i.e. when true the filter will match packets that fail the incoming // interface comparison. InputInterfaceInvert bool // OutputInterface matches the name of the outgoing interface for the packet. OutputInterface string // OutputInterfaceMask masks the characters of the interface name when // comparing with OutputInterface. OutputInterfaceMask string // OutputInterfaceInvert inverts the meaning of outgoing interface check, // i.e. when true the filter will match packets that fail the outgoing // interface comparison. OutputInterfaceInvert bool }
IPHeaderFilter performs basic IP header matching common to every rule.
+stateify savable
func EmptyFilter4 ¶
func EmptyFilter4() IPHeaderFilter
EmptyFilter4 returns an initialized IPv4 header filter.
func EmptyFilter6 ¶
func EmptyFilter6() IPHeaderFilter
EmptyFilter6 returns an initialized IPv6 header filter.
func (IPHeaderFilter) NetworkProtocol ¶
func (fl IPHeaderFilter) NetworkProtocol() tcpip.NetworkProtocolNumber
NetworkProtocol returns the protocol (IPv4 or IPv6) on to which the header applies.
type IPNetworkEndpointStats ¶
type IPNetworkEndpointStats interface { NetworkEndpointStats // IPStats returns the IP statistics of a network endpoint. IPStats() *tcpip.IPStats }
IPNetworkEndpointStats is a NetworkEndpointStats that tracks IP-related statistics.
type IPTables ¶
type IPTables struct {
// contains filtered or unexported fields
}
IPTables holds all the tables for a netstack.
+stateify savable
func DefaultTables ¶
DefaultTables returns a default set of tables. Each chain is set to accept all packets.
func (*IPTables) CheckForward ¶
func (it *IPTables) CheckForward(pkt *PacketBuffer, inNicName, outNicName string) bool
CheckForward performs the forward hook on the packet.
Returns true iff the packet may continue traversing the stack; the packet must be dropped if false is returned.
Precondition: The packet's network and transport header must be set.
This is called in the hot path even when iptables are disabled, so we ensure that it does not allocate. Note that called functions (e.g. getConnAndUpdate) can allocate. TODO(b/233951539): checkescape fails on arm sometimes. Fix and re-add.
func (*IPTables) CheckInput ¶
func (it *IPTables) CheckInput(pkt *PacketBuffer, inNicName string) bool
CheckInput performs the input hook on the packet.
Returns true iff the packet may continue traversing the stack; the packet must be dropped if false is returned.
Precondition: The packet's network and transport header must be set.
This is called in the hot path even when iptables are disabled, so we ensure that it does not allocate. Note that called functions (e.g. getConnAndUpdate) can allocate. TODO(b/233951539): checkescape fails on arm sometimes. Fix and re-add.
func (*IPTables) CheckOutput ¶
func (it *IPTables) CheckOutput(pkt *PacketBuffer, r *Route, outNicName string) bool
CheckOutput performs the output hook on the packet.
Returns true iff the packet may continue traversing the stack; the packet must be dropped if false is returned.
Precondition: The packet's network and transport header must be set.
This is called in the hot path even when iptables are disabled, so we ensure that it does not allocate. Note that called functions (e.g. getConnAndUpdate) can allocate. TODO(b/233951539): checkescape fails on arm sometimes. Fix and re-add.
func (*IPTables) CheckPostrouting ¶
func (it *IPTables) CheckPostrouting(pkt *PacketBuffer, r *Route, addressEP AddressableEndpoint, outNicName string) bool
CheckPostrouting performs the postrouting hook on the packet.
Returns true iff the packet may continue traversing the stack; the packet must be dropped if false is returned.
Precondition: The packet's network and transport header must be set.
This is called in the hot path even when iptables are disabled, so we ensure that it does not allocate. Note that called functions (e.g. getConnAndUpdate) can allocate. TODO(b/233951539): checkescape fails on arm sometimes. Fix and re-add.
func (*IPTables) CheckPrerouting ¶
func (it *IPTables) CheckPrerouting(pkt *PacketBuffer, addressEP AddressableEndpoint, inNicName string) bool
CheckPrerouting performs the prerouting hook on the packet.
Returns true iff the packet may continue traversing the stack; the packet must be dropped if false is returned.
Precondition: The packet's network and transport header must be set.
This is called in the hot path even when iptables are disabled, so we ensure that it does not allocate. Note that called functions (e.g. getConnAndUpdate) can allocate. TODO(b/233951539): checkescape fails on arm sometimes. Fix and re-add.
func (*IPTables) ForceReplaceTable ¶
ForceReplaceTable replaces or inserts table by name. It panics when an invalid id is provided. It enables iptables even when the inserted table is all conditionless ACCEPT, skipping our optimization that disables iptables until they're modified.
func (*IPTables) GetTable ¶
GetTable returns a table with the given id and IP version. It panics when an invalid id is provided.
func (*IPTables) Modified ¶
Modified returns whether iptables has been modified. It is inherently racy and intended for use only in tests.
func (*IPTables) OriginalDst ¶
func (it *IPTables) OriginalDst(epID TransportEndpointID, netProto tcpip.NetworkProtocolNumber, transProto tcpip.TransportProtocolNumber) (tcpip.Address, uint16, tcpip.Error)
OriginalDst returns the original destination of redirected connections. It returns an error if the connection doesn't exist or isn't redirected.
func (*IPTables) ReplaceTable ¶
ReplaceTable replaces or inserts table by name. It panics when an invalid id is provided.
func (*IPTables) VisitTargets ¶
VisitTargets traverses all the targets of all tables and replaces each with transform(target).
type InjectableLinkEndpoint ¶
type InjectableLinkEndpoint interface { LinkEndpoint // InjectInbound injects an inbound packet. InjectInbound(protocol tcpip.NetworkProtocolNumber, pkt *PacketBuffer) // InjectOutbound writes a fully formed outbound packet directly to the // link. // // dest is used by endpoints with multiple raw destinations. InjectOutbound(dest tcpip.Address, packet *buffer.View) tcpip.Error }
InjectableLinkEndpoint is a LinkEndpoint where inbound packets are delivered via the Inject method.
type LinkAddressResolver ¶
type LinkAddressResolver interface { // LinkAddressRequest sends a request for the link address of the target // address. The request is broadcast on the local network if a remote link // address is not provided. LinkAddressRequest(targetAddr, localAddr tcpip.Address, remoteLinkAddr tcpip.LinkAddress) tcpip.Error // ResolveStaticAddress attempts to resolve address without sending // requests. It either resolves the name immediately or returns the // empty LinkAddress. // // It can be used to resolve broadcast addresses for example. ResolveStaticAddress(addr tcpip.Address) (tcpip.LinkAddress, bool) // LinkAddressProtocol returns the network protocol of the // addresses this resolver can resolve. LinkAddressProtocol() tcpip.NetworkProtocolNumber }
LinkAddressResolver handles link address resolution for a network protocol.
type LinkEndpoint ¶
type LinkEndpoint interface { NetworkLinkEndpoint LinkWriter }
LinkEndpoint is the interface implemented by data link layer protocols (e.g., ethernet, loopback, raw) and used by network layer protocols to send packets out through the implementer's data link endpoint. When a link header exists, it sets each PacketBuffer's LinkHeader field before passing it up the stack.
type LinkEndpointCapabilities ¶
type LinkEndpointCapabilities uint
LinkEndpointCapabilities is the type associated with the capabilities supported by a link-layer endpoint. It is a set of bitfields.
const ( CapabilityNone LinkEndpointCapabilities = 0 // CapabilityTXChecksumOffload indicates that the link endpoint supports // checksum computation for outgoing packets and the stack can skip // computing checksums when sending packets. CapabilityTXChecksumOffload LinkEndpointCapabilities = 1 << iota // CapabilityRXChecksumOffload indicates that the link endpoint supports // checksum verification on received packets and that it's safe for the // stack to skip checksum verification. CapabilityRXChecksumOffload CapabilityResolutionRequired CapabilitySaveRestore CapabilityDisconnectOk CapabilityLoopback )
The following are the supported link endpoint capabilities.
type LinkResolutionResult ¶
type LinkResolutionResult struct { LinkAddress tcpip.LinkAddress Err tcpip.Error }
LinkResolutionResult is the result of a link address resolution attempt.
type LinkResolvableNetworkEndpoint ¶
type LinkResolvableNetworkEndpoint interface { // HandleLinkResolutionFailure is called when link resolution prevents the // argument from having been sent. HandleLinkResolutionFailure(*PacketBuffer) }
LinkResolvableNetworkEndpoint handles link resolution events.
type LinkWriter ¶
type LinkWriter interface { // WritePackets writes packets. Must not be called with an empty list of // packet buffers. // // Each packet must have the link-layer header set, if the link requires // one. // // WritePackets may modify the packet buffers, and takes ownership of the PacketBufferList. // it is not safe to use the PacketBufferList after a call to WritePackets. WritePackets(PacketBufferList) (int, tcpip.Error) }
LinkWriter is an interface that supports sending packets via a data-link layer endpoint. It is used with QueueingDiscipline to batch writes from upper layer endpoints.
type MasqueradeTarget ¶
type MasqueradeTarget struct { // NetworkProtocol is the network protocol the target is used with. It // is immutable. NetworkProtocol tcpip.NetworkProtocolNumber }
MasqueradeTarget modifies the source port/IP in the outgoing packets.
+stateify savable
func (*MasqueradeTarget) Action ¶
func (mt *MasqueradeTarget) Action(pkt *PacketBuffer, hook Hook, r *Route, addressEP AddressableEndpoint) (RuleVerdict, int)
Action implements Target.Action.
type Matcher ¶
type Matcher interface { // Match returns whether the packet matches and whether the packet // should be "hotdropped", i.e. dropped immediately. This is usually // used for suspicious packets. // // Precondition: packet.NetworkHeader is set. Match(hook Hook, packet *PacketBuffer, inputInterfaceName, outputInterfaceName string) (matches bool, hotdrop bool) }
A Matcher is the interface for matching packets.
type MulticastForwardingEventDispatcher ¶
type MulticastForwardingEventDispatcher interface { // OnMissingRoute is called when an incoming multicast packet does not match // any installed route. // // The packet that triggered this event may be queued so that it can be // transmitted once a route is installed. Even then, it may still be dropped // as per the routing table's GC/eviction policy. OnMissingRoute(MulticastPacketContext) // OnUnexpectedInputInterface is called when a multicast packet arrives at an // interface that does not match the installed route's expected input // interface. // // This may be an indication of a routing loop. The packet that triggered // this event is dropped without being forwarded. OnUnexpectedInputInterface(context MulticastPacketContext, expectedInputInterface tcpip.NICID) }
MulticastForwardingEventDispatcher is the interface that integrators should implement to handle multicast routing events.
type MulticastForwardingNetworkEndpoint ¶
type MulticastForwardingNetworkEndpoint interface { ForwardingNetworkEndpoint // MulticastForwarding returns true if multicast forwarding is enabled. // Otherwise, returns false. MulticastForwarding() bool // SetMulticastForwarding sets the multicast forwarding configuration. // // Returns the previous forwarding configuration. SetMulticastForwarding(bool) bool }
MulticastForwardingNetworkEndpoint is a network endpoint that may forward multicast packets.
type MulticastForwardingNetworkProtocol ¶
type MulticastForwardingNetworkProtocol interface { NetworkProtocol // AddMulticastRoute adds a route to the multicast routing table such that // packets matching the addresses will be forwarded using the provided route. // // Returns an error if the addresses or route is invalid. AddMulticastRoute(UnicastSourceAndMulticastDestination, MulticastRoute) tcpip.Error // RemoveMulticastRoute removes the route matching the provided addresses // from the multicast routing table. // // Returns an error if the addresses are invalid or a matching route is not // found. RemoveMulticastRoute(UnicastSourceAndMulticastDestination) tcpip.Error // MulticastRouteLastUsedTime returns a monotonic timestamp that // represents the last time that the route matching the provided addresses // was used or updated. // // Returns an error if the addresses are invalid or a matching route was not // found. MulticastRouteLastUsedTime(UnicastSourceAndMulticastDestination) (tcpip.MonotonicTime, tcpip.Error) // EnableMulticastForwarding enables multicast forwarding for the protocol. // // Returns an error if the provided multicast forwarding event dispatcher is // nil. Otherwise, returns true if the multicast forwarding was already // enabled. EnableMulticastForwarding(MulticastForwardingEventDispatcher) (bool, tcpip.Error) // DisableMulticastForwarding disables multicast forwarding for the protocol. DisableMulticastForwarding() }
MulticastForwardingNetworkProtocol is the interface that needs to be implemented by the network protocols that support multicast forwarding.
type MulticastPacketContext ¶
type MulticastPacketContext struct { // SourceAndDestination contains the unicast source address and the multicast // destination address found in the relevant multicast packet. SourceAndDestination UnicastSourceAndMulticastDestination // InputInterface is the interface on which the relevant multicast packet // arrived. InputInterface tcpip.NICID }
MulticastPacketContext is the context in which a multicast packet triggered a multicast forwarding event.
type MulticastRoute ¶
type MulticastRoute struct { // ExpectedInputInterface is the interface on which packets using this route // are expected to ingress. ExpectedInputInterface tcpip.NICID // OutgoingInterfaces is the set of interfaces that a multicast packet should // be forwarded out of. // // This field should not be empty. OutgoingInterfaces []MulticastRouteOutgoingInterface }
MulticastRoute is a multicast route.
type MulticastRouteOutgoingInterface ¶
type MulticastRouteOutgoingInterface struct { // ID corresponds to the outgoing NIC. ID tcpip.NICID // MinTTL represents the minimum TTL/HopLimit a multicast packet must have to // be sent through the outgoing interface. // // Note: a value of 0 allows all packets to be forwarded. MinTTL uint8 }
MulticastRouteOutgoingInterface represents an outgoing interface in a multicast route.
type NDPEndpoint ¶
type NDPEndpoint interface { NetworkEndpoint // InvalidateDefaultRouter invalidates a default router discovered through // NDP. InvalidateDefaultRouter(tcpip.Address) }
NDPEndpoint is a network endpoint that supports NDP.
type NICContext ¶
type NICContext any
NICContext is an opaque pointer used to store client-supplied NIC metadata.
type NICInfo ¶
type NICInfo struct { Name string LinkAddress tcpip.LinkAddress ProtocolAddresses []tcpip.ProtocolAddress // Flags indicate the state of the NIC. Flags NICStateFlags // MTU is the maximum transmission unit. MTU uint32 Stats tcpip.NICStats // NetworkStats holds the stats of each NetworkEndpoint bound to the NIC. NetworkStats map[tcpip.NetworkProtocolNumber]NetworkEndpointStats // Context is user-supplied data optionally supplied in CreateNICWithOptions. // See type NICOptions for more details. Context NICContext // ARPHardwareType holds the ARP Hardware type of the NIC. This is the // value sent in haType field of an ARP Request sent by this NIC and the // value expected in the haType field of an ARP response. ARPHardwareType header.ARPHardwareType // Forwarding holds the forwarding status for each network endpoint that // supports forwarding. Forwarding map[tcpip.NetworkProtocolNumber]bool // MulticastForwarding holds the forwarding status for each network endpoint // that supports multicast forwarding. MulticastForwarding map[tcpip.NetworkProtocolNumber]bool }
NICInfo captures the name and addresses assigned to a NIC.
type NICOptions ¶
type NICOptions struct { // Name specifies the name of the NIC. Name string // Disabled specifies whether to avoid calling Attach on the passed // LinkEndpoint. Disabled bool // Context specifies user-defined data that will be returned in stack.NICInfo // for the NIC. Clients of this library can use it to add metadata that // should be tracked alongside a NIC, to avoid having to keep a // map[tcpip.NICID]metadata mirroring stack.Stack's nic map. Context NICContext // QDisc is the queue discipline to use for this NIC. QDisc QueueingDiscipline // DeliverLinkPackets specifies whether the NIC is responsible for // delivering raw packets to packet sockets. DeliverLinkPackets bool }
NICOptions specifies the configuration of a NIC as it is being created. The zero value creates an enabled, unnamed NIC.
type NICStateFlags ¶
type NICStateFlags struct { // Up indicates whether the interface is running. Up bool // Running indicates whether resources are allocated. Running bool // Promiscuous indicates whether the interface is in promiscuous mode. Promiscuous bool // Loopback indicates whether the interface is a loopback. Loopback bool }
NICStateFlags holds information about the state of an NIC.
type NUDConfigurations ¶
type NUDConfigurations struct { // BaseReachableTime is the base duration for computing the random reachable // time. // // Reachable time is the duration for which a neighbor is considered // reachable after a positive reachability confirmation is received. It is a // function of uniformly distributed random value between minRandomFactor and // maxRandomFactor multiplied by baseReachableTime. Using a random component // eliminates the possibility that Neighbor Unreachability Detection messages // will synchronize with each other. // // After this time, a neighbor entry will transition from REACHABLE to STALE // state. // // Must be greater than 0. BaseReachableTime time.Duration // LearnBaseReachableTime enables learning BaseReachableTime during runtime // from the neighbor discovery protocol, if supported. // // TODO(gvisor.dev/issue/2240): Implement this NUD configuration option. LearnBaseReachableTime bool // MinRandomFactor is the minimum value of the random factor used for // computing reachable time. // // See BaseReachbleTime for more information on computing the reachable time. // // Must be greater than 0. MinRandomFactor float32 // MaxRandomFactor is the maximum value of the random factor used for // computing reachabile time. // // See BaseReachbleTime for more information on computing the reachable time. // // Must be great than or equal to MinRandomFactor. MaxRandomFactor float32 // RetransmitTimer is the duration between retransmission of reachability // probes in the PROBE state. RetransmitTimer time.Duration // LearnRetransmitTimer enables learning RetransmitTimer during runtime from // the neighbor discovery protocol, if supported. // // TODO(gvisor.dev/issue/2241): Implement this NUD configuration option. LearnRetransmitTimer bool // DelayFirstProbeTime is the duration to wait for a non-Neighbor-Discovery // related protocol to reconfirm reachability after entering the DELAY state. // After this time, a reachability probe will be sent and the entry will // transition to the PROBE state. // // Must be greater than 0. DelayFirstProbeTime time.Duration // MaxMulticastProbes is the number of reachability probes to send before // concluding negative reachability and deleting the neighbor entry from the // INCOMPLETE state. // // Must be greater than 0. MaxMulticastProbes uint32 // MaxUnicastProbes is the number of reachability probes to send before // concluding retransmission from within the PROBE state should cease and // entry SHOULD be deleted. // // Must be greater than 0. MaxUnicastProbes uint32 // MaxAnycastDelayTime is the time in which the stack SHOULD delay sending a // response for a random time between 0 and this time, if the target address // is an anycast address. // // TODO(gvisor.dev/issue/2242): Use this option when sending solicited // neighbor confirmations to anycast addresses and proxying neighbor // confirmations. MaxAnycastDelayTime time.Duration // MaxReachabilityConfirmations is the number of unsolicited reachability // confirmation messages a node MAY send to all-node multicast address when // it determines its link-layer address has changed. // // TODO(gvisor.dev/issue/2246): Discuss if implementation of this NUD // configuration option is necessary. MaxReachabilityConfirmations uint32 }
NUDConfigurations is the NUD configurations for the netstack. This is used by the neighbor cache to operate the NUD state machine on each device in the local network.
+stateify savable
func DefaultNUDConfigurations ¶
func DefaultNUDConfigurations() NUDConfigurations
DefaultNUDConfigurations returns a NUDConfigurations populated with default values defined by RFC 4861 section 10.
type NUDDispatcher ¶
type NUDDispatcher interface { // OnNeighborAdded will be called when a new entry is added to a NIC's (with // ID nicID) neighbor table. // // This function is permitted to block indefinitely without interfering with // the stack's operation. // // May be called concurrently. OnNeighborAdded(tcpip.NICID, NeighborEntry) // OnNeighborChanged will be called when an entry in a NIC's (with ID nicID) // neighbor table changes state and/or link address. // // This function is permitted to block indefinitely without interfering with // the stack's operation. // // May be called concurrently. OnNeighborChanged(tcpip.NICID, NeighborEntry) // OnNeighborRemoved will be called when an entry is removed from a NIC's // (with ID nicID) neighbor table. // // This function is permitted to block indefinitely without interfering with // the stack's operation. // // May be called concurrently. OnNeighborRemoved(tcpip.NICID, NeighborEntry) }
NUDDispatcher is the interface integrators of netstack must implement to receive and handle NUD related events.
type NUDState ¶
type NUDState struct {
// contains filtered or unexported fields
}
NUDState stores states needed for calculating reachable time.
+stateify savable
func NewNUDState ¶
NewNUDState returns new NUDState using c as configuration and the specified random number generator for use in recomputing ReachableTime.
func (*NUDState) Config ¶
func (s *NUDState) Config() NUDConfigurations
Config returns the NUD configuration.
func (*NUDState) ReachableTime ¶
ReachableTime returns the duration to wait for a REACHABLE entry to transition into STALE after inactivity. This value is recalculated for new values of BaseReachableTime, MinRandomFactor, and MaxRandomFactor using the algorithm defined in RFC 4861 section 6.3.2.
func (*NUDState) SetConfig ¶
func (s *NUDState) SetConfig(c NUDConfigurations)
SetConfig replaces the existing NUD configurations with c.
type NeighborEntry ¶
type NeighborEntry struct { Addr tcpip.Address LinkAddr tcpip.LinkAddress State NeighborState UpdatedAt tcpip.MonotonicTime }
NeighborEntry describes a neighboring device in the local network.
+stateify savable
type NeighborState ¶
type NeighborState uint8
NeighborState defines the state of a NeighborEntry within the Neighbor Unreachability Detection state machine, as per RFC 4861 section 7.3.2 and RFC 7048.
const ( // Unknown means reachability has not been verified yet. This is the initial // state of entries that have been created automatically by the Neighbor // Unreachability Detection state machine. Unknown NeighborState = iota // Incomplete means that there is an outstanding request to resolve the // address. Incomplete // Reachable means the path to the neighbor is functioning properly for both // receive and transmit paths. Reachable // Stale means reachability to the neighbor is unknown, but packets are still // able to be transmitted to the possibly stale link address. Stale // Delay means reachability to the neighbor is unknown and pending // confirmation from an upper-level protocol like TCP, but packets are still // able to be transmitted to the possibly stale link address. Delay // Probe means a reachability confirmation is actively being sought by // periodically retransmitting reachability probes until a reachability // confirmation is received, or until the maximum number of probes has been // sent. Probe // Static describes entries that have been explicitly added by the user. They // do not expire and are not deleted until explicitly removed. Static // Unreachable means reachability confirmation failed; the maximum number of // reachability probes has been sent and no replies have been received. // // TODO(gvisor.dev/issue/5472): Add the following sentence when we implement // RFC 7048: "Packets continue to be sent to the neighbor while // re-attempting to resolve the address." Unreachable )
func (NeighborState) String ¶
func (i NeighborState) String() string
type NeighborStats ¶
type NeighborStats struct { // UnreachableEntryLookups counts the number of lookups performed on an // entry in Unreachable state. UnreachableEntryLookups *tcpip.StatCounter }
NeighborStats holds metrics for the neighbor table.
type NetworkDispatcher ¶
type NetworkDispatcher interface { // DeliverNetworkPacket finds the appropriate network protocol endpoint // and hands the packet over for further processing. // // // If the link-layer has a header, the packet's link header must be populated. // // DeliverNetworkPacket may modify pkt. DeliverNetworkPacket(protocol tcpip.NetworkProtocolNumber, pkt *PacketBuffer) // DeliverLinkPacket delivers a packet to any interested packet endpoints. // // This method should be called with both incoming and outgoing packets. // // If the link-layer has a header, the packet's link header must be populated. DeliverLinkPacket(protocol tcpip.NetworkProtocolNumber, pkt *PacketBuffer) }
NetworkDispatcher contains the methods used by the network stack to deliver inbound/outbound packets to the appropriate network/packet(if any) endpoints.
type NetworkEndpoint ¶
type NetworkEndpoint interface { // Enable enables the endpoint. // // Must only be called when the stack is in a state that allows the endpoint // to send and receive packets. // // Returns *tcpip.ErrNotPermitted if the endpoint cannot be enabled. Enable() tcpip.Error // Enabled returns true if the endpoint is enabled. Enabled() bool // Disable disables the endpoint. Disable() // DefaultTTL is the default time-to-live value (or hop limit, in ipv6) // for this endpoint. DefaultTTL() uint8 // MTU is the maximum transmission unit for this endpoint. This is // generally calculated as the MTU of the underlying data link endpoint // minus the network endpoint max header length. MTU() uint32 // MaxHeaderLength returns the maximum size the network (and lower // level layers combined) headers can have. Higher levels use this // information to reserve space in the front of the packets they're // building. MaxHeaderLength() uint16 // WritePacket writes a packet to the given destination address and // protocol. It may modify pkt. pkt.TransportHeader must have // already been set. WritePacket(r *Route, params NetworkHeaderParams, pkt *PacketBuffer) tcpip.Error // WriteHeaderIncludedPacket writes a packet that includes a network // header to the given destination address. It may modify pkt. WriteHeaderIncludedPacket(r *Route, pkt *PacketBuffer) tcpip.Error // HandlePacket is called by the link layer when new packets arrive to // this network endpoint. It sets pkt.NetworkHeader. // // HandlePacket may modify pkt. HandlePacket(pkt *PacketBuffer) // Close is called when the endpoint is removed from a stack. Close() // NetworkProtocolNumber returns the tcpip.NetworkProtocolNumber for // this endpoint. NetworkProtocolNumber() tcpip.NetworkProtocolNumber // Stats returns a reference to the network endpoint stats. Stats() NetworkEndpointStats }
NetworkEndpoint is the interface that needs to be implemented by endpoints of network layer protocols (e.g., ipv4, ipv6).
type NetworkEndpointID ¶
NetworkEndpointID is the identifier of a network layer protocol endpoint. Currently the local address is sufficient because all supported protocols (i.e., IPv4 and IPv6) have different sizes for their addresses.
type NetworkEndpointStats ¶
type NetworkEndpointStats interface { // IsNetworkEndpointStats is an empty method to implement the // NetworkEndpointStats marker interface. IsNetworkEndpointStats() }
NetworkEndpointStats is the interface implemented by each network endpoint stats struct.
type NetworkHeaderParams ¶
type NetworkHeaderParams struct { // Protocol refers to the transport protocol number. Protocol tcpip.TransportProtocolNumber // TTL refers to Time To Live field of the IP-header. TTL uint8 // TOS refers to TypeOfService or TrafficClass field of the IP-header. TOS uint8 // DF indicates whether the DF bit should be set. DF bool // ExperimentOptionValue is a 16 bit value that is set for the IP experiment // option headers if it is not zero. ExperimentOptionValue uint16 }
NetworkHeaderParams are the header parameters given as input by the transport endpoint to the network.
type NetworkInterface ¶
type NetworkInterface interface { NetworkLinkEndpoint // ID returns the interface's ID. ID() tcpip.NICID // IsLoopback returns true if the interface is a loopback interface. IsLoopback() bool // Name returns the name of the interface. // // May return an empty string if the interface is not configured with a name. Name() string // Enabled returns true if the interface is enabled. Enabled() bool // Promiscuous returns true if the interface is in promiscuous mode. // // When in promiscuous mode, the interface should accept all packets. Promiscuous() bool // Spoofing returns true if the interface is in spoofing mode. // // When in spoofing mode, the interface should consider all addresses as // assigned to it. Spoofing() bool // PrimaryAddress returns the primary address associated with the interface. // // PrimaryAddress will return the first non-deprecated address if such an // address exists. If no non-deprecated addresses exist, the first deprecated // address will be returned. If no deprecated addresses exist, the zero value // will be returned. PrimaryAddress(tcpip.NetworkProtocolNumber) (tcpip.AddressWithPrefix, tcpip.Error) // CheckLocalAddress returns true if the address exists on the interface. CheckLocalAddress(tcpip.NetworkProtocolNumber, tcpip.Address) bool // WritePacketToRemote writes the packet to the given remote link address. WritePacketToRemote(tcpip.LinkAddress, *PacketBuffer) tcpip.Error // WritePacket writes a packet through the given route. // // WritePacket may modify the packet buffer. The packet buffer's // network and transport header must be set. WritePacket(*Route, *PacketBuffer) tcpip.Error // HandleNeighborProbe processes an incoming neighbor probe (e.g. ARP // request or NDP Neighbor Solicitation). // // HandleNeighborProbe assumes that the probe is valid for the network // interface the probe was received on. HandleNeighborProbe(tcpip.NetworkProtocolNumber, tcpip.Address, tcpip.LinkAddress) tcpip.Error // HandleNeighborConfirmation processes an incoming neighbor confirmation // (e.g. ARP reply or NDP Neighbor Advertisement). HandleNeighborConfirmation(tcpip.NetworkProtocolNumber, tcpip.Address, tcpip.LinkAddress, ReachabilityConfirmationFlags) tcpip.Error }
NetworkInterface is a network interface.
type NetworkLinkEndpoint ¶
type NetworkLinkEndpoint interface { // MTU is the maximum transmission unit for this endpoint. This is // usually dictated by the backing physical network; when such a // physical network doesn't exist, the limit is generally 64k, which // includes the maximum size of an IP packet. MTU() uint32 // SetMTU update the maximum transmission unit for the endpoint. SetMTU(mtu uint32) // MaxHeaderLength returns the maximum size the data link (and // lower level layers combined) headers can have. Higher levels use this // information to reserve space in the front of the packets they're // building. MaxHeaderLength() uint16 // LinkAddress returns the link address (typically a MAC) of the // endpoint. LinkAddress() tcpip.LinkAddress // SetLinkAddress updated the endpoint's link address (typically a MAC). SetLinkAddress(addr tcpip.LinkAddress) // Capabilities returns the set of capabilities supported by the // endpoint. Capabilities() LinkEndpointCapabilities // Attach attaches the data link layer endpoint to the network-layer // dispatcher of the stack. // // Attach is called with a nil dispatcher when the endpoint's NIC is being // removed. Attach(dispatcher NetworkDispatcher) // IsAttached returns whether a NetworkDispatcher is attached to the // endpoint. IsAttached() bool // Wait waits for any worker goroutines owned by the endpoint to stop. // // For now, requesting that an endpoint's worker goroutine(s) stop is // implementation specific. // // Wait will not block if the endpoint hasn't started any goroutines // yet, even if it might later. Wait() // ARPHardwareType returns the ARPHRD_TYPE of the link endpoint. // // See: // https://github.com/torvalds/linux/blob/aa0c9086b40c17a7ad94425b3b70dd1fdd7497bf/include/uapi/linux/if_arp.h#L30 ARPHardwareType() header.ARPHardwareType // AddHeader adds a link layer header to the packet if required. AddHeader(*PacketBuffer) // ParseHeader parses the link layer header to the packet. ParseHeader(*PacketBuffer) bool // Close is called when the endpoint is removed from a stack. Close() // SetOnCloseAction sets the action that will be exected before closing the // endpoint. It is used to destroy a network device when its endpoint // is closed. Endpoints that are closed only after destroying their // network devices can implement this method as no-op. SetOnCloseAction(func()) }
NetworkLinkEndpoint is a data-link layer that supports sending network layer packets.
type NetworkPacketInfo ¶
type NetworkPacketInfo struct { // LocalAddressBroadcast is true if the packet's local address is a broadcast // address. LocalAddressBroadcast bool // IsForwardedPacket is true if the packet is being forwarded. IsForwardedPacket bool }
NetworkPacketInfo holds information about a network layer packet.
+stateify savable
type NetworkProtocol ¶
type NetworkProtocol interface { // Number returns the network protocol number. Number() tcpip.NetworkProtocolNumber // MinimumPacketSize returns the minimum valid packet size of this // network protocol. The stack automatically drops any packets smaller // than this targeted at this protocol. MinimumPacketSize() int // ParseAddresses returns the source and destination addresses stored in a // packet of this protocol. ParseAddresses(b []byte) (src, dst tcpip.Address) // NewEndpoint creates a new endpoint of this protocol. NewEndpoint(nic NetworkInterface, dispatcher TransportDispatcher) NetworkEndpoint // SetOption allows enabling/disabling protocol specific features. // SetOption returns an error if the option is not supported or the // provided option value is invalid. SetOption(option tcpip.SettableNetworkProtocolOption) tcpip.Error // Option allows retrieving protocol specific option values. // Option returns an error if the option is not supported or the // provided option value is invalid. Option(option tcpip.GettableNetworkProtocolOption) tcpip.Error // Close requests that any worker goroutines owned by the protocol // stop. Close() // Wait waits for any worker goroutines owned by the protocol to stop. Wait() // Parse sets pkt.NetworkHeader and trims pkt.Data appropriately. It // returns: // - The encapsulated protocol, if present. // - Whether there is an encapsulated transport protocol payload (e.g. ARP // does not encapsulate anything). // - Whether pkt.Data was large enough to parse and set pkt.NetworkHeader. Parse(pkt *PacketBuffer) (proto tcpip.TransportProtocolNumber, hasTransportHdr bool, ok bool) }
NetworkProtocol is the interface that needs to be implemented by network protocols (e.g., ipv4, ipv6) that want to be part of the networking stack.
type NetworkProtocolFactory ¶
type NetworkProtocolFactory func(*Stack) NetworkProtocol
NetworkProtocolFactory instantiates a network protocol.
NetworkProtocolFactory must not attempt to modify the stack, it may only query the stack.
type Options ¶
type Options struct { // NetworkProtocols lists the network protocols to enable. NetworkProtocols []NetworkProtocolFactory // TransportProtocols lists the transport protocols to enable. TransportProtocols []TransportProtocolFactory // Clock is an optional clock used for timekeeping. // // If Clock is nil, tcpip.NewStdClock() will be used. Clock tcpip.Clock // Stats are optional statistic counters. Stats tcpip.Stats // HandleLocal indicates whether packets destined to their source // should be handled by the stack internally (true) or outside the // stack (false). HandleLocal bool // NUDConfigs is the default NUD configurations used by interfaces. NUDConfigs NUDConfigurations // NUDDisp is the NUD event dispatcher that an integrator can provide to // receive NUD related events. NUDDisp NUDDispatcher // RawFactory produces raw endpoints. Raw endpoints are enabled only if // this is non-nil. RawFactory RawFactory // AllowPacketEndpointWrite determines if packet endpoints support write // operations. AllowPacketEndpointWrite bool // RandSource is an optional source to use to generate random // numbers. If omitted it defaults to a Source seeded by the data // returned by the stack secure RNG. // // RandSource must be thread-safe. RandSource rand.Source // IPTables are the initial iptables rules. If nil, DefaultIPTables will be // used to construct the initial iptables rules. // all traffic. IPTables *IPTables // DefaultIPTables is an optional iptables rules constructor that is called // if IPTables is nil. If both fields are nil, iptables will allow all // traffic. DefaultIPTables func(clock tcpip.Clock, rand *rand.Rand) *IPTables // SecureRNG is a cryptographically secure random number generator. SecureRNG io.Reader }
Options contains optional Stack configuration.
type PacketBuffer ¶
type PacketBuffer struct { // NetworkProtocolNumber is only valid when NetworkHeader().View().IsEmpty() // returns false. // TODO(gvisor.dev/issue/3574): Remove the separately passed protocol // numbers in registration APIs that take a PacketBuffer. NetworkProtocolNumber tcpip.NetworkProtocolNumber // TransportProtocol is only valid if it is non zero. // TODO(gvisor.dev/issue/3810): This and the network protocol number should // be moved into the headerinfo. This should resolve the validity issue. TransportProtocolNumber tcpip.TransportProtocolNumber // Hash is the transport layer hash of this packet. A value of zero // indicates no valid hash has been set. Hash uint32 // Owner is implemented by task to get the uid and gid. // Only set for locally generated packets. Owner tcpip.PacketOwner // The following fields are only set by the qdisc layer when the packet // is added to a queue. EgressRoute RouteInfo GSOOptions GSO // PktType indicates the SockAddrLink.PacketType of the packet as defined in // https://www.man7.org/linux/man-pages/man7/packet.7.html. PktType tcpip.PacketType // NICID is the ID of the last interface the network packet was handled at. NICID tcpip.NICID // RXChecksumValidated indicates that checksum verification may be // safely skipped. RXChecksumValidated bool // NetworkPacketInfo holds an incoming packet's network-layer information. NetworkPacketInfo NetworkPacketInfo // contains filtered or unexported fields }
A PacketBuffer contains all the data of a network packet.
As a PacketBuffer traverses up the stack, it may be necessary to pass it to multiple endpoints.
The whole packet is expected to be a series of bytes in the following order: LinkHeader, NetworkHeader, TransportHeader, and Data. Any of them can be empty. Use of PacketBuffer in any other order is unsupported.
PacketBuffer must be created with NewPacketBuffer, which sets the initial reference count to 1. Owners should call `DecRef()` when they are finished with the buffer to return it to the pool.
Internal structure: A PacketBuffer holds a pointer to buffer.Buffer, which exposes a logically-contiguous byte storage. The underlying storage structure is abstracted out, and should not be a concern here for most of the time.
|- reserved ->| |--->| consumed (incoming) 0 V V +--------+----+----+--------------------+ | | | | current data ... | (buf) +--------+----+----+--------------------+ ^ | |<---| pushed (outgoing)
When a PacketBuffer is created, a `reserved` header region can be specified, which stack pushes headers in this region for an outgoing packet. There could be no such region for an incoming packet, and `reserved` is 0. The value of `reserved` never changes in the entire lifetime of the packet.
Outgoing Packet: When a header is pushed, `pushed` gets incremented by the pushed length, and the current value is stored for each header. PacketBuffer subtracts this value from `reserved` to compute the starting offset of each header in `buf`.
Incoming Packet: When a header is consumed (a.k.a. parsed), the current `consumed` value is stored for each header, and it gets incremented by the consumed length. PacketBuffer adds this value to `reserved` to compute the starting offset of each header in `buf`.
+stateify savable
func NewPacketBuffer ¶
func NewPacketBuffer(opts PacketBufferOptions) *PacketBuffer
NewPacketBuffer creates a new PacketBuffer with opts.
func (*PacketBuffer) AsSlices ¶
func (pk *PacketBuffer) AsSlices() [][]byte
AsSlices returns the underlying storage of the whole packet.
Note that AsSlices can allocate a lot. In hot paths it may be preferable to iterate over a PacketBuffer's data via AsViewList.
func (*PacketBuffer) AsViewList ¶
func (pk *PacketBuffer) AsViewList() (buffer.ViewList, int)
AsViewList returns the list of Views backing the PacketBuffer along with the header offset into them. Users may not save or modify the ViewList returned.
func (*PacketBuffer) AvailableHeaderBytes ¶
func (pk *PacketBuffer) AvailableHeaderBytes() int
AvailableHeaderBytes returns the number of bytes currently available for headers. This is relevant to PacketHeader.Push method only.
func (*PacketBuffer) Clone ¶
func (pk *PacketBuffer) Clone() *PacketBuffer
Clone makes a semi-deep copy of pk. The underlying packet payload is shared. Hence, no modifications is done to underlying packet payload.
func (*PacketBuffer) CloneToInbound ¶
func (pk *PacketBuffer) CloneToInbound() *PacketBuffer
CloneToInbound makes a semi-deep copy of the packet buffer (similar to Clone) to be used as an inbound packet.
See PacketBuffer.Data for details about how a packet buffer holds an inbound packet.
func (*PacketBuffer) Data ¶
func (pk *PacketBuffer) Data() PacketData
Data returns the handle to data portion of pk.
func (*PacketBuffer) DecRef ¶
func (pk *PacketBuffer) DecRef()
DecRef decrements the PacketBuffer's refcount. If the refcount is decremented to zero, the PacketBuffer is returned to the PacketBuffer pool.
func (*PacketBuffer) DeepCopyForForwarding ¶
func (pk *PacketBuffer) DeepCopyForForwarding(reservedHeaderBytes int) *PacketBuffer
DeepCopyForForwarding creates a deep copy of the packet buffer for forwarding.
The returned packet buffer will have the network and transport headers set if the original packet buffer did.
func (*PacketBuffer) HeaderSize ¶
func (pk *PacketBuffer) HeaderSize() int
HeaderSize returns the total size of all headers in bytes.
func (*PacketBuffer) ID ¶
func (pk *PacketBuffer) ID() uintptr
ID returns a unique ID for the underlying storage of the packet.
Two *PacketBuffers have the same IDs if and only if they point to the same location in memory.
func (*PacketBuffer) IncRef ¶
func (pk *PacketBuffer) IncRef() *PacketBuffer
IncRef increments the PacketBuffer's refcount.
func (*PacketBuffer) LinkHeader ¶
func (pk *PacketBuffer) LinkHeader() PacketHeader
LinkHeader returns the handle to link-layer header.
func (*PacketBuffer) MemSize ¶
func (pk *PacketBuffer) MemSize() int
MemSize returns the estimation size of the pk in memory, including backing buffer data.
func (*PacketBuffer) Network ¶
func (pk *PacketBuffer) Network() header.Network
Network returns the network header as a header.Network.
Network should only be called when NetworkHeader has been set.
func (*PacketBuffer) NetworkHeader ¶
func (pk *PacketBuffer) NetworkHeader() PacketHeader
NetworkHeader returns the handle to network-layer header.
func (*PacketBuffer) ReserveHeaderBytes ¶
func (pk *PacketBuffer) ReserveHeaderBytes(reserved int)
ReserveHeaderBytes prepends reserved space for headers at the front of the underlying buf. Can only be called once per packet.
func (*PacketBuffer) ReservedHeaderBytes ¶
func (pk *PacketBuffer) ReservedHeaderBytes() int
ReservedHeaderBytes returns the number of bytes initially reserved for headers.
func (*PacketBuffer) Size ¶
func (pk *PacketBuffer) Size() int
Size returns the size of packet in bytes.
func (*PacketBuffer) ToBuffer ¶
func (pk *PacketBuffer) ToBuffer() buffer.Buffer
ToBuffer returns a caller-owned copy of the underlying storage of the whole packet.
func (*PacketBuffer) ToView ¶
func (pk *PacketBuffer) ToView() *buffer.View
ToView returns a caller-owned copy of the underlying storage of the whole packet as a view.
func (*PacketBuffer) TransportHeader ¶
func (pk *PacketBuffer) TransportHeader() PacketHeader
TransportHeader returns the handle to transport-layer header.
func (*PacketBuffer) VirtioNetHeader ¶
func (pk *PacketBuffer) VirtioNetHeader() PacketHeader
VirtioNetHeader returns the handle to virtio-layer header.
type PacketBufferList ¶
type PacketBufferList struct {
// contains filtered or unexported fields
}
PacketBufferList is a slice-backed list. All operations are O(1) unless otherwise noted.
Note: this is intentionally backed by a slice, not an intrusive list. We've switched PacketBufferList back-and-forth between intrusive list and slice-backed implementations, and the latter has proven to be preferable:
- Intrusive lists are a refcounting nightmare, as modifying the list sometimes-but-not-always modifies the list for others.
- The slice-backed implementation has been benchmarked and is slightly more performant.
+stateify savable
func (*PacketBufferList) AsSlice ¶
func (pl *PacketBufferList) AsSlice() []*PacketBuffer
AsSlice returns a slice containing the packets in the list.
func (PacketBufferList) DecRef ¶
func (pl PacketBufferList) DecRef()
DecRef decreases the reference count on each PacketBuffer stored in the list.
NOTE: runs in O(n) time.
func (*PacketBufferList) Len ¶
func (pl *PacketBufferList) Len() int
Len returns the number of elements in the list.
func (*PacketBufferList) PopFront ¶
func (pl *PacketBufferList) PopFront() *PacketBuffer
PopFront removes the first element in the list if it exists and returns it.
func (*PacketBufferList) PushBack ¶
func (pl *PacketBufferList) PushBack(pb *PacketBuffer)
PushBack inserts the PacketBuffer at the back of the list.
func (*PacketBufferList) Reset ¶
func (pl *PacketBufferList) Reset()
Reset decrements all elements and resets the list to the empty state.
type PacketBufferOptions ¶
type PacketBufferOptions struct { // ReserveHeaderBytes is the number of bytes to reserve for headers. Total // number of bytes pushed onto the headers must not exceed this value. ReserveHeaderBytes int // Payload is the initial unparsed data for the new packet. If set, it will // be owned by the new packet. Payload buffer.Buffer // IsForwardedPacket identifies that the PacketBuffer being created is for a // forwarded packet. IsForwardedPacket bool // OnRelease is a function to be run when the packet buffer is no longer // referenced (released back to the pool). OnRelease func() }
PacketBufferOptions specifies options for PacketBuffer creation.
type PacketData ¶
type PacketData struct {
// contains filtered or unexported fields
}
PacketData represents the data portion of a PacketBuffer.
+stateify savable
func (PacketData) AppendView ¶
func (d PacketData) AppendView(v *buffer.View)
AppendView appends v into d, taking the ownership of v.
func (PacketData) AsRange ¶
func (d PacketData) AsRange() Range
AsRange returns a Range representing the current data payload of the packet.
func (PacketData) CapLength ¶
func (d PacketData) CapLength(length int)
CapLength reduces d to at most length bytes.
func (PacketData) Checksum ¶
func (d PacketData) Checksum() uint16
Checksum returns a checksum over the data payload of the packet.
func (PacketData) ChecksumAtOffset ¶
func (d PacketData) ChecksumAtOffset(offset int) uint16
ChecksumAtOffset returns a checksum over the data payload of the packet starting from offset.
func (PacketData) Consume ¶
func (d PacketData) Consume(size int) ([]byte, bool)
Consume is the same as PullUp except that is additionally consumes the returned bytes. Subsequent PullUp or Consume will not return these bytes.
func (PacketData) Merge ¶
func (d PacketData) Merge(oth PacketData)
Merge clears headers in oth and merges its data with d.
func (PacketData) MergeBuffer ¶
func (d PacketData) MergeBuffer(b *buffer.Buffer)
MergeBuffer merges b into d and clears b.
func (PacketData) PullUp ¶
func (d PacketData) PullUp(size int) (b []byte, ok bool)
PullUp returns a contiguous slice of size bytes from the beginning of d. Callers should not keep the view for later use. Callers can write to the returned slice if they have singular ownership over the underlying Buffer.
func (PacketData) ReadFrom ¶
func (d PacketData) ReadFrom(src *buffer.Buffer, count int) int
ReadFrom moves at most count bytes from the beginning of src to the end of d and returns the number of bytes moved.
func (PacketData) ReadFromPacketData ¶
func (d PacketData) ReadFromPacketData(oth PacketData, count int)
ReadFromPacketData moves count bytes from the beginning of oth to the end of d.
func (PacketData) ReadTo ¶
ReadTo reads bytes from d to dst. It also removes these bytes from d unless peek is true.
func (PacketData) Size ¶
func (d PacketData) Size() int
Size returns the number of bytes in the data payload of the packet.
func (PacketData) ToBuffer ¶
func (d PacketData) ToBuffer() buffer.Buffer
ToBuffer returns the underlying storage of d in a buffer.Buffer.
func (PacketData) TrimFront ¶
func (d PacketData) TrimFront(count int)
TrimFront removes up to count bytes from the front of d's payload.
type PacketEndpoint ¶
type PacketEndpoint interface { // HandlePacket is called by the stack when new packets arrive that // match the endpoint. // // Implementers should treat packet as immutable and should copy it // before before modification. // // linkHeader may have a length of 0, in which case the PacketEndpoint // should construct its own ethernet header for applications. // // HandlePacket may modify pkt. HandlePacket(nicID tcpip.NICID, netProto tcpip.NetworkProtocolNumber, pkt *PacketBuffer) }
PacketEndpoint is the interface that needs to be implemented by packet transport protocol endpoints. These endpoints receive link layer headers in addition to whatever they contain (usually network and transport layer headers and a payload).
type PacketHeader ¶
type PacketHeader struct {
// contains filtered or unexported fields
}
PacketHeader is a handle object to a header in the underlying packet.
func (PacketHeader) Consume ¶
func (h PacketHeader) Consume(size int) (v []byte, consumed bool)
Consume moves the first size bytes of the unparsed data portion in the packet to h, and returns the backing storage. In the case of data is shorter than size, consumed will be false, and the state of h will not be affected. Callers may only call one of Push or Consume once on each header in the lifetime of the underlying packet.
func (PacketHeader) Push ¶
func (h PacketHeader) Push(size int) []byte
Push pushes size bytes in the front of its residing packet, and returns the backing storage. Callers may only call one of Push or Consume once on each header in the lifetime of the underlying packet.
func (PacketHeader) Slice ¶
func (h PacketHeader) Slice() []byte
Slice returns the underlying storage of h as a []byte. The returned slice should not be modified if the underlying packet could be shared, cloned, or borrowed.
func (PacketHeader) View ¶
func (h PacketHeader) View() *buffer.View
View returns an caller-owned copy of the underlying storage of h as a *buffer.View.
type PacketLooping ¶
type PacketLooping byte
PacketLooping specifies where an outbound packet should be sent.
const ( // PacketOut indicates that the packet should be passed to the link // endpoint. PacketOut PacketLooping = 1 << iota // PacketLoop indicates that the packet should be handled locally. PacketLoop )
type ParseResult ¶
type ParseResult int
ParseResult indicates the result of a parsing attempt.
const ( // ParsedOK indicates that a packet was successfully parsed. ParsedOK ParseResult = iota // UnknownTransportProtocol indicates that the transport protocol is unknown. UnknownTransportProtocol // TransportLayerParseError indicates that the transport packet was not // successfully parsed. TransportLayerParseError )
type PrimaryEndpointBehavior ¶
type PrimaryEndpointBehavior int
PrimaryEndpointBehavior is an enumeration of an AddressEndpoint's primary behavior.
const ( // CanBePrimaryEndpoint indicates the endpoint can be used as a primary // endpoint for new connections with no local address. CanBePrimaryEndpoint PrimaryEndpointBehavior = iota // FirstPrimaryEndpoint indicates the endpoint should be the first // primary endpoint considered. If there are multiple endpoints with // this behavior, they are ordered by recency. FirstPrimaryEndpoint // NeverPrimaryEndpoint indicates the endpoint should never be a // primary endpoint. NeverPrimaryEndpoint )
func (PrimaryEndpointBehavior) String ¶
func (peb PrimaryEndpointBehavior) String() string
type QueueingDiscipline ¶
type QueueingDiscipline interface { // WritePacket writes a packet. // // WritePacket may modify the packet buffer. The packet buffer's // network and transport header must be set. // // To participate in transparent bridging, a LinkEndpoint implementation // should call eth.Encode with header.EthernetFields.SrcAddr set to // pkg.EgressRoute.LocalLinkAddress if it is provided. WritePacket(*PacketBuffer) tcpip.Error Close() }
QueueingDiscipline provides a queueing strategy for outgoing packets (e.g FIFO, LIFO, Random Early Drop etc).
type Range ¶
type Range struct {
// contains filtered or unexported fields
}
Range represents a contiguous subportion of a PacketBuffer.
func (Range) Capped ¶
Capped returns a new Range with the same starting point of r and length capped at max.
func (Range) SubRange ¶
SubRange returns a new Range starting at off bytes of r. It returns an empty range if off is out-of-bounds.
type RawFactory ¶
type RawFactory interface { // NewUnassociatedEndpoint produces endpoints for writing packets not // associated with a particular transport protocol. Such endpoints can // be used to write arbitrary packets that include the network header. NewUnassociatedEndpoint(stack *Stack, netProto tcpip.NetworkProtocolNumber, transProto tcpip.TransportProtocolNumber, waiterQueue *waiter.Queue) (tcpip.Endpoint, tcpip.Error) // NewPacketEndpoint produces endpoints for reading and writing packets // that include network and (when cooked is false) link layer headers. NewPacketEndpoint(stack *Stack, cooked bool, netProto tcpip.NetworkProtocolNumber, waiterQueue *waiter.Queue) (tcpip.Endpoint, tcpip.Error) }
RawFactory produces endpoints for writing various types of raw packets.
type RawTransportEndpoint ¶
type RawTransportEndpoint interface { // HandlePacket is called by the stack when new packets arrive to // this transport endpoint. The packet contains all data from the link // layer up. // // HandlePacket may modify the packet. HandlePacket(*PacketBuffer) }
RawTransportEndpoint is the interface that needs to be implemented by raw transport protocol endpoints. RawTransportEndpoints receive the entire packet - including the network and transport headers - as delivered to netstack.
type ReachabilityConfirmationFlags ¶
type ReachabilityConfirmationFlags struct { // Solicited indicates that the advertisement was sent in response to a // reachability probe. Solicited bool // Override indicates that the reachability confirmation should override an // existing neighbor cache entry and update the cached link-layer address. // When Override is not set the confirmation will not update a cached // link-layer address, but will update an existing neighbor cache entry for // which no link-layer address is known. Override bool // IsRouter indicates that the sender is a router. IsRouter bool }
ReachabilityConfirmationFlags describes the flags used within a reachability confirmation (e.g. ARP reply or Neighbor Advertisement for ARP or NDP, respectively).
type ReceiveBufferSizeOption ¶
ReceiveBufferSizeOption is used by stack.(Stack*).Option/SetOption to get/set the default, min and max receive buffer sizes.
type RedirectTarget ¶
type RedirectTarget struct { // Port indicates port used to redirect. It is immutable. Port uint16 // NetworkProtocol is the network protocol the target is used with. It // is immutable. NetworkProtocol tcpip.NetworkProtocolNumber }
RedirectTarget redirects the packet to this machine by modifying the destination port/IP. Outgoing packets are redirected to the loopback device, and incoming packets are redirected to the incoming interface (rather than forwarded).
+stateify savable
func (*RedirectTarget) Action ¶
func (rt *RedirectTarget) Action(pkt *PacketBuffer, hook Hook, r *Route, addressEP AddressableEndpoint) (RuleVerdict, int)
Action implements Target.Action.
type RejectIPv4Target ¶
type RejectIPv4Target struct { Handler RejectIPv4WithHandler RejectWith RejectIPv4WithICMPType }
RejectIPv4Target drops packets and sends back an error packet in response to the matched packet.
+stateify savable
func (*RejectIPv4Target) Action ¶
func (rt *RejectIPv4Target) Action(pkt *PacketBuffer, hook Hook, _ *Route, _ AddressableEndpoint) (RuleVerdict, int)
Action implements Target.Action.
type RejectIPv4WithHandler ¶
type RejectIPv4WithHandler interface { // SendRejectionError sends an error packet in response to the packet. SendRejectionError(pkt *PacketBuffer, rejectWith RejectIPv4WithICMPType, inputHook bool) tcpip.Error }
RejectIPv4WithHandler handles rejecting a packet.
type RejectIPv4WithICMPType ¶
type RejectIPv4WithICMPType int
RejectIPv4WithICMPType indicates the type of ICMP error that should be sent.
const ( RejectIPv4WithICMPNetUnreachable RejectIPv4WithICMPType RejectIPv4WithICMPHostUnreachable RejectIPv4WithICMPPortUnreachable RejectIPv4WithICMPNetProhibited RejectIPv4WithICMPHostProhibited RejectIPv4WithICMPAdminProhibited )
The types of errors that may be returned when rejecting IPv4 packets.
type RejectIPv6Target ¶
type RejectIPv6Target struct { Handler RejectIPv6WithHandler RejectWith RejectIPv6WithICMPType }
RejectIPv6Target drops packets and sends back an error packet in response to the matched packet.
+stateify savable
func (*RejectIPv6Target) Action ¶
func (rt *RejectIPv6Target) Action(pkt *PacketBuffer, hook Hook, _ *Route, _ AddressableEndpoint) (RuleVerdict, int)
Action implements Target.Action.
type RejectIPv6WithHandler ¶
type RejectIPv6WithHandler interface { // SendRejectionError sends an error packet in response to the packet. SendRejectionError(pkt *PacketBuffer, rejectWith RejectIPv6WithICMPType, forwardingHook bool) tcpip.Error }
RejectIPv6WithHandler handles rejecting a packet.
type RejectIPv6WithICMPType ¶
type RejectIPv6WithICMPType int
RejectIPv6WithICMPType indicates the type of ICMP error that should be sent.
const ( RejectIPv6WithICMPNoRoute RejectIPv6WithICMPType RejectIPv6WithICMPAddrUnreachable RejectIPv6WithICMPPortUnreachable RejectIPv6WithICMPAdminProhibited )
The types of errors that may be returned when rejecting IPv6 packets.
type ResolvedFieldsResult ¶
ResolvedFieldsResult is the result of a route resolution attempt.
type RestoredEndpoint ¶
type RestoredEndpoint interface { // Restore restores an endpoint. This can be used to restart background // workers such as protocol goroutines. This must be called after all // indirect dependencies of the endpoint has been restored, which // generally implies at the end of the restore process. Restore(*Stack) }
RestoredEndpoint is an endpoint that needs to be restored.
type ResumableEndpoint ¶
type ResumableEndpoint interface {
// Resume resumes an endpoint.
Resume()
}
ResumableEndpoint is an endpoint that needs to be resumed after save.
type ReturnTarget ¶
type ReturnTarget struct { // NetworkProtocol is the network protocol the target is used with. NetworkProtocol tcpip.NetworkProtocolNumber }
ReturnTarget returns from the current chain. If the chain is a built-in, the hook's underflow should be called.
+stateify savable
func (*ReturnTarget) Action ¶
func (*ReturnTarget) Action(*PacketBuffer, Hook, *Route, AddressableEndpoint) (RuleVerdict, int)
Action implements Target.Action.
type Route ¶
type Route struct {
// contains filtered or unexported fields
}
Route represents a route through the networking stack to a given destination.
It is safe to call Route's methods from multiple goroutines.
func (*Route) Acquire ¶
func (r *Route) Acquire()
Acquire increments the reference counter of the resources associated with the route.
func (*Route) ConfirmReachable ¶
func (r *Route) ConfirmReachable()
ConfirmReachable informs the network/link layer that the neighbour used for the route is reachable.
"Reachable" is defined as having full-duplex communication between the local and remote ends of the route.
func (*Route) DefaultTTL ¶
DefaultTTL returns the default TTL of the underlying network endpoint.
func (*Route) Fields ¶
Fields returns a RouteInfo with all of the known values for the route's fields.
If any fields are unknown (e.g. remote link address when it is waiting for link address resolution), they will be unset.
func (*Route) GSOMaxSize ¶
GSOMaxSize returns the maximum GSO packet size.
func (*Route) HasDisconnectOkCapability ¶
HasDisconnectOkCapability returns true if the route supports disconnecting.
func (*Route) HasGVisorGSOCapability ¶
HasGVisorGSOCapability returns true if the route supports gVisor GSO.
func (*Route) HasHostGSOCapability ¶
HasHostGSOCapability returns true if the route supports host GSO.
func (*Route) HasSaveRestoreCapability ¶
HasSaveRestoreCapability returns true if the route supports save/restore.
func (*Route) IsOutboundBroadcast ¶
IsOutboundBroadcast returns true if the route is for an outbound broadcast packet.
func (*Route) IsResolutionRequired ¶
IsResolutionRequired returns true if Resolve() must be called to resolve the link address before the route can be written to.
The NICs the route is associated with must not be locked.
func (*Route) LocalAddress ¶
LocalAddress returns the route's local address.
func (*Route) LocalLinkAddress ¶
func (r *Route) LocalLinkAddress() tcpip.LinkAddress
LocalLinkAddress returns the route's local link-layer address.
func (*Route) Loop ¶
func (r *Route) Loop() PacketLooping
Loop returns the route's required packet looping.
func (*Route) MTU ¶
MTU returns the MTU of the route if present, otherwise the MTU of the underlying network endpoint.
func (*Route) MaxHeaderLength ¶
MaxHeaderLength forwards the call to the network endpoint's implementation.
func (*Route) NetProto ¶
func (r *Route) NetProto() tcpip.NetworkProtocolNumber
NetProto returns the route's network-layer protocol number.
func (*Route) OutgoingNIC ¶
OutgoingNIC returns the route's outgoing NIC.
func (*Route) PseudoHeaderChecksum ¶
func (r *Route) PseudoHeaderChecksum(protocol tcpip.TransportProtocolNumber, totalLen uint16) uint16
PseudoHeaderChecksum forwards the call to the network endpoint's implementation.
func (*Route) Release ¶
func (r *Route) Release()
Release decrements the reference counter of the resources associated with the route.
func (*Route) RemoteAddress ¶
RemoteAddress returns the route's destination.
func (*Route) RemoteLinkAddress ¶
func (r *Route) RemoteLinkAddress() tcpip.LinkAddress
RemoteLinkAddress returns the link-layer (MAC) address of the next hop in the route.
func (*Route) RequiresTXTransportChecksum ¶
RequiresTXTransportChecksum returns false if the route does not require transport checksums to be populated.
func (*Route) ResolveWith ¶
func (r *Route) ResolveWith(addr tcpip.LinkAddress)
ResolveWith immediately resolves a route with the specified remote link address.
func (*Route) ResolvedFields ¶
func (r *Route) ResolvedFields(afterResolve func(ResolvedFieldsResult)) tcpip.Error
ResolvedFields attempts to resolve the remote link address if it is not known.
If a callback is provided, it will be called before ResolvedFields returns when address resolution is not required. If address resolution is required, the callback will be called once address resolution is complete, regardless of success or failure.
Note, the route will not cache the remote link address when address resolution completes.
func (*Route) WriteHeaderIncludedPacket ¶
func (r *Route) WriteHeaderIncludedPacket(pkt *PacketBuffer) tcpip.Error
WriteHeaderIncludedPacket writes a packet already containing a network header through the given route.
func (*Route) WritePacket ¶
func (r *Route) WritePacket(params NetworkHeaderParams, pkt *PacketBuffer) tcpip.Error
WritePacket writes the packet through the given route.
type RouteInfo ¶
type RouteInfo struct { // RemoteLinkAddress is the link-layer (MAC) address of the next hop in the // route. RemoteLinkAddress tcpip.LinkAddress // contains filtered or unexported fields }
RouteInfo contains all of Route's exported fields.
+stateify savable
type Rule ¶
type Rule struct { // Filter holds basic IP filtering fields common to every rule. Filter IPHeaderFilter // Matchers is the list of matchers for this rule. Matchers []Matcher // Target is the action to invoke if all the matchers match the packet. Target Target }
A Rule is a packet processing rule. It consists of two pieces. First it contains zero or more matchers, each of which is a specification of which packets this rule applies to. If there are no matchers in the rule, it applies to any packet.
+stateify savable
type RuleVerdict ¶
type RuleVerdict int
A RuleVerdict is what a rule decides should be done with a packet.
const ( // RuleAccept indicates the packet should continue through netstack. RuleAccept RuleVerdict = iota // RuleDrop indicates the packet should be dropped. RuleDrop // RuleJump indicates the packet should jump to another chain. RuleJump // RuleReturn indicates the packet should return to the previous chain. RuleReturn )
type SNATTarget ¶
type SNATTarget struct { Addr tcpip.Address Port uint16 // NetworkProtocol is the network protocol the target is used with. It // is immutable. NetworkProtocol tcpip.NetworkProtocolNumber // ChangeAddress indicates whether we should check addresses. // // Immutable. ChangeAddress bool // ChangePort indicates whether we should check ports. // // Immutable. ChangePort bool }
SNATTarget modifies the source port/IP in the outgoing packets.
+stateify savable
func (*SNATTarget) Action ¶
func (st *SNATTarget) Action(pkt *PacketBuffer, hook Hook, r *Route, _ AddressableEndpoint) (RuleVerdict, int)
Action implements Target.Action.
type SendBufSizeProto ¶
type SendBufSizeProto interface {
SendBufferSize() tcpip.TCPSendBufferSizeRangeOption
}
SendBufSizeProto is a protocol that can return its send buffer size.
type Stack ¶
type Stack struct { *ports.PortManager // contains filtered or unexported fields }
Stack is a networking stack, with all supported protocols, NICs, and route table.
LOCK ORDERING: mu > routeMu.
+stateify savable
func New ¶
New allocates a new networking stack with only the requested networking and transport protocols configured with default options.
Note, NDPConfigurations will be fixed before being used by the Stack. That is, if an invalid value was provided, it will be reset to the default value.
Protocol options can be changed by calling the SetNetworkProtocolOption/SetTransportProtocolOption methods provided by the stack. Please refer to individual protocol implementations as to what options are supported.
func RestoreStackFromContext ¶
RestoreStackFromContext returns the stack to be used during restore.
func (*Stack) AddMulticastRoute ¶
func (s *Stack) AddMulticastRoute(protocol tcpip.NetworkProtocolNumber, addresses UnicastSourceAndMulticastDestination, route MulticastRoute) tcpip.Error
AddMulticastRoute adds a multicast route to be used for the specified addresses and protocol.
func (*Stack) AddProtocolAddress ¶
func (s *Stack) AddProtocolAddress(id tcpip.NICID, protocolAddress tcpip.ProtocolAddress, properties AddressProperties) tcpip.Error
AddProtocolAddress adds an address to the specified NIC, possibly with extra properties.
func (*Stack) AddStaticNeighbor ¶
func (s *Stack) AddStaticNeighbor(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address, linkAddr tcpip.LinkAddress) tcpip.Error
AddStaticNeighbor statically associates an IP address to a MAC address.
func (*Stack) AllAddresses ¶
func (s *Stack) AllAddresses() map[tcpip.NICID][]tcpip.ProtocolAddress
AllAddresses returns a map of NICIDs to their protocol addresses (primary and non-primary).
func (*Stack) AllowICMPMessage ¶
AllowICMPMessage returns true if we the rate limiter allows at least one ICMP message to be sent at this instant.
func (*Stack) CheckDuplicateAddress ¶
func (s *Stack) CheckDuplicateAddress(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address, h DADCompletionHandler) (DADCheckAddressDisposition, tcpip.Error)
CheckDuplicateAddress performs duplicate address detection for the address on the specified interface.
func (*Stack) CheckLocalAddress ¶
func (s *Stack) CheckLocalAddress(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address) tcpip.NICID
CheckLocalAddress determines if the given local address exists, and if it does, returns the id of the NIC it's bound to. Returns 0 if the address does not exist.
func (*Stack) CheckNetworkProtocol ¶
func (s *Stack) CheckNetworkProtocol(protocol tcpip.NetworkProtocolNumber) bool
CheckNetworkProtocol checks if a given network protocol is enabled in the stack.
func (*Stack) CheckRegisterTransportEndpoint ¶
func (s *Stack) CheckRegisterTransportEndpoint(netProtos []tcpip.NetworkProtocolNumber, protocol tcpip.TransportProtocolNumber, id TransportEndpointID, flags ports.Flags, bindToDevice tcpip.NICID) tcpip.Error
CheckRegisterTransportEndpoint checks if an endpoint can be registered with the stack transport dispatcher.
func (*Stack) CleanupEndpoints ¶
func (s *Stack) CleanupEndpoints() []TransportEndpoint
CleanupEndpoints returns endpoints currently in the cleanup state.
func (*Stack) ClearNeighbors ¶
ClearNeighbors removes all IP to MAC address associations.
func (*Stack) Clock ¶
Clock returns the Stack's clock for retrieving the current time and scheduling work.
func (*Stack) Close ¶
func (s *Stack) Close()
Close closes all currently registered transport endpoints.
Endpoints created or modified during this call may not get closed.
func (*Stack) CompleteTransportEndpointCleanup ¶
func (s *Stack) CompleteTransportEndpointCleanup(ep TransportEndpoint)
CompleteTransportEndpointCleanup removes the endpoint from the cleanup stage.
func (*Stack) CreateNIC ¶
CreateNIC creates a NIC with the provided id and LinkEndpoint and calls LinkEndpoint.Attach to bind ep with a NetworkDispatcher.
func (*Stack) CreateNICWithOptions ¶
func (s *Stack) CreateNICWithOptions(id tcpip.NICID, ep LinkEndpoint, opts NICOptions) tcpip.Error
CreateNICWithOptions creates a NIC with the provided id, LinkEndpoint, and NICOptions. See the documentation on type NICOptions for details on how NICs can be configured.
LinkEndpoint.Attach will be called to bind ep with a NetworkDispatcher.
func (*Stack) DisableMulticastForwardingForProtocol ¶
func (s *Stack) DisableMulticastForwardingForProtocol(protocol tcpip.NetworkProtocolNumber) tcpip.Error
DisableMulticastForwardingForProtocol disables multicast forwarding for the provided protocol.
Returns an error if the provided protocol is not found or if it does not support multicast forwarding.
func (*Stack) DisableNIC ¶
DisableNIC disables the given NIC.
func (*Stack) EnableMulticastForwardingForProtocol ¶
func (s *Stack) EnableMulticastForwardingForProtocol(protocol tcpip.NetworkProtocolNumber, disp MulticastForwardingEventDispatcher) (bool, tcpip.Error)
EnableMulticastForwardingForProtocol enables multicast forwarding for the provided protocol.
Returns true if forwarding was already enabled on the protocol. Additionally, returns an error if:
- The protocol is not found.
- The protocol doesn't support multicast forwarding.
- The multicast forwarding event dispatcher is nil.
If successful, future multicast forwarding events will be sent to the provided event dispatcher.
func (*Stack) EnableNIC ¶
EnableNIC enables the given NIC so that the link-layer endpoint can start delivering packets to it.
func (*Stack) EnableSaveRestore ¶
func (s *Stack) EnableSaveRestore()
EnableSaveRestore marks the saveRestoreEnabled to true.
func (*Stack) FindNICNameFromID ¶
FindNICNameFromID returns the name of the NIC for the given NICID.
func (*Stack) FindRoute ¶
func (s *Stack) FindRoute(id tcpip.NICID, localAddr, remoteAddr tcpip.Address, netProto tcpip.NetworkProtocolNumber, multicastLoop bool) (*Route, tcpip.Error)
FindRoute creates a route to the given destination address, leaving through the given NIC and local address (if provided).
If a NIC is not specified, the returned route will leave through the same NIC as the NIC that has the local address assigned when forwarding is disabled. If forwarding is enabled and the NIC is unspecified, the route may leave through any interface unless the route is link-local.
If no local address is provided, the stack will select a local address. If no remote address is provided, the stack will use a remote address equal to the local address.
func (*Stack) FindTransportEndpoint ¶
func (s *Stack) FindTransportEndpoint(netProto tcpip.NetworkProtocolNumber, transProto tcpip.TransportProtocolNumber, id TransportEndpointID, nicID tcpip.NICID) TransportEndpoint
FindTransportEndpoint finds an endpoint that most closely matches the provided id. If no endpoint is found it returns nil.
func (*Stack) GetLinkAddress ¶
func (s *Stack) GetLinkAddress(nicID tcpip.NICID, addr, localAddr tcpip.Address, protocol tcpip.NetworkProtocolNumber, onResolve func(LinkResolutionResult)) tcpip.Error
GetLinkAddress finds the link address corresponding to a network address.
Returns ErrNotSupported if the stack is not configured with a link address resolver for the specified network protocol.
Returns ErrWouldBlock if the link address is not readily available, along with a notification channel for the caller to block on. Triggers address resolution asynchronously.
onResolve will be called either immediately, if resolution is not required, or when address resolution is complete, with the resolved link address and whether resolution succeeded.
If specified, the local address must be an address local to the interface the neighbor cache belongs to. The local address is the source address of a packet prompting NUD/link address resolution.
func (*Stack) GetLinkEndpointByName ¶
func (s *Stack) GetLinkEndpointByName(name string) LinkEndpoint
GetLinkEndpointByName gets the link endpoint specified by name.
func (*Stack) GetMainNICAddress ¶
func (s *Stack) GetMainNICAddress(id tcpip.NICID, protocol tcpip.NetworkProtocolNumber) (tcpip.AddressWithPrefix, tcpip.Error)
GetMainNICAddress returns the first non-deprecated primary address and prefix for the given NIC and protocol. If no non-deprecated primary addresses exist, a deprecated address will be returned. If no deprecated addresses exist, the zero value will be returned.
func (*Stack) GetNICByID ¶
GetNICByID return a network device associated with the specified ID.
func (*Stack) GetNetworkEndpoint ¶
func (s *Stack) GetNetworkEndpoint(nicID tcpip.NICID, proto tcpip.NetworkProtocolNumber) (NetworkEndpoint, tcpip.Error)
GetNetworkEndpoint returns the NetworkEndpoint with the specified protocol number installed on the specified NIC.
func (*Stack) GetRouteTable ¶
GetRouteTable returns the route table which is currently in use.
func (*Stack) HandleLocal ¶
HandleLocal returns true if non-loopback interfaces are allowed to loop packets.
func (*Stack) ICMPBurst ¶
ICMPBurst returns the maximum number of ICMP messages that can be sent in a single burst.
func (*Stack) ICMPLimit ¶
ICMPLimit returns the maximum number of ICMP messages that can be sent in one second.
func (*Stack) InsecureRNG ¶
InsecureRNG returns a reference to a pseudo random generator that can be used to generate random numbers as required. It is not cryptographically secure and should not be used for security sensitive work.
func (*Stack) IsInGroup ¶
IsInGroup returns true if the NIC with ID nicID has joined the multicast group multicastAddr.
func (*Stack) IsSaveRestoreEnabled ¶
IsSaveRestoreEnabled returns true if save restore is enabled for the stack.
func (*Stack) IsSubnetBroadcast ¶
func (s *Stack) IsSubnetBroadcast(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address) bool
IsSubnetBroadcast returns true if the provided address is a subnet-local broadcast address on the specified NIC and protocol.
Returns false if the NIC is unknown or if the protocol is unknown or does not support addressing.
If the NIC is not specified, the stack will check all NICs.
func (*Stack) JoinGroup ¶
func (s *Stack) JoinGroup(protocol tcpip.NetworkProtocolNumber, nicID tcpip.NICID, multicastAddr tcpip.Address) tcpip.Error
JoinGroup joins the given multicast group on the given NIC.
func (*Stack) LeaveGroup ¶
func (s *Stack) LeaveGroup(protocol tcpip.NetworkProtocolNumber, nicID tcpip.NICID, multicastAddr tcpip.Address) tcpip.Error
LeaveGroup leaves the given multicast group on the given NIC.
func (*Stack) MulticastRouteLastUsedTime ¶
func (s *Stack) MulticastRouteLastUsedTime(protocol tcpip.NetworkProtocolNumber, addresses UnicastSourceAndMulticastDestination) (tcpip.MonotonicTime, tcpip.Error)
MulticastRouteLastUsedTime returns a monotonic timestamp that represents the last time that the route that matches the provided addresses and protocol was used or updated.
func (*Stack) NICForwarding ¶
func (s *Stack) NICForwarding(id tcpip.NICID, protocol tcpip.NetworkProtocolNumber) (bool, tcpip.Error)
NICForwarding returns the forwarding configuration for the specified NIC.
func (*Stack) NICMulticastForwarding ¶
func (s *Stack) NICMulticastForwarding(id tcpip.NICID, protocol tcpip.NetworkProtocolNumber) (bool, tcpip.Error)
NICMulticastForwarding returns the multicast forwarding configuration for the specified NIC.
func (*Stack) NUDConfigurations ¶
func (s *Stack) NUDConfigurations(id tcpip.NICID, proto tcpip.NetworkProtocolNumber) (NUDConfigurations, tcpip.Error)
NUDConfigurations gets the per-interface NUD configurations.
func (*Stack) Neighbors ¶
func (s *Stack) Neighbors(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber) ([]NeighborEntry, tcpip.Error)
Neighbors returns all IP to MAC address associations.
func (*Stack) NetworkProtocolInstance ¶
func (s *Stack) NetworkProtocolInstance(num tcpip.NetworkProtocolNumber) NetworkProtocol
NetworkProtocolInstance returns the protocol instance in the stack for the specified network protocol. This method is public for protocol implementers and tests to use.
func (*Stack) NetworkProtocolOption ¶
func (s *Stack) NetworkProtocolOption(network tcpip.NetworkProtocolNumber, option tcpip.GettableNetworkProtocolOption) tcpip.Error
NetworkProtocolOption allows retrieving individual protocol level option values. This method returns an error if the protocol is not supported or option is not supported by the protocol implementation. E.g.:
var v ipv4.MyOption err := s.NetworkProtocolOption(tcpip.IPv4ProtocolNumber, &v) if err != nil { ... }
func (*Stack) NewEndpoint ¶
func (s *Stack) NewEndpoint(transport tcpip.TransportProtocolNumber, network tcpip.NetworkProtocolNumber, waiterQueue *waiter.Queue) (tcpip.Endpoint, tcpip.Error)
NewEndpoint creates a new transport layer endpoint of the given protocol.
func (*Stack) NewPacketEndpoint ¶
func (s *Stack) NewPacketEndpoint(cooked bool, netProto tcpip.NetworkProtocolNumber, waiterQueue *waiter.Queue) (tcpip.Endpoint, tcpip.Error)
NewPacketEndpoint creates a new packet endpoint listening for the given netProto.
func (*Stack) NewRawEndpoint ¶
func (s *Stack) NewRawEndpoint(transport tcpip.TransportProtocolNumber, network tcpip.NetworkProtocolNumber, waiterQueue *waiter.Queue, associated bool) (tcpip.Endpoint, tcpip.Error)
NewRawEndpoint creates a new raw transport layer endpoint of the given protocol. Raw endpoints receive all traffic for a given protocol regardless of address.
func (*Stack) NewRouteForMulticast ¶
func (s *Stack) NewRouteForMulticast(nicID tcpip.NICID, remoteAddr tcpip.Address, netProto tcpip.NetworkProtocolNumber) *Route
NewRouteForMulticast returns a Route that may be used to forward multicast packets.
Returns nil if validation fails.
func (*Stack) PacketEndpointWriteSupported ¶
PacketEndpointWriteSupported returns true iff packet endpoints support write operations.
func (*Stack) ParsePacketBufferTransport ¶
func (s *Stack) ParsePacketBufferTransport(protocol tcpip.TransportProtocolNumber, pkt *PacketBuffer) ParseResult
ParsePacketBufferTransport parses the provided packet buffer's transport header.
func (*Stack) PortRange ¶
PortRange returns the UDP and TCP inclusive range of ephemeral ports used in both IPv4 and IPv6.
func (*Stack) RegisterPacketEndpoint ¶
func (s *Stack) RegisterPacketEndpoint(nicID tcpip.NICID, netProto tcpip.NetworkProtocolNumber, ep PacketEndpoint) tcpip.Error
RegisterPacketEndpoint registers ep with the stack, causing it to receive all traffic of the specified netProto on the given NIC. If nicID is 0, it receives traffic from every NIC.
func (*Stack) RegisterRawTransportEndpoint ¶
func (s *Stack) RegisterRawTransportEndpoint(netProto tcpip.NetworkProtocolNumber, transProto tcpip.TransportProtocolNumber, ep RawTransportEndpoint) tcpip.Error
RegisterRawTransportEndpoint registers the given endpoint with the stack transport dispatcher. Received packets that match the provided transport protocol will be delivered to the given endpoint.
func (*Stack) RegisterRestoredEndpoint ¶
func (s *Stack) RegisterRestoredEndpoint(e RestoredEndpoint)
RegisterRestoredEndpoint records e as an endpoint that has been restored on this stack.
func (*Stack) RegisterResumableEndpoint ¶
func (s *Stack) RegisterResumableEndpoint(e ResumableEndpoint)
RegisterResumableEndpoint records e as an endpoint that has to be resumed.
func (*Stack) RegisterTransportEndpoint ¶
func (s *Stack) RegisterTransportEndpoint(netProtos []tcpip.NetworkProtocolNumber, protocol tcpip.TransportProtocolNumber, id TransportEndpointID, ep TransportEndpoint, flags ports.Flags, bindToDevice tcpip.NICID) tcpip.Error
RegisterTransportEndpoint registers the given endpoint with the stack transport dispatcher. Received packets that match the provided id will be delivered to the given endpoint; specifying a nic is optional, but nic-specific IDs have precedence over global ones.
func (*Stack) RegisteredEndpoints ¶
func (s *Stack) RegisteredEndpoints() []TransportEndpoint
RegisteredEndpoints returns all endpoints which are currently registered.
func (*Stack) RemoveAddress ¶
RemoveAddress removes an existing network-layer address from the specified NIC.
func (*Stack) RemoveMulticastRoute ¶
func (s *Stack) RemoveMulticastRoute(protocol tcpip.NetworkProtocolNumber, addresses UnicastSourceAndMulticastDestination) tcpip.Error
RemoveMulticastRoute removes a multicast route that matches the specified addresses and protocol.
func (*Stack) RemoveNeighbor ¶
func (s *Stack) RemoveNeighbor(nicID tcpip.NICID, protocol tcpip.NetworkProtocolNumber, addr tcpip.Address) tcpip.Error
RemoveNeighbor removes an IP to MAC address association previously created either automatically or by AddStaticNeighbor. Returns ErrBadAddress if there is no association with the provided address.
func (*Stack) RemoveRoutes ¶
RemoveRoutes removes matching routes from the route table, it returns the number of routes that are removed.
func (*Stack) ReplaceConfig ¶
ReplaceConfig replaces config in the loaded stack.
func (*Stack) ReplaceRoute ¶
ReplaceRoute replaces the route in the routing table which matchse the lookup key for the routing table. If there is no match, the given route will still be added to the routing table. The lookup key consists of destination, ToS, scope and output interface.
func (*Stack) Restore ¶
func (s *Stack) Restore()
Restore restarts the stack after a restore. This must be called after the entire system has been restored.
func (*Stack) RestoreCleanupEndpoints ¶
func (s *Stack) RestoreCleanupEndpoints(es []TransportEndpoint)
RestoreCleanupEndpoints adds endpoints to cleanup tracking. This is useful for restoring a stack after a save.
func (*Stack) SecureRNG ¶
func (s *Stack) SecureRNG() cryptorand.RNG
SecureRNG returns the stack's cryptographically secure random number generator.
func (*Stack) Seed ¶
Seed returns a 32 bit value that can be used as a seed value.
NOTE: The seed is generated once during stack initialization only.
func (*Stack) SetAddressLifetimes ¶
func (s *Stack) SetAddressLifetimes(id tcpip.NICID, addr tcpip.Address, lifetimes AddressLifetimes) tcpip.Error
SetAddressLifetimes sets informational preferred and valid lifetimes, and whether the address should be preferred or deprecated.
func (*Stack) SetForwardingDefaultAndAllNICs ¶
func (s *Stack) SetForwardingDefaultAndAllNICs(protocol tcpip.NetworkProtocolNumber, enable bool) tcpip.Error
SetForwardingDefaultAndAllNICs sets packet forwarding for all NICs for the passed protocol and sets the default setting for newly created NICs.
func (*Stack) SetICMPBurst ¶
SetICMPBurst sets the maximum number of ICMP messages that can be sent in a single burst.
func (*Stack) SetICMPLimit ¶
SetICMPLimit sets the maximum number of ICMP messages that be sent in one second.
func (*Stack) SetNICAddress ¶
SetNICAddress sets the hardware address which is identified by the nic ID.
func (*Stack) SetNICCoordinator ¶
SetNICCoordinator sets a coordinator device.
func (*Stack) SetNICForwarding ¶
func (s *Stack) SetNICForwarding(id tcpip.NICID, protocol tcpip.NetworkProtocolNumber, enable bool) (bool, tcpip.Error)
SetNICForwarding enables or disables packet forwarding on the specified NIC for the passed protocol.
Returns the previous configuration on the NIC.
func (*Stack) SetNICMulticastForwarding ¶
func (s *Stack) SetNICMulticastForwarding(id tcpip.NICID, protocol tcpip.NetworkProtocolNumber, enable bool) (bool, tcpip.Error)
SetNICMulticastForwarding enables or disables multicast packet forwarding on the specified NIC for the passed protocol.
Returns the previous configuration on the NIC.
func (*Stack) SetNICName ¶
SetNICName sets a NIC's name.
func (*Stack) SetNICStack ¶
SetNICStack moves the network device to the specified network namespace.
func (*Stack) SetNUDConfigurations ¶
func (s *Stack) SetNUDConfigurations(id tcpip.NICID, proto tcpip.NetworkProtocolNumber, c NUDConfigurations) tcpip.Error
SetNUDConfigurations sets the per-interface NUD configurations.
Note, if c contains invalid NUD configuration values, it will be fixed to use default values for the erroneous values.
func (*Stack) SetNetworkProtocolOption ¶
func (s *Stack) SetNetworkProtocolOption(network tcpip.NetworkProtocolNumber, option tcpip.SettableNetworkProtocolOption) tcpip.Error
SetNetworkProtocolOption allows configuring individual protocol level options. This method returns an error if the protocol is not supported or option is not supported by the protocol implementation or the provided value is incorrect.
func (*Stack) SetPortRange ¶
SetPortRange sets the UDP and TCP IPv4 and IPv6 ephemeral port range (inclusive).
func (*Stack) SetPromiscuousMode ¶
SetPromiscuousMode enables or disables promiscuous mode in the given NIC.
func (*Stack) SetRouteTable ¶
SetRouteTable assigns the route table to be used by this stack. It specifies which NIC to use for given destination address ranges.
This method takes ownership of the table.
func (*Stack) SetSpoofing ¶
SetSpoofing enables or disables address spoofing in the given NIC, allowing endpoints to bind to any address in the NIC.
func (*Stack) SetTransportProtocolHandler ¶
func (s *Stack) SetTransportProtocolHandler(p tcpip.TransportProtocolNumber, h func(TransportEndpointID, *PacketBuffer) bool)
SetTransportProtocolHandler sets the per-stack default handler for the given protocol.
It must be called only during initialization of the stack. Changing it as the stack is operating is not supported.
func (*Stack) SetTransportProtocolOption ¶
func (s *Stack) SetTransportProtocolOption(transport tcpip.TransportProtocolNumber, option tcpip.SettableTransportProtocolOption) tcpip.Error
SetTransportProtocolOption allows configuring individual protocol level options. This method returns an error if the protocol is not supported or option is not supported by the protocol implementation or the provided value is incorrect.
func (*Stack) StartTransportEndpointCleanup ¶
func (s *Stack) StartTransportEndpointCleanup(netProtos []tcpip.NetworkProtocolNumber, protocol tcpip.TransportProtocolNumber, id TransportEndpointID, ep TransportEndpoint, flags ports.Flags, bindToDevice tcpip.NICID)
StartTransportEndpointCleanup removes the endpoint with the given id from the stack transport dispatcher. It also transitions it to the cleanup stage.
func (*Stack) Stats ¶
Stats returns a mutable copy of the current stats.
This is not generally exported via the public interface, but is available internally.
func (*Stack) TCPSendBufferLimits ¶
func (s *Stack) TCPSendBufferLimits() tcpip.TCPSendBufferSizeRangeOption
TCPSendBufferLimits returns the TCP send buffer size limit.
func (*Stack) TransportProtocolInstance ¶
func (s *Stack) TransportProtocolInstance(num tcpip.TransportProtocolNumber) TransportProtocol
TransportProtocolInstance returns the protocol instance in the stack for the specified transport protocol. This method is public for protocol implementers and tests to use.
func (*Stack) TransportProtocolOption ¶
func (s *Stack) TransportProtocolOption(transport tcpip.TransportProtocolNumber, option tcpip.GettableTransportProtocolOption) tcpip.Error
TransportProtocolOption allows retrieving individual protocol level option values. This method returns an error if the protocol is not supported or option is not supported by the protocol implementation.
var v tcp.SACKEnabled if err := s.TransportProtocolOption(tcpip.TCPProtocolNumber, &v); err != nil { ... }
func (*Stack) UnregisterPacketEndpoint ¶
func (s *Stack) UnregisterPacketEndpoint(nicID tcpip.NICID, netProto tcpip.NetworkProtocolNumber, ep PacketEndpoint)
UnregisterPacketEndpoint unregisters ep for packets of the specified netProto from the specified NIC. If nicID is 0, ep is unregistered from all NICs.
func (*Stack) UnregisterRawTransportEndpoint ¶
func (s *Stack) UnregisterRawTransportEndpoint(netProto tcpip.NetworkProtocolNumber, transProto tcpip.TransportProtocolNumber, ep RawTransportEndpoint)
UnregisterRawTransportEndpoint removes the endpoint for the transport protocol from the stack transport dispatcher.
func (*Stack) UnregisterTransportEndpoint ¶
func (s *Stack) UnregisterTransportEndpoint(netProtos []tcpip.NetworkProtocolNumber, protocol tcpip.TransportProtocolNumber, id TransportEndpointID, ep TransportEndpoint, flags ports.Flags, bindToDevice tcpip.NICID)
UnregisterTransportEndpoint removes the endpoint with the given id from the stack transport dispatcher.
func (*Stack) Wait ¶
func (s *Stack) Wait()
Wait waits for all transport and link endpoints to halt their worker goroutines.
Endpoints created or modified during this call may not get waited on.
Note that link endpoints must be stopped via an implementation specific mechanism.
func (*Stack) WritePacketToRemote ¶
func (s *Stack) WritePacketToRemote(nicID tcpip.NICID, remote tcpip.LinkAddress, netProto tcpip.NetworkProtocolNumber, payload buffer.Buffer) tcpip.Error
WritePacketToRemote writes a payload on the specified NIC using the provided network protocol and remote link address.
type SupportedGSO ¶
type SupportedGSO int
SupportedGSO is the type of segmentation offloading supported.
const ( // GSONotSupported indicates that segmentation offloading is not supported. GSONotSupported SupportedGSO = iota // HostGSOSupported indicates that segmentation offloading may be performed // by the host. This is typically true when netstack is attached to a host // AF_PACKET socket, and not true when attached to a unix socket or other // non-networking data layer. HostGSOSupported // GVisorGSOSupported indicates that segmentation offloading may be performed // in gVisor. GVisorGSOSupported )
type TCPInvalidRateLimitOption ¶
TCPInvalidRateLimitOption is used by stack.(Stack*).Option/SetOption to get/set stack.tcpInvalidRateLimit.
type Table ¶
type Table struct { // Rules holds the rules that make up the table. Rules []Rule // BuiltinChains maps builtin chains to their entrypoint rule in Rules. BuiltinChains [NumHooks]int // Underflows maps builtin chains to their underflow rule in Rules // (i.e. the rule to execute if the chain returns without a verdict). Underflows [NumHooks]int }
A Table defines a set of chains and hooks into the network stack.
It is a list of Rules, entry points (BuiltinChains), and error handlers (Underflows). As packets traverse netstack, they hit hooks. When a packet hits a hook, iptables compares it to Rules starting from that hook's entry point. So if a packet hits the Input hook, we look up the corresponding entry point in BuiltinChains and jump to that point.
If the Rule doesn't match the packet, iptables continues to the next Rule. If a Rule does match, it can issue a verdict on the packet (e.g. RuleAccept or RuleDrop) that causes the packet to stop traversing iptables. It can also jump to other rules or perform custom actions based on Rule.Target.
Underflow Rules are invoked when a chain returns without reaching a verdict.
+stateify savable
func EmptyFilterTable ¶
func EmptyFilterTable() Table
EmptyFilterTable returns a Table with no rules and the filter table chains mapped to HookUnset.
func EmptyNATTable ¶
func EmptyNATTable() Table
EmptyNATTable returns a Table with no rules and the filter table chains mapped to HookUnset.
func (*Table) ValidHooks ¶
ValidHooks returns a bitmap of the builtin hooks for the given table.
type Target ¶
type Target interface { // Action takes an action on the packet and returns a verdict on how // traversal should (or should not) continue. If the return value is // Jump, it also returns the index of the rule to jump to. Action(*PacketBuffer, Hook, *Route, AddressableEndpoint) (RuleVerdict, int) }
A Target is the interface for taking an action for a packet.
type TransportDispatcher ¶
type TransportDispatcher interface { // DeliverTransportPacket delivers packets to the appropriate // transport protocol endpoint. // // pkt.NetworkHeader must be set before calling DeliverTransportPacket. // // DeliverTransportPacket may modify the packet. DeliverTransportPacket(tcpip.TransportProtocolNumber, *PacketBuffer) TransportPacketDisposition // DeliverTransportError delivers an error to the appropriate transport // endpoint. // // DeliverTransportError may modify the packet buffer. DeliverTransportError(local, remote tcpip.Address, _ tcpip.NetworkProtocolNumber, _ tcpip.TransportProtocolNumber, _ TransportError, _ *PacketBuffer) // DeliverRawPacket delivers a packet to any subscribed raw sockets. // // DeliverRawPacket does NOT take ownership of the packet buffer. DeliverRawPacket(tcpip.TransportProtocolNumber, *PacketBuffer) }
TransportDispatcher contains the methods used by the network stack to deliver packets to the appropriate transport endpoint after it has been handled by the network layer.
type TransportEndpoint ¶
type TransportEndpoint interface { // HandlePacket is called by the stack when new packets arrive to this // transport endpoint. It sets the packet buffer's transport header. // // HandlePacket may modify the packet. HandlePacket(TransportEndpointID, *PacketBuffer) // HandleError is called when the transport endpoint receives an error. // // HandleError takes may modify the packet buffer. HandleError(TransportError, *PacketBuffer) // Abort initiates an expedited endpoint teardown. It puts the endpoint // in a closed state and frees all resources associated with it. This // cleanup may happen asynchronously. Wait can be used to block on this // asynchronous cleanup. Abort() // Wait waits for any worker goroutines owned by the endpoint to stop. // // An endpoint can be requested to stop its worker goroutines by calling // its Close method. // // Wait will not block if the endpoint hasn't started any goroutines // yet, even if it might later. Wait() }
TransportEndpoint is the interface that needs to be implemented by transport protocol (e.g., tcp, udp) endpoints that can handle packets.
type TransportEndpointID ¶
type TransportEndpointID struct { // LocalPort is the local port associated with the endpoint. LocalPort uint16 // LocalAddress is the local [network layer] address associated with // the endpoint. LocalAddress tcpip.Address // RemotePort is the remote port associated with the endpoint. RemotePort uint16 // RemoteAddress it the remote [network layer] address associated with // the endpoint. RemoteAddress tcpip.Address }
TransportEndpointID is the identifier of a transport layer protocol endpoint.
+stateify savable
type TransportEndpointInfo ¶
type TransportEndpointInfo struct { NetProto tcpip.NetworkProtocolNumber TransProto tcpip.TransportProtocolNumber ID TransportEndpointID // BindNICID and bindAddr are set via calls to Bind(). They are used to // reject attempts to send data or connect via a different NIC or // address BindNICID tcpip.NICID BindAddr tcpip.Address // RegisterNICID is the default NICID registered as a side-effect of // connect or datagram write. RegisterNICID tcpip.NICID }
TransportEndpointInfo holds useful information about a transport endpoint which can be queried by monitoring tools.
+stateify savable
func (*TransportEndpointInfo) AddrNetProtoLocked ¶
func (t *TransportEndpointInfo) AddrNetProtoLocked(addr tcpip.FullAddress, v6only bool, bind bool) (tcpip.FullAddress, tcpip.NetworkProtocolNumber, tcpip.Error)
AddrNetProtoLocked unwraps the specified address if it is a V4-mapped V6 address and returns the network protocol number to be used to communicate with the specified address. It returns an error if the passed address is incompatible with the receiver.
Preconditon: the parent endpoint mu must be held while calling this method.
func (*TransportEndpointInfo) IsEndpointInfo ¶
func (*TransportEndpointInfo) IsEndpointInfo()
IsEndpointInfo is an empty method to implement the tcpip.EndpointInfo marker interface.
type TransportError ¶
type TransportError interface { tcpip.SockErrorCause // Kind returns the type of the transport error. Kind() TransportErrorKind }
TransportError is a marker interface for errors that may be handled by the transport layer.
type TransportErrorKind ¶
type TransportErrorKind int
TransportErrorKind enumerates error types that are handled by the transport layer.
const ( // PacketTooBigTransportError indicates that a packet did not reach its // destination because a link on the path to the destination had an MTU that // was too small to carry the packet. PacketTooBigTransportError TransportErrorKind = iota // DestinationHostUnreachableTransportError indicates that the destination // host was unreachable. DestinationHostUnreachableTransportError // DestinationPortUnreachableTransportError indicates that a packet reached // the destination host, but the transport protocol was not active on the // destination port. DestinationPortUnreachableTransportError // DestinationNetworkUnreachableTransportError indicates that the destination // network was unreachable. DestinationNetworkUnreachableTransportError // DestinationProtoUnreachableTransportError indicates that the destination // protocol was unreachable. DestinationProtoUnreachableTransportError // SourceRouteFailedTransportError indicates that the source route failed. SourceRouteFailedTransportError // SourceHostIsolatedTransportError indicates that the source machine is not // on the network. SourceHostIsolatedTransportError // DestinationHostDownTransportError indicates that the destination host is // down. DestinationHostDownTransportError )
type TransportPacketDisposition ¶
type TransportPacketDisposition int
TransportPacketDisposition is the result from attempting to deliver a packet to the transport layer.
const ( // TransportPacketHandled indicates that a transport packet was handled by the // transport layer and callers need not take any further action. TransportPacketHandled TransportPacketDisposition = iota // TransportPacketProtocolUnreachable indicates that the transport // protocol requested in the packet is not supported. TransportPacketProtocolUnreachable // TransportPacketDestinationPortUnreachable indicates that there weren't any // listeners interested in the packet and the transport protocol has no means // to notify the sender. TransportPacketDestinationPortUnreachable )
type TransportProtocol ¶
type TransportProtocol interface { // Number returns the transport protocol number. Number() tcpip.TransportProtocolNumber // NewEndpoint creates a new endpoint of the transport protocol. NewEndpoint(netProto tcpip.NetworkProtocolNumber, waitQueue *waiter.Queue) (tcpip.Endpoint, tcpip.Error) // NewRawEndpoint creates a new raw endpoint of the transport protocol. NewRawEndpoint(netProto tcpip.NetworkProtocolNumber, waitQueue *waiter.Queue) (tcpip.Endpoint, tcpip.Error) // MinimumPacketSize returns the minimum valid packet size of this // transport protocol. The stack automatically drops any packets smaller // than this targeted at this protocol. MinimumPacketSize() int // ParsePorts returns the source and destination ports stored in a // packet of this protocol. ParsePorts(b []byte) (src, dst uint16, err tcpip.Error) // HandleUnknownDestinationPacket handles packets targeted at this // protocol that don't match any existing endpoint. For example, // it is targeted at a port that has no listeners. // // HandleUnknownDestinationPacket may modify the packet if it handles // the issue. HandleUnknownDestinationPacket(TransportEndpointID, *PacketBuffer) UnknownDestinationPacketDisposition // SetOption allows enabling/disabling protocol specific features. // SetOption returns an error if the option is not supported or the // provided option value is invalid. SetOption(option tcpip.SettableTransportProtocolOption) tcpip.Error // Option allows retrieving protocol specific option values. // Option returns an error if the option is not supported or the // provided option value is invalid. Option(option tcpip.GettableTransportProtocolOption) tcpip.Error // Close requests that any worker goroutines owned by the protocol // stop. Close() // Wait waits for any worker goroutines owned by the protocol to stop. Wait() // Pause requests that any protocol level background workers pause. Pause() // Resume resumes any protocol level background workers that were // previously paused by Pause. Resume() // Restore starts any protocol level background workers during restore. Restore() // Parse sets pkt.TransportHeader and trims pkt.Data appropriately. It does // neither and returns false if pkt.Data is too small, i.e. pkt.Data.Size() < // MinimumPacketSize() Parse(pkt *PacketBuffer) (ok bool) }
TransportProtocol is the interface that needs to be implemented by transport protocols (e.g., tcp, udp) that want to be part of the networking stack.
type TransportProtocolFactory ¶
type TransportProtocolFactory func(*Stack) TransportProtocol
TransportProtocolFactory instantiates a transport protocol.
TransportProtocolFactory must not attempt to modify the stack, it may only query the stack.
type UnicastSourceAndMulticastDestination ¶
type UnicastSourceAndMulticastDestination struct { // Source represents a unicast source address. Source tcpip.Address // Destination represents a multicast destination address. Destination tcpip.Address }
UnicastSourceAndMulticastDestination is a tuple that represents a unicast source address and a multicast destination address.
+stateify savable
type UnknownDestinationPacketDisposition ¶
type UnknownDestinationPacketDisposition int
UnknownDestinationPacketDisposition enumerates the possible return values from HandleUnknownDestinationPacket().
const ( // UnknownDestinationPacketMalformed denotes that the packet was malformed // and no further processing should be attempted other than updating // statistics. UnknownDestinationPacketMalformed UnknownDestinationPacketDisposition = iota // UnknownDestinationPacketUnhandled tells the caller that the packet was // well formed but that the issue was not handled and the stack should take // the default action. UnknownDestinationPacketUnhandled // UnknownDestinationPacketHandled tells the caller that it should do // no further processing. UnknownDestinationPacketHandled )
type UserChainTarget ¶
type UserChainTarget struct { // Name is the chain name. Name string // NetworkProtocol is the network protocol the target is used with. NetworkProtocol tcpip.NetworkProtocolNumber }
UserChainTarget marks a rule as the beginning of a user chain.
+stateify savable
func (*UserChainTarget) Action ¶
func (*UserChainTarget) Action(*PacketBuffer, Hook, *Route, AddressableEndpoint) (RuleVerdict, int)
Action implements Target.Action.
Source Files ¶
- addressable_endpoint_state.go
- bridge.go
- conntrack.go
- headertype_string.go
- hook_string.go
- icmp_rate_limit.go
- iptables.go
- iptables_targets.go
- iptables_types.go
- neighbor_cache.go
- neighbor_entry.go
- neighborstate_string.go
- nic.go
- nic_stats.go
- nud.go
- packet_buffer.go
- packet_buffer_list.go
- packet_buffer_unsafe.go
- pending_packets.go
- rand.go
- registration.go
- route.go
- save_restore.go
- stack.go
- stack_options.go
- transport_demuxer.go