github.com/vishvananda/netlink@v1.3.0/filter.go (about) 1 package netlink 2 3 import ( 4 "fmt" 5 "net" 6 ) 7 8 type Filter interface { 9 Attrs() *FilterAttrs 10 Type() string 11 } 12 13 // FilterAttrs represents a netlink filter. A filter is associated with a link, 14 // has a handle and a parent. The root filter of a device should have a 15 // parent == HANDLE_ROOT. 16 type FilterAttrs struct { 17 LinkIndex int 18 Handle uint32 19 Parent uint32 20 Priority uint16 // lower is higher priority 21 Protocol uint16 // unix.ETH_P_* 22 Chain *uint32 23 } 24 25 func (q FilterAttrs) String() string { 26 return fmt.Sprintf("{LinkIndex: %d, Handle: %s, Parent: %s, Priority: %d, Protocol: %d}", q.LinkIndex, HandleStr(q.Handle), HandleStr(q.Parent), q.Priority, q.Protocol) 27 } 28 29 type TcAct int32 30 31 const ( 32 TC_ACT_EXT_SHIFT = 28 33 TC_ACT_EXT_VAL_MASK = (1 << TC_ACT_EXT_SHIFT) - 1 34 ) 35 36 const ( 37 TC_ACT_UNSPEC TcAct = -1 38 TC_ACT_OK TcAct = 0 39 TC_ACT_RECLASSIFY TcAct = 1 40 TC_ACT_SHOT TcAct = 2 41 TC_ACT_PIPE TcAct = 3 42 TC_ACT_STOLEN TcAct = 4 43 TC_ACT_QUEUED TcAct = 5 44 TC_ACT_REPEAT TcAct = 6 45 TC_ACT_REDIRECT TcAct = 7 46 TC_ACT_JUMP TcAct = 0x10000000 47 ) 48 49 func getTcActExt(local int32) int32 { 50 return local << TC_ACT_EXT_SHIFT 51 } 52 53 func getTcActGotoChain() TcAct { 54 return TcAct(getTcActExt(2)) 55 } 56 57 func getTcActExtOpcode(combined int32) int32 { 58 return combined & (^TC_ACT_EXT_VAL_MASK) 59 } 60 61 func TcActExtCmp(combined int32, opcode int32) bool { 62 return getTcActExtOpcode(combined) == opcode 63 } 64 65 func (a TcAct) String() string { 66 switch a { 67 case TC_ACT_UNSPEC: 68 return "unspec" 69 case TC_ACT_OK: 70 return "ok" 71 case TC_ACT_RECLASSIFY: 72 return "reclassify" 73 case TC_ACT_SHOT: 74 return "shot" 75 case TC_ACT_PIPE: 76 return "pipe" 77 case TC_ACT_STOLEN: 78 return "stolen" 79 case TC_ACT_QUEUED: 80 return "queued" 81 case TC_ACT_REPEAT: 82 return "repeat" 83 case TC_ACT_REDIRECT: 84 return "redirect" 85 case TC_ACT_JUMP: 86 return "jump" 87 } 88 if TcActExtCmp(int32(a), int32(getTcActGotoChain())) { 89 return "goto" 90 } 91 return fmt.Sprintf("0x%x", int32(a)) 92 } 93 94 type TcPolAct int32 95 96 const ( 97 TC_POLICE_UNSPEC TcPolAct = TcPolAct(TC_ACT_UNSPEC) 98 TC_POLICE_OK TcPolAct = TcPolAct(TC_ACT_OK) 99 TC_POLICE_RECLASSIFY TcPolAct = TcPolAct(TC_ACT_RECLASSIFY) 100 TC_POLICE_SHOT TcPolAct = TcPolAct(TC_ACT_SHOT) 101 TC_POLICE_PIPE TcPolAct = TcPolAct(TC_ACT_PIPE) 102 ) 103 104 func (a TcPolAct) String() string { 105 switch a { 106 case TC_POLICE_UNSPEC: 107 return "unspec" 108 case TC_POLICE_OK: 109 return "ok" 110 case TC_POLICE_RECLASSIFY: 111 return "reclassify" 112 case TC_POLICE_SHOT: 113 return "shot" 114 case TC_POLICE_PIPE: 115 return "pipe" 116 } 117 return fmt.Sprintf("0x%x", int32(a)) 118 } 119 120 type ActionAttrs struct { 121 Index int 122 Capab int 123 Action TcAct 124 Refcnt int 125 Bindcnt int 126 Statistics *ActionStatistic 127 Timestamp *ActionTimestamp 128 } 129 130 func (q ActionAttrs) String() string { 131 return fmt.Sprintf("{Index: %d, Capab: %x, Action: %s, Refcnt: %d, Bindcnt: %d}", q.Index, q.Capab, q.Action.String(), q.Refcnt, q.Bindcnt) 132 } 133 134 type ActionTimestamp struct { 135 Installed uint64 136 LastUsed uint64 137 Expires uint64 138 FirstUsed uint64 139 } 140 141 func (t ActionTimestamp) String() string { 142 return fmt.Sprintf("Installed %d LastUsed %d Expires %d FirstUsed %d", t.Installed, t.LastUsed, t.Expires, t.FirstUsed) 143 } 144 145 type ActionStatistic ClassStatistics 146 147 // Action represents an action in any supported filter. 148 type Action interface { 149 Attrs() *ActionAttrs 150 Type() string 151 } 152 153 type GenericAction struct { 154 ActionAttrs 155 Chain int32 156 } 157 158 func (action *GenericAction) Type() string { 159 return "generic" 160 } 161 162 func (action *GenericAction) Attrs() *ActionAttrs { 163 return &action.ActionAttrs 164 } 165 166 type BpfAction struct { 167 ActionAttrs 168 Fd int 169 Name string 170 } 171 172 func (action *BpfAction) Type() string { 173 return "bpf" 174 } 175 176 func (action *BpfAction) Attrs() *ActionAttrs { 177 return &action.ActionAttrs 178 } 179 180 type ConnmarkAction struct { 181 ActionAttrs 182 Zone uint16 183 } 184 185 func (action *ConnmarkAction) Type() string { 186 return "connmark" 187 } 188 189 func (action *ConnmarkAction) Attrs() *ActionAttrs { 190 return &action.ActionAttrs 191 } 192 193 func NewConnmarkAction() *ConnmarkAction { 194 return &ConnmarkAction{ 195 ActionAttrs: ActionAttrs{ 196 Action: TC_ACT_PIPE, 197 }, 198 } 199 } 200 201 type CsumUpdateFlags uint32 202 203 const ( 204 TCA_CSUM_UPDATE_FLAG_IPV4HDR CsumUpdateFlags = 1 205 TCA_CSUM_UPDATE_FLAG_ICMP CsumUpdateFlags = 2 206 TCA_CSUM_UPDATE_FLAG_IGMP CsumUpdateFlags = 4 207 TCA_CSUM_UPDATE_FLAG_TCP CsumUpdateFlags = 8 208 TCA_CSUM_UPDATE_FLAG_UDP CsumUpdateFlags = 16 209 TCA_CSUM_UPDATE_FLAG_UDPLITE CsumUpdateFlags = 32 210 TCA_CSUM_UPDATE_FLAG_SCTP CsumUpdateFlags = 64 211 ) 212 213 type CsumAction struct { 214 ActionAttrs 215 UpdateFlags CsumUpdateFlags 216 } 217 218 func (action *CsumAction) Type() string { 219 return "csum" 220 } 221 222 func (action *CsumAction) Attrs() *ActionAttrs { 223 return &action.ActionAttrs 224 } 225 226 func NewCsumAction() *CsumAction { 227 return &CsumAction{ 228 ActionAttrs: ActionAttrs{ 229 Action: TC_ACT_PIPE, 230 }, 231 } 232 } 233 234 type MirredAct uint8 235 236 func (a MirredAct) String() string { 237 switch a { 238 case TCA_EGRESS_REDIR: 239 return "egress redir" 240 case TCA_EGRESS_MIRROR: 241 return "egress mirror" 242 case TCA_INGRESS_REDIR: 243 return "ingress redir" 244 case TCA_INGRESS_MIRROR: 245 return "ingress mirror" 246 } 247 return "unknown" 248 } 249 250 const ( 251 TCA_EGRESS_REDIR MirredAct = 1 /* packet redirect to EGRESS*/ 252 TCA_EGRESS_MIRROR MirredAct = 2 /* mirror packet to EGRESS */ 253 TCA_INGRESS_REDIR MirredAct = 3 /* packet redirect to INGRESS*/ 254 TCA_INGRESS_MIRROR MirredAct = 4 /* mirror packet to INGRESS */ 255 ) 256 257 type MirredAction struct { 258 ActionAttrs 259 MirredAction MirredAct 260 Ifindex int 261 } 262 263 func (action *MirredAction) Type() string { 264 return "mirred" 265 } 266 267 func (action *MirredAction) Attrs() *ActionAttrs { 268 return &action.ActionAttrs 269 } 270 271 func NewMirredAction(redirIndex int) *MirredAction { 272 return &MirredAction{ 273 ActionAttrs: ActionAttrs{ 274 Action: TC_ACT_STOLEN, 275 }, 276 MirredAction: TCA_EGRESS_REDIR, 277 Ifindex: redirIndex, 278 } 279 } 280 281 type TunnelKeyAct int8 282 283 const ( 284 TCA_TUNNEL_KEY_SET TunnelKeyAct = 1 // set tunnel key 285 TCA_TUNNEL_KEY_UNSET TunnelKeyAct = 2 // unset tunnel key 286 ) 287 288 type TunnelKeyAction struct { 289 ActionAttrs 290 Action TunnelKeyAct 291 SrcAddr net.IP 292 DstAddr net.IP 293 KeyID uint32 294 DestPort uint16 295 } 296 297 func (action *TunnelKeyAction) Type() string { 298 return "tunnel_key" 299 } 300 301 func (action *TunnelKeyAction) Attrs() *ActionAttrs { 302 return &action.ActionAttrs 303 } 304 305 func NewTunnelKeyAction() *TunnelKeyAction { 306 return &TunnelKeyAction{ 307 ActionAttrs: ActionAttrs{ 308 Action: TC_ACT_PIPE, 309 }, 310 } 311 } 312 313 type SkbEditAction struct { 314 ActionAttrs 315 QueueMapping *uint16 316 PType *uint16 317 Priority *uint32 318 Mark *uint32 319 Mask *uint32 320 } 321 322 func (action *SkbEditAction) Type() string { 323 return "skbedit" 324 } 325 326 func (action *SkbEditAction) Attrs() *ActionAttrs { 327 return &action.ActionAttrs 328 } 329 330 func NewSkbEditAction() *SkbEditAction { 331 return &SkbEditAction{ 332 ActionAttrs: ActionAttrs{ 333 Action: TC_ACT_PIPE, 334 }, 335 } 336 } 337 338 type PoliceAction struct { 339 ActionAttrs 340 Rate uint32 // in byte per second 341 Burst uint32 // in byte 342 RCellLog int 343 Mtu uint32 344 Mpu uint16 // in byte 345 PeakRate uint32 // in byte per second 346 PCellLog int 347 AvRate uint32 // in byte per second 348 Overhead uint16 349 LinkLayer int 350 ExceedAction TcPolAct 351 NotExceedAction TcPolAct 352 } 353 354 func (action *PoliceAction) Type() string { 355 return "police" 356 } 357 358 func (action *PoliceAction) Attrs() *ActionAttrs { 359 return &action.ActionAttrs 360 } 361 362 func NewPoliceAction() *PoliceAction { 363 return &PoliceAction{ 364 RCellLog: -1, 365 PCellLog: -1, 366 LinkLayer: 1, // ETHERNET 367 ExceedAction: TC_POLICE_RECLASSIFY, 368 NotExceedAction: TC_POLICE_OK, 369 } 370 } 371 372 // MatchAll filters match all packets 373 type MatchAll struct { 374 FilterAttrs 375 ClassId uint32 376 Actions []Action 377 } 378 379 func (filter *MatchAll) Attrs() *FilterAttrs { 380 return &filter.FilterAttrs 381 } 382 383 func (filter *MatchAll) Type() string { 384 return "matchall" 385 } 386 387 type FwFilter struct { 388 FilterAttrs 389 ClassId uint32 390 InDev string 391 Mask uint32 392 Police *PoliceAction 393 Actions []Action 394 } 395 396 func (filter *FwFilter) Attrs() *FilterAttrs { 397 return &filter.FilterAttrs 398 } 399 400 func (filter *FwFilter) Type() string { 401 return "fw" 402 } 403 404 type BpfFilter struct { 405 FilterAttrs 406 ClassId uint32 407 Fd int 408 Name string 409 DirectAction bool 410 Id int 411 Tag string 412 } 413 414 func (filter *BpfFilter) Type() string { 415 return "bpf" 416 } 417 418 func (filter *BpfFilter) Attrs() *FilterAttrs { 419 return &filter.FilterAttrs 420 } 421 422 // GenericFilter filters represent types that are not currently understood 423 // by this netlink library. 424 type GenericFilter struct { 425 FilterAttrs 426 FilterType string 427 } 428 429 func (filter *GenericFilter) Attrs() *FilterAttrs { 430 return &filter.FilterAttrs 431 } 432 433 func (filter *GenericFilter) Type() string { 434 return filter.FilterType 435 } 436 437 type PeditAction struct { 438 ActionAttrs 439 Proto uint8 440 SrcMacAddr net.HardwareAddr 441 DstMacAddr net.HardwareAddr 442 SrcIP net.IP 443 DstIP net.IP 444 SrcPort uint16 445 DstPort uint16 446 } 447 448 func (p *PeditAction) Attrs() *ActionAttrs { 449 return &p.ActionAttrs 450 } 451 452 func (p *PeditAction) Type() string { 453 return "pedit" 454 } 455 456 func NewPeditAction() *PeditAction { 457 return &PeditAction{ 458 ActionAttrs: ActionAttrs{ 459 Action: TC_ACT_PIPE, 460 }, 461 } 462 }