github.com/vishvananda/netlink@v1.3.1/filter.go (about) 1 package netlink 2 3 import ( 4 "fmt" 5 "net" 6 ) 7 8 type Filter interface { 9 Attrs() *FilterAttrs 10 Type() string 11 } 12 13 // FilterAttrs represents a netlink filter. A filter is associated with a link, 14 // has a handle and a parent. The root filter of a device should have a 15 // parent == HANDLE_ROOT. 16 type FilterAttrs struct { 17 LinkIndex int 18 Handle uint32 19 Parent uint32 20 Priority uint16 // lower is higher priority 21 Protocol uint16 // unix.ETH_P_* 22 Chain *uint32 23 } 24 25 func (q FilterAttrs) String() string { 26 return fmt.Sprintf("{LinkIndex: %d, Handle: %s, Parent: %s, Priority: %d, Protocol: %d}", q.LinkIndex, HandleStr(q.Handle), HandleStr(q.Parent), q.Priority, q.Protocol) 27 } 28 29 type TcAct int32 30 31 const ( 32 TC_ACT_EXT_SHIFT = 28 33 TC_ACT_EXT_VAL_MASK = (1 << TC_ACT_EXT_SHIFT) - 1 34 ) 35 36 const ( 37 TC_ACT_UNSPEC TcAct = -1 38 TC_ACT_OK TcAct = 0 39 TC_ACT_RECLASSIFY TcAct = 1 40 TC_ACT_SHOT TcAct = 2 41 TC_ACT_PIPE TcAct = 3 42 TC_ACT_STOLEN TcAct = 4 43 TC_ACT_QUEUED TcAct = 5 44 TC_ACT_REPEAT TcAct = 6 45 TC_ACT_REDIRECT TcAct = 7 46 TC_ACT_JUMP TcAct = 0x10000000 47 ) 48 49 func getTcActExt(local int32) int32 { 50 return local << TC_ACT_EXT_SHIFT 51 } 52 53 func getTcActGotoChain() TcAct { 54 return TcAct(getTcActExt(2)) 55 } 56 57 func getTcActExtOpcode(combined int32) int32 { 58 return combined & (^TC_ACT_EXT_VAL_MASK) 59 } 60 61 func TcActExtCmp(combined int32, opcode int32) bool { 62 return getTcActExtOpcode(combined) == opcode 63 } 64 65 func (a TcAct) String() string { 66 switch a { 67 case TC_ACT_UNSPEC: 68 return "unspec" 69 case TC_ACT_OK: 70 return "ok" 71 case TC_ACT_RECLASSIFY: 72 return "reclassify" 73 case TC_ACT_SHOT: 74 return "shot" 75 case TC_ACT_PIPE: 76 return "pipe" 77 case TC_ACT_STOLEN: 78 return "stolen" 79 case TC_ACT_QUEUED: 80 return "queued" 81 case TC_ACT_REPEAT: 82 return "repeat" 83 case TC_ACT_REDIRECT: 84 return "redirect" 85 case TC_ACT_JUMP: 86 return "jump" 87 } 88 if TcActExtCmp(int32(a), int32(getTcActGotoChain())) { 89 return "goto" 90 } 91 return fmt.Sprintf("0x%x", int32(a)) 92 } 93 94 type TcPolAct int32 95 96 const ( 97 TC_POLICE_UNSPEC TcPolAct = TcPolAct(TC_ACT_UNSPEC) 98 TC_POLICE_OK TcPolAct = TcPolAct(TC_ACT_OK) 99 TC_POLICE_RECLASSIFY TcPolAct = TcPolAct(TC_ACT_RECLASSIFY) 100 TC_POLICE_SHOT TcPolAct = TcPolAct(TC_ACT_SHOT) 101 TC_POLICE_PIPE TcPolAct = TcPolAct(TC_ACT_PIPE) 102 ) 103 104 func (a TcPolAct) String() string { 105 switch a { 106 case TC_POLICE_UNSPEC: 107 return "unspec" 108 case TC_POLICE_OK: 109 return "ok" 110 case TC_POLICE_RECLASSIFY: 111 return "reclassify" 112 case TC_POLICE_SHOT: 113 return "shot" 114 case TC_POLICE_PIPE: 115 return "pipe" 116 } 117 return fmt.Sprintf("0x%x", int32(a)) 118 } 119 120 type ActionAttrs struct { 121 Index int 122 Capab int 123 Action TcAct 124 Refcnt int 125 Bindcnt int 126 Statistics *ActionStatistic 127 Timestamp *ActionTimestamp 128 } 129 130 func (q ActionAttrs) String() string { 131 return fmt.Sprintf("{Index: %d, Capab: %x, Action: %s, Refcnt: %d, Bindcnt: %d}", q.Index, q.Capab, q.Action.String(), q.Refcnt, q.Bindcnt) 132 } 133 134 type ActionTimestamp struct { 135 Installed uint64 136 LastUsed uint64 137 Expires uint64 138 FirstUsed uint64 139 } 140 141 func (t ActionTimestamp) String() string { 142 return fmt.Sprintf("Installed %d LastUsed %d Expires %d FirstUsed %d", t.Installed, t.LastUsed, t.Expires, t.FirstUsed) 143 } 144 145 type ActionStatistic ClassStatistics 146 147 // Action represents an action in any supported filter. 148 type Action interface { 149 Attrs() *ActionAttrs 150 Type() string 151 } 152 153 type GenericAction struct { 154 ActionAttrs 155 Chain int32 156 } 157 158 func (action *GenericAction) Type() string { 159 return "generic" 160 } 161 162 func (action *GenericAction) Attrs() *ActionAttrs { 163 return &action.ActionAttrs 164 } 165 166 type BpfAction struct { 167 ActionAttrs 168 Fd int 169 Name string 170 } 171 172 func (action *BpfAction) Type() string { 173 return "bpf" 174 } 175 176 func (action *BpfAction) Attrs() *ActionAttrs { 177 return &action.ActionAttrs 178 } 179 180 type ConnmarkAction struct { 181 ActionAttrs 182 Zone uint16 183 } 184 185 func (action *ConnmarkAction) Type() string { 186 return "connmark" 187 } 188 189 func (action *ConnmarkAction) Attrs() *ActionAttrs { 190 return &action.ActionAttrs 191 } 192 193 func NewConnmarkAction() *ConnmarkAction { 194 return &ConnmarkAction{ 195 ActionAttrs: ActionAttrs{ 196 Action: TC_ACT_PIPE, 197 }, 198 } 199 } 200 201 type CsumUpdateFlags uint32 202 203 const ( 204 TCA_CSUM_UPDATE_FLAG_IPV4HDR CsumUpdateFlags = 1 205 TCA_CSUM_UPDATE_FLAG_ICMP CsumUpdateFlags = 2 206 TCA_CSUM_UPDATE_FLAG_IGMP CsumUpdateFlags = 4 207 TCA_CSUM_UPDATE_FLAG_TCP CsumUpdateFlags = 8 208 TCA_CSUM_UPDATE_FLAG_UDP CsumUpdateFlags = 16 209 TCA_CSUM_UPDATE_FLAG_UDPLITE CsumUpdateFlags = 32 210 TCA_CSUM_UPDATE_FLAG_SCTP CsumUpdateFlags = 64 211 ) 212 213 type CsumAction struct { 214 ActionAttrs 215 UpdateFlags CsumUpdateFlags 216 } 217 218 func (action *CsumAction) Type() string { 219 return "csum" 220 } 221 222 func (action *CsumAction) Attrs() *ActionAttrs { 223 return &action.ActionAttrs 224 } 225 226 func NewCsumAction() *CsumAction { 227 return &CsumAction{ 228 ActionAttrs: ActionAttrs{ 229 Action: TC_ACT_PIPE, 230 }, 231 } 232 } 233 234 type VlanAct int8 235 236 type VlanAction struct { 237 ActionAttrs 238 Action VlanAct 239 VlanID uint16 240 } 241 242 const ( 243 TCA_VLAN_ACT_POP VlanAct = 1 244 TCA_VLAN_ACT_PUSH VlanAct = 2 245 ) 246 247 func (action *VlanAction) Type() string { 248 return "vlan" 249 } 250 251 func (action *VlanAction) Attrs() *ActionAttrs { 252 return &action.ActionAttrs 253 } 254 255 func NewVlanAction() *VlanAction { 256 return &VlanAction{ 257 ActionAttrs: ActionAttrs{ 258 Action: TC_ACT_PIPE, 259 }, 260 } 261 } 262 263 type MirredAct uint8 264 265 func (a MirredAct) String() string { 266 switch a { 267 case TCA_EGRESS_REDIR: 268 return "egress redir" 269 case TCA_EGRESS_MIRROR: 270 return "egress mirror" 271 case TCA_INGRESS_REDIR: 272 return "ingress redir" 273 case TCA_INGRESS_MIRROR: 274 return "ingress mirror" 275 } 276 return "unknown" 277 } 278 279 const ( 280 TCA_EGRESS_REDIR MirredAct = 1 /* packet redirect to EGRESS*/ 281 TCA_EGRESS_MIRROR MirredAct = 2 /* mirror packet to EGRESS */ 282 TCA_INGRESS_REDIR MirredAct = 3 /* packet redirect to INGRESS*/ 283 TCA_INGRESS_MIRROR MirredAct = 4 /* mirror packet to INGRESS */ 284 ) 285 286 type MirredAction struct { 287 ActionAttrs 288 MirredAction MirredAct 289 Ifindex int 290 } 291 292 func (action *MirredAction) Type() string { 293 return "mirred" 294 } 295 296 func (action *MirredAction) Attrs() *ActionAttrs { 297 return &action.ActionAttrs 298 } 299 300 func NewMirredAction(redirIndex int) *MirredAction { 301 return &MirredAction{ 302 ActionAttrs: ActionAttrs{ 303 Action: TC_ACT_STOLEN, 304 }, 305 MirredAction: TCA_EGRESS_REDIR, 306 Ifindex: redirIndex, 307 } 308 } 309 310 type TunnelKeyAct int8 311 312 const ( 313 TCA_TUNNEL_KEY_SET TunnelKeyAct = 1 // set tunnel key 314 TCA_TUNNEL_KEY_UNSET TunnelKeyAct = 2 // unset tunnel key 315 ) 316 317 type TunnelKeyAction struct { 318 ActionAttrs 319 Action TunnelKeyAct 320 SrcAddr net.IP 321 DstAddr net.IP 322 KeyID uint32 323 DestPort uint16 324 } 325 326 func (action *TunnelKeyAction) Type() string { 327 return "tunnel_key" 328 } 329 330 func (action *TunnelKeyAction) Attrs() *ActionAttrs { 331 return &action.ActionAttrs 332 } 333 334 func NewTunnelKeyAction() *TunnelKeyAction { 335 return &TunnelKeyAction{ 336 ActionAttrs: ActionAttrs{ 337 Action: TC_ACT_PIPE, 338 }, 339 } 340 } 341 342 type SkbEditAction struct { 343 ActionAttrs 344 QueueMapping *uint16 345 PType *uint16 346 Priority *uint32 347 Mark *uint32 348 Mask *uint32 349 } 350 351 func (action *SkbEditAction) Type() string { 352 return "skbedit" 353 } 354 355 func (action *SkbEditAction) Attrs() *ActionAttrs { 356 return &action.ActionAttrs 357 } 358 359 func NewSkbEditAction() *SkbEditAction { 360 return &SkbEditAction{ 361 ActionAttrs: ActionAttrs{ 362 Action: TC_ACT_PIPE, 363 }, 364 } 365 } 366 367 type PoliceAction struct { 368 ActionAttrs 369 Rate uint32 // in byte per second 370 Burst uint32 // in byte 371 RCellLog int 372 Mtu uint32 373 Mpu uint16 // in byte 374 PeakRate uint32 // in byte per second 375 PCellLog int 376 AvRate uint32 // in byte per second 377 Overhead uint16 378 LinkLayer int 379 ExceedAction TcPolAct 380 NotExceedAction TcPolAct 381 } 382 383 func (action *PoliceAction) Type() string { 384 return "police" 385 } 386 387 func (action *PoliceAction) Attrs() *ActionAttrs { 388 return &action.ActionAttrs 389 } 390 391 func NewPoliceAction() *PoliceAction { 392 return &PoliceAction{ 393 RCellLog: -1, 394 PCellLog: -1, 395 LinkLayer: 1, // ETHERNET 396 ExceedAction: TC_POLICE_RECLASSIFY, 397 NotExceedAction: TC_POLICE_OK, 398 } 399 } 400 401 type SampleAction struct { 402 ActionAttrs 403 Group uint32 404 Rate uint32 405 TruncSize uint32 406 } 407 408 func (action *SampleAction) Type() string { 409 return "sample" 410 } 411 412 func (action *SampleAction) Attrs() *ActionAttrs { 413 return &action.ActionAttrs 414 } 415 416 func NewSampleAction() *SampleAction { 417 return &SampleAction{ 418 ActionAttrs: ActionAttrs{ 419 Action: TC_ACT_PIPE, 420 }, 421 } 422 } 423 424 // MatchAll filters match all packets 425 type MatchAll struct { 426 FilterAttrs 427 ClassId uint32 428 Actions []Action 429 } 430 431 func (filter *MatchAll) Attrs() *FilterAttrs { 432 return &filter.FilterAttrs 433 } 434 435 func (filter *MatchAll) Type() string { 436 return "matchall" 437 } 438 439 type FwFilter struct { 440 FilterAttrs 441 ClassId uint32 442 InDev string 443 Mask uint32 444 Police *PoliceAction 445 Actions []Action 446 } 447 448 func (filter *FwFilter) Attrs() *FilterAttrs { 449 return &filter.FilterAttrs 450 } 451 452 func (filter *FwFilter) Type() string { 453 return "fw" 454 } 455 456 type BpfFilter struct { 457 FilterAttrs 458 ClassId uint32 459 Fd int 460 Name string 461 DirectAction bool 462 Id int 463 Tag string 464 } 465 466 func (filter *BpfFilter) Type() string { 467 return "bpf" 468 } 469 470 func (filter *BpfFilter) Attrs() *FilterAttrs { 471 return &filter.FilterAttrs 472 } 473 474 // GenericFilter filters represent types that are not currently understood 475 // by this netlink library. 476 type GenericFilter struct { 477 FilterAttrs 478 FilterType string 479 } 480 481 func (filter *GenericFilter) Attrs() *FilterAttrs { 482 return &filter.FilterAttrs 483 } 484 485 func (filter *GenericFilter) Type() string { 486 return filter.FilterType 487 } 488 489 type PeditAction struct { 490 ActionAttrs 491 Proto uint8 492 SrcMacAddr net.HardwareAddr 493 DstMacAddr net.HardwareAddr 494 SrcIP net.IP 495 DstIP net.IP 496 SrcPort uint16 497 DstPort uint16 498 } 499 500 func (p *PeditAction) Attrs() *ActionAttrs { 501 return &p.ActionAttrs 502 } 503 504 func (p *PeditAction) Type() string { 505 return "pedit" 506 } 507 508 func NewPeditAction() *PeditAction { 509 return &PeditAction{ 510 ActionAttrs: ActionAttrs{ 511 Action: TC_ACT_PIPE, 512 }, 513 } 514 }