Documentation
¶
Index ¶
- Constants
- type IPSet
- func (m *IPSet) AddIP(ip netip.Addr, ipProto uint8, comment string, replace bool) error
- func (m *IPSet) ClearEntriesWithComment(comment string) error
- func (m *IPSet) ClearEntriesWithIP(ip netip.Addr) error
- func (m *IPSet) DeleteIP(ip netip.Addr, ipProto uint8) error
- func (m *IPSet) DestroySet() error
- func (m *IPSet) Flush() error
- func (m *IPSet) ListEntriesByIP() ([]netip.Addr, error)
- type MockedIpsetDeps
- type NetlinkIpsetDeps
Constants ¶
View Source
const ( V4Name = "%s-v4" V6Name = "%s-v6" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IPSet ¶
type IPSet struct {
V4Name string
V6Name string
Prefix string
Deps NetlinkIpsetDeps
}
func NewIPSet ¶
func NewIPSet(name string, v6 bool, deps NetlinkIpsetDeps) (IPSet, error)
TODO this should actually create v6 and v6 subsets of type `hash:ip`, add them both to a superset of type `list:set` - we can then query the superset directly in iptables (with the same rule), and iptables will be smart enough to pick the correct underlying set (v4 or v6, based on context), reducing the # of rules we need.
BUT netlink lib doesn't support adding things to `list:set` types yet, and current tagged release doesn't support creating `list:set` types yet (is in main branch tho). So this will actually create 2 underlying ipsets, one for v4 and one for v6
func (*IPSet) ClearEntriesWithComment ¶
func (*IPSet) DestroySet ¶
type MockedIpsetDeps ¶
func FakeNLDeps ¶
func FakeNLDeps() *MockedIpsetDeps
type NetlinkIpsetDeps ¶
type NetlinkIpsetDeps interface {
// contains filtered or unexported methods
}
func RealNlDeps ¶
func RealNlDeps() NetlinkIpsetDeps
Source Files
Click to show internal directories.
Click to hide internal directories.