github.com/sagernet/netlink@v0.0.0-20240612041022-b9a21c07ac6a/filter.go (about) 1 package netlink 2 3 import ( 4 "fmt" 5 "net" 6 ) 7 8 type Filter interface { 9 Attrs() *FilterAttrs 10 Type() string 11 } 12 13 // FilterAttrs represents a netlink filter. A filter is associated with a link, 14 // has a handle and a parent. The root filter of a device should have a 15 // parent == HANDLE_ROOT. 16 type FilterAttrs struct { 17 LinkIndex int 18 Handle uint32 19 Parent uint32 20 Priority uint16 // lower is higher priority 21 Protocol uint16 // unix.ETH_P_* 22 } 23 24 func (q FilterAttrs) String() string { 25 return fmt.Sprintf("{LinkIndex: %d, Handle: %s, Parent: %s, Priority: %d, Protocol: %d}", q.LinkIndex, HandleStr(q.Handle), HandleStr(q.Parent), q.Priority, q.Protocol) 26 } 27 28 type TcAct int32 29 30 const ( 31 TC_ACT_UNSPEC TcAct = -1 32 TC_ACT_OK TcAct = 0 33 TC_ACT_RECLASSIFY TcAct = 1 34 TC_ACT_SHOT TcAct = 2 35 TC_ACT_PIPE TcAct = 3 36 TC_ACT_STOLEN TcAct = 4 37 TC_ACT_QUEUED TcAct = 5 38 TC_ACT_REPEAT TcAct = 6 39 TC_ACT_REDIRECT TcAct = 7 40 TC_ACT_JUMP TcAct = 0x10000000 41 ) 42 43 func (a TcAct) String() string { 44 switch a { 45 case TC_ACT_UNSPEC: 46 return "unspec" 47 case TC_ACT_OK: 48 return "ok" 49 case TC_ACT_RECLASSIFY: 50 return "reclassify" 51 case TC_ACT_SHOT: 52 return "shot" 53 case TC_ACT_PIPE: 54 return "pipe" 55 case TC_ACT_STOLEN: 56 return "stolen" 57 case TC_ACT_QUEUED: 58 return "queued" 59 case TC_ACT_REPEAT: 60 return "repeat" 61 case TC_ACT_REDIRECT: 62 return "redirect" 63 case TC_ACT_JUMP: 64 return "jump" 65 } 66 return fmt.Sprintf("0x%x", int32(a)) 67 } 68 69 type TcPolAct int32 70 71 const ( 72 TC_POLICE_UNSPEC TcPolAct = TcPolAct(TC_ACT_UNSPEC) 73 TC_POLICE_OK TcPolAct = TcPolAct(TC_ACT_OK) 74 TC_POLICE_RECLASSIFY TcPolAct = TcPolAct(TC_ACT_RECLASSIFY) 75 TC_POLICE_SHOT TcPolAct = TcPolAct(TC_ACT_SHOT) 76 TC_POLICE_PIPE TcPolAct = TcPolAct(TC_ACT_PIPE) 77 ) 78 79 func (a TcPolAct) String() string { 80 switch a { 81 case TC_POLICE_UNSPEC: 82 return "unspec" 83 case TC_POLICE_OK: 84 return "ok" 85 case TC_POLICE_RECLASSIFY: 86 return "reclassify" 87 case TC_POLICE_SHOT: 88 return "shot" 89 case TC_POLICE_PIPE: 90 return "pipe" 91 } 92 return fmt.Sprintf("0x%x", int32(a)) 93 } 94 95 type ActionAttrs struct { 96 Index int 97 Capab int 98 Action TcAct 99 Refcnt int 100 Bindcnt int 101 } 102 103 func (q ActionAttrs) String() string { 104 return fmt.Sprintf("{Index: %d, Capab: %x, Action: %s, Refcnt: %d, Bindcnt: %d}", q.Index, q.Capab, q.Action.String(), q.Refcnt, q.Bindcnt) 105 } 106 107 // Action represents an action in any supported filter. 108 type Action interface { 109 Attrs() *ActionAttrs 110 Type() string 111 } 112 113 type GenericAction struct { 114 ActionAttrs 115 } 116 117 func (action *GenericAction) Type() string { 118 return "generic" 119 } 120 121 func (action *GenericAction) Attrs() *ActionAttrs { 122 return &action.ActionAttrs 123 } 124 125 type BpfAction struct { 126 ActionAttrs 127 Fd int 128 Name string 129 } 130 131 func (action *BpfAction) Type() string { 132 return "bpf" 133 } 134 135 func (action *BpfAction) Attrs() *ActionAttrs { 136 return &action.ActionAttrs 137 } 138 139 type ConnmarkAction struct { 140 ActionAttrs 141 Zone uint16 142 } 143 144 func (action *ConnmarkAction) Type() string { 145 return "connmark" 146 } 147 148 func (action *ConnmarkAction) Attrs() *ActionAttrs { 149 return &action.ActionAttrs 150 } 151 152 func NewConnmarkAction() *ConnmarkAction { 153 return &ConnmarkAction{ 154 ActionAttrs: ActionAttrs{ 155 Action: TC_ACT_PIPE, 156 }, 157 } 158 } 159 160 type CsumUpdateFlags uint32 161 162 const ( 163 TCA_CSUM_UPDATE_FLAG_IPV4HDR CsumUpdateFlags = 1 164 TCA_CSUM_UPDATE_FLAG_ICMP CsumUpdateFlags = 2 165 TCA_CSUM_UPDATE_FLAG_IGMP CsumUpdateFlags = 4 166 TCA_CSUM_UPDATE_FLAG_TCP CsumUpdateFlags = 8 167 TCA_CSUM_UPDATE_FLAG_UDP CsumUpdateFlags = 16 168 TCA_CSUM_UPDATE_FLAG_UDPLITE CsumUpdateFlags = 32 169 TCA_CSUM_UPDATE_FLAG_SCTP CsumUpdateFlags = 64 170 ) 171 172 type CsumAction struct { 173 ActionAttrs 174 UpdateFlags CsumUpdateFlags 175 } 176 177 func (action *CsumAction) Type() string { 178 return "csum" 179 } 180 181 func (action *CsumAction) Attrs() *ActionAttrs { 182 return &action.ActionAttrs 183 } 184 185 func NewCsumAction() *CsumAction { 186 return &CsumAction{ 187 ActionAttrs: ActionAttrs{ 188 Action: TC_ACT_PIPE, 189 }, 190 } 191 } 192 193 type MirredAct uint8 194 195 func (a MirredAct) String() string { 196 switch a { 197 case TCA_EGRESS_REDIR: 198 return "egress redir" 199 case TCA_EGRESS_MIRROR: 200 return "egress mirror" 201 case TCA_INGRESS_REDIR: 202 return "ingress redir" 203 case TCA_INGRESS_MIRROR: 204 return "ingress mirror" 205 } 206 return "unknown" 207 } 208 209 const ( 210 TCA_EGRESS_REDIR MirredAct = 1 /* packet redirect to EGRESS*/ 211 TCA_EGRESS_MIRROR MirredAct = 2 /* mirror packet to EGRESS */ 212 TCA_INGRESS_REDIR MirredAct = 3 /* packet redirect to INGRESS*/ 213 TCA_INGRESS_MIRROR MirredAct = 4 /* mirror packet to INGRESS */ 214 ) 215 216 type MirredAction struct { 217 ActionAttrs 218 MirredAction MirredAct 219 Ifindex int 220 } 221 222 func (action *MirredAction) Type() string { 223 return "mirred" 224 } 225 226 func (action *MirredAction) Attrs() *ActionAttrs { 227 return &action.ActionAttrs 228 } 229 230 func NewMirredAction(redirIndex int) *MirredAction { 231 return &MirredAction{ 232 ActionAttrs: ActionAttrs{ 233 Action: TC_ACT_STOLEN, 234 }, 235 MirredAction: TCA_EGRESS_REDIR, 236 Ifindex: redirIndex, 237 } 238 } 239 240 type TunnelKeyAct int8 241 242 const ( 243 TCA_TUNNEL_KEY_SET TunnelKeyAct = 1 // set tunnel key 244 TCA_TUNNEL_KEY_UNSET TunnelKeyAct = 2 // unset tunnel key 245 ) 246 247 type TunnelKeyAction struct { 248 ActionAttrs 249 Action TunnelKeyAct 250 SrcAddr net.IP 251 DstAddr net.IP 252 KeyID uint32 253 DestPort uint16 254 } 255 256 func (action *TunnelKeyAction) Type() string { 257 return "tunnel_key" 258 } 259 260 func (action *TunnelKeyAction) Attrs() *ActionAttrs { 261 return &action.ActionAttrs 262 } 263 264 func NewTunnelKeyAction() *TunnelKeyAction { 265 return &TunnelKeyAction{ 266 ActionAttrs: ActionAttrs{ 267 Action: TC_ACT_PIPE, 268 }, 269 } 270 } 271 272 type SkbEditAction struct { 273 ActionAttrs 274 QueueMapping *uint16 275 PType *uint16 276 Priority *uint32 277 Mark *uint32 278 } 279 280 func (action *SkbEditAction) Type() string { 281 return "skbedit" 282 } 283 284 func (action *SkbEditAction) Attrs() *ActionAttrs { 285 return &action.ActionAttrs 286 } 287 288 func NewSkbEditAction() *SkbEditAction { 289 return &SkbEditAction{ 290 ActionAttrs: ActionAttrs{ 291 Action: TC_ACT_PIPE, 292 }, 293 } 294 } 295 296 type PoliceAction struct { 297 ActionAttrs 298 Rate uint32 // in byte per second 299 Burst uint32 // in byte 300 RCellLog int 301 Mtu uint32 302 Mpu uint16 // in byte 303 PeakRate uint32 // in byte per second 304 PCellLog int 305 AvRate uint32 // in byte per second 306 Overhead uint16 307 LinkLayer int 308 ExceedAction TcPolAct 309 NotExceedAction TcPolAct 310 } 311 312 func (action *PoliceAction) Type() string { 313 return "police" 314 } 315 316 func (action *PoliceAction) Attrs() *ActionAttrs { 317 return &action.ActionAttrs 318 } 319 320 func NewPoliceAction() *PoliceAction { 321 return &PoliceAction{ 322 RCellLog: -1, 323 PCellLog: -1, 324 LinkLayer: 1, // ETHERNET 325 ExceedAction: TC_POLICE_RECLASSIFY, 326 NotExceedAction: TC_POLICE_OK, 327 } 328 } 329 330 // MatchAll filters match all packets 331 type MatchAll struct { 332 FilterAttrs 333 ClassId uint32 334 Actions []Action 335 } 336 337 func (filter *MatchAll) Attrs() *FilterAttrs { 338 return &filter.FilterAttrs 339 } 340 341 func (filter *MatchAll) Type() string { 342 return "matchall" 343 } 344 345 type FwFilter struct { 346 FilterAttrs 347 ClassId uint32 348 InDev string 349 Mask uint32 350 Police *PoliceAction 351 } 352 353 func (filter *FwFilter) Attrs() *FilterAttrs { 354 return &filter.FilterAttrs 355 } 356 357 func (filter *FwFilter) Type() string { 358 return "fw" 359 } 360 361 type BpfFilter struct { 362 FilterAttrs 363 ClassId uint32 364 Fd int 365 Name string 366 DirectAction bool 367 Id int 368 Tag string 369 } 370 371 func (filter *BpfFilter) Type() string { 372 return "bpf" 373 } 374 375 func (filter *BpfFilter) Attrs() *FilterAttrs { 376 return &filter.FilterAttrs 377 } 378 379 // GenericFilter filters represent types that are not currently understood 380 // by this netlink library. 381 type GenericFilter struct { 382 FilterAttrs 383 FilterType string 384 } 385 386 func (filter *GenericFilter) Attrs() *FilterAttrs { 387 return &filter.FilterAttrs 388 } 389 390 func (filter *GenericFilter) Type() string { 391 return filter.FilterType 392 }