github.com/vishvananda/netlink@v1.3.0/filter.go (about)

     1  package netlink
     2  
     3  import (
     4  	"fmt"
     5  	"net"
     6  )
     7  
     8  type Filter interface {
     9  	Attrs() *FilterAttrs
    10  	Type() string
    11  }
    12  
    13  // FilterAttrs represents a netlink filter. A filter is associated with a link,
    14  // has a handle and a parent. The root filter of a device should have a
    15  // parent == HANDLE_ROOT.
    16  type FilterAttrs struct {
    17  	LinkIndex int
    18  	Handle    uint32
    19  	Parent    uint32
    20  	Priority  uint16 // lower is higher priority
    21  	Protocol  uint16 // unix.ETH_P_*
    22  	Chain     *uint32
    23  }
    24  
    25  func (q FilterAttrs) String() string {
    26  	return fmt.Sprintf("{LinkIndex: %d, Handle: %s, Parent: %s, Priority: %d, Protocol: %d}", q.LinkIndex, HandleStr(q.Handle), HandleStr(q.Parent), q.Priority, q.Protocol)
    27  }
    28  
    29  type TcAct int32
    30  
    31  const (
    32  	TC_ACT_EXT_SHIFT    = 28
    33  	TC_ACT_EXT_VAL_MASK = (1 << TC_ACT_EXT_SHIFT) - 1
    34  )
    35  
    36  const (
    37  	TC_ACT_UNSPEC     TcAct = -1
    38  	TC_ACT_OK         TcAct = 0
    39  	TC_ACT_RECLASSIFY TcAct = 1
    40  	TC_ACT_SHOT       TcAct = 2
    41  	TC_ACT_PIPE       TcAct = 3
    42  	TC_ACT_STOLEN     TcAct = 4
    43  	TC_ACT_QUEUED     TcAct = 5
    44  	TC_ACT_REPEAT     TcAct = 6
    45  	TC_ACT_REDIRECT   TcAct = 7
    46  	TC_ACT_JUMP       TcAct = 0x10000000
    47  )
    48  
    49  func getTcActExt(local int32) int32 {
    50  	return local << TC_ACT_EXT_SHIFT
    51  }
    52  
    53  func getTcActGotoChain() TcAct {
    54  	return TcAct(getTcActExt(2))
    55  }
    56  
    57  func getTcActExtOpcode(combined int32) int32 {
    58  	return combined & (^TC_ACT_EXT_VAL_MASK)
    59  }
    60  
    61  func TcActExtCmp(combined int32, opcode int32) bool {
    62  	return getTcActExtOpcode(combined) == opcode
    63  }
    64  
    65  func (a TcAct) String() string {
    66  	switch a {
    67  	case TC_ACT_UNSPEC:
    68  		return "unspec"
    69  	case TC_ACT_OK:
    70  		return "ok"
    71  	case TC_ACT_RECLASSIFY:
    72  		return "reclassify"
    73  	case TC_ACT_SHOT:
    74  		return "shot"
    75  	case TC_ACT_PIPE:
    76  		return "pipe"
    77  	case TC_ACT_STOLEN:
    78  		return "stolen"
    79  	case TC_ACT_QUEUED:
    80  		return "queued"
    81  	case TC_ACT_REPEAT:
    82  		return "repeat"
    83  	case TC_ACT_REDIRECT:
    84  		return "redirect"
    85  	case TC_ACT_JUMP:
    86  		return "jump"
    87  	}
    88  	if TcActExtCmp(int32(a), int32(getTcActGotoChain())) {
    89  		return "goto"
    90  	}
    91  	return fmt.Sprintf("0x%x", int32(a))
    92  }
    93  
    94  type TcPolAct int32
    95  
    96  const (
    97  	TC_POLICE_UNSPEC     TcPolAct = TcPolAct(TC_ACT_UNSPEC)
    98  	TC_POLICE_OK         TcPolAct = TcPolAct(TC_ACT_OK)
    99  	TC_POLICE_RECLASSIFY TcPolAct = TcPolAct(TC_ACT_RECLASSIFY)
   100  	TC_POLICE_SHOT       TcPolAct = TcPolAct(TC_ACT_SHOT)
   101  	TC_POLICE_PIPE       TcPolAct = TcPolAct(TC_ACT_PIPE)
   102  )
   103  
   104  func (a TcPolAct) String() string {
   105  	switch a {
   106  	case TC_POLICE_UNSPEC:
   107  		return "unspec"
   108  	case TC_POLICE_OK:
   109  		return "ok"
   110  	case TC_POLICE_RECLASSIFY:
   111  		return "reclassify"
   112  	case TC_POLICE_SHOT:
   113  		return "shot"
   114  	case TC_POLICE_PIPE:
   115  		return "pipe"
   116  	}
   117  	return fmt.Sprintf("0x%x", int32(a))
   118  }
   119  
   120  type ActionAttrs struct {
   121  	Index      int
   122  	Capab      int
   123  	Action     TcAct
   124  	Refcnt     int
   125  	Bindcnt    int
   126  	Statistics *ActionStatistic
   127  	Timestamp  *ActionTimestamp
   128  }
   129  
   130  func (q ActionAttrs) String() string {
   131  	return fmt.Sprintf("{Index: %d, Capab: %x, Action: %s, Refcnt: %d, Bindcnt: %d}", q.Index, q.Capab, q.Action.String(), q.Refcnt, q.Bindcnt)
   132  }
   133  
   134  type ActionTimestamp struct {
   135  	Installed uint64
   136  	LastUsed  uint64
   137  	Expires   uint64
   138  	FirstUsed uint64
   139  }
   140  
   141  func (t ActionTimestamp) String() string {
   142  	return fmt.Sprintf("Installed %d LastUsed %d Expires %d FirstUsed %d", t.Installed, t.LastUsed, t.Expires, t.FirstUsed)
   143  }
   144  
   145  type ActionStatistic ClassStatistics
   146  
   147  // Action represents an action in any supported filter.
   148  type Action interface {
   149  	Attrs() *ActionAttrs
   150  	Type() string
   151  }
   152  
   153  type GenericAction struct {
   154  	ActionAttrs
   155  	Chain int32
   156  }
   157  
   158  func (action *GenericAction) Type() string {
   159  	return "generic"
   160  }
   161  
   162  func (action *GenericAction) Attrs() *ActionAttrs {
   163  	return &action.ActionAttrs
   164  }
   165  
   166  type BpfAction struct {
   167  	ActionAttrs
   168  	Fd   int
   169  	Name string
   170  }
   171  
   172  func (action *BpfAction) Type() string {
   173  	return "bpf"
   174  }
   175  
   176  func (action *BpfAction) Attrs() *ActionAttrs {
   177  	return &action.ActionAttrs
   178  }
   179  
   180  type ConnmarkAction struct {
   181  	ActionAttrs
   182  	Zone uint16
   183  }
   184  
   185  func (action *ConnmarkAction) Type() string {
   186  	return "connmark"
   187  }
   188  
   189  func (action *ConnmarkAction) Attrs() *ActionAttrs {
   190  	return &action.ActionAttrs
   191  }
   192  
   193  func NewConnmarkAction() *ConnmarkAction {
   194  	return &ConnmarkAction{
   195  		ActionAttrs: ActionAttrs{
   196  			Action: TC_ACT_PIPE,
   197  		},
   198  	}
   199  }
   200  
   201  type CsumUpdateFlags uint32
   202  
   203  const (
   204  	TCA_CSUM_UPDATE_FLAG_IPV4HDR CsumUpdateFlags = 1
   205  	TCA_CSUM_UPDATE_FLAG_ICMP    CsumUpdateFlags = 2
   206  	TCA_CSUM_UPDATE_FLAG_IGMP    CsumUpdateFlags = 4
   207  	TCA_CSUM_UPDATE_FLAG_TCP     CsumUpdateFlags = 8
   208  	TCA_CSUM_UPDATE_FLAG_UDP     CsumUpdateFlags = 16
   209  	TCA_CSUM_UPDATE_FLAG_UDPLITE CsumUpdateFlags = 32
   210  	TCA_CSUM_UPDATE_FLAG_SCTP    CsumUpdateFlags = 64
   211  )
   212  
   213  type CsumAction struct {
   214  	ActionAttrs
   215  	UpdateFlags CsumUpdateFlags
   216  }
   217  
   218  func (action *CsumAction) Type() string {
   219  	return "csum"
   220  }
   221  
   222  func (action *CsumAction) Attrs() *ActionAttrs {
   223  	return &action.ActionAttrs
   224  }
   225  
   226  func NewCsumAction() *CsumAction {
   227  	return &CsumAction{
   228  		ActionAttrs: ActionAttrs{
   229  			Action: TC_ACT_PIPE,
   230  		},
   231  	}
   232  }
   233  
   234  type MirredAct uint8
   235  
   236  func (a MirredAct) String() string {
   237  	switch a {
   238  	case TCA_EGRESS_REDIR:
   239  		return "egress redir"
   240  	case TCA_EGRESS_MIRROR:
   241  		return "egress mirror"
   242  	case TCA_INGRESS_REDIR:
   243  		return "ingress redir"
   244  	case TCA_INGRESS_MIRROR:
   245  		return "ingress mirror"
   246  	}
   247  	return "unknown"
   248  }
   249  
   250  const (
   251  	TCA_EGRESS_REDIR   MirredAct = 1 /* packet redirect to EGRESS*/
   252  	TCA_EGRESS_MIRROR  MirredAct = 2 /* mirror packet to EGRESS */
   253  	TCA_INGRESS_REDIR  MirredAct = 3 /* packet redirect to INGRESS*/
   254  	TCA_INGRESS_MIRROR MirredAct = 4 /* mirror packet to INGRESS */
   255  )
   256  
   257  type MirredAction struct {
   258  	ActionAttrs
   259  	MirredAction MirredAct
   260  	Ifindex      int
   261  }
   262  
   263  func (action *MirredAction) Type() string {
   264  	return "mirred"
   265  }
   266  
   267  func (action *MirredAction) Attrs() *ActionAttrs {
   268  	return &action.ActionAttrs
   269  }
   270  
   271  func NewMirredAction(redirIndex int) *MirredAction {
   272  	return &MirredAction{
   273  		ActionAttrs: ActionAttrs{
   274  			Action: TC_ACT_STOLEN,
   275  		},
   276  		MirredAction: TCA_EGRESS_REDIR,
   277  		Ifindex:      redirIndex,
   278  	}
   279  }
   280  
   281  type TunnelKeyAct int8
   282  
   283  const (
   284  	TCA_TUNNEL_KEY_SET   TunnelKeyAct = 1 // set tunnel key
   285  	TCA_TUNNEL_KEY_UNSET TunnelKeyAct = 2 // unset tunnel key
   286  )
   287  
   288  type TunnelKeyAction struct {
   289  	ActionAttrs
   290  	Action   TunnelKeyAct
   291  	SrcAddr  net.IP
   292  	DstAddr  net.IP
   293  	KeyID    uint32
   294  	DestPort uint16
   295  }
   296  
   297  func (action *TunnelKeyAction) Type() string {
   298  	return "tunnel_key"
   299  }
   300  
   301  func (action *TunnelKeyAction) Attrs() *ActionAttrs {
   302  	return &action.ActionAttrs
   303  }
   304  
   305  func NewTunnelKeyAction() *TunnelKeyAction {
   306  	return &TunnelKeyAction{
   307  		ActionAttrs: ActionAttrs{
   308  			Action: TC_ACT_PIPE,
   309  		},
   310  	}
   311  }
   312  
   313  type SkbEditAction struct {
   314  	ActionAttrs
   315  	QueueMapping *uint16
   316  	PType        *uint16
   317  	Priority     *uint32
   318  	Mark         *uint32
   319  	Mask         *uint32
   320  }
   321  
   322  func (action *SkbEditAction) Type() string {
   323  	return "skbedit"
   324  }
   325  
   326  func (action *SkbEditAction) Attrs() *ActionAttrs {
   327  	return &action.ActionAttrs
   328  }
   329  
   330  func NewSkbEditAction() *SkbEditAction {
   331  	return &SkbEditAction{
   332  		ActionAttrs: ActionAttrs{
   333  			Action: TC_ACT_PIPE,
   334  		},
   335  	}
   336  }
   337  
   338  type PoliceAction struct {
   339  	ActionAttrs
   340  	Rate            uint32 // in byte per second
   341  	Burst           uint32 // in byte
   342  	RCellLog        int
   343  	Mtu             uint32
   344  	Mpu             uint16 // in byte
   345  	PeakRate        uint32 // in byte per second
   346  	PCellLog        int
   347  	AvRate          uint32 // in byte per second
   348  	Overhead        uint16
   349  	LinkLayer       int
   350  	ExceedAction    TcPolAct
   351  	NotExceedAction TcPolAct
   352  }
   353  
   354  func (action *PoliceAction) Type() string {
   355  	return "police"
   356  }
   357  
   358  func (action *PoliceAction) Attrs() *ActionAttrs {
   359  	return &action.ActionAttrs
   360  }
   361  
   362  func NewPoliceAction() *PoliceAction {
   363  	return &PoliceAction{
   364  		RCellLog:        -1,
   365  		PCellLog:        -1,
   366  		LinkLayer:       1, // ETHERNET
   367  		ExceedAction:    TC_POLICE_RECLASSIFY,
   368  		NotExceedAction: TC_POLICE_OK,
   369  	}
   370  }
   371  
   372  // MatchAll filters match all packets
   373  type MatchAll struct {
   374  	FilterAttrs
   375  	ClassId uint32
   376  	Actions []Action
   377  }
   378  
   379  func (filter *MatchAll) Attrs() *FilterAttrs {
   380  	return &filter.FilterAttrs
   381  }
   382  
   383  func (filter *MatchAll) Type() string {
   384  	return "matchall"
   385  }
   386  
   387  type FwFilter struct {
   388  	FilterAttrs
   389  	ClassId uint32
   390  	InDev   string
   391  	Mask    uint32
   392  	Police  *PoliceAction
   393  	Actions []Action
   394  }
   395  
   396  func (filter *FwFilter) Attrs() *FilterAttrs {
   397  	return &filter.FilterAttrs
   398  }
   399  
   400  func (filter *FwFilter) Type() string {
   401  	return "fw"
   402  }
   403  
   404  type BpfFilter struct {
   405  	FilterAttrs
   406  	ClassId      uint32
   407  	Fd           int
   408  	Name         string
   409  	DirectAction bool
   410  	Id           int
   411  	Tag          string
   412  }
   413  
   414  func (filter *BpfFilter) Type() string {
   415  	return "bpf"
   416  }
   417  
   418  func (filter *BpfFilter) Attrs() *FilterAttrs {
   419  	return &filter.FilterAttrs
   420  }
   421  
   422  // GenericFilter filters represent types that are not currently understood
   423  // by this netlink library.
   424  type GenericFilter struct {
   425  	FilterAttrs
   426  	FilterType string
   427  }
   428  
   429  func (filter *GenericFilter) Attrs() *FilterAttrs {
   430  	return &filter.FilterAttrs
   431  }
   432  
   433  func (filter *GenericFilter) Type() string {
   434  	return filter.FilterType
   435  }
   436  
   437  type PeditAction struct {
   438  	ActionAttrs
   439  	Proto      uint8
   440  	SrcMacAddr net.HardwareAddr
   441  	DstMacAddr net.HardwareAddr
   442  	SrcIP      net.IP
   443  	DstIP      net.IP
   444  	SrcPort    uint16
   445  	DstPort    uint16
   446  }
   447  
   448  func (p *PeditAction) Attrs() *ActionAttrs {
   449  	return &p.ActionAttrs
   450  }
   451  
   452  func (p *PeditAction) Type() string {
   453  	return "pedit"
   454  }
   455  
   456  func NewPeditAction() *PeditAction {
   457  	return &PeditAction{
   458  		ActionAttrs: ActionAttrs{
   459  			Action: TC_ACT_PIPE,
   460  		},
   461  	}
   462  }