kilo/vendor/github.com/vishvananda/netlink/nl/ipset_linux.go

package nl

import (
	"strconv"

	"golang.org/x/sys/unix"
)

const (
	/* The protocol version */
	IPSET_PROTOCOL = 6

	/* The max length of strings including NUL: set and type identifiers */
	IPSET_MAXNAMELEN = 32

	/* The maximum permissible comment length we will accept over netlink */
	IPSET_MAX_COMMENT_SIZE = 255
)

const (
	_                  = iota
	IPSET_CMD_PROTOCOL /* 1: Return protocol version */
	IPSET_CMD_CREATE   /* 2: Create a new (empty) set */
	IPSET_CMD_DESTROY  /* 3: Destroy a (empty) set */
	IPSET_CMD_FLUSH    /* 4: Remove all elements from a set */
	IPSET_CMD_RENAME   /* 5: Rename a set */
	IPSET_CMD_SWAP     /* 6: Swap two sets */
	IPSET_CMD_LIST     /* 7: List sets */
	IPSET_CMD_SAVE     /* 8: Save sets */
	IPSET_CMD_ADD      /* 9: Add an element to a set */
	IPSET_CMD_DEL      /* 10: Delete an element from a set */
	IPSET_CMD_TEST     /* 11: Test an element in a set */
	IPSET_CMD_HEADER   /* 12: Get set header data only */
	IPSET_CMD_TYPE     /* 13: Get set type */
)

/* Attributes at command level */
const (
	_                       = iota
	IPSET_ATTR_PROTOCOL     /* 1: Protocol version */
	IPSET_ATTR_SETNAME      /* 2: Name of the set */
	IPSET_ATTR_TYPENAME     /* 3: Typename */
	IPSET_ATTR_REVISION     /* 4: Settype revision */
	IPSET_ATTR_FAMILY       /* 5: Settype family */
	IPSET_ATTR_FLAGS        /* 6: Flags at command level */
	IPSET_ATTR_DATA         /* 7: Nested attributes */
	IPSET_ATTR_ADT          /* 8: Multiple data containers */
	IPSET_ATTR_LINENO       /* 9: Restore lineno */
	IPSET_ATTR_PROTOCOL_MIN /* 10: Minimal supported version number */

	IPSET_ATTR_SETNAME2     = IPSET_ATTR_TYPENAME     /* Setname at rename/swap */
	IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN /* type rev min */
)

/* CADT specific attributes */
const (
	IPSET_ATTR_IP          = 1
	IPSET_ATTR_IP_FROM     = 1
	IPSET_ATTR_IP_TO       = 2
	IPSET_ATTR_CIDR        = 3
	IPSET_ATTR_PORT        = 4
	IPSET_ATTR_PORT_FROM   = 4
	IPSET_ATTR_PORT_TO     = 5
	IPSET_ATTR_TIMEOUT     = 6
	IPSET_ATTR_PROTO       = 7
	IPSET_ATTR_CADT_FLAGS  = 8
	IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO /* 9 */
	IPSET_ATTR_MARK        = 10
	IPSET_ATTR_MARKMASK    = 11

	/* Reserve empty slots */
	IPSET_ATTR_CADT_MAX = 16

	/* Create-only specific attributes */
	IPSET_ATTR_GC = 3 + iota
	IPSET_ATTR_HASHSIZE
	IPSET_ATTR_MAXELEM
	IPSET_ATTR_NETMASK
	IPSET_ATTR_PROBES
	IPSET_ATTR_RESIZE
	IPSET_ATTR_SIZE

	/* Kernel-only */
	IPSET_ATTR_ELEMENTS
	IPSET_ATTR_REFERENCES
	IPSET_ATTR_MEMSIZE

	SET_ATTR_CREATE_MAX
)

/* ADT specific attributes */
const (
	IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + iota + 1
	IPSET_ATTR_NAME
	IPSET_ATTR_NAMEREF
	IPSET_ATTR_IP2
	IPSET_ATTR_CIDR2
	IPSET_ATTR_IP2_TO
	IPSET_ATTR_IFACE
	IPSET_ATTR_BYTES
	IPSET_ATTR_PACKETS
	IPSET_ATTR_COMMENT
	IPSET_ATTR_SKBMARK
	IPSET_ATTR_SKBPRIO
	IPSET_ATTR_SKBQUEUE
)

/* Flags at CADT attribute level, upper half of cmdattrs */
const (
	IPSET_FLAG_BIT_BEFORE        = 0
	IPSET_FLAG_BEFORE            = (1 << IPSET_FLAG_BIT_BEFORE)
	IPSET_FLAG_BIT_PHYSDEV       = 1
	IPSET_FLAG_PHYSDEV           = (1 << IPSET_FLAG_BIT_PHYSDEV)
	IPSET_FLAG_BIT_NOMATCH       = 2
	IPSET_FLAG_NOMATCH           = (1 << IPSET_FLAG_BIT_NOMATCH)
	IPSET_FLAG_BIT_WITH_COUNTERS = 3
	IPSET_FLAG_WITH_COUNTERS     = (1 << IPSET_FLAG_BIT_WITH_COUNTERS)
	IPSET_FLAG_BIT_WITH_COMMENT  = 4
	IPSET_FLAG_WITH_COMMENT      = (1 << IPSET_FLAG_BIT_WITH_COMMENT)
	IPSET_FLAG_BIT_WITH_FORCEADD = 5
	IPSET_FLAG_WITH_FORCEADD     = (1 << IPSET_FLAG_BIT_WITH_FORCEADD)
	IPSET_FLAG_BIT_WITH_SKBINFO  = 6
	IPSET_FLAG_WITH_SKBINFO      = (1 << IPSET_FLAG_BIT_WITH_SKBINFO)
	IPSET_FLAG_CADT_MAX          = 15
)

const (
	IPSET_ERR_PRIVATE = 4096 + iota
	IPSET_ERR_PROTOCOL
	IPSET_ERR_FIND_TYPE
	IPSET_ERR_MAX_SETS
	IPSET_ERR_BUSY
	IPSET_ERR_EXIST_SETNAME2
	IPSET_ERR_TYPE_MISMATCH
	IPSET_ERR_EXIST
	IPSET_ERR_INVALID_CIDR
	IPSET_ERR_INVALID_NETMASK
	IPSET_ERR_INVALID_FAMILY
	IPSET_ERR_TIMEOUT
	IPSET_ERR_REFERENCED
	IPSET_ERR_IPADDR_IPV4
	IPSET_ERR_IPADDR_IPV6
	IPSET_ERR_COUNTER
	IPSET_ERR_COMMENT
	IPSET_ERR_INVALID_MARKMASK
	IPSET_ERR_SKBINFO

	/* Type specific error codes */
	IPSET_ERR_TYPE_SPECIFIC = 4352
)

type IPSetError uintptr

func (e IPSetError) Error() string {
	switch int(e) {
	case IPSET_ERR_PRIVATE:
		return "private"
	case IPSET_ERR_PROTOCOL:
		return "invalid protocol"
	case IPSET_ERR_FIND_TYPE:
		return "invalid type"
	case IPSET_ERR_MAX_SETS:
		return "max sets reached"
	case IPSET_ERR_BUSY:
		return "busy"
	case IPSET_ERR_EXIST_SETNAME2:
		return "exist_setname2"
	case IPSET_ERR_TYPE_MISMATCH:
		return "type mismatch"
	case IPSET_ERR_EXIST:
		return "exist"
	case IPSET_ERR_INVALID_CIDR:
		return "invalid cidr"
	case IPSET_ERR_INVALID_NETMASK:
		return "invalid netmask"
	case IPSET_ERR_INVALID_FAMILY:
		return "invalid family"
	case IPSET_ERR_TIMEOUT:
		return "timeout"
	case IPSET_ERR_REFERENCED:
		return "referenced"
	case IPSET_ERR_IPADDR_IPV4:
		return "invalid ipv4 address"
	case IPSET_ERR_IPADDR_IPV6:
		return "invalid ipv6 address"
	case IPSET_ERR_COUNTER:
		return "invalid counter"
	case IPSET_ERR_COMMENT:
		return "invalid comment"
	case IPSET_ERR_INVALID_MARKMASK:
		return "invalid markmask"
	case IPSET_ERR_SKBINFO:
		return "skbinfo"
	default:
		return "errno " + strconv.Itoa(int(e))
	}
}

func GetIpsetFlags(cmd int) int {
	switch cmd {
	case IPSET_CMD_CREATE:
		return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_CREATE
	case IPSET_CMD_DESTROY,
		IPSET_CMD_FLUSH,
		IPSET_CMD_RENAME,
		IPSET_CMD_SWAP,
		IPSET_CMD_TEST:
		return unix.NLM_F_REQUEST | unix.NLM_F_ACK
	case IPSET_CMD_LIST,
		IPSET_CMD_SAVE:
		return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_ROOT | unix.NLM_F_MATCH | unix.NLM_F_DUMP
	case IPSET_CMD_ADD,
		IPSET_CMD_DEL:
		return unix.NLM_F_REQUEST | unix.NLM_F_ACK
	case IPSET_CMD_HEADER,
		IPSET_CMD_TYPE,
		IPSET_CMD_PROTOCOL:
		return unix.NLM_F_REQUEST
	default:
		return 0
	}
}
CNI: bump to 1.0.1 (#297) * CNI: bump to 1.0.1 This commit bumps the declared version of CNI in the Kilo manifests to 1.0.1. This is possible with no changes to the configuration lists because our simple configuration is not affected by any of the deprecations, and there was effectively no change between 0.4.0 and 1.0.0, other than the declaration of a stable API. Similarly, this commit also bumps the version of the CNI library and the plugins package. Bumping to CNI 1.0.0 will help ensure that Kilo stays compatible with container runtimes in the future. Signed-off-by: Lucas Servén Marín <lserven@gmail.com> * vendor: revendor Signed-off-by: Lucas Servén Marín <lserven@gmail.com> 2022-04-18 17:00:37 +00:00			`package nl`

			`import (`
			`"strconv"`

			`"golang.org/x/sys/unix"`
			`)`

			`const (`
			`/* The protocol version */`
			`IPSET_PROTOCOL = 6`

			`/* The max length of strings including NUL: set and type identifiers */`
			`IPSET_MAXNAMELEN = 32`

			`/* The maximum permissible comment length we will accept over netlink */`
			`IPSET_MAX_COMMENT_SIZE = 255`
			`)`

			`const (`
			`_ = iota`
			`IPSET_CMD_PROTOCOL /* 1: Return protocol version */`
			`IPSET_CMD_CREATE /* 2: Create a new (empty) set */`
			`IPSET_CMD_DESTROY /* 3: Destroy a (empty) set */`
			`IPSET_CMD_FLUSH /* 4: Remove all elements from a set */`
			`IPSET_CMD_RENAME /* 5: Rename a set */`
			`IPSET_CMD_SWAP /* 6: Swap two sets */`
			`IPSET_CMD_LIST /* 7: List sets */`
			`IPSET_CMD_SAVE /* 8: Save sets */`
			`IPSET_CMD_ADD /* 9: Add an element to a set */`
			`IPSET_CMD_DEL /* 10: Delete an element from a set */`
			`IPSET_CMD_TEST /* 11: Test an element in a set */`
			`IPSET_CMD_HEADER /* 12: Get set header data only */`
			`IPSET_CMD_TYPE /* 13: Get set type */`
			`)`

			`/* Attributes at command level */`
			`const (`
			`_ = iota`
			`IPSET_ATTR_PROTOCOL /* 1: Protocol version */`
			`IPSET_ATTR_SETNAME /* 2: Name of the set */`
			`IPSET_ATTR_TYPENAME /* 3: Typename */`
			`IPSET_ATTR_REVISION /* 4: Settype revision */`
			`IPSET_ATTR_FAMILY /* 5: Settype family */`
			`IPSET_ATTR_FLAGS /* 6: Flags at command level */`
			`IPSET_ATTR_DATA /* 7: Nested attributes */`
			`IPSET_ATTR_ADT /* 8: Multiple data containers */`
			`IPSET_ATTR_LINENO /* 9: Restore lineno */`
			`IPSET_ATTR_PROTOCOL_MIN /* 10: Minimal supported version number */`

			`IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME /* Setname at rename/swap */`
			`IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN /* type rev min */`
			`)`

			`/* CADT specific attributes */`
			`const (`
			`IPSET_ATTR_IP = 1`
			`IPSET_ATTR_IP_FROM = 1`
			`IPSET_ATTR_IP_TO = 2`
			`IPSET_ATTR_CIDR = 3`
			`IPSET_ATTR_PORT = 4`
			`IPSET_ATTR_PORT_FROM = 4`
			`IPSET_ATTR_PORT_TO = 5`
			`IPSET_ATTR_TIMEOUT = 6`
			`IPSET_ATTR_PROTO = 7`
			`IPSET_ATTR_CADT_FLAGS = 8`
			`IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO /* 9 */`
			`IPSET_ATTR_MARK = 10`
			`IPSET_ATTR_MARKMASK = 11`

			`/* Reserve empty slots */`
			`IPSET_ATTR_CADT_MAX = 16`

			`/* Create-only specific attributes */`
			`IPSET_ATTR_GC = 3 + iota`
			`IPSET_ATTR_HASHSIZE`
			`IPSET_ATTR_MAXELEM`
			`IPSET_ATTR_NETMASK`
			`IPSET_ATTR_PROBES`
			`IPSET_ATTR_RESIZE`
			`IPSET_ATTR_SIZE`

			`/* Kernel-only */`
			`IPSET_ATTR_ELEMENTS`
			`IPSET_ATTR_REFERENCES`
			`IPSET_ATTR_MEMSIZE`

			`SET_ATTR_CREATE_MAX`
			`)`

			`/* ADT specific attributes */`
			`const (`
			`IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + iota + 1`
			`IPSET_ATTR_NAME`
			`IPSET_ATTR_NAMEREF`
			`IPSET_ATTR_IP2`
			`IPSET_ATTR_CIDR2`
			`IPSET_ATTR_IP2_TO`
			`IPSET_ATTR_IFACE`
			`IPSET_ATTR_BYTES`
			`IPSET_ATTR_PACKETS`
			`IPSET_ATTR_COMMENT`
			`IPSET_ATTR_SKBMARK`
			`IPSET_ATTR_SKBPRIO`
			`IPSET_ATTR_SKBQUEUE`
			`)`

			`/* Flags at CADT attribute level, upper half of cmdattrs */`
			`const (`
			`IPSET_FLAG_BIT_BEFORE = 0`
			`IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE)`
			`IPSET_FLAG_BIT_PHYSDEV = 1`
			`IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV)`
			`IPSET_FLAG_BIT_NOMATCH = 2`
			`IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH)`
			`IPSET_FLAG_BIT_WITH_COUNTERS = 3`
			`IPSET_FLAG_WITH_COUNTERS = (1 << IPSET_FLAG_BIT_WITH_COUNTERS)`
			`IPSET_FLAG_BIT_WITH_COMMENT = 4`
			`IPSET_FLAG_WITH_COMMENT = (1 << IPSET_FLAG_BIT_WITH_COMMENT)`
			`IPSET_FLAG_BIT_WITH_FORCEADD = 5`
			`IPSET_FLAG_WITH_FORCEADD = (1 << IPSET_FLAG_BIT_WITH_FORCEADD)`
			`IPSET_FLAG_BIT_WITH_SKBINFO = 6`
			`IPSET_FLAG_WITH_SKBINFO = (1 << IPSET_FLAG_BIT_WITH_SKBINFO)`
			`IPSET_FLAG_CADT_MAX = 15`
			`)`

			`const (`
			`IPSET_ERR_PRIVATE = 4096 + iota`
			`IPSET_ERR_PROTOCOL`
			`IPSET_ERR_FIND_TYPE`
			`IPSET_ERR_MAX_SETS`
			`IPSET_ERR_BUSY`
			`IPSET_ERR_EXIST_SETNAME2`
			`IPSET_ERR_TYPE_MISMATCH`
			`IPSET_ERR_EXIST`
			`IPSET_ERR_INVALID_CIDR`
			`IPSET_ERR_INVALID_NETMASK`
			`IPSET_ERR_INVALID_FAMILY`
			`IPSET_ERR_TIMEOUT`
			`IPSET_ERR_REFERENCED`
			`IPSET_ERR_IPADDR_IPV4`
			`IPSET_ERR_IPADDR_IPV6`
			`IPSET_ERR_COUNTER`
			`IPSET_ERR_COMMENT`
			`IPSET_ERR_INVALID_MARKMASK`
			`IPSET_ERR_SKBINFO`

			`/* Type specific error codes */`
			`IPSET_ERR_TYPE_SPECIFIC = 4352`
			`)`

			`type IPSetError uintptr`

			`func (e IPSetError) Error() string {`
			`switch int(e) {`
			`case IPSET_ERR_PRIVATE:`
			`return "private"`
			`case IPSET_ERR_PROTOCOL:`
			`return "invalid protocol"`
			`case IPSET_ERR_FIND_TYPE:`
			`return "invalid type"`
			`case IPSET_ERR_MAX_SETS:`
			`return "max sets reached"`
			`case IPSET_ERR_BUSY:`
			`return "busy"`
			`case IPSET_ERR_EXIST_SETNAME2:`
			`return "exist_setname2"`
			`case IPSET_ERR_TYPE_MISMATCH:`
			`return "type mismatch"`
			`case IPSET_ERR_EXIST:`
			`return "exist"`
			`case IPSET_ERR_INVALID_CIDR:`
			`return "invalid cidr"`
			`case IPSET_ERR_INVALID_NETMASK:`
			`return "invalid netmask"`
			`case IPSET_ERR_INVALID_FAMILY:`
			`return "invalid family"`
			`case IPSET_ERR_TIMEOUT:`
			`return "timeout"`
			`case IPSET_ERR_REFERENCED:`
			`return "referenced"`
			`case IPSET_ERR_IPADDR_IPV4:`
			`return "invalid ipv4 address"`
			`case IPSET_ERR_IPADDR_IPV6:`
			`return "invalid ipv6 address"`
			`case IPSET_ERR_COUNTER:`
			`return "invalid counter"`
			`case IPSET_ERR_COMMENT:`
			`return "invalid comment"`
			`case IPSET_ERR_INVALID_MARKMASK:`
			`return "invalid markmask"`
			`case IPSET_ERR_SKBINFO:`
			`return "skbinfo"`
			`default:`
			`return "errno " + strconv.Itoa(int(e))`
			`}`
			`}`

			`func GetIpsetFlags(cmd int) int {`
			`switch cmd {`
			`case IPSET_CMD_CREATE:`
			`return unix.NLM_F_REQUEST \| unix.NLM_F_ACK \| unix.NLM_F_CREATE`
			`case IPSET_CMD_DESTROY,`
			`IPSET_CMD_FLUSH,`
			`IPSET_CMD_RENAME,`
			`IPSET_CMD_SWAP,`
			`IPSET_CMD_TEST:`
			`return unix.NLM_F_REQUEST \| unix.NLM_F_ACK`
			`case IPSET_CMD_LIST,`
			`IPSET_CMD_SAVE:`
			`return unix.NLM_F_REQUEST \| unix.NLM_F_ACK \| unix.NLM_F_ROOT \| unix.NLM_F_MATCH \| unix.NLM_F_DUMP`
			`case IPSET_CMD_ADD,`
			`IPSET_CMD_DEL:`
			`return unix.NLM_F_REQUEST \| unix.NLM_F_ACK`
			`case IPSET_CMD_HEADER,`
			`IPSET_CMD_TYPE,`
			`IPSET_CMD_PROTOCOL:`
			`return unix.NLM_F_REQUEST`
			`default:`
			`return 0`
			`}`
			`}`