8cadff2b79
* CNI: bump to 1.0.1 This commit bumps the declared version of CNI in the Kilo manifests to 1.0.1. This is possible with no changes to the configuration lists because our simple configuration is not affected by any of the deprecations, and there was effectively no change between 0.4.0 and 1.0.0, other than the declaration of a stable API. Similarly, this commit also bumps the version of the CNI library and the plugins package. Bumping to CNI 1.0.0 will help ensure that Kilo stays compatible with container runtimes in the future. Signed-off-by: Lucas Servén Marín <lserven@gmail.com> * vendor: revendor Signed-off-by: Lucas Servén Marín <lserven@gmail.com>
223 lines
5.8 KiB
Go
223 lines
5.8 KiB
Go
package nl
|
|
|
|
import (
|
|
"strconv"
|
|
|
|
"golang.org/x/sys/unix"
|
|
)
|
|
|
|
const (
|
|
/* The protocol version */
|
|
IPSET_PROTOCOL = 6
|
|
|
|
/* The max length of strings including NUL: set and type identifiers */
|
|
IPSET_MAXNAMELEN = 32
|
|
|
|
/* The maximum permissible comment length we will accept over netlink */
|
|
IPSET_MAX_COMMENT_SIZE = 255
|
|
)
|
|
|
|
const (
|
|
_ = iota
|
|
IPSET_CMD_PROTOCOL /* 1: Return protocol version */
|
|
IPSET_CMD_CREATE /* 2: Create a new (empty) set */
|
|
IPSET_CMD_DESTROY /* 3: Destroy a (empty) set */
|
|
IPSET_CMD_FLUSH /* 4: Remove all elements from a set */
|
|
IPSET_CMD_RENAME /* 5: Rename a set */
|
|
IPSET_CMD_SWAP /* 6: Swap two sets */
|
|
IPSET_CMD_LIST /* 7: List sets */
|
|
IPSET_CMD_SAVE /* 8: Save sets */
|
|
IPSET_CMD_ADD /* 9: Add an element to a set */
|
|
IPSET_CMD_DEL /* 10: Delete an element from a set */
|
|
IPSET_CMD_TEST /* 11: Test an element in a set */
|
|
IPSET_CMD_HEADER /* 12: Get set header data only */
|
|
IPSET_CMD_TYPE /* 13: Get set type */
|
|
)
|
|
|
|
/* Attributes at command level */
|
|
const (
|
|
_ = iota
|
|
IPSET_ATTR_PROTOCOL /* 1: Protocol version */
|
|
IPSET_ATTR_SETNAME /* 2: Name of the set */
|
|
IPSET_ATTR_TYPENAME /* 3: Typename */
|
|
IPSET_ATTR_REVISION /* 4: Settype revision */
|
|
IPSET_ATTR_FAMILY /* 5: Settype family */
|
|
IPSET_ATTR_FLAGS /* 6: Flags at command level */
|
|
IPSET_ATTR_DATA /* 7: Nested attributes */
|
|
IPSET_ATTR_ADT /* 8: Multiple data containers */
|
|
IPSET_ATTR_LINENO /* 9: Restore lineno */
|
|
IPSET_ATTR_PROTOCOL_MIN /* 10: Minimal supported version number */
|
|
|
|
IPSET_ATTR_SETNAME2 = IPSET_ATTR_TYPENAME /* Setname at rename/swap */
|
|
IPSET_ATTR_REVISION_MIN = IPSET_ATTR_PROTOCOL_MIN /* type rev min */
|
|
)
|
|
|
|
/* CADT specific attributes */
|
|
const (
|
|
IPSET_ATTR_IP = 1
|
|
IPSET_ATTR_IP_FROM = 1
|
|
IPSET_ATTR_IP_TO = 2
|
|
IPSET_ATTR_CIDR = 3
|
|
IPSET_ATTR_PORT = 4
|
|
IPSET_ATTR_PORT_FROM = 4
|
|
IPSET_ATTR_PORT_TO = 5
|
|
IPSET_ATTR_TIMEOUT = 6
|
|
IPSET_ATTR_PROTO = 7
|
|
IPSET_ATTR_CADT_FLAGS = 8
|
|
IPSET_ATTR_CADT_LINENO = IPSET_ATTR_LINENO /* 9 */
|
|
IPSET_ATTR_MARK = 10
|
|
IPSET_ATTR_MARKMASK = 11
|
|
|
|
/* Reserve empty slots */
|
|
IPSET_ATTR_CADT_MAX = 16
|
|
|
|
/* Create-only specific attributes */
|
|
IPSET_ATTR_GC = 3 + iota
|
|
IPSET_ATTR_HASHSIZE
|
|
IPSET_ATTR_MAXELEM
|
|
IPSET_ATTR_NETMASK
|
|
IPSET_ATTR_PROBES
|
|
IPSET_ATTR_RESIZE
|
|
IPSET_ATTR_SIZE
|
|
|
|
/* Kernel-only */
|
|
IPSET_ATTR_ELEMENTS
|
|
IPSET_ATTR_REFERENCES
|
|
IPSET_ATTR_MEMSIZE
|
|
|
|
SET_ATTR_CREATE_MAX
|
|
)
|
|
|
|
/* ADT specific attributes */
|
|
const (
|
|
IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + iota + 1
|
|
IPSET_ATTR_NAME
|
|
IPSET_ATTR_NAMEREF
|
|
IPSET_ATTR_IP2
|
|
IPSET_ATTR_CIDR2
|
|
IPSET_ATTR_IP2_TO
|
|
IPSET_ATTR_IFACE
|
|
IPSET_ATTR_BYTES
|
|
IPSET_ATTR_PACKETS
|
|
IPSET_ATTR_COMMENT
|
|
IPSET_ATTR_SKBMARK
|
|
IPSET_ATTR_SKBPRIO
|
|
IPSET_ATTR_SKBQUEUE
|
|
)
|
|
|
|
/* Flags at CADT attribute level, upper half of cmdattrs */
|
|
const (
|
|
IPSET_FLAG_BIT_BEFORE = 0
|
|
IPSET_FLAG_BEFORE = (1 << IPSET_FLAG_BIT_BEFORE)
|
|
IPSET_FLAG_BIT_PHYSDEV = 1
|
|
IPSET_FLAG_PHYSDEV = (1 << IPSET_FLAG_BIT_PHYSDEV)
|
|
IPSET_FLAG_BIT_NOMATCH = 2
|
|
IPSET_FLAG_NOMATCH = (1 << IPSET_FLAG_BIT_NOMATCH)
|
|
IPSET_FLAG_BIT_WITH_COUNTERS = 3
|
|
IPSET_FLAG_WITH_COUNTERS = (1 << IPSET_FLAG_BIT_WITH_COUNTERS)
|
|
IPSET_FLAG_BIT_WITH_COMMENT = 4
|
|
IPSET_FLAG_WITH_COMMENT = (1 << IPSET_FLAG_BIT_WITH_COMMENT)
|
|
IPSET_FLAG_BIT_WITH_FORCEADD = 5
|
|
IPSET_FLAG_WITH_FORCEADD = (1 << IPSET_FLAG_BIT_WITH_FORCEADD)
|
|
IPSET_FLAG_BIT_WITH_SKBINFO = 6
|
|
IPSET_FLAG_WITH_SKBINFO = (1 << IPSET_FLAG_BIT_WITH_SKBINFO)
|
|
IPSET_FLAG_CADT_MAX = 15
|
|
)
|
|
|
|
const (
|
|
IPSET_ERR_PRIVATE = 4096 + iota
|
|
IPSET_ERR_PROTOCOL
|
|
IPSET_ERR_FIND_TYPE
|
|
IPSET_ERR_MAX_SETS
|
|
IPSET_ERR_BUSY
|
|
IPSET_ERR_EXIST_SETNAME2
|
|
IPSET_ERR_TYPE_MISMATCH
|
|
IPSET_ERR_EXIST
|
|
IPSET_ERR_INVALID_CIDR
|
|
IPSET_ERR_INVALID_NETMASK
|
|
IPSET_ERR_INVALID_FAMILY
|
|
IPSET_ERR_TIMEOUT
|
|
IPSET_ERR_REFERENCED
|
|
IPSET_ERR_IPADDR_IPV4
|
|
IPSET_ERR_IPADDR_IPV6
|
|
IPSET_ERR_COUNTER
|
|
IPSET_ERR_COMMENT
|
|
IPSET_ERR_INVALID_MARKMASK
|
|
IPSET_ERR_SKBINFO
|
|
|
|
/* Type specific error codes */
|
|
IPSET_ERR_TYPE_SPECIFIC = 4352
|
|
)
|
|
|
|
type IPSetError uintptr
|
|
|
|
func (e IPSetError) Error() string {
|
|
switch int(e) {
|
|
case IPSET_ERR_PRIVATE:
|
|
return "private"
|
|
case IPSET_ERR_PROTOCOL:
|
|
return "invalid protocol"
|
|
case IPSET_ERR_FIND_TYPE:
|
|
return "invalid type"
|
|
case IPSET_ERR_MAX_SETS:
|
|
return "max sets reached"
|
|
case IPSET_ERR_BUSY:
|
|
return "busy"
|
|
case IPSET_ERR_EXIST_SETNAME2:
|
|
return "exist_setname2"
|
|
case IPSET_ERR_TYPE_MISMATCH:
|
|
return "type mismatch"
|
|
case IPSET_ERR_EXIST:
|
|
return "exist"
|
|
case IPSET_ERR_INVALID_CIDR:
|
|
return "invalid cidr"
|
|
case IPSET_ERR_INVALID_NETMASK:
|
|
return "invalid netmask"
|
|
case IPSET_ERR_INVALID_FAMILY:
|
|
return "invalid family"
|
|
case IPSET_ERR_TIMEOUT:
|
|
return "timeout"
|
|
case IPSET_ERR_REFERENCED:
|
|
return "referenced"
|
|
case IPSET_ERR_IPADDR_IPV4:
|
|
return "invalid ipv4 address"
|
|
case IPSET_ERR_IPADDR_IPV6:
|
|
return "invalid ipv6 address"
|
|
case IPSET_ERR_COUNTER:
|
|
return "invalid counter"
|
|
case IPSET_ERR_COMMENT:
|
|
return "invalid comment"
|
|
case IPSET_ERR_INVALID_MARKMASK:
|
|
return "invalid markmask"
|
|
case IPSET_ERR_SKBINFO:
|
|
return "skbinfo"
|
|
default:
|
|
return "errno " + strconv.Itoa(int(e))
|
|
}
|
|
}
|
|
|
|
func GetIpsetFlags(cmd int) int {
|
|
switch cmd {
|
|
case IPSET_CMD_CREATE:
|
|
return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_CREATE
|
|
case IPSET_CMD_DESTROY,
|
|
IPSET_CMD_FLUSH,
|
|
IPSET_CMD_RENAME,
|
|
IPSET_CMD_SWAP,
|
|
IPSET_CMD_TEST:
|
|
return unix.NLM_F_REQUEST | unix.NLM_F_ACK
|
|
case IPSET_CMD_LIST,
|
|
IPSET_CMD_SAVE:
|
|
return unix.NLM_F_REQUEST | unix.NLM_F_ACK | unix.NLM_F_ROOT | unix.NLM_F_MATCH | unix.NLM_F_DUMP
|
|
case IPSET_CMD_ADD,
|
|
IPSET_CMD_DEL:
|
|
return unix.NLM_F_REQUEST | unix.NLM_F_ACK
|
|
case IPSET_CMD_HEADER,
|
|
IPSET_CMD_TYPE,
|
|
IPSET_CMD_PROTOCOL:
|
|
return unix.NLM_F_REQUEST
|
|
default:
|
|
return 0
|
|
}
|
|
}
|