netlink

package module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 16, 2018 License: Apache-2.0 Imports: 15 Imported by: 0

README

Build Status GoDoc

The netlink package provides a simple netlink library for go. Netlink is the interface a user-space program in linux uses to communicate with the kernel. It can be used to add and remove interfaces, set ip addresses and routes, and configure ipsec. Netlink communication requires elevated privileges, so in most cases this code needs to be run as root. Since low-level netlink messages are inscrutable at best, the library attempts to provide an api that is loosely modeled on the CLI provided by iproute2. Actions like ip link add will be accomplished via a similarly named function like AddLink(). This library began its life as a fork of the netlink functionality in docker/libcontainer but was heavily rewritten to improve testability, performance, and to add new functionality like ipsec xfrm handling.

Local Build and Test

You can use go get command:

go get github.com/vishvananda/netlink

Testing dependencies:

go get github.com/vishvananda/netns

Testing (requires root):

sudo -E go test github.com/vishvananda/netlink

Examples

Add a new bridge and add eth1 into it:

package main

import (
    "fmt"
    "github.com/vishvananda/netlink"
)

func main() {
    la := netlink.NewLinkAttrs()
    la.Name = "foo"
    mybridge := &netlink.Bridge{LinkAttrs: la}
    err := netlink.LinkAdd(mybridge)
    if err != nil  {
        fmt.Printf("could not add %s: %v\n", la.Name, err)
    }
    eth1, _ := netlink.LinkByName("eth1")
    netlink.LinkSetMaster(eth1, mybridge)
}

Note NewLinkAttrs constructor, it sets default values in structure. For now it sets only TxQLen to -1, so kernel will set default by itself. If you're using simple initialization(LinkAttrs{Name: "foo"}) TxQLen will be set to 0 unless you specify it like LinkAttrs{Name: "foo", TxQLen: 1000}.

Add a new ip address to loopback:

package main

import (
    "github.com/vishvananda/netlink"
)

func main() {
    lo, _ := netlink.LinkByName("lo")
    addr, _ := netlink.ParseAddr("169.254.169.254/32")
    netlink.AddrAdd(lo, addr)
}

Future Work

Many pieces of netlink are not yet fully supported in the high-level interface. Aspects of virtually all of the high-level objects don't exist. Many of the underlying primitives are there, so its a matter of putting the right fields into the high-level objects and making sure that they are serialized and deserialized correctly in the Add and List methods.

There are also a few pieces of low level netlink functionality that still need to be implemented. Routing rules are not in place and some of the more advanced link types. Hopefully there is decent structure and testing in place to make these fairly straightforward to add.

Documentation

Overview

Package netlink provides a simple library for netlink. Netlink is the interface a user-space program in linux uses to communicate with the kernel. It can be used to add and remove interfaces, set up ip addresses and routes, and confiugre ipsec. Netlink communication requires elevated privileges, so in most cases this code needs to be run as root. The low level primitives for netlink are contained in the nl subpackage. This package attempts to provide a high-level interface that is loosly modeled on the iproute2 cli.

Index

Constants

View Source
const (
	// ConntrackTable Conntrack table
	// https://github.com/torvalds/linux/blob/master/include/uapi/linux/netfilter/nfnetlink.h -> #define NFNL_SUBSYS_CTNETLINK		 1
	ConntrackTable = 1
	// ConntrackExpectTable Conntrack expect table
	// https://github.com/torvalds/linux/blob/master/include/uapi/linux/netfilter/nfnetlink.h -> #define NFNL_SUBSYS_CTNETLINK_EXP 2
	ConntrackExpectTable = 2
)
View Source
const (
	// For Parsing Mark
	TCP_PROTO = 6
	UDP_PROTO = 17
)
View Source
const (
	ConntrackOrigSrcIP = iota // -orig-src ip   Source address from original direction
	ConntrackOrigDstIP        // -orig-dst ip   Destination address from original direction
	ConntrackNatSrcIP         // -src-nat ip    Source NAT ip
	ConntrackNatDstIP         // -dst-nat ip    Destination NAT ip
	ConntrackNatAnyIP         // -any-nat ip    Source or destination NAT ip
)
View Source
const (
	TC_U32_TERMINAL  = nl.TC_U32_TERMINAL
	TC_U32_OFFSET    = nl.TC_U32_OFFSET
	TC_U32_VAROFFSET = nl.TC_U32_VAROFFSET
	TC_U32_EAT       = nl.TC_U32_EAT
)

Constants used in TcU32Sel.Flags.

View Source
const (
	FOU_CMD_UNSPEC uint8 = iota
	FOU_CMD_ADD
	FOU_CMD_DEL
	FOU_CMD_GET
	FOU_CMD_MAX = FOU_CMD_GET
)
View Source
const (
	FOU_ATTR_UNSPEC = iota
	FOU_ATTR_PORT
	FOU_ATTR_AF
	FOU_ATTR_IPPROTO
	FOU_ATTR_TYPE
	FOU_ATTR_REMCSUM_NOPARTIAL
	FOU_ATTR_MAX = FOU_ATTR_REMCSUM_NOPARTIAL
)
View Source
const (
	FOU_ENCAP_UNSPEC = iota
	FOU_ENCAP_DIRECT
	FOU_ENCAP_GUE
	FOU_ENCAP_MAX = FOU_ENCAP_GUE
)
View Source
const (
	// ETHTOOL_GSSET_INFO gets string set info
	ETHTOOL_GSSET_INFO = 0x00000037
	// SIOCETHTOOL is Ethtool interface
	SIOCETHTOOL = 0x8946
	// ETHTOOL_GSTRINGS gets specified string set
	ETHTOOL_GSTRINGS = 0x0000001b
	// ETHTOOL_GSTATS gets NIC-specific statistics
	ETHTOOL_GSTATS = 0x0000001d
)

ioctl for statistics.

View Source
const (
	// ETH_SS_TEST is self-test result names, for use with %ETHTOOL_TEST
	ETH_SS_TEST = iota
	// ETH_SS_STATS statistic names, for use with %ETHTOOL_GSTATS
	ETH_SS_STATS
	// ETH_SS_PRIV_FLAGS are driver private flag names
	ETH_SS_PRIV_FLAGS

	// ETH_SS_FEATURES are device feature names
	ETH_SS_FEATURES
	// ETH_SS_RSS_HASH_FUNCS is RSS hush function names
	ETH_SS_RSS_HASH_FUNCS
)

string set id.

View Source
const (
	OperUnknown        = iota // Status can't be determined.
	OperNotPresent            // Some component is missing.
	OperDown                  // Down.
	OperLowerLayerDown        // Down due to state of lower layer.
	OperTesting               // In some test mode.
	OperDormant               // Not up but pending an external event.
	OperUp                    // Up, ready to send packets.
)
View Source
const (
	BOND_MODE_MASK uint64 = 1 << (1 + iota)
	BOND_ACTIVE_SLAVE_MASK
	BOND_MIIMON_MASK
	BOND_UPDELAY_MASK
	BOND_DOWNDELAY_MASK
	BOND_USE_CARRIER_MASK
	BOND_ARP_INTERVAL_MASK
	BOND_ARP_VALIDATE_MASK
	BOND_ARP_ALL_TARGETS_MASK
	BOND_PRIMARY_MASK
	BOND_PRIMARY_RESELECT_MASK
	BOND_FAIL_OVER_MAC_MASK
	BOND_XMIT_HASH_POLICY_MASK
	BOND_RESEND_IGMP_MASK
	BOND_NUM_PEER_NOTIF_MASK
	BOND_ALL_SLAVES_ACTIVE_MASK
	BOND_MIN_LINKS_MASK
	BOND_LP_INTERVAL_MASK
	BOND_PACKETS_PER_SLAVE_MASK
	BOND_LACP_RATE_MASK
	BOND_AD_SELECT_MASK
)

Flag mask for bond options. Bond.Flagmask must be set to on for option to work.

View Source
const (
	SizeofLinkStats32 = 0x5c
	SizeofLinkStats64 = 0xd8
)
View Source
const (
	TUNTAP_MODE_TUN             TuntapMode = unix.IFF_TUN
	TUNTAP_MODE_TAP             TuntapMode = unix.IFF_TAP
	TUNTAP_DEFAULTS             TuntapFlag = unix.IFF_TUN_EXCL | unix.IFF_ONE_QUEUE
	TUNTAP_VNET_HDR             TuntapFlag = unix.IFF_VNET_HDR
	TUNTAP_TUN_EXCL             TuntapFlag = unix.IFF_TUN_EXCL
	TUNTAP_NO_PI                TuntapFlag = unix.IFF_NO_PI
	TUNTAP_ONE_QUEUE            TuntapFlag = unix.IFF_ONE_QUEUE
	TUNTAP_MULTI_QUEUE          TuntapFlag = unix.IFF_MULTI_QUEUE
	TUNTAP_MULTI_QUEUE_DEFAULTS TuntapFlag = TUNTAP_MULTI_QUEUE | TUNTAP_NO_PI
)
View Source
const (
	SizeOfIfReq = 40
	IFNAMSIZ    = 16
)

ideally golang.org/x/sys/unix would define IfReq but it only has IFNAMSIZ, hence this minimalistic implementation

View Source
const (
	NDA_UNSPEC = iota
	NDA_DST
	NDA_LLADDR
	NDA_CACHEINFO
	NDA_PROBES
	NDA_VLAN
	NDA_PORT
	NDA_VNI
	NDA_IFINDEX
	NDA_MAX = NDA_IFINDEX
)
View Source
const (
	NUD_NONE       = 0x00
	NUD_INCOMPLETE = 0x01
	NUD_REACHABLE  = 0x02
	NUD_STALE      = 0x04
	NUD_DELAY      = 0x08
	NUD_PROBE      = 0x10
	NUD_FAILED     = 0x20
	NUD_NOARP      = 0x40
	NUD_PERMANENT  = 0x80
)

Neighbor Cache Entry States.

View Source
const (
	NTF_USE    = 0x01
	NTF_SELF   = 0x02
	NTF_MASTER = 0x04
	NTF_PROXY  = 0x08
	NTF_ROUTER = 0x80
)

Neighbor Flags

View Source
const (
	FAMILY_ALL  = nl.FAMILY_ALL
	FAMILY_V4   = nl.FAMILY_V4
	FAMILY_V6   = nl.FAMILY_V6
	FAMILY_MPLS = nl.FAMILY_MPLS
)

Family type definitions

View Source
const (
	HANDLE_NONE      = 0
	HANDLE_INGRESS   = 0xFFFFFFF1
	HANDLE_CLSACT    = HANDLE_INGRESS
	HANDLE_ROOT      = 0xFFFFFFFF
	PRIORITY_MAP_LEN = 16
)
View Source
const (
	HANDLE_MIN_INGRESS = 0xFFFFFFF2
	HANDLE_MIN_EGRESS  = 0xFFFFFFF3
)
View Source
const (
	RT_FILTER_PROTOCOL uint64 = 1 << (1 + iota)
	RT_FILTER_SCOPE
	RT_FILTER_TYPE
	RT_FILTER_TOS
	RT_FILTER_IIF
	RT_FILTER_OIF
	RT_FILTER_DST
	RT_FILTER_SRC
	RT_FILTER_GW
	RT_FILTER_TABLE
)
View Source
const (
	FOU_GENL_NAME = "fou"
)
View Source
const FibRuleInvert = 0x2
View Source
const IFA_FLAGS = 0x8

IFA_FLAGS is a u32 attribute.

View Source
const (
	TIME_UNITS_PER_SEC = 1000000
)

Variables

View Source
var (
	// ErrAttrHeaderTruncated is returned when a netlink attribute's header is
	// truncated.
	ErrAttrHeaderTruncated = errors.New("attribute header truncated")
	// ErrAttrBodyTruncated is returned when a netlink attribute's body is
	// truncated.
	ErrAttrBodyTruncated = errors.New("attribute body truncated")
)
View Source
var (
	// ErrNotImplemented is returned when a requested feature is not implemented.
	ErrNotImplemented = errors.New("not implemented")
)
View Source
var StringToBondLacpRateMap = map[string]BondLacpRate{
	"slow": BOND_LACP_RATE_SLOW,
	"fast": BOND_LACP_RATE_FAST,
}
View Source
var StringToBondModeMap = map[string]BondMode{
	"balance-rr":    BOND_MODE_BALANCE_RR,
	"active-backup": BOND_MODE_ACTIVE_BACKUP,
	"balance-xor":   BOND_MODE_BALANCE_XOR,
	"broadcast":     BOND_MODE_BROADCAST,
	"802.3ad":       BOND_MODE_802_3AD,
	"balance-tlb":   BOND_MODE_BALANCE_TLB,
	"balance-alb":   BOND_MODE_BALANCE_ALB,
}

Functions

func AddrAdd

func AddrAdd(link Link, addr *Addr) error

AddrAdd will add an IP address to a link device. Equivalent to: `ip addr add $addr dev $link`

func AddrDel

func AddrDel(link Link, addr *Addr) error

AddrDel will delete an IP address from a link device. Equivalent to: `ip addr del $addr dev $link`

func AddrReplace

func AddrReplace(link Link, addr *Addr) error

AddrReplace will replace (or, if not present, add) an IP address on a link device. Equivalent to: `ip addr replace $addr dev $link`

func AddrSubscribe

func AddrSubscribe(ch chan<- AddrUpdate, done <-chan struct{}) error

AddrSubscribe takes a chan down which notifications will be sent when addresses change. Close the 'done' chan to stop subscription.

func AddrSubscribeAt

func AddrSubscribeAt(ns netns.NsHandle, ch chan<- AddrUpdate, done <-chan struct{}) error

AddrSubscribeAt works like AddrSubscribe plus it allows the caller to choose the network namespace in which to subscribe (ns).

func AddrSubscribeWithOptions

func AddrSubscribeWithOptions(ch chan<- AddrUpdate, done <-chan struct{}, options AddrSubscribeOptions) error

AddrSubscribeWithOptions work like AddrSubscribe but enable to provide additional options to modify the behavior. Currently, the namespace can be provided as well as an error callback.

func AdjustSize

func AdjustSize(sz uint, mpu uint, linklayer int) uint

func AlignToAtm

func AlignToAtm(size uint) uint

func BridgeSetMcastSnoop

func BridgeSetMcastSnoop(link Link, on bool) error

func BridgeVlanAdd

func BridgeVlanAdd(link Link, vid uint16, pvid, untagged, self, master bool) error

BridgeVlanAdd adds a new vlan filter entry Equivalent to: `bridge vlan add dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]`

func BridgeVlanDel

func BridgeVlanDel(link Link, vid uint16, pvid, untagged, self, master bool) error

BridgeVlanDel adds a new vlan filter entry Equivalent to: `bridge vlan del dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]`

func BridgeVlanList

func BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error)

BridgeVlanList gets a map of device id to bridge vlan infos. Equivalent to: `bridge vlan show`

func CalcRtable

func CalcRtable(rate *nl.TcRateSpec, rtab []uint32, cellLog int, mtu uint32, linklayer int) int

func ClassAdd

func ClassAdd(class Class) error

ClassAdd will add a class to the system. Equivalent to: `tc class add $class`

func ClassChange

func ClassChange(class Class) error

ClassChange will change a class in place Equivalent to: `tc class change $class` The parent and handle MUST NOT be changed.

func ClassDel

func ClassDel(class Class) error

ClassDel will delete a class from the system. Equivalent to: `tc class del $class`

func ClassReplace

func ClassReplace(class Class) error

ClassReplace will replace a class to the system. quivalent to: `tc class replace $class` The handle MAY be changed. If a class already exist with this parent/handle pair, the class is changed. If a class does not already exist with this parent/handle, a new class is created.

func ClockFactor

func ClockFactor() float64

func ConntrackDeleteFilter

func ConntrackDeleteFilter(table ConntrackTableType, family InetFamily, filter CustomConntrackFilter) (uint, error)

ConntrackDeleteFilter deletes entries on the specified table on the base of the filter conntrack -D [table] parameters Delete conntrack or expectation

func ConntrackTableFlush

func ConntrackTableFlush(table ConntrackTableType) error

ConntrackTableFlush flushes all the flows of a specified table conntrack -F [table] Flush table The flush operation applies to all the family types

func DeserializeRtab

func DeserializeRtab(b []byte) [256]uint32

func EncodeActions

func EncodeActions(attr *nl.RtAttr, actions []Action) error

func FilterAdd

func FilterAdd(filter Filter) error

FilterAdd will add a filter to the system. Equivalent to: `tc filter add $filter`

func FilterDel

func FilterDel(filter Filter) error

FilterDel will delete a filter from the system. Equivalent to: `tc filter del $filter`

func FouAdd

func FouAdd(f Fou) error

func FouDel

func FouDel(f Fou) error

func FouFamilyId

func FouFamilyId() (int, error)

func GTPPDPAdd

func GTPPDPAdd(link Link, pdp *PDP) error

func GTPPDPDel

func GTPPDPDel(link Link, pdp *PDP) error

func HandleStr

func HandleStr(handle uint32) string

func Hz

func Hz() float64

func LinkAdd

func LinkAdd(link Link) error

LinkAdd adds a new link device. The type and features of the device are taken from the parameters in the link object. Equivalent to: `ip link add $link`

func LinkDel

func LinkDel(link Link) error

LinkDel deletes link device. Either Index or Name must be set in the link object for it to be deleted. The other values are ignored. Equivalent to: `ip link del $link`

func LinkSetARPOff

func LinkSetARPOff(link Link) error

func LinkSetARPOn

func LinkSetARPOn(link Link) error

func LinkSetAlias

func LinkSetAlias(link Link, name string) error

LinkSetAlias sets the alias of the link device. Equivalent to: `ip link set dev $link alias $name`

func LinkSetBondSlave

func LinkSetBondSlave(link Link, master *Bond) error

LinkSetBondSlave add slave to bond link via ioctl interface.

func LinkSetBrProxyArp

func LinkSetBrProxyArp(link Link, mode bool) error

func LinkSetBrProxyArpWiFi

func LinkSetBrProxyArpWiFi(link Link, mode bool) error

func LinkSetDown

func LinkSetDown(link Link) error

LinkSetDown disables link device. Equivalent to: `ip link set $link down`

func LinkSetFastLeave

func LinkSetFastLeave(link Link, mode bool) error

func LinkSetFlood

func LinkSetFlood(link Link, mode bool) error

func LinkSetGuard

func LinkSetGuard(link Link, mode bool) error

func LinkSetHairpin

func LinkSetHairpin(link Link, mode bool) error

func LinkSetHardwareAddr

func LinkSetHardwareAddr(link Link, hwaddr net.HardwareAddr) error

LinkSetHardwareAddr sets the hardware address of the link device. Equivalent to: `ip link set $link address $hwaddr`

func LinkSetLearning

func LinkSetLearning(link Link, mode bool) error

func LinkSetMTU

func LinkSetMTU(link Link, mtu int) error

LinkSetMTU sets the mtu of the link device. Equivalent to: `ip link set $link mtu $mtu`

func LinkSetMaster

func LinkSetMaster(link Link, master *Bridge) error

LinkSetMaster sets the master of the link device. Equivalent to: `ip link set $link master $master`

func LinkSetMasterByIndex

func LinkSetMasterByIndex(link Link, masterIndex int) error

LinkSetMasterByIndex sets the master of the link device. Equivalent to: `ip link set $link master $master`

func LinkSetName

func LinkSetName(link Link, name string) error

LinkSetName sets the name of the link device. Equivalent to: `ip link set $link name $name`

func LinkSetNoMaster

func LinkSetNoMaster(link Link) error

LinkSetNoMaster removes the master of the link device. Equivalent to: `ip link set $link nomaster`

func LinkSetNsFd

func LinkSetNsFd(link Link, fd int) error

LinkSetNsFd puts the device into a new network namespace. The fd must be an open file descriptor to a network namespace. Similar to: `ip link set $link netns $ns`

func LinkSetNsPid

func LinkSetNsPid(link Link, nspid int) error

LinkSetNsPid puts the device into a new network namespace. The pid must be a pid of a running process. Equivalent to: `ip link set $link netns $pid`

func LinkSetRootBlock

func LinkSetRootBlock(link Link, mode bool) error

func LinkSetTxQLen

func LinkSetTxQLen(link Link, qlen int) error

LinkSetTxQLen sets the transaction queue length for the link. Equivalent to: `ip link set $link txqlen $qlen`

func LinkSetUp

func LinkSetUp(link Link) error

LinkSetUp enables the link device. Equivalent to: `ip link set $link up`

func LinkSetVfHardwareAddr

func LinkSetVfHardwareAddr(link Link, vf int, hwaddr net.HardwareAddr) error

LinkSetVfHardwareAddr sets the hardware address of a vf for the link. Equivalent to: `ip link set $link vf $vf mac $hwaddr`

func LinkSetVfSpoofchk

func LinkSetVfSpoofchk(link Link, vf int, check bool) error

LinkSetVfSpoofchk enables/disables spoof check on a vf for the link. Equivalent to: `ip link set $link vf $vf spoofchk $check`

func LinkSetVfTrust

func LinkSetVfTrust(link Link, vf int, state bool) error

LinkSetVfTrust enables/disables trust state on a vf for the link. Equivalent to: `ip link set $link vf $vf trust $state`

func LinkSetVfTxRate

func LinkSetVfTxRate(link Link, vf, rate int) error

LinkSetVfTxRate sets the tx rate of a vf for the link. Equivalent to: `ip link set $link vf $vf rate $rate`

func LinkSetVfVlan

func LinkSetVfVlan(link Link, vf, vlan int) error

LinkSetVfVlan sets the vlan of a vf for the link. Equivalent to: `ip link set $link vf $vf vlan $vlan`

func LinkSetXdpFd

func LinkSetXdpFd(link Link, fd int) error

LinkSetXdpFd adds a bpf function to the driver. The fd must be a bpf program loaded with bpf(type=BPF_PROG_TYPE_XDP)

func LinkSetXdpFdWithFlags

func LinkSetXdpFdWithFlags(link Link, fd, flags int) error

LinkSetXdpFdWithFlags adds a bpf function to the driver with the given options. The fd must be a bpf program loaded with bpf(type=BPF_PROG_TYPE_XDP)

func LinkSubscribe

func LinkSubscribe(ch chan<- LinkUpdate, done <-chan struct{}) error

LinkSubscribe takes a chan down which notifications will be sent when links change. Close the 'done' chan to stop subscription.

func LinkSubscribeAt

func LinkSubscribeAt(ns netns.NsHandle, ch chan<- LinkUpdate, done <-chan struct{}) error

LinkSubscribeAt works like LinkSubscribe plus it allows the caller to choose the network namespace in which to subscribe (ns).

func LinkSubscribeWithOptions

func LinkSubscribeWithOptions(ch chan<- LinkUpdate, done <-chan struct{}, options LinkSubscribeOptions) error

LinkSubscribeWithOptions work like LinkSubscribe but enable to provide additional options to modify the behavior. Currently, the namespace can be provided as well as an error callback.

func MacvlanMACAddrAdd

func MacvlanMACAddrAdd(link Link, addr net.HardwareAddr) error

func MacvlanMACAddrDel

func MacvlanMACAddrDel(link Link, addr net.HardwareAddr) error

func MacvlanMACAddrFlush

func MacvlanMACAddrFlush(link Link) error

func MacvlanMACAddrSet

func MacvlanMACAddrSet(link Link, addrs []net.HardwareAddr) error

func MajorMinor

func MajorMinor(handle uint32) (uint16, uint16)

func MakeHandle

func MakeHandle(major, minor uint16) uint32

func NeighAdd

func NeighAdd(neigh *Neigh) error

NeighAdd will add an IP to MAC mapping to the ARP table Equivalent to: `ip neigh add ....`

func NeighAppend

func NeighAppend(neigh *Neigh) error

NeighAppend will append an entry to FDB Equivalent to: `bridge fdb append...`

func NeighDel

func NeighDel(neigh *Neigh) error

NeighDel will delete an IP address from a link device. Equivalent to: `ip addr del $addr dev $link`

func NeighSet

func NeighSet(neigh *Neigh) error

NeighSet will add or replace an IP to MAC mapping to the ARP table Equivalent to: `ip neigh replace....`

func NewIPNet

func NewIPNet(ip net.IP) *net.IPNet

NewIPNet generates an IPNet from an ip address using a netmask of 32 or 128.

func ParseIPNet

func ParseIPNet(s string) (*net.IPNet, error)

ParseIPNet parses a string in ip/net format and returns a net.IPNet. This is valuable because addresses in netlink are often IPNets and ParseCIDR returns an IPNet with the IP part set to the base IP of the range.

func Percentage2u32

func Percentage2u32(percentage float32) uint32

func QdiscAdd

func QdiscAdd(qdisc Qdisc) error

QdiscAdd will add a qdisc to the system. Equivalent to: `tc qdisc add $qdisc`

func QdiscChange

func QdiscChange(qdisc Qdisc) error

QdiscChange will change a qdisc in place Equivalent to: `tc qdisc change $qdisc` The parent and handle MUST NOT be changed.

func QdiscDel

func QdiscDel(qdisc Qdisc) error

QdiscDel will delete a qdisc from the system. Equivalent to: `tc qdisc del $qdisc`

func QdiscReplace

func QdiscReplace(qdisc Qdisc) error

QdiscReplace will replace a qdisc to the system. Equivalent to: `tc qdisc replace $qdisc` The handle MUST change.

func RouteAdd

func RouteAdd(route *Route) error

RouteAdd will add a route to the system. Equivalent to: `ip route add $route`

func RouteDel

func RouteDel(route *Route) error

RouteDel will delete a route from the system. Equivalent to: `ip route del $route`

func RouteReplace

func RouteReplace(route *Route) error

RouteReplace will add a route to the system. Equivalent to: `ip route replace $route`

func RouteSubscribe

func RouteSubscribe(ch chan<- RouteUpdate, done <-chan struct{}) error

RouteSubscribe takes a chan down which notifications will be sent when routes are added or deleted. Close the 'done' chan to stop subscription.

func RouteSubscribeAt

func RouteSubscribeAt(ns netns.NsHandle, ch chan<- RouteUpdate, done <-chan struct{}) error

RouteSubscribeAt works like RouteSubscribe plus it allows the caller to choose the network namespace in which to subscribe (ns).

func RouteSubscribeWithOptions

func RouteSubscribeWithOptions(ch chan<- RouteUpdate, done <-chan struct{}, options RouteSubscribeOptions) error

RouteSubscribeWithOptions work like RouteSubscribe but enable to provide additional options to modify the behavior. Currently, the namespace can be provided as well as an error callback.

func RuleAdd

func RuleAdd(rule *Rule) error

RuleAdd adds a rule to the system. Equivalent to: ip rule add

func RuleDel

func RuleDel(rule *Rule) error

RuleDel deletes a rule from the system. Equivalent to: ip rule del

func SerializeRtab

func SerializeRtab(rtab [256]uint32) []byte

func SetPromiscOff

func SetPromiscOff(link Link) error

func SetPromiscOn

func SetPromiscOn(link Link) error

func TickInUsec

func TickInUsec() float64

func VethPeerIndex

func VethPeerIndex(link *Veth) (int, error)

VethPeerIndex get veth peer index.

func XfrmMonitor

func XfrmMonitor(ch chan<- XfrmMsg, done <-chan struct{}, errorChan chan<- error,
	types ...nl.XfrmMsgType) error

func XfrmPolicyAdd

func XfrmPolicyAdd(policy *XfrmPolicy) error

XfrmPolicyAdd will add an xfrm policy to the system. Equivalent to: `ip xfrm policy add $policy`

func XfrmPolicyDel

func XfrmPolicyDel(policy *XfrmPolicy) error

XfrmPolicyDel will delete an xfrm policy from the system. Note that the Tmpls are ignored when matching the policy to delete. Equivalent to: `ip xfrm policy del $policy`

func XfrmPolicyFlush

func XfrmPolicyFlush() error

XfrmPolicyFlush will flush the policies on the system. Equivalent to: `ip xfrm policy flush`

func XfrmPolicyUpdate

func XfrmPolicyUpdate(policy *XfrmPolicy) error

XfrmPolicyUpdate will update an xfrm policy to the system. Equivalent to: `ip xfrm policy update $policy`

func XfrmStateAdd

func XfrmStateAdd(state *XfrmState) error

XfrmStateAdd will add an xfrm state to the system. Equivalent to: `ip xfrm state add $state`

func XfrmStateDel

func XfrmStateDel(state *XfrmState) error

XfrmStateDel will delete an xfrm state from the system. Note that the Algos are ignored when matching the state to delete. Equivalent to: `ip xfrm state del $state`

func XfrmStateFlush

func XfrmStateFlush(proto Proto) error

XfrmStateFlush will flush the xfrm state on the system. proto = 0 means any transformation protocols Equivalent to: `ip xfrm state flush [ proto XFRM-PROTO ]`

func XfrmStateUpdate

func XfrmStateUpdate(state *XfrmState) error

XfrmStateUpdate will update an xfrm state to the system. Equivalent to: `ip xfrm state update $state`

func Xmittime

func Xmittime(rate uint64, size uint32) float64

Types

type Action

type Action interface {
	Attrs() *ActionAttrs
	Type() string
}

Action represents an action in any supported filter.

type ActionAttrs

type ActionAttrs struct {
	Index   int
	Capab   int
	Action  TcAct
	Refcnt  int
	Bindcnt int
}

func (ActionAttrs) String

func (q ActionAttrs) String() string

type Addr

type Addr struct {
	*net.IPNet
	Label       string
	Flags       int
	Scope       int
	Peer        *net.IPNet
	Broadcast   net.IP
	PreferedLft int
	ValidLft    int
}

Addr represents an IP address from netlink. Netlink ip addresses include a mask, so it stores the address as a net.IPNet.

func AddrList

func AddrList(link Link, family int) ([]Addr, error)

AddrList gets a list of IP addresses in the system. Equivalent to: `ip addr show`. The list can be filtered by link and ip family.

func ParseAddr

func ParseAddr(s string) (*Addr, error)

ParseAddr parses the string representation of an address in the form $ip/$netmask $label. The label portion is optional

func (Addr) Equal

func (a Addr) Equal(x Addr) bool

Equal returns true if both Addrs have the same net.IPNet value.

func (Addr) PeerEqual

func (a Addr) PeerEqual(x Addr) bool

func (Addr) String

func (a Addr) String() string

String returns $ip/$netmask $label

type AddrSubscribeOptions

type AddrSubscribeOptions struct {
	Namespace     *netns.NsHandle
	ErrorCallback func(error)
	ListExisting  bool
}

AddrSubscribeOptions contains a set of options to use with AddrSubscribeWithOptions.

type AddrUpdate

type AddrUpdate struct {
	LinkAddress net.IPNet
	LinkIndex   int
	Flags       int
	Scope       int
	PreferedLft int
	ValidLft    int
	NewAddr     bool // true=added false=deleted
}

type BPFAttr

type BPFAttr struct {
	ProgType    uint32
	InsnCnt     uint32
	Insns       uintptr
	License     uintptr
	LogLevel    uint32
	LogSize     uint32
	LogBuf      uintptr
	KernVersion uint32
}

type Bond

type Bond struct {
	LinkAttrs
	Mode            BondMode
	ActiveSlave     int
	Miimon          int
	UpDelay         int
	DownDelay       int
	UseCarrier      int
	ArpInterval     int
	ArpIpTargets    []net.IP
	ArpValidate     BondArpValidate
	ArpAllTargets   BondArpAllTargets
	Primary         int
	PrimaryReselect BondPrimaryReselect
	FailOverMac     BondFailOverMac
	XmitHashPolicy  BondXmitHashPolicy
	ResendIgmp      int
	NumPeerNotif    int
	AllSlavesActive int
	MinLinks        int
	LpInterval      int
	PackersPerSlave int
	LacpRate        BondLacpRate
	AdSelect        BondAdSelect
	// looking at iproute tool AdInfo can only be retrived. It can't be set.
	AdInfo         *BondAdInfo
	AdActorSysPrio int
	AdUserPortKey  int
	AdActorSystem  net.HardwareAddr
	TlbDynamicLb   int
}

Bond representation

func NewLinkBond

func NewLinkBond(atr LinkAttrs) *Bond

func (*Bond) Attrs

func (bond *Bond) Attrs() *LinkAttrs

Attrs implementation.

func (*Bond) Type

func (bond *Bond) Type() string

Type implementation fro Vxlan.

type BondAdInfo

type BondAdInfo struct {
	AggregatorId int
	NumPorts     int
	ActorKey     int
	PartnerKey   int
	PartnerMac   net.HardwareAddr
}

BondAdInfo represents ad info for bond

type BondAdSelect

type BondAdSelect int

BondAdSelect type

const (
	BOND_AD_SELECT_STABLE BondAdSelect = iota
	BOND_AD_SELECT_BANDWIDTH
	BOND_AD_SELECT_COUNT
)

Possible BondAdSelect value

type BondArpAllTargets

type BondArpAllTargets int

BondArpAllTargets type

const (
	BOND_ARP_ALL_TARGETS_ANY BondArpAllTargets = iota
	BOND_ARP_ALL_TARGETS_ALL
)

Possible BondArpAllTargets value

type BondArpValidate

type BondArpValidate int

BondArpValidate type

const (
	BOND_ARP_VALIDATE_NONE BondArpValidate = iota
	BOND_ARP_VALIDATE_ACTIVE
	BOND_ARP_VALIDATE_BACKUP
	BOND_ARP_VALIDATE_ALL
)

Possible BondArpValidate value

type BondFailOverMac

type BondFailOverMac int

BondFailOverMac type

const (
	BOND_FAIL_OVER_MAC_NONE BondFailOverMac = iota
	BOND_FAIL_OVER_MAC_ACTIVE
	BOND_FAIL_OVER_MAC_FOLLOW
)

Possible BondFailOverMac value

type BondLacpRate

type BondLacpRate int

BondLacpRate type

const (
	BOND_LACP_RATE_SLOW BondLacpRate = iota
	BOND_LACP_RATE_FAST
	BOND_LACP_RATE_UNKNOWN
)

Possible BondLacpRate value

func StringToBondLacpRate

func StringToBondLacpRate(s string) BondLacpRate

StringToBondLacpRate returns bond lacp arte, or uknonw is the s is invalid.

func (BondLacpRate) String

func (b BondLacpRate) String() string

type BondMode

type BondMode int

BondMode type

const (
	BOND_MODE_BALANCE_RR BondMode = iota
	BOND_MODE_ACTIVE_BACKUP
	BOND_MODE_BALANCE_XOR
	BOND_MODE_BROADCAST
	BOND_MODE_802_3AD
	BOND_MODE_BALANCE_TLB
	BOND_MODE_BALANCE_ALB
	BOND_MODE_UNKNOWN
)

Possible BondMode

func StringToBondMode

func StringToBondMode(s string) BondMode

StringToBondMode returns bond mode, or uknonw is the s is invalid.

func (BondMode) String

func (b BondMode) String() string

type BondPrimaryReselect

type BondPrimaryReselect int

BondPrimaryReselect type

const (
	BOND_PRIMARY_RESELECT_ALWAYS BondPrimaryReselect = iota
	BOND_PRIMARY_RESELECT_BETTER
	BOND_PRIMARY_RESELECT_FAILURE
)

Possible BondPrimaryReselect value

type BondXmitHashPolicy

type BondXmitHashPolicy int

BondXmitHashPolicy type

const (
	BOND_XMIT_HASH_POLICY_LAYER2 BondXmitHashPolicy = iota
	BOND_XMIT_HASH_POLICY_LAYER3_4
	BOND_XMIT_HASH_POLICY_LAYER2_3
	BOND_XMIT_HASH_POLICY_ENCAP2_3
	BOND_XMIT_HASH_POLICY_ENCAP3_4
	BOND_XMIT_HASH_POLICY_UNKNOWN
)

Possible BondXmitHashPolicy value

func StringToBondXmitHashPolicy

func StringToBondXmitHashPolicy(s string) BondXmitHashPolicy

StringToBondXmitHashPolicy returns bond lacp arte, or uknonw is the s is invalid.

func (BondXmitHashPolicy) String

func (b BondXmitHashPolicy) String() string

type BpfAction

type BpfAction struct {
	ActionAttrs
	Fd   int
	Name string
}

func (*BpfAction) Attrs

func (action *BpfAction) Attrs() *ActionAttrs

func (*BpfAction) Type

func (action *BpfAction) Type() string

type BpfFilter

type BpfFilter struct {
	FilterAttrs
	ClassId      uint32
	Fd           int
	Name         string
	DirectAction bool
}

func (*BpfFilter) Attrs

func (filter *BpfFilter) Attrs() *FilterAttrs

func (*BpfFilter) Type

func (filter *BpfFilter) Type() string

type BpfProgType

type BpfProgType uint32
const (
	BPF_PROG_TYPE_UNSPEC BpfProgType = iota
	BPF_PROG_TYPE_SOCKET_FILTER
	BPF_PROG_TYPE_KPROBE
	BPF_PROG_TYPE_SCHED_CLS
	BPF_PROG_TYPE_SCHED_ACT
	BPF_PROG_TYPE_TRACEPOINT
	BPF_PROG_TYPE_XDP
)

type Bridge

type Bridge struct {
	LinkAttrs
	MulticastSnooping *bool
	HelloTime         *uint32
}

Bridge links are simple linux bridges

func (*Bridge) Attrs

func (bridge *Bridge) Attrs() *LinkAttrs

func (*Bridge) Type

func (bridge *Bridge) Type() string

type Class

type Class interface {
	Attrs() *ClassAttrs
	Type() string
}

func ClassList

func ClassList(link Link, parent uint32) ([]Class, error)

ClassList gets a list of classes in the system. Equivalent to: `tc class show`. Generally returns nothing if link and parent are not specified.

type ClassAttrs

type ClassAttrs struct {
	LinkIndex int
	Handle    uint32
	Parent    uint32
	Leaf      uint32
}

ClassAttrs represents a netlink class. A filter is associated with a link, has a handle and a parent. The root filter of a device should have a parent == HANDLE_ROOT.

func (ClassAttrs) String

func (q ClassAttrs) String() string

type ConntrackFilter

type ConntrackFilter struct {
	// contains filtered or unexported fields
}

func (*ConntrackFilter) AddIP

func (f *ConntrackFilter) AddIP(tp ConntrackFilterType, ip net.IP) error

AddIP adds an IP to the conntrack filter

func (*ConntrackFilter) MatchConntrackFlow

func (f *ConntrackFilter) MatchConntrackFlow(flow *ConntrackFlow) bool

MatchConntrackFlow applies the filter to the flow and returns true if the flow matches the filter false otherwise

type ConntrackFilterType

type ConntrackFilterType uint8

Filter types

type ConntrackFlow

type ConntrackFlow struct {
	FamilyType uint8
	Forward    ipTuple
	Reverse    ipTuple
	Mark       uint32
}

func ConntrackTableList

func ConntrackTableList(table ConntrackTableType, family InetFamily) ([]*ConntrackFlow, error)

ConntrackTableList returns the flow list of a table of a specific family conntrack -L [table] [options] List conntrack or expectation table

func (*ConntrackFlow) String

func (s *ConntrackFlow) String() string

type ConntrackTableType

type ConntrackTableType uint8

ConntrackTableType Conntrack table for the netlink operation

type CustomConntrackFilter

type CustomConntrackFilter interface {
	// MatchConntrackFlow applies the filter to the flow and returns true if the flow matches
	// the filter or false otherwise
	MatchConntrackFlow(flow *ConntrackFlow) bool
}

type Destination

type Destination interface {
	Family() int
	Decode([]byte) error
	Encode() ([]byte, error)
	String() string
	Equal(Destination) bool
}

type Device

type Device struct {
	LinkAttrs
}

Device links cannot be created via netlink. These links are links created by udev like 'lo' and 'etho0'

func (*Device) Attrs

func (device *Device) Attrs() *LinkAttrs

func (*Device) Type

func (device *Device) Type() string

type Dir

type Dir uint8

Dir is an enum representing an ipsec template direction.

const (
	XFRM_DIR_IN Dir = iota
	XFRM_DIR_OUT
	XFRM_DIR_FWD
	XFRM_SOCKET_IN
	XFRM_SOCKET_OUT
	XFRM_SOCKET_FWD
)

func (Dir) String

func (d Dir) String() string

type Dummy

type Dummy struct {
	LinkAttrs
}

Dummy links are dummy ethernet devices

func (*Dummy) Attrs

func (dummy *Dummy) Attrs() *LinkAttrs

func (*Dummy) Type

func (dummy *Dummy) Type() string

type Encap

type Encap interface {
	Type() int
	Decode([]byte) error
	Encode() ([]byte, error)
	String() string
	Equal(Encap) bool
}

type EncapType

type EncapType uint8

EncapType is an enum representing the optional packet encapsulation.

const (
	XFRM_ENCAP_ESPINUDP_NONIKE EncapType = iota + 1
	XFRM_ENCAP_ESPINUDP
)

func (EncapType) String

func (e EncapType) String() string

type Filter

type Filter interface {
	Attrs() *FilterAttrs
	Type() string
}

func FilterList

func FilterList(link Link, parent uint32) ([]Filter, error)

FilterList gets a list of filters in the system. Equivalent to: `tc filter show`. Generally returns nothing if link and parent are not specified.

type FilterAttrs

type FilterAttrs struct {
	LinkIndex int
	Handle    uint32
	Parent    uint32
	Priority  uint16 // lower is higher priority
	Protocol  uint16 // unix.ETH_P_*
}

FilterAttrs represents a netlink filter. A filter is associated with a link, has a handle and a parent. The root filter of a device should have a parent == HANDLE_ROOT.

func (FilterAttrs) String

func (q FilterAttrs) String() string

type FilterFwAttrs

type FilterFwAttrs struct {
	ClassId   uint32
	InDev     string
	Mask      uint32
	Index     uint32
	Buffer    uint32
	Mtu       uint32
	Mpu       uint16
	Rate      uint32
	AvRate    uint32
	PeakRate  uint32
	Action    TcPolAct
	Overhead  uint16
	LinkLayer int
}

type Fou

type Fou struct {
	Family    int
	Port      int
	Protocol  int
	EncapType int
}

func FouList

func FouList(fam int) ([]Fou, error)

type Fq

type Fq struct {
	QdiscAttrs
	PacketLimit     uint32
	FlowPacketLimit uint32
	// In bytes
	Quantum        uint32
	InitialQuantum uint32
	// called RateEnable under the hood
	Pacing          uint32
	FlowDefaultRate uint32
	FlowMaxRate     uint32
	// called BucketsLog under the hood
	Buckets          uint32
	FlowRefillDelay  uint32
	LowRateThreshold uint32
}

Fq is a classless packet scheduler meant to be mostly used for locally generated traffic.

func NewFq

func NewFq(attrs QdiscAttrs) *Fq

func (*Fq) Attrs

func (qdisc *Fq) Attrs() *QdiscAttrs

func (*Fq) Type

func (qdisc *Fq) Type() string

type FqCodel

type FqCodel struct {
	QdiscAttrs
	Target   uint32
	Limit    uint32
	Interval uint32
	ECN      uint32
	Flows    uint32
	Quantum  uint32
}

FQ_Codel (Fair Queuing Controlled Delay) is queuing discipline that combines Fair Queuing with the CoDel AQM scheme.

func NewFqCodel

func NewFqCodel(attrs QdiscAttrs) *FqCodel

func (*FqCodel) Attrs

func (qdisc *FqCodel) Attrs() *QdiscAttrs

func (*FqCodel) Type

func (qdisc *FqCodel) Type() string

type Fw

type Fw struct {
	FilterAttrs
	ClassId uint32
	// TODO remove nl type from interface
	Police nl.TcPolice
	InDev  string
	// TODO Action
	Mask   uint32
	AvRate uint32
	Rtab   [256]uint32
	Ptab   [256]uint32
}

Fw filter filters on firewall marks NOTE: this is in filter_linux because it refers to nl.TcPolice which

is defined in nl/tc_linux.go

func NewFw

func NewFw(attrs FilterAttrs, fattrs FilterFwAttrs) (*Fw, error)

func (*Fw) Attrs

func (filter *Fw) Attrs() *FilterAttrs

func (*Fw) Type

func (filter *Fw) Type() string

type GTP

type GTP struct {
	LinkAttrs
	FD0         int
	FD1         int
	Role        int
	PDPHashsize int
}

func (*GTP) Attrs

func (gtp *GTP) Attrs() *LinkAttrs

func (*GTP) Type

func (gtp *GTP) Type() string

type GenericAction

type GenericAction struct {
	ActionAttrs
}

func (*GenericAction) Attrs

func (action *GenericAction) Attrs() *ActionAttrs

func (*GenericAction) Type

func (action *GenericAction) Type() string

type GenericClass

type GenericClass struct {
	ClassAttrs
	ClassType string
}

GenericClass classes represent types that are not currently understood by this netlink library.

func (*GenericClass) Attrs

func (class *GenericClass) Attrs() *ClassAttrs

func (*GenericClass) Type

func (class *GenericClass) Type() string

type GenericFilter

type GenericFilter struct {
	FilterAttrs
	FilterType string
}

GenericFilter filters represent types that are not currently understood by this netlink library.

func (*GenericFilter) Attrs

func (filter *GenericFilter) Attrs() *FilterAttrs

func (*GenericFilter) Type

func (filter *GenericFilter) Type() string
type GenericLink struct {
	LinkAttrs
	LinkType string
}

GenericLink links represent types that are not currently understood by this netlink library.

func (*GenericLink) Attrs

func (generic *GenericLink) Attrs() *LinkAttrs

func (*GenericLink) Type

func (generic *GenericLink) Type() string

type GenericQdisc

type GenericQdisc struct {
	QdiscAttrs
	QdiscType string
}

GenericQdisc qdiscs represent types that are not currently understood by this netlink library.

func (*GenericQdisc) Attrs

func (qdisc *GenericQdisc) Attrs() *QdiscAttrs

func (*GenericQdisc) Type

func (qdisc *GenericQdisc) Type() string

type GenlFamily

type GenlFamily struct {
	ID      uint16
	HdrSize uint32
	Name    string
	Version uint32
	MaxAttr uint32
	Ops     []GenlOp
	Groups  []GenlMulticastGroup
}

func GenlFamilyGet

func GenlFamilyGet(name string) (*GenlFamily, error)

func GenlFamilyList

func GenlFamilyList() ([]*GenlFamily, error)

type GenlMulticastGroup

type GenlMulticastGroup struct {
	ID   uint32
	Name string
}

type GenlOp

type GenlOp struct {
	ID    uint32
	Flags uint32
}

type Gretap

type Gretap struct {
	LinkAttrs
	IKey       uint32
	OKey       uint32
	EncapSport uint16
	EncapDport uint16
	Local      net.IP
	Remote     net.IP
	IFlags     uint16
	OFlags     uint16
	PMtuDisc   uint8
	Ttl        uint8
	Tos        uint8
	EncapType  uint16
	EncapFlags uint16
	Link       uint32
	FlowBased  bool
}

Gretap devices must specify LocalIP and RemoteIP on create

func (*Gretap) Attrs

func (gretap *Gretap) Attrs() *LinkAttrs

func (*Gretap) Type

func (gretap *Gretap) Type() string

type Gretun

type Gretun struct {
	LinkAttrs
	Link       uint32
	IFlags     uint16
	OFlags     uint16
	IKey       uint32
	OKey       uint32
	Local      net.IP
	Remote     net.IP
	Ttl        uint8
	Tos        uint8
	PMtuDisc   uint8
	EncapType  uint16
	EncapFlags uint16
	EncapSport uint16
	EncapDport uint16
}

func (*Gretun) Attrs

func (gretun *Gretun) Attrs() *LinkAttrs

func (*Gretun) Type

func (gretun *Gretun) Type() string

type Handle

type Handle struct {
	// contains filtered or unexported fields
}

Handle is an handle for the netlink requests on a specific network namespace. All the requests on the same netlink family share the same netlink socket, which gets released when the handle is deleted.

func NewHandle

func NewHandle(nlFamilies ...int) (*Handle, error)

NewHandle returns a netlink handle on the current network namespace. Caller may specify the netlink families the handle should support. If no families are specified, all the families the netlink package supports will be automatically added.

func NewHandleAt

func NewHandleAt(ns netns.NsHandle, nlFamilies ...int) (*Handle, error)

NewHandle returns a netlink handle on the network namespace specified by ns. If ns=netns.None(), current network namespace will be assumed

func NewHandleAtFrom

func NewHandleAtFrom(newNs, curNs netns.NsHandle) (*Handle, error)

NewHandleAtFrom works as NewHandle but allows client to specify the new and the origin netns Handle.

func (*Handle) AddrAdd

func (h *Handle) AddrAdd(link Link, addr *Addr) error

AddrAdd will add an IP address to a link device. Equivalent to: `ip addr add $addr dev $link`

func (*Handle) AddrDel

func (h *Handle) AddrDel(link Link, addr *Addr) error

AddrDel will delete an IP address from a link device. Equivalent to: `ip addr del $addr dev $link`

func (*Handle) AddrList

func (h *Handle) AddrList(link Link, family int) ([]Addr, error)

AddrList gets a list of IP addresses in the system. Equivalent to: `ip addr show`. The list can be filtered by link and ip family.

func (*Handle) AddrReplace

func (h *Handle) AddrReplace(link Link, addr *Addr) error

AddrReplace will replace (or, if not present, add) an IP address on a link device. Equivalent to: `ip addr replace $addr dev $link`

func (*Handle) BridgeSetMcastSnoop

func (h *Handle) BridgeSetMcastSnoop(link Link, on bool) error

func (*Handle) BridgeVlanAdd

func (h *Handle) BridgeVlanAdd(link Link, vid uint16, pvid, untagged, self, master bool) error

BridgeVlanAdd adds a new vlan filter entry Equivalent to: `bridge vlan add dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]`

func (*Handle) BridgeVlanDel

func (h *Handle) BridgeVlanDel(link Link, vid uint16, pvid, untagged, self, master bool) error

BridgeVlanDel adds a new vlan filter entry Equivalent to: `bridge vlan del dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]`

func (*Handle) BridgeVlanList

func (h *Handle) BridgeVlanList() (map[int32][]*nl.BridgeVlanInfo, error)

BridgeVlanList gets a map of device id to bridge vlan infos. Equivalent to: `bridge vlan show`

func (*Handle) ClassAdd

func (h *Handle) ClassAdd(class Class) error

ClassAdd will add a class to the system. Equivalent to: `tc class add $class`

func (*Handle) ClassChange

func (h *Handle) ClassChange(class Class) error

ClassChange will change a class in place Equivalent to: `tc class change $class` The parent and handle MUST NOT be changed.

func (*Handle) ClassDel

func (h *Handle) ClassDel(class Class) error

ClassDel will delete a class from the system. Equivalent to: `tc class del $class`

func (*Handle) ClassList

func (h *Handle) ClassList(link Link, parent uint32) ([]Class, error)

ClassList gets a list of classes in the system. Equivalent to: `tc class show`. Generally returns nothing if link and parent are not specified.

func (*Handle) ClassReplace

func (h *Handle) ClassReplace(class Class) error

ClassReplace will replace a class to the system. quivalent to: `tc class replace $class` The handle MAY be changed. If a class already exist with this parent/handle pair, the class is changed. If a class does not already exist with this parent/handle, a new class is created.

func (*Handle) ConntrackDeleteFilter

func (h *Handle) ConntrackDeleteFilter(table ConntrackTableType, family InetFamily, filter CustomConntrackFilter) (uint, error)

ConntrackDeleteFilter deletes entries on the specified table on the base of the filter using the netlink handle passed conntrack -D [table] parameters Delete conntrack or expectation

func (*Handle) ConntrackTableFlush

func (h *Handle) ConntrackTableFlush(table ConntrackTableType) error

ConntrackTableFlush flushes all the flows of a specified table using the netlink handle passed conntrack -F [table] Flush table The flush operation applies to all the family types

func (*Handle) ConntrackTableList

func (h *Handle) ConntrackTableList(table ConntrackTableType, family InetFamily) ([]*ConntrackFlow, error)

ConntrackTableList returns the flow list of a table of a specific family using the netlink handle passed conntrack -L [table] [options] List conntrack or expectation table

func (*Handle) Delete

func (h *Handle) Delete()

Delete releases the resources allocated to this handle

func (*Handle) FilterAdd

func (h *Handle) FilterAdd(filter Filter) error

FilterAdd will add a filter to the system. Equivalent to: `tc filter add $filter`

func (*Handle) FilterDel

func (h *Handle) FilterDel(filter Filter) error

FilterDel will delete a filter from the system. Equivalent to: `tc filter del $filter`

func (*Handle) FilterList

func (h *Handle) FilterList(link Link, parent uint32) ([]Filter, error)

FilterList gets a list of filters in the system. Equivalent to: `tc filter show`. Generally returns nothing if link and parent are not specified.

func (*Handle) FouAdd

func (h *Handle) FouAdd(f Fou) error

func (*Handle) FouDel

func (h *Handle) FouDel(f Fou) error

func (*Handle) FouList

func (h *Handle) FouList(fam int) ([]Fou, error)

func (*Handle) GTPPDPAdd

func (h *Handle) GTPPDPAdd(link Link, pdp *PDP) error

func (*Handle) GTPPDPByITEI

func (h *Handle) GTPPDPByITEI(link Link, itei int) (*PDP, error)

func (*Handle) GTPPDPByMSAddress

func (h *Handle) GTPPDPByMSAddress(link Link, addr net.IP) (*PDP, error)

func (*Handle) GTPPDPByTID

func (h *Handle) GTPPDPByTID(link Link, tid int) (*PDP, error)

func (*Handle) GTPPDPDel

func (h *Handle) GTPPDPDel(link Link, pdp *PDP) error

func (*Handle) GTPPDPList

func (h *Handle) GTPPDPList() ([]*PDP, error)

func (*Handle) GenlFamilyGet

func (h *Handle) GenlFamilyGet(name string) (*GenlFamily, error)

func (*Handle) GenlFamilyList

func (h *Handle) GenlFamilyList() ([]*GenlFamily, error)

func (*Handle) GetSocketReceiveBufferSize

func (h *Handle) GetSocketReceiveBufferSize() ([]int, error)

GetSocketReceiveBufferSize gets the receiver buffer size for each socket in the netlink handle. The retrieved value should be the double to the one set for SetSocketReceiveBufferSize.

func (*Handle) LinkAdd

func (h *Handle) LinkAdd(link Link) error

LinkAdd adds a new link device. The type and features of the device are taken fromt the parameters in the link object. Equivalent to: `ip link add $link`

func (*Handle) LinkByAlias

func (h *Handle) LinkByAlias(alias string) (Link, error)

LinkByAlias finds a link by its alias and returns a pointer to the object. If there are multiple links with the alias it returns the first one

func (*Handle) LinkByIndex

func (h *Handle) LinkByIndex(index int) (Link, error)

LinkByIndex finds a link by index and returns a pointer to the object.

func (*Handle) LinkByName

func (h *Handle) LinkByName(name string) (Link, error)

LinkByName finds a link by name and returns a pointer to the object.

func (*Handle) LinkDel

func (h *Handle) LinkDel(link Link) error

LinkDel deletes link device. Either Index or Name must be set in the link object for it to be deleted. The other values are ignored. Equivalent to: `ip link del $link`

func (*Handle) LinkGetProtinfo

func (h *Handle) LinkGetProtinfo(link Link) (Protinfo, error)
func (h *Handle) LinkList() ([]Link, error)

LinkList gets a list of link devices. Equivalent to: `ip link show`

func (*Handle) LinkSetARPOff

func (h *Handle) LinkSetARPOff(link Link) error

func (*Handle) LinkSetARPOn

func (h *Handle) LinkSetARPOn(link Link) error

func (*Handle) LinkSetAlias

func (h *Handle) LinkSetAlias(link Link, name string) error

LinkSetAlias sets the alias of the link device. Equivalent to: `ip link set dev $link alias $name`

func (*Handle) LinkSetBrProxyArp

func (h *Handle) LinkSetBrProxyArp(link Link, mode bool) error

func (*Handle) LinkSetBrProxyArpWiFi

func (h *Handle) LinkSetBrProxyArpWiFi(link Link, mode bool) error

func (*Handle) LinkSetDown

func (h *Handle) LinkSetDown(link Link) error

LinkSetDown disables link device. Equivalent to: `ip link set $link down`

func (*Handle) LinkSetFastLeave

func (h *Handle) LinkSetFastLeave(link Link, mode bool) error

func (*Handle) LinkSetFlood

func (h *Handle) LinkSetFlood(link Link, mode bool) error

func (*Handle) LinkSetGuard

func (h *Handle) LinkSetGuard(link Link, mode bool) error

func (*Handle) LinkSetHairpin

func (h *Handle) LinkSetHairpin(link Link, mode bool) error

func (*Handle) LinkSetHardwareAddr

func (h *Handle) LinkSetHardwareAddr(link Link, hwaddr net.HardwareAddr) error

LinkSetHardwareAddr sets the hardware address of the link device. Equivalent to: `ip link set $link address $hwaddr`

func (*Handle) LinkSetLearning

func (h *Handle) LinkSetLearning(link Link, mode bool) error

func (*Handle) LinkSetMTU

func (h *Handle) LinkSetMTU(link Link, mtu int) error

LinkSetMTU sets the mtu of the link device. Equivalent to: `ip link set $link mtu $mtu`

func (*Handle) LinkSetMaster

func (h *Handle) LinkSetMaster(link Link, master *Bridge) error

LinkSetMaster sets the master of the link device. Equivalent to: `ip link set $link master $master`

func (*Handle) LinkSetMasterByIndex

func (h *Handle) LinkSetMasterByIndex(link Link, masterIndex int) error

LinkSetMasterByIndex sets the master of the link device. Equivalent to: `ip link set $link master $master`

func (*Handle) LinkSetName

func (h *Handle) LinkSetName(link Link, name string) error

LinkSetName sets the name of the link device. Equivalent to: `ip link set $link name $name`

func (*Handle) LinkSetNoMaster

func (h *Handle) LinkSetNoMaster(link Link) error

LinkSetNoMaster removes the master of the link device. Equivalent to: `ip link set $link nomaster`

func (*Handle) LinkSetNsFd

func (h *Handle) LinkSetNsFd(link Link, fd int) error

LinkSetNsFd puts the device into a new network namespace. The fd must be an open file descriptor to a network namespace. Similar to: `ip link set $link netns $ns`

func (*Handle) LinkSetNsPid

func (h *Handle) LinkSetNsPid(link Link, nspid int) error

LinkSetNsPid puts the device into a new network namespace. The pid must be a pid of a running process. Equivalent to: `ip link set $link netns $pid`

func (*Handle) LinkSetRootBlock

func (h *Handle) LinkSetRootBlock(link Link, mode bool) error

func (*Handle) LinkSetTxQLen

func (h *Handle) LinkSetTxQLen(link Link, qlen int) error

LinkSetTxQLen sets the transaction queue length for the link. Equivalent to: `ip link set $link txqlen $qlen`

func (*Handle) LinkSetUp

func (h *Handle) LinkSetUp(link Link) error

LinkSetUp enables the link device. Equivalent to: `ip link set $link up`

func (*Handle) LinkSetVfHardwareAddr

func (h *Handle) LinkSetVfHardwareAddr(link Link, vf int, hwaddr net.HardwareAddr) error

LinkSetVfHardwareAddr sets the hardware address of a vf for the link. Equivalent to: `ip link set $link vf $vf mac $hwaddr`

func (*Handle) LinkSetVfSpoofchk

func (h *Handle) LinkSetVfSpoofchk(link Link, vf int, check bool) error

LinkSetVfSpookfchk enables/disables spoof check on a vf for the link. Equivalent to: `ip link set $link vf $vf spoofchk $check`

func (*Handle) LinkSetVfTrust

func (h *Handle) LinkSetVfTrust(link Link, vf int, state bool) error

LinkSetVfTrust enables/disables trust state on a vf for the link. Equivalent to: `ip link set $link vf $vf trust $state`

func (*Handle) LinkSetVfTxRate

func (h *Handle) LinkSetVfTxRate(link Link, vf, rate int) error

LinkSetVfTxRate sets the tx rate of a vf for the link. Equivalent to: `ip link set $link vf $vf rate $rate`

func (*Handle) LinkSetVfVlan

func (h *Handle) LinkSetVfVlan(link Link, vf, vlan int) error

LinkSetVfVlan sets the vlan of a vf for the link. Equivalent to: `ip link set $link vf $vf vlan $vlan`

func (*Handle) MacvlanMACAddrAdd

func (h *Handle) MacvlanMACAddrAdd(link Link, addr net.HardwareAddr) error

func (*Handle) MacvlanMACAddrDel

func (h *Handle) MacvlanMACAddrDel(link Link, addr net.HardwareAddr) error

func (*Handle) MacvlanMACAddrFlush

func (h *Handle) MacvlanMACAddrFlush(link Link) error

func (*Handle) MacvlanMACAddrSet

func (h *Handle) MacvlanMACAddrSet(link Link, addrs []net.HardwareAddr) error

func (*Handle) NeighAdd

func (h *Handle) NeighAdd(neigh *Neigh) error

NeighAdd will add an IP to MAC mapping to the ARP table Equivalent to: `ip neigh add ....`

func (*Handle) NeighAppend

func (h *Handle) NeighAppend(neigh *Neigh) error

NeighAppend will append an entry to FDB Equivalent to: `bridge fdb append...`

func (*Handle) NeighDel

func (h *Handle) NeighDel(neigh *Neigh) error

NeighDel will delete an IP address from a link device. Equivalent to: `ip addr del $addr dev $link`

func (*Handle) NeighList

func (h *Handle) NeighList(linkIndex, family int) ([]Neigh, error)

NeighList gets a list of IP-MAC mappings in the system (ARP table). Equivalent to: `ip neighbor show`. The list can be filtered by link and ip family.

func (*Handle) NeighProxyList

func (h *Handle) NeighProxyList(linkIndex, family int) ([]Neigh, error)

NeighProxyList gets a list of neighbor proxies in the system. Equivalent to: `ip neighbor show proxy`. The list can be filtered by link, ip family.

func (*Handle) NeighSet

func (h *Handle) NeighSet(neigh *Neigh) error

NeighSet will add or replace an IP to MAC mapping to the ARP table Equivalent to: `ip neigh replace....`

func (*Handle) QdiscAdd

func (h *Handle) QdiscAdd(qdisc Qdisc) error

QdiscAdd will add a qdisc to the system. Equivalent to: `tc qdisc add $qdisc`

func (*Handle) QdiscChange

func (h *Handle) QdiscChange(qdisc Qdisc) error

QdiscChange will change a qdisc in place Equivalent to: `tc qdisc change $qdisc` The parent and handle MUST NOT be changed.

func (*Handle) QdiscDel

func (h *Handle) QdiscDel(qdisc Qdisc) error

QdiscDel will delete a qdisc from the system. Equivalent to: `tc qdisc del $qdisc`

func (*Handle) QdiscList

func (h *Handle) QdiscList(link Link) ([]Qdisc, error)

QdiscList gets a list of qdiscs in the system. Equivalent to: `tc qdisc show`. The list can be filtered by link.

func (*Handle) QdiscReplace

func (h *Handle) QdiscReplace(qdisc Qdisc) error

QdiscReplace will replace a qdisc to the system. Equivalent to: `tc qdisc replace $qdisc` The handle MUST change.

func (*Handle) RouteAdd

func (h *Handle) RouteAdd(route *Route) error

RouteAdd will add a route to the system. Equivalent to: `ip route add $route`

func (*Handle) RouteDel

func (h *Handle) RouteDel(route *Route) error

RouteDel will delete a route from the system. Equivalent to: `ip route del $route`

func (*Handle) RouteGet

func (h *Handle) RouteGet(destination net.IP) ([]Route, error)

RouteGet gets a route to a specific destination from the host system. Equivalent to: 'ip route get'.

func (*Handle) RouteList

func (h *Handle) RouteList(link Link, family int) ([]Route, error)

RouteList gets a list of routes in the system. Equivalent to: `ip route show`. The list can be filtered by link and ip family.

func (*Handle) RouteListFiltered

func (h *Handle) RouteListFiltered(family int, filter *Route, filterMask uint64) ([]Route, error)

RouteListFiltered gets a list of routes in the system filtered with specified rules. All rules must be defined in RouteFilter struct

func (*Handle) RouteReplace

func (h *Handle) RouteReplace(route *Route) error

RouteReplace will add a route to the system. Equivalent to: `ip route replace $route`

func (*Handle) RuleAdd

func (h *Handle) RuleAdd(rule *Rule) error

RuleAdd adds a rule to the system. Equivalent to: ip rule add

func (*Handle) RuleDel

func (h *Handle) RuleDel(rule *Rule) error

RuleDel deletes a rule from the system. Equivalent to: ip rule del

func (*Handle) RuleList

func (h *Handle) RuleList(family int) ([]Rule, error)

RuleList lists rules in the system. Equivalent to: ip rule list

func (*Handle) SetPromiscOff

func (h *Handle) SetPromiscOff(link Link) error

func (*Handle) SetPromiscOn

func (h *Handle) SetPromiscOn(link Link) error

func (*Handle) SetSocketReceiveBufferSize

func (h *Handle) SetSocketReceiveBufferSize(size int, force bool) error

SetSocketReceiveBufferSize sets the receive buffer size for each socket in the netlink handle. The maximum value is capped by /proc/sys/net/core/rmem_max.

func (*Handle) SetSocketTimeout

func (h *Handle) SetSocketTimeout(to time.Duration) error

SetSocketTimeout sets the send and receive timeout for each socket in the netlink handle. Although the socket timeout has granularity of one microsecond, the effective granularity is floored by the kernel timer tick, which default value is four milliseconds.

func (*Handle) SupportsNetlinkFamily

func (h *Handle) SupportsNetlinkFamily(nlFamily int) bool

SupportsNetlinkFamily reports whether the passed netlink family is supported by this Handle

func (*Handle) XfrmPolicyAdd

func (h *Handle) XfrmPolicyAdd(policy *XfrmPolicy) error

XfrmPolicyAdd will add an xfrm policy to the system. Equivalent to: `ip xfrm policy add $policy`

func (*Handle) XfrmPolicyDel

func (h *Handle) XfrmPolicyDel(policy *XfrmPolicy) error

XfrmPolicyDel will delete an xfrm policy from the system. Note that the Tmpls are ignored when matching the policy to delete. Equivalent to: `ip xfrm policy del $policy`

func (*Handle) XfrmPolicyFlush

func (h *Handle) XfrmPolicyFlush() error

XfrmPolicyFlush will flush the policies on the system. Equivalent to: `ip xfrm policy flush`

func (*Handle) XfrmPolicyGet

func (h *Handle) XfrmPolicyGet(policy *XfrmPolicy) (*XfrmPolicy, error)

XfrmPolicyGet gets a the policy described by the index or selector, if found. Equivalent to: `ip xfrm policy get { SELECTOR | index INDEX } dir DIR [ctx CTX ] [ mark MARK [ mask MASK ] ] [ ptype PTYPE ]`.

func (*Handle) XfrmPolicyList

func (h *Handle) XfrmPolicyList(family int) ([]XfrmPolicy, error)

XfrmPolicyList gets a list of xfrm policies in the system. Equivalent to: `ip xfrm policy show`. The list can be filtered by ip family.

func (*Handle) XfrmPolicyUpdate

func (h *Handle) XfrmPolicyUpdate(policy *XfrmPolicy) error

XfrmPolicyUpdate will update an xfrm policy to the system. Equivalent to: `ip xfrm policy update $policy`

func (*Handle) XfrmStateAdd

func (h *Handle) XfrmStateAdd(state *XfrmState) error

XfrmStateAdd will add an xfrm state to the system. Equivalent to: `ip xfrm state add $state`

func (*Handle) XfrmStateDel

func (h *Handle) XfrmStateDel(state *XfrmState) error

XfrmStateDel will delete an xfrm state from the system. Note that the Algos are ignored when matching the state to delete. Equivalent to: `ip xfrm state del $state`

func (*Handle) XfrmStateFlush

func (h *Handle) XfrmStateFlush(proto Proto) error

XfrmStateFlush will flush the xfrm state on the system. proto = 0 means any transformation protocols Equivalent to: `ip xfrm state flush [ proto XFRM-PROTO ]`

func (*Handle) XfrmStateGet

func (h *Handle) XfrmStateGet(state *XfrmState) (*XfrmState, error)

XfrmStateGet gets the xfrm state described by the ID, if found. Equivalent to: `ip xfrm state get ID [ mark MARK [ mask MASK ] ]`. Only the fields which constitue the SA ID must be filled in: ID := [ src ADDR ] [ dst ADDR ] [ proto XFRM-PROTO ] [ spi SPI ] mark is optional

func (*Handle) XfrmStateList

func (h *Handle) XfrmStateList(family int) ([]XfrmState, error)

XfrmStateList gets a list of xfrm states in the system. Equivalent to: `ip xfrm state show`. The list can be filtered by ip family.

func (*Handle) XfrmStateUpdate

func (h *Handle) XfrmStateUpdate(state *XfrmState) error

XfrmStateUpdate will update an xfrm state to the system. Equivalent to: `ip xfrm state update $state`

type Htb

type Htb struct {
	QdiscAttrs
	Version      uint32
	Rate2Quantum uint32
	Defcls       uint32
	Debug        uint32
	DirectPkts   uint32
}

Htb is a classful qdisc that rate limits based on tokens

func NewHtb

func NewHtb(attrs QdiscAttrs) *Htb

func (*Htb) Attrs

func (qdisc *Htb) Attrs() *QdiscAttrs

func (*Htb) Type

func (qdisc *Htb) Type() string

type HtbClass

type HtbClass struct {
	ClassAttrs
	Rate    uint64
	Ceil    uint64
	Buffer  uint32
	Cbuffer uint32
	Quantum uint32
	Level   uint32
	Prio    uint32
}

HtbClass represents an Htb class

func NewHtbClass

func NewHtbClass(attrs ClassAttrs, cattrs HtbClassAttrs) *HtbClass

NOTE: function is in here because it uses other linux functions

func (*HtbClass) Attrs

func (q *HtbClass) Attrs() *ClassAttrs

func (HtbClass) String

func (q HtbClass) String() string

func (*HtbClass) Type

func (q *HtbClass) Type() string

type HtbClassAttrs

type HtbClassAttrs struct {
	// TODO handle all attributes
	Rate    uint64
	Ceil    uint64
	Buffer  uint32
	Cbuffer uint32
	Quantum uint32
	Level   uint32
	Prio    uint32
}

func (HtbClassAttrs) String

func (q HtbClassAttrs) String() string

type IPVlan

type IPVlan struct {
	LinkAttrs
	Mode IPVlanMode
}

func (*IPVlan) Attrs

func (ipvlan *IPVlan) Attrs() *LinkAttrs

func (*IPVlan) Type

func (ipvlan *IPVlan) Type() string

type IPVlanMode

type IPVlanMode uint16
const (
	IPVLAN_MODE_L2 IPVlanMode = iota
	IPVLAN_MODE_L3
	IPVLAN_MODE_L3S
	IPVLAN_MODE_MAX
)

type Ifb

type Ifb struct {
	LinkAttrs
}

Ifb links are advanced dummy devices for packet filtering

func (*Ifb) Attrs

func (ifb *Ifb) Attrs() *LinkAttrs

func (*Ifb) Type

func (ifb *Ifb) Type() string

type Ifreq

type Ifreq struct {
	Name [unix.IFNAMSIZ]byte
	Data uintptr
}

Ifreq is a struct for ioctl ethernet manipulation syscalls.

type IfreqSlave

type IfreqSlave struct {
	Name  [unix.IFNAMSIZ]byte
	Slave [unix.IFNAMSIZ]byte
}

IfreqSlave is a struct for ioctl bond manipulation syscalls. It is used to assign slave to bond interface with Name.

type InetFamily

type InetFamily uint8

InetFamily Family type

type Ingress

type Ingress struct {
	QdiscAttrs
}

Ingress is a qdisc for adding ingress filters

func (*Ingress) Attrs

func (qdisc *Ingress) Attrs() *QdiscAttrs

func (*Ingress) Type

func (qdisc *Ingress) Type() string

type Iptun

type Iptun struct {
	LinkAttrs
	Ttl        uint8
	Tos        uint8
	PMtuDisc   uint8
	Link       uint32
	Local      net.IP
	Remote     net.IP
	EncapSport uint16
	EncapDport uint16
	EncapType  uint16
	EncapFlags uint16
	FlowBased  bool
}

func (*Iptun) Attrs

func (iptun *Iptun) Attrs() *LinkAttrs

func (*Iptun) Type

func (iptun *Iptun) Type() string
type Link interface {
	Attrs() *LinkAttrs
	Type() string
}

Link represents a link device from netlink. Shared link attributes like name may be retrieved using the Attrs() method. Unique data can be retrieved by casting the object to the proper type.

func LinkByAlias

func LinkByAlias(alias string) (Link, error)

LinkByAlias finds a link by its alias and returns a pointer to the object. If there are multiple links with the alias it returns the first one

func LinkByIndex

func LinkByIndex(index int) (Link, error)

LinkByIndex finds a link by index and returns a pointer to the object.

func LinkByName

func LinkByName(name string) (Link, error)

LinkByName finds a link by name and returns a pointer to the object.

func LinkDeserialize

func LinkDeserialize(hdr *unix.NlMsghdr, m []byte) (Link, error)

linkDeserialize deserializes a raw message received from netlink into a link object.

func LinkList() ([]Link, error)

LinkList gets a list of link devices. Equivalent to: `ip link show`

type LinkAttrs

type LinkAttrs struct {
	Index        int
	MTU          int
	TxQLen       int // Transmit Queue Length
	Name         string
	HardwareAddr net.HardwareAddr
	Flags        net.Flags
	RawFlags     uint32
	ParentIndex  int         // index of the parent link device
	MasterIndex  int         // must be the index of a bridge
	Namespace    interface{} // nil | NsPid | NsFd
	Alias        string
	Statistics   *LinkStatistics
	Promisc      int
	Xdp          *LinkXdp
	EncapType    string
	Protinfo     *Protinfo
	OperState    LinkOperState
	NetNsID      int
	NumTxQueues  int
	NumRxQueues  int
}

LinkAttrs represents data shared by most link types

func NewLinkAttrs

func NewLinkAttrs() LinkAttrs

NewLinkAttrs returns LinkAttrs structure filled with default values

type LinkNotFoundError

type LinkNotFoundError struct {
	// contains filtered or unexported fields
}

LinkNotFoundError wraps the various not found errors when getting/reading links. This is intended for better error handling by dependent code so that "not found error" can be distinguished from other errors

type LinkOperState

type LinkOperState uint8

LinkOperState represents the values of the IFLA_OPERSTATE link attribute, which contains the RFC2863 state of the interface.

func (LinkOperState) String

func (s LinkOperState) String() string

type LinkStatistics

type LinkStatistics LinkStatistics64

type LinkStatistics32

type LinkStatistics32 struct {
	RxPackets         uint32
	TxPackets         uint32
	RxBytes           uint32
	TxBytes           uint32
	RxErrors          uint32
	TxErrors          uint32
	RxDropped         uint32
	TxDropped         uint32
	Multicast         uint32
	Collisions        uint32
	RxLengthErrors    uint32
	RxOverErrors      uint32
	RxCrcErrors       uint32
	RxFrameErrors     uint32
	RxFifoErrors      uint32
	RxMissedErrors    uint32
	TxAbortedErrors   uint32
	TxCarrierErrors   uint32
	TxFifoErrors      uint32
	TxHeartbeatErrors uint32
	TxWindowErrors    uint32
	RxCompressed      uint32
	TxCompressed      uint32
}

Ref: struct rtnl_link_stats {...}

type LinkStatistics64

type LinkStatistics64 struct {
	RxPackets         uint64
	TxPackets         uint64
	RxBytes           uint64
	TxBytes           uint64
	RxErrors          uint64
	TxErrors          uint64
	RxDropped         uint64
	TxDropped         uint64
	Multicast         uint64
	Collisions        uint64
	RxLengthErrors    uint64
	RxOverErrors      uint64
	RxCrcErrors       uint64
	RxFrameErrors     uint64
	RxFifoErrors      uint64
	RxMissedErrors    uint64
	TxAbortedErrors   uint64
	TxCarrierErrors   uint64
	TxFifoErrors      uint64
	TxHeartbeatErrors uint64
	TxWindowErrors    uint64
	RxCompressed      uint64
	TxCompressed      uint64
}

Ref: struct rtnl_link_stats64 {...}

type LinkSubscribeOptions

type LinkSubscribeOptions struct {
	Namespace     *netns.NsHandle
	ErrorCallback func(error)
	ListExisting  bool
}

LinkSubscribeOptions contains a set of options to use with LinkSubscribeWithOptions.

type LinkUpdate

type LinkUpdate struct {
	nl.IfInfomsg
	Header unix.NlMsghdr
	Link
}

LinkUpdate is used to pass information back from LinkSubscribe()

type LinkXdp

type LinkXdp struct {
	Fd       int
	Attached bool
	Flags    uint32
	ProgId   uint32
}

type MPLSDestination

type MPLSDestination struct {
	Labels []int
}

func (*MPLSDestination) Decode

func (d *MPLSDestination) Decode(buf []byte) error

func (*MPLSDestination) Encode

func (d *MPLSDestination) Encode() ([]byte, error)

func (*MPLSDestination) Equal

func (d *MPLSDestination) Equal(x Destination) bool

func (*MPLSDestination) Family

func (d *MPLSDestination) Family() int

func (*MPLSDestination) String

func (d *MPLSDestination) String() string

type MPLSEncap

type MPLSEncap struct {
	Labels []int
}

func (*MPLSEncap) Decode

func (e *MPLSEncap) Decode(buf []byte) error

func (*MPLSEncap) Encode

func (e *MPLSEncap) Encode() ([]byte, error)

func (*MPLSEncap) Equal

func (e *MPLSEncap) Equal(x Encap) bool

func (*MPLSEncap) String

func (e *MPLSEncap) String() string

func (*MPLSEncap) Type

func (e *MPLSEncap) Type() int

type Macvlan

type Macvlan struct {
	LinkAttrs
	Mode MacvlanMode

	// MACAddrs is only populated for Macvlan SOURCE links
	MACAddrs []net.HardwareAddr
}

Macvlan links have ParentIndex set in their Attrs()

func (*Macvlan) Attrs

func (macvlan *Macvlan) Attrs() *LinkAttrs

func (*Macvlan) Type

func (macvlan *Macvlan) Type() string

type MacvlanMode

type MacvlanMode uint16
const (
	MACVLAN_MODE_DEFAULT MacvlanMode = iota
	MACVLAN_MODE_PRIVATE
	MACVLAN_MODE_VEPA
	MACVLAN_MODE_BRIDGE
	MACVLAN_MODE_PASSTHRU
	MACVLAN_MODE_SOURCE
)

type Macvtap

type Macvtap struct {
	Macvlan
}

Macvtap - macvtap is a virtual interfaces based on macvlan

func (Macvtap) Type

func (macvtap Macvtap) Type() string

type MatchAll

type MatchAll struct {
	FilterAttrs
	ClassId uint32
	Actions []Action
}

MatchAll filters match all packets

func (*MatchAll) Attrs

func (filter *MatchAll) Attrs() *FilterAttrs

func (*MatchAll) Type

func (filter *MatchAll) Type() string

type MirredAct

type MirredAct uint8
const (
	TCA_EGRESS_REDIR   MirredAct = 1 /* packet redirect to EGRESS*/
	TCA_EGRESS_MIRROR  MirredAct = 2 /* mirror packet to EGRESS */
	TCA_INGRESS_REDIR  MirredAct = 3 /* packet redirect to INGRESS*/
	TCA_INGRESS_MIRROR MirredAct = 4 /* mirror packet to INGRESS */
)

func (MirredAct) String

func (a MirredAct) String() string

type MirredAction

type MirredAction struct {
	ActionAttrs
	MirredAction MirredAct
	Ifindex      int
}

func NewMirredAction

func NewMirredAction(redirIndex int) *MirredAction

func (*MirredAction) Attrs

func (action *MirredAction) Attrs() *ActionAttrs

func (*MirredAction) Type

func (action *MirredAction) Type() string

type Mode

type Mode uint8

Mode is an enum representing an ipsec transport.

const (
	XFRM_MODE_TRANSPORT Mode = iota
	XFRM_MODE_TUNNEL
	XFRM_MODE_ROUTEOPTIMIZATION
	XFRM_MODE_IN_TRIGGER
	XFRM_MODE_BEET
	XFRM_MODE_MAX
)

func (Mode) String

func (m Mode) String() string

type Ndmsg

type Ndmsg struct {
	Family uint8
	Index  uint32
	State  uint16
	Flags  uint8
	Type   uint8
}

func (*Ndmsg) Len

func (msg *Ndmsg) Len() int

func (*Ndmsg) Serialize

func (msg *Ndmsg) Serialize() []byte

type Neigh

type Neigh struct {
	LinkIndex    int
	Family       int
	State        int
	Type         int
	Flags        int
	IP           net.IP
	HardwareAddr net.HardwareAddr
	LLIPAddr     net.IP //Used in the case of NHRP
	Vlan         int
	VNI          int
}

Neigh represents a link layer neighbor from netlink.

func NeighDeserialize

func NeighDeserialize(m []byte) (*Neigh, error)

func NeighList

func NeighList(linkIndex, family int) ([]Neigh, error)

NeighList gets a list of IP-MAC mappings in the system (ARP table). Equivalent to: `ip neighbor show`. The list can be filtered by link and ip family.

func NeighProxyList

func NeighProxyList(linkIndex, family int) ([]Neigh, error)

NeighProxyList gets a list of neighbor proxies in the system. Equivalent to: `ip neighbor show proxy`. The list can be filtered by link and ip family.

func (*Neigh) String

func (neigh *Neigh) String() string

String returns $ip/$hwaddr $label

type Netem

type Netem struct {
	QdiscAttrs
	Latency       uint32
	DelayCorr     uint32
	Limit         uint32
	Loss          uint32
	LossCorr      uint32
	Gap           uint32
	Duplicate     uint32
	DuplicateCorr uint32
	Jitter        uint32
	ReorderProb   uint32
	ReorderCorr   uint32
	CorruptProb   uint32
	CorruptCorr   uint32
}

func NewNetem

func NewNetem(attrs QdiscAttrs, nattrs NetemQdiscAttrs) *Netem

NOTE function is here because it uses other linux functions

func (*Netem) Attrs

func (qdisc *Netem) Attrs() *QdiscAttrs

func (*Netem) Type

func (qdisc *Netem) Type() string

type NetemQdiscAttrs

type NetemQdiscAttrs struct {
	Latency       uint32  // in us
	DelayCorr     float32 // in %
	Limit         uint32
	Loss          float32 // in %
	LossCorr      float32 // in %
	Gap           uint32
	Duplicate     float32 // in %
	DuplicateCorr float32 // in %
	Jitter        uint32  // in us
	ReorderProb   float32 // in %
	ReorderCorr   float32 // in %
	CorruptProb   float32 // in %
	CorruptCorr   float32 // in %
}

func (NetemQdiscAttrs) String

func (q NetemQdiscAttrs) String() string

type NextHopFlag

type NextHopFlag int
const (
	FLAG_ONLINK    NextHopFlag = unix.RTNH_F_ONLINK
	FLAG_PERVASIVE NextHopFlag = unix.RTNH_F_PERVASIVE
)

type NexthopInfo

type NexthopInfo struct {
	LinkIndex int
	Hops      int
	Gw        net.IP
	Flags     int
	NewDst    Destination
	Encap     Encap
}

func (NexthopInfo) Equal

func (n NexthopInfo) Equal(x NexthopInfo) bool

func (*NexthopInfo) ListFlags

func (n *NexthopInfo) ListFlags() []string

func (*NexthopInfo) String

func (n *NexthopInfo) String() string

type NsFd

type NsFd int

type NsPid

type NsPid int

type PDP

type PDP struct {
	Version     uint32
	TID         uint64
	PeerAddress net.IP
	MSAddress   net.IP
	Flow        uint16
	NetNSFD     uint32
	ITEI        uint32
	OTEI        uint32
}

func GTPPDPByITEI

func GTPPDPByITEI(link Link, itei int) (*PDP, error)

func GTPPDPByMSAddress

func GTPPDPByMSAddress(link Link, addr net.IP) (*PDP, error)

func GTPPDPByTID

func GTPPDPByTID(link Link, tid int) (*PDP, error)

func GTPPDPList

func GTPPDPList() ([]*PDP, error)

func (*PDP) String

func (pdp *PDP) String() string

type PfifoFast

type PfifoFast struct {
	QdiscAttrs
	Bands       uint8
	PriorityMap [PRIORITY_MAP_LEN]uint8
}

PfifoFast is the default qdisc created by the kernel if one has not been defined for the interface

func (*PfifoFast) Attrs

func (qdisc *PfifoFast) Attrs() *QdiscAttrs

func (*PfifoFast) Type

func (qdisc *PfifoFast) Type() string

type Prio

type Prio struct {
	QdiscAttrs
	Bands       uint8
	PriorityMap [PRIORITY_MAP_LEN]uint8
}

Prio is a basic qdisc that works just like PfifoFast

func NewPrio

func NewPrio(attrs QdiscAttrs) *Prio

func (*Prio) Attrs

func (qdisc *Prio) Attrs() *QdiscAttrs

func (*Prio) Type

func (qdisc *Prio) Type() string

type Protinfo

type Protinfo struct {
	Hairpin      bool
	Guard        bool
	FastLeave    bool
	RootBlock    bool
	Learning     bool
	Flood        bool
	ProxyArp     bool
	ProxyArpWiFi bool
}

Protinfo represents bridge flags from netlink.

func LinkGetProtinfo

func LinkGetProtinfo(link Link) (Protinfo, error)

func (*Protinfo) String

func (prot *Protinfo) String() string

String returns a list of enabled flags

type Proto

type Proto uint8

Proto is an enum representing an ipsec protocol.

const (
	XFRM_PROTO_ROUTE2    Proto = unix.IPPROTO_ROUTING
	XFRM_PROTO_ESP       Proto = unix.IPPROTO_ESP
	XFRM_PROTO_AH        Proto = unix.IPPROTO_AH
	XFRM_PROTO_HAO       Proto = unix.IPPROTO_DSTOPTS
	XFRM_PROTO_COMP      Proto = 0x6c // NOTE not defined on darwin
	XFRM_PROTO_IPSEC_ANY Proto = unix.IPPROTO_RAW
)

func (Proto) String

func (p Proto) String() string

type Qdisc

type Qdisc interface {
	Attrs() *QdiscAttrs
	Type() string
}

func QdiscList

func QdiscList(link Link) ([]Qdisc, error)

QdiscList gets a list of qdiscs in the system. Equivalent to: `tc qdisc show`. The list can be filtered by link.

type QdiscAttrs

type QdiscAttrs struct {
	LinkIndex int
	Handle    uint32
	Parent    uint32
	Refcnt    uint32 // read only
}

QdiscAttrs represents a netlink qdisc. A qdisc is associated with a link, has a handle, a parent and a refcnt. The root qdisc of a device should have parent == HANDLE_ROOT.

func (QdiscAttrs) String

func (q QdiscAttrs) String() string

type Route

type Route struct {
	LinkIndex  int
	ILinkIndex int
	Scope      Scope
	Dst        *net.IPNet
	Src        net.IP
	Gw         net.IP
	MultiPath  []*NexthopInfo
	Protocol   int
	Priority   int
	Table      int
	Type       int
	Tos        int
	Flags      int
	MPLSDst    *int
	NewDst     Destination
	Encap      Encap
	MTU        int
	AdvMSS     int
}

Route represents a netlink route.

func RouteGet

func RouteGet(destination net.IP) ([]Route, error)

RouteGet gets a route to a specific destination from the host system. Equivalent to: 'ip route get'.

func RouteList

func RouteList(link Link, family int) ([]Route, error)

RouteList gets a list of routes in the system. Equivalent to: `ip route show`. The list can be filtered by link and ip family.

func RouteListFiltered

func RouteListFiltered(family int, filter *Route, filterMask uint64) ([]Route, error)

RouteListFiltered gets a list of routes in the system filtered with specified rules. All rules must be defined in RouteFilter struct

func (*Route) ClearFlag

func (r *Route) ClearFlag(flag NextHopFlag)

func (Route) Equal

func (r Route) Equal(x Route) bool

func (*Route) ListFlags

func (r *Route) ListFlags() []string

func (*Route) SetFlag

func (r *Route) SetFlag(flag NextHopFlag)

func (Route) String

func (r Route) String() string

type RouteSubscribeOptions

type RouteSubscribeOptions struct {
	Namespace     *netns.NsHandle
	ErrorCallback func(error)
	ListExisting  bool
}

RouteSubscribeOptions contains a set of options to use with RouteSubscribeWithOptions.

type RouteUpdate

type RouteUpdate struct {
	Type uint16
	Route
}

RouteUpdate is sent when a route changes - type is RTM_NEWROUTE or RTM_DELROUTE

type Rule

type Rule struct {
	Priority          int
	Family            int
	Table             int
	Mark              int
	Mask              int
	TunID             uint
	Goto              int
	Src               *net.IPNet
	Dst               *net.IPNet
	Flow              int
	IifName           string
	OifName           string
	SuppressIfgroup   int
	SuppressPrefixlen int
	Invert            bool
}

Rule represents a netlink rule.

func NewRule

func NewRule() *Rule

NewRule return empty rules.

func RuleList

func RuleList(family int) ([]Rule, error)

RuleList lists rules in the system. Equivalent to: ip rule list

func (Rule) String

func (r Rule) String() string

type SEG6Encap

type SEG6Encap struct {
	Mode     int
	Segments []net.IP
}

SEG6 definitions

func (*SEG6Encap) Decode

func (e *SEG6Encap) Decode(buf []byte) error

func (*SEG6Encap) Encode

func (e *SEG6Encap) Encode() ([]byte, error)

func (*SEG6Encap) Equal

func (e *SEG6Encap) Equal(x Encap) bool

func (*SEG6Encap) String

func (e *SEG6Encap) String() string

func (*SEG6Encap) Type

func (e *SEG6Encap) Type() int

type Scope

type Scope uint8

Scope is an enum representing a route scope.

const (
	SCOPE_UNIVERSE Scope = unix.RT_SCOPE_UNIVERSE
	SCOPE_SITE     Scope = unix.RT_SCOPE_SITE
	SCOPE_LINK     Scope = unix.RT_SCOPE_LINK
	SCOPE_HOST     Scope = unix.RT_SCOPE_HOST
	SCOPE_NOWHERE  Scope = unix.RT_SCOPE_NOWHERE
)

type Sittun

type Sittun struct {
	LinkAttrs
	Link       uint32
	Local      net.IP
	Remote     net.IP
	Ttl        uint8
	Tos        uint8
	PMtuDisc   uint8
	EncapType  uint16
	EncapFlags uint16
	EncapSport uint16
	EncapDport uint16
}

func (*Sittun) Attrs

func (sittun *Sittun) Attrs() *LinkAttrs

func (*Sittun) Type

func (sittun *Sittun) Type() string

type Socket

type Socket struct {
	Family  uint8
	State   uint8
	Timer   uint8
	Retrans uint8
	ID      SocketID
	Expires uint32
	RQueue  uint32
	WQueue  uint32
	UID     uint32
	INode   uint32
}

Socket represents a netlink socket.

func SocketGet

func SocketGet(local, remote net.Addr) (*Socket, error)

SocketGet returns the Socket identified by its local and remote addresses.

type SocketID

type SocketID struct {
	SourcePort      uint16
	DestinationPort uint16
	Source          net.IP
	Destination     net.IP
	Interface       uint32
	Cookie          [2]uint32
}

SocketID identifies a single socket.

type Tbf

type Tbf struct {
	QdiscAttrs
	Rate     uint64
	Limit    uint32
	Buffer   uint32
	Peakrate uint64
	Minburst uint32
}

Tbf is a classless qdisc that rate limits based on tokens

func (*Tbf) Attrs

func (qdisc *Tbf) Attrs() *QdiscAttrs

func (*Tbf) Type

func (qdisc *Tbf) Type() string

type TcAct

type TcAct int32
const (
	TC_ACT_UNSPEC     TcAct = -1
	TC_ACT_OK         TcAct = 0
	TC_ACT_RECLASSIFY TcAct = 1
	TC_ACT_SHOT       TcAct = 2
	TC_ACT_PIPE       TcAct = 3
	TC_ACT_STOLEN     TcAct = 4
	TC_ACT_QUEUED     TcAct = 5
	TC_ACT_REPEAT     TcAct = 6
	TC_ACT_REDIRECT   TcAct = 7
	TC_ACT_JUMP       TcAct = 0x10000000
)

func (TcAct) String

func (a TcAct) String() string

type TcPolAct

type TcPolAct int32
const (
	TC_POLICE_UNSPEC     TcPolAct = TcPolAct(TC_ACT_UNSPEC)
	TC_POLICE_OK         TcPolAct = TcPolAct(TC_ACT_OK)
	TC_POLICE_RECLASSIFY TcPolAct = TcPolAct(TC_ACT_RECLASSIFY)
	TC_POLICE_SHOT       TcPolAct = TcPolAct(TC_ACT_SHOT)
	TC_POLICE_PIPE       TcPolAct = TcPolAct(TC_ACT_PIPE)
)

func (TcPolAct) String

func (a TcPolAct) String() string

type TcU32Key

type TcU32Key struct {
	Mask    uint32
	Val     uint32
	Off     int32
	OffMask int32
}

TcU32Key contained of Sel in the U32 filters. This is the copy and the frontend representation of nl.TcU32Key. It is serialized into chanonical nl.TcU32Sel with the appropriate endianness.

type TcU32Sel

type TcU32Sel struct {
	Flags    uint8
	Offshift uint8
	Nkeys    uint8
	Pad      uint8
	Offmask  uint16
	Off      uint16
	Offoff   int16
	Hoff     int16
	Hmask    uint32
	Keys     []TcU32Key
}

Sel of the U32 filters that contains multiple TcU32Key. This is the copy and the frontend representation of nl.TcU32Sel. It is serialized into canonical nl.TcU32Sel with the appropriate endianness.

type Tuntap

type Tuntap struct {
	LinkAttrs
	Mode   TuntapMode
	Flags  TuntapFlag
	Queues int
	Fds    []*os.File
}

Tuntap links created via /dev/tun/tap, but can be destroyed via netlink

func (*Tuntap) Attrs

func (tuntap *Tuntap) Attrs() *LinkAttrs

func (*Tuntap) Type

func (tuntap *Tuntap) Type() string

type TuntapFlag

type TuntapFlag uint16

type TuntapMode

type TuntapMode uint16

type U32

type U32 struct {
	FilterAttrs
	ClassId    uint32
	RedirIndex int
	Sel        *TcU32Sel
	Actions    []Action
}

U32 filters on many packet related properties

func (*U32) Attrs

func (filter *U32) Attrs() *FilterAttrs

func (*U32) Type

func (filter *U32) Type() string

type Veth

type Veth struct {
	LinkAttrs
	PeerName string // veth on create only
}

Veth devices must specify PeerName on create

func (*Veth) Attrs

func (veth *Veth) Attrs() *LinkAttrs

func (*Veth) Type

func (veth *Veth) Type() string

type Vlan

type Vlan struct {
	LinkAttrs
	VlanId int
}

Vlan links have ParentIndex set in their Attrs()

func (*Vlan) Attrs

func (vlan *Vlan) Attrs() *LinkAttrs

func (*Vlan) Type

func (vlan *Vlan) Type() string

type Vrf

type Vrf struct {
	LinkAttrs
	Table uint32
}

func (*Vrf) Attrs

func (vrf *Vrf) Attrs() *LinkAttrs

func (*Vrf) Type

func (vrf *Vrf) Type() string

type Vti

type Vti struct {
	LinkAttrs
	IKey   uint32
	OKey   uint32
	Link   uint32
	Local  net.IP
	Remote net.IP
}

func (*Vti) Attrs

func (vti *Vti) Attrs() *LinkAttrs

func (*Vti) Type

func (iptun *Vti) Type() string

type Vxlan

type Vxlan struct {
	LinkAttrs
	VxlanId        int
	VtepDevIndex   int
	SrcAddr        net.IP
	Group          net.IP
	TTL            int
	TOS            int
	Learning       bool
	Proxy          bool
	RSC            bool
	L2miss         bool
	L3miss         bool
	UDPCSum        bool
	UDP6ZeroCSumTx bool
	UDP6ZeroCSumRx bool
	NoAge          bool
	GBP            bool
	FlowBased      bool
	Age            int
	Limit          int
	Port           int
	PortLow        int
	PortHigh       int
}

func (*Vxlan) Attrs

func (vxlan *Vxlan) Attrs() *LinkAttrs

func (*Vxlan) Type

func (vxlan *Vxlan) Type() string

type XfrmMark

type XfrmMark struct {
	Value uint32
	Mask  uint32
}

XfrmMark represents the mark associated to the state or policy

func (*XfrmMark) String

func (m *XfrmMark) String() string

type XfrmMsg

type XfrmMsg interface {
	Type() nl.XfrmMsgType
}

type XfrmMsgExpire

type XfrmMsgExpire struct {
	XfrmState *XfrmState
	Hard      bool
}

func (*XfrmMsgExpire) Type

func (ue *XfrmMsgExpire) Type() nl.XfrmMsgType

type XfrmPolicy

type XfrmPolicy struct {
	Dst      *net.IPNet
	Src      *net.IPNet
	Proto    Proto
	DstPort  int
	SrcPort  int
	Dir      Dir
	Priority int
	Index    int
	Mark     *XfrmMark
	Tmpls    []XfrmPolicyTmpl
}

XfrmPolicy represents an ipsec policy. It represents the overlay network and has a list of XfrmPolicyTmpls representing the base addresses of the policy.

func XfrmPolicyGet

func XfrmPolicyGet(policy *XfrmPolicy) (*XfrmPolicy, error)

XfrmPolicyGet gets a the policy described by the index or selector, if found. Equivalent to: `ip xfrm policy get { SELECTOR | index INDEX } dir DIR [ctx CTX ] [ mark MARK [ mask MASK ] ] [ ptype PTYPE ]`.

func XfrmPolicyList

func XfrmPolicyList(family int) ([]XfrmPolicy, error)

XfrmPolicyList gets a list of xfrm policies in the system. Equivalent to: `ip xfrm policy show`. The list can be filtered by ip family.

func (XfrmPolicy) String

func (p XfrmPolicy) String() string

type XfrmPolicyTmpl

type XfrmPolicyTmpl struct {
	Dst   net.IP
	Src   net.IP
	Proto Proto
	Mode  Mode
	Spi   int
	Reqid int
}

XfrmPolicyTmpl encapsulates a rule for the base addresses of an ipsec policy. These rules are matched with XfrmState to determine encryption and authentication algorithms.

func (XfrmPolicyTmpl) String

func (t XfrmPolicyTmpl) String() string

type XfrmState

type XfrmState struct {
	Dst          net.IP
	Src          net.IP
	Proto        Proto
	Mode         Mode
	Spi          int
	Reqid        int
	ReplayWindow int
	Limits       XfrmStateLimits
	Statistics   XfrmStateStats
	Mark         *XfrmMark
	Auth         *XfrmStateAlgo
	Crypt        *XfrmStateAlgo
	Aead         *XfrmStateAlgo
	Encap        *XfrmStateEncap
	ESN          bool
}

XfrmState represents the state of an ipsec policy. It optionally contains an XfrmStateAlgo for encryption and one for authentication.

func XfrmStateAllocSpi

func XfrmStateAllocSpi(state *XfrmState) (*XfrmState, error)

XfrmStateAllocSpi will allocate an xfrm state in the system. Equivalent to: `ip xfrm state allocspi`

func XfrmStateGet

func XfrmStateGet(state *XfrmState) (*XfrmState, error)

XfrmStateGet gets the xfrm state described by the ID, if found. Equivalent to: `ip xfrm state get ID [ mark MARK [ mask MASK ] ]`. Only the fields which constitue the SA ID must be filled in: ID := [ src ADDR ] [ dst ADDR ] [ proto XFRM-PROTO ] [ spi SPI ] mark is optional

func XfrmStateList

func XfrmStateList(family int) ([]XfrmState, error)

XfrmStateList gets a list of xfrm states in the system. Equivalent to: `ip [-4|-6] xfrm state show`. The list can be filtered by ip family.

func (XfrmState) Print

func (sa XfrmState) Print(stats bool) string

func (XfrmState) String

func (sa XfrmState) String() string

type XfrmStateAlgo

type XfrmStateAlgo struct {
	Name        string
	Key         []byte
	TruncateLen int // Auth only
	ICVLen      int // AEAD only
}

XfrmStateAlgo represents the algorithm to use for the ipsec encryption.

func (XfrmStateAlgo) String

func (a XfrmStateAlgo) String() string

type XfrmStateEncap

type XfrmStateEncap struct {
	Type            EncapType
	SrcPort         int
	DstPort         int
	OriginalAddress net.IP
}

XfrmStateEncap represents the encapsulation to use for the ipsec encryption.

func (XfrmStateEncap) String

func (e XfrmStateEncap) String() string

type XfrmStateLimits

type XfrmStateLimits struct {
	ByteSoft    uint64
	ByteHard    uint64
	PacketSoft  uint64
	PacketHard  uint64
	TimeSoft    uint64
	TimeHard    uint64
	TimeUseSoft uint64
	TimeUseHard uint64
}

XfrmStateLimits represents the configured limits for the state.

type XfrmStateStats

type XfrmStateStats struct {
	ReplayWindow uint32
	Replay       uint32
	Failed       uint32
	Bytes        uint64
	Packets      uint64
	AddTime      uint64
	UseTime      uint64
}

XfrmStateStats represents the current number of bytes/packets processed by this State, the State's installation and first use time and the replay window counters.

Directories

Path Synopsis
Package nl has low level primitives for making Netlink calls.
Package nl has low level primitives for making Netlink calls.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL