github.com/sagernet/netlink@v0.0.0-20240612041022-b9a21c07ac6a/nl/ipset_linux.go

github.com/sagernet/netlink@v0.0.0-20240612041022-b9a21c07ac6a/nl/ipset_linux.go (about)

     1  package nl
     2  
     3  import (
     4  	"strconv"
     5  
     6  	"golang.org/x/sys/unix"
     7  )
     8  
     9  const (
    10  	/* The protocol version */
    11  	IPSET_PROTOCOL = 6
    12  
    13  	/* The max length of strings including NUL: set and type identifiers */
    14  	IPSET_MAXNAMELEN = 32
    15  
    16  	/* The maximum permissible comment length we will accept over netlink */
    17  	IPSET_MAX_COMMENT_SIZE = 255
    18  )
    19  
    20  const (
    21  	_                  = iota
    22  	IPSET_CMD_PROTOCOL /* 1: Return protocol version */
    23  	IPSET_CMD_CREATE   /* 2: Create a new (empty) set */
    24  	IPSET_CMD_DESTROY  /* 3: Destroy a (empty) set */
    25  	IPSET_CMD_FLUSH    /* 4: Remove all elements from a set */
    26  	IPSET_CMD_RENAME   /* 5: Rename a set */
    27  	IPSET_CMD_SWAP     /* 6: Swap two sets */
    28  	IPSET_CMD_LIST     /* 7: List sets */
    29  	IPSET_CMD_SAVE     /* 8: Save sets */
    30  	IPSET_CMD_ADD      /* 9: Add an element to a set */
    31  	IPSET_CMD_DEL      /* 10: Delete an element from a set */
    32  	IPSET_CMD_TEST     /* 11: Test an element in a set */
    33  	IPSET_CMD_HEADER   /* 12: Get set header data only */
    34  	IPSET_CMD_TYPE     /* 13: Get set type */
    35  )
    36  
    37  /* Attributes at command level */
    38  const (
    39  	_                       = iota
    40  	IPSET_ATTR_PROTOCOL     /* 1: Protocol version */
    41  	IPSET_ATTR_SETNAME      /* 2: Name of the set */
    42  	IPSET_ATTR_TYPENAME     /* 3: Typename */
    43  	IPSET_ATTR_REVISION     /* 4: Settype revision */
    44  	IPSET_ATTR_FAMILY       /* 5: Settype family */
    45  	IPSET_ATTR_FLAGS        /* 6: Flags at command level */
    46  	IPSET_ATTR_DATA         /* 7: Nested attributes */
    47  	IPSET_ATTR_ADT          /* 8: Multiple data containers */
    48  	IPSET_ATTR_LINENO       /* 9: Restore lineno */
    49  	IPSET_ATTR_PROTOCOL_MIN /* 10: Minimal supported version number */
    50  
    51  	IPSET_ATTR_SETNAME2     = IPSET_ATTR_TYPENAME     /* Setname at rename/swap */
    52  	IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN /* type rev min */
    53  )
    54  
    55  /* CADT specific attributes */
    56  const (
    57  	IPSET_ATTR_IP          = 1
    58  	IPSET_ATTR_IP_FROM     = 1
    59  	IPSET_ATTR_IP_TO       = 2
    60  	IPSET_ATTR_CIDR        = 3
    61  	IPSET_ATTR_PORT        = 4
    62  	IPSET_ATTR_PORT_FROM   = 4
    63  	IPSET_ATTR_PORT_TO     = 5
    64  	IPSET_ATTR_TIMEOUT     = 6
    65  	IPSET_ATTR_PROTO       = 7
    66  	IPSET_ATTR_CADT_FLAGS  = 8
    67  	IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO /* 9 */
    68  	IPSET_ATTR_MARK        = 10
    69  	IPSET_ATTR_MARKMASK    = 11
    70  
    71  	/* Reserve empty slots */
    72  	IPSET_ATTR_CADT_MAX = 16
    73  
    74  	/* Create-only specific attributes */
    75  	IPSET_ATTR_GC = 3 + iota
    76  	IPSET_ATTR_HASHSIZE
    77  	IPSET_ATTR_MAXELEM
    78  	IPSET_ATTR_NETMASK
    79  	IPSET_ATTR_PROBES
    80  	IPSET_ATTR_RESIZE
    81  	IPSET_ATTR_SIZE
    82  
    83  	/* Kernel-only */
    84  	IPSET_ATTR_ELEMENTS
    85  	IPSET_ATTR_REFERENCES
    86  	IPSET_ATTR_MEMSIZE
    87  
    88  	SET_ATTR_CREATE_MAX
    89  )
    90  
    91  /* ADT specific attributes */
    92  const (
    93  	IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + iota + 1
    94  	IPSET_ATTR_NAME
    95  	IPSET_ATTR_NAMEREF
    96  	IPSET_ATTR_IP2
    97  	IPSET_ATTR_CIDR2
    98  	IPSET_ATTR_IP2_TO
    99  	IPSET_ATTR_IFACE
   100  	IPSET_ATTR_BYTES
   101  	IPSET_ATTR_PACKETS
   102  	IPSET_ATTR_COMMENT
   103  	IPSET_ATTR_SKBMARK
   104  	IPSET_ATTR_SKBPRIO
   105  	IPSET_ATTR_SKBQUEUE
   106  )
   107  
   108  /* Flags at CADT attribute level, upper half of cmdattrs */
   109  const (
   110  	IPSET_FLAG_BIT_BEFORE        = 0
   111  	IPSET_FLAG_BEFORE            = (1 << IPSET_FLAG_BIT_BEFORE)
   112  	IPSET_FLAG_BIT_PHYSDEV       = 1
   113  	IPSET_FLAG_PHYSDEV           = (1 << IPSET_FLAG_BIT_PHYSDEV)
   114  	IPSET_FLAG_BIT_NOMATCH       = 2
   115  	IPSET_FLAG_NOMATCH           = (1 << IPSET_FLAG_BIT_NOMATCH)
   116  	IPSET_FLAG_BIT_WITH_COUNTERS = 3
   117  	IPSET_FLAG_WITH_COUNTERS     = (1 << IPSET_FLAG_BIT_WITH_COUNTERS)
   118  	IPSET_FLAG_BIT_WITH_COMMENT  = 4
   119  	IPSET_FLAG_WITH_COMMENT      = (1 << IPSET_FLAG_BIT_WITH_COMMENT)
   120  	IPSET_FLAG_BIT_WITH_FORCEADD = 5
   121  	IPSET_FLAG_WITH_FORCEADD     = (1 << IPSET_FLAG_BIT_WITH_FORCEADD)
   122  	IPSET_FLAG_BIT_WITH_SKBINFO  = 6
   123  	IPSET_FLAG_WITH_SKBINFO      = (1 << IPSET_FLAG_BIT_WITH_SKBINFO)
   124  	IPSET_FLAG_CADT_MAX          = 15
   125  )
   126  
   127  const (
   128  	IPSET_ERR_PRIVATE = 4096 + iota
   129  	IPSET_ERR_PROTOCOL
   130  	IPSET_ERR_FIND_TYPE
   131  	IPSET_ERR_MAX_SETS
   132  	IPSET_ERR_BUSY
   133  	IPSET_ERR_EXIST_SETNAME2
   134  	IPSET_ERR_TYPE_MISMATCH
   135  	IPSET_ERR_EXIST
   136  	IPSET_ERR_INVALID_CIDR
   137  	IPSET_ERR_INVALID_NETMASK
   138  	IPSET_ERR_INVALID_FAMILY
   139  	IPSET_ERR_TIMEOUT
   140  	IPSET_ERR_REFERENCED
   141  	IPSET_ERR_IPADDR_IPV4
   142  	IPSET_ERR_IPADDR_IPV6
   143  	IPSET_ERR_COUNTER
   144  	IPSET_ERR_COMMENT
   145  	IPSET_ERR_INVALID_MARKMASK
   146  	IPSET_ERR_SKBINFO
   147  
   148  	/* Type specific error codes */
   149  	IPSET_ERR_TYPE_SPECIFIC = 4352
   150  )
   151  
   152  type IPSetError uintptr
   153  
   154  func (e IPSetError) Error() string {
   155  	switch int(e) {
   156  	case IPSET_ERR_PRIVATE:
   157  		return "private"
   158  	case IPSET_ERR_PROTOCOL:
   159  		return "invalid protocol"
   160  	case IPSET_ERR_FIND_TYPE:
   161  		return "invalid type"
   162  	case IPSET_ERR_MAX_SETS:
   163  		return "max sets reached"
   164  	case IPSET_ERR_BUSY:
   165  		return "busy"
   166  	case IPSET_ERR_EXIST_SETNAME2:
   167  		return "exist_setname2"
   168  	case IPSET_ERR_TYPE_MISMATCH:
   169  		return "type mismatch"
   170  	case IPSET_ERR_EXIST:
   171  		return "exist"
   172  	case IPSET_ERR_INVALID_CIDR:
   173  		return "invalid cidr"
   174  	case IPSET_ERR_INVALID_NETMASK:
   175  		return "invalid netmask"
   176  	case IPSET_ERR_INVALID_FAMILY:
   177  		return "invalid family"
   178  	case IPSET_ERR_TIMEOUT:
   179  		return "timeout"
   180  	case IPSET_ERR_REFERENCED:
   181  		return "referenced"
   182  	case IPSET_ERR_IPADDR_IPV4:
   183  		return "invalid ipv4 address"
   184  	case IPSET_ERR_IPADDR_IPV6:
   185  		return "invalid ipv6 address"
   186  	case IPSET_ERR_COUNTER:
   187  		return "invalid counter"
   188  	case IPSET_ERR_COMMENT:
   189  		return "invalid comment"
   190  	case IPSET_ERR_INVALID_MARKMASK:
   191  		return "invalid markmask"
   192  	case IPSET_ERR_SKBINFO:
   193  		return "skbinfo"
   194  	default:
   195  		return "errno " + strconv.Itoa(int(e))
   196  	}
   197  }
   198  
   199  func GetIpsetFlags(cmd int) int {
   200  	switch cmd {
   201  	case IPSET_CMD_CREATE:
   202  		return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_CREATE
   203  	case IPSET_CMD_DESTROY,
   204  		IPSET_CMD_FLUSH,
   205  		IPSET_CMD_RENAME,
   206  		IPSET_CMD_SWAP,
   207  		IPSET_CMD_TEST:
   208  		return unix.NLM_F_REQUEST | unix.NLM_F_ACK
   209  	case IPSET_CMD_LIST,
   210  		IPSET_CMD_SAVE:
   211  		return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_ROOT | unix.NLM_F_MATCH | unix.NLM_F_DUMP
   212  	case IPSET_CMD_ADD,
   213  		IPSET_CMD_DEL:
   214  		return unix.NLM_F_REQUEST | unix.NLM_F_ACK
   215  	case IPSET_CMD_HEADER,
   216  		IPSET_CMD_TYPE,
   217  		IPSET_CMD_PROTOCOL:
   218  		return unix.NLM_F_REQUEST
   219  	default:
   220  		return 0
   221  	}
   222  }