goipset

package module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 25, 2022 License: Apache-2.0 Imports: 8 Imported by: 0

README

goipset

A golang ipset client uses netlink to communicate with the kernel.
用golang写的一个ipset客户端,使用netlink与内核进行通信。

其中netlink通信部分是基于:netlink
ipset相关功能也参考了其中的写法。

支持类型

  1. hash:ip
  2. hash:ip,port
  3. hash:net
  4. hash:net,port

所有支持类型都可以使用ipv4和ipv6

基础环境

内核必须包含ipset的ko, 可以通过以下方式确认:

lsmod | grep ip_set

否则你需要通过以下方式安装ipset:

yum install ipset

或者

insmod <your_path>/ip_set.ko

更多ipset信息请参考官网

使用指南

作为单纯客户端使用 你可以尝试编译test目录下的main.go:

go build -o goipset main.go

你会得到一个可执行文件goipset,你可以像使用标准(c)版本的ipset 一样使用这个客户端(可能部分命令还没有支持,待完善)。比如:

# ./goipset add hash_ip 1.1.1.1

作为三方库调用 比如:

package main

import (
	"log"
	"net"

	"github.com/JiHanHuang/goipset"
)

func main() {
	ipsetName := "test"
	protocol, err := goipset.Protocol()
	check(err)
	log.Println("Protocol:", protocol)

	err = goipset.Create(ipsetName, "hash:ip", goipset.GoIpsetCreateOptions{})
	check(err)

	entry := goipset.GoIPSetEntry{
		Set: &goipset.SetIP{IP: net.ParseIP("1.1.1.1")},
	}
	err = goipset.Add(ipsetName, &entry)
	check(err)

	result, err := goipset.List(ipsetName)
	check(err)
	log.Printf("List:%v", result.Entries)
}

func check(err error) {
	if err != nil {
		log.Fatalf("Err: %v", err)
	}
}

更多

后续将持续补齐ipset的相关功能,欢迎随时交流。
有必要将会提供一些ipset和iptables的配合使用的相关文档。

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var Debug = false

Debug set debug mod. print msg of netlink connection.

Functions

func Add 

func Add(setname string, entry *GoIPSetEntry) error

Add adds an entry to an existing ipset.

func Create 

func Create(setname, typename string, options GoIpsetCreateOptions) error

Create creates a new ipset

func Del 

func Del(setname string, entry *GoIPSetEntry) error

Del deletes an entry from an existing ipset.

func Destroy 

func Destroy(setname string) error

Destroy destroys an existing ipset

func Flush 

func Flush(setname string) error

Flush flushes an existing ipset

func Protocol 

func Protocol() (uint8, error)

Protocol returns the ipset protocol version from the kernel

Types

type GoIPSetEntry 

type GoIPSetEntry struct {
	Comment string

	Set

	Timeout uint32
	Packets uint64
	Bytes   uint64

	Replace bool // replace existing entry
}

GoIPSetEntry is used for adding, updating, retreiving and deleting entries

type GoIPSetResult 

type GoIPSetResult struct {
	Nfgenmsg *nl.Nfgenmsg
	Protocol uint8
	Revision uint8
	Family   uint8
	Flags    uint8
	ProtoMin uint8
	SetName  string
	TypeName string

	HashSize     uint32
	NumEntries   uint32
	MaxElements  uint32
	References   uint32
	SizeInMemory uint32
	CadtFlags    uint32
	Timeout      uint32

	Entries []GoIPSetEntry
}

GoIPSetResult is the result of a dump request for a set

func List 

func List(setname string) (GoIPSetResult, error)

List dumps an specific ipset.

func ListAll 

func ListAll() ([]GoIPSetResult, error)

ListAll dumps all ipsets.

type GoIpset 

type GoIpset struct {
	// contains filtered or unexported fields
}

GoIpset using save sockets...

func NewGoIpset 

func NewGoIpset() *GoIpset

func (*GoIpset) Add 

func (g *GoIpset) Add(setname string, entry *GoIPSetEntry) error

Add adds an entry to an existing ipset.

func (*GoIpset) Create 

func (g *GoIpset) Create(setname, typename string, options GoIpsetCreateOptions) error

func (*GoIpset) Del 

func (g *GoIpset) Del(setname string, entry *GoIPSetEntry) error

Del deletes an entry from an existing ipset.

func (*GoIpset) Destroy 

func (g *GoIpset) Destroy(setname string) error

func (*GoIpset) Flush 

func (g *GoIpset) Flush(setname string) error

func (*GoIpset) List 

func (g *GoIpset) List(name string) (GoIPSetResult, error)

func (*GoIpset) ListAll 

func (g *GoIpset) ListAll() ([]GoIPSetResult, error)

func (*GoIpset) Protocol 

func (g *GoIpset) Protocol() (uint8, error)

type GoIpsetCreateOptions 

type GoIpsetCreateOptions struct {
	Replace  bool // replace existing ipset
	Timeout  uint32
	Counters bool
	Comments bool
	Skbinfo  bool
	Family   int
}

GoIpsetCreateOptions is the options struct for creating a new ipset

type Set 

type Set interface {
	String() string
	// contains filtered or unexported methods
}

type SetIP 

type SetIP struct {
	IP   net.IP
	IPTO net.IP
}

SetIP surpport signal ip, ip-ipto[only ipv4] and ipv6

func (*SetIP) String 

func (set *SetIP) String() string

type SetIPPort 

type SetIPPort struct {
	Name   string
	IP     net.IP
	IPTO   net.IP
	Port   uint16
	PortTo uint16
	Proto  uint8
}

SetIPPort support ip,port format ip,port: 

entry type: ip,<proto:>port
ip type:x.x.x.x or x.x.x.x-x.x.x.x or ipv6
port type: xx or xx-xx
proto type: udp or tcp or null

ip type not support ipv6 range

func (*SetIPPort) String 

func (set *SetIPPort) String() string

type SetMac 

type SetMac struct {
	MAC net.HardwareAddr
}

SetMac

func (*SetMac) String 

func (set *SetMac) String() string

type SetNet 

type SetNet struct {
	IP   net.IP
	CIDR uint8
}

SetNet

func (*SetNet) String 

func (set *SetNet) String() string

type SetNetPort 

type SetNetPort struct {
	IP     net.IP
	CIDR   uint8
	Port   uint16
	PortTo uint16
	Proto  uint8
}

SetNetPort

func (*SetNetPort) String 

func (set *SetNetPort) String() string

type SetResult 

type SetResult struct {
	MAC   net.HardwareAddr
	IP    net.IP
	CIDR  uint8
	Port  uint16
	Proto uint8
}

SetResult is ipset list result set

func (*SetResult) String 

func (set *SetResult) String() string

Source Files

View all Source files

Directories

Path Synopsis
Package nl has low level primitives for making Netlink calls.
 Package nl has low level primitives for making Netlink calls.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.