zishuo/netlink
1
0
Fork 0
mirror of https://github.com/vishvananda/netlink.git synced 2025-09-27 04:05:59 +08:00
Code Issues Packages Projects Releases Wiki Activity

ipset: Add support for IPv6

Browse Source
This commit is contained in:
Damien Tournoud
2022-07-21 13:55:47 -07:00
committed by Alessandro Boch
parent afa2eb2a66
commit d44b87fd4d
3 changed files with 87 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
ipset_linux.go
View File

@@ -67,6 +67,7 @@ type IpsetCreateOptions struct {
Comments bool Comments bool
Skbinfo bool Skbinfo bool
Family uint8
Revision uint8 Revision uint8
IPFrom net.IP IPFrom net.IP
IPTo net.IP IPTo net.IP
@@ -158,8 +159,11 @@ func (h *Handle) IpsetCreate(setname, typename string, options IpsetCreateOption
data.AddChild(nl.NewRtAttr(nl.IPSET_ATTR_PORT_FROM|int(nl.NLA_F_NET_BYTEORDER), buf[:2])) data.AddChild(nl.NewRtAttr(nl.IPSET_ATTR_PORT_FROM|int(nl.NLA_F_NET_BYTEORDER), buf[:2]))
data.AddChild(nl.NewRtAttr(nl.IPSET_ATTR_PORT_TO|int(nl.NLA_F_NET_BYTEORDER), buf[2:])) data.AddChild(nl.NewRtAttr(nl.IPSET_ATTR_PORT_TO|int(nl.NLA_F_NET_BYTEORDER), buf[2:]))
default: default:
family = options.Family
if family == 0 {
family = unix.AF_INET family = unix.AF_INET
} }
}
req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_FAMILY, nl.Uint8Attr(family))) req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_FAMILY, nl.Uint8Attr(family)))
@@ -249,6 +253,18 @@ func (h *Handle) IpsetDel(setname string, entry *IPSetEntry) error {
return h.ipsetAddDel(nl.IPSET_CMD_DEL, setname, entry) return h.ipsetAddDel(nl.IPSET_CMD_DEL, setname, entry)
} }
func encodeIP(ip net.IP) (*nl.RtAttr, error) {
typ := int(nl.NLA_F_NET_BYTEORDER)
if ip4 := ip.To4(); ip4 != nil {
typ |= nl.IPSET_ATTR_IPADDR_IPV4
ip = ip4
} else {
typ |= nl.IPSET_ATTR_IPADDR_IPV6
}
return nl.NewRtAttr(typ, ip), nil
}
func (h *Handle) ipsetAddDel(nlCmd int, setname string, entry *IPSetEntry) error { func (h *Handle) ipsetAddDel(nlCmd int, setname string, entry *IPSetEntry) error {
req := h.newIpsetRequest(nlCmd) req := h.newIpsetRequest(nlCmd)
req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(setname))) req.AddData(nl.NewRtAttr(nl.IPSET_ATTR_SETNAME, nl.ZeroTerminated(setname)))
@@ -268,7 +284,10 @@ func (h *Handle) ipsetAddDel(nlCmd int, setname string, entry *IPSetEntry) error
} }
if entry.IP != nil { if entry.IP != nil {
nestedData := nl.NewRtAttr(nl.IPSET_ATTR_IP|int(nl.NLA_F_NET_BYTEORDER), entry.IP) nestedData, err := encodeIP(entry.IP)
if err != nil {
return err
}
data.AddChild(nl.NewRtAttr(nl.IPSET_ATTR_IP|int(nl.NLA_F_NESTED), nestedData.Serialize())) data.AddChild(nl.NewRtAttr(nl.IPSET_ATTR_IP|int(nl.NLA_F_NESTED), nestedData.Serialize()))
} }
@@ -281,7 +300,10 @@ func (h *Handle) ipsetAddDel(nlCmd int, setname string, entry *IPSetEntry) error
} }
if entry.IP2 != nil { if entry.IP2 != nil {
nestedData := nl.NewRtAttr(nl.IPSET_ATTR_IP|int(nl.NLA_F_NET_BYTEORDER), entry.IP2) nestedData, err := encodeIP(entry.IP2)
if err != nil {
return err
}
data.AddChild(nl.NewRtAttr(nl.IPSET_ATTR_IP2|int(nl.NLA_F_NESTED), nestedData.Serialize())) data.AddChild(nl.NewRtAttr(nl.IPSET_ATTR_IP2|int(nl.NLA_F_NESTED), nestedData.Serialize()))
} }
@@ -479,7 +501,7 @@ func parseIPSetEntry(data []byte) (entry IPSetEntry) {
case nl.IPSET_ATTR_IP | nl.NLA_F_NESTED: case nl.IPSET_ATTR_IP | nl.NLA_F_NESTED:
for attr := range nl.ParseAttributes(attr.Value) { for attr := range nl.ParseAttributes(attr.Value) {
switch attr.Type { switch attr.Type {
case nl.IPSET_ATTR_IP: case nl.IPSET_ATTR_IPADDR_IPV4, nl.IPSET_ATTR_IPADDR_IPV6:
entry.IP = net.IP(attr.Value) entry.IP = net.IP(attr.Value)
default: default:
log.Printf("unknown nested ADT attribute from kernel: %+v", attr) log.Printf("unknown nested ADT attribute from kernel: %+v", attr)
@@ -488,7 +510,7 @@ func parseIPSetEntry(data []byte) (entry IPSetEntry) {
case nl.IPSET_ATTR_IP2 | nl.NLA_F_NESTED: case nl.IPSET_ATTR_IP2 | nl.NLA_F_NESTED:
for attr := range nl.ParseAttributes(attr.Value) { for attr := range nl.ParseAttributes(attr.Value) {
switch attr.Type { switch attr.Type {
case nl.IPSET_ATTR_IP: case nl.IPSET_ATTR_IPADDR_IPV4, nl.IPSET_ATTR_IPADDR_IPV6:
entry.IP2 = net.IP(attr.Value) entry.IP2 = net.IP(attr.Value)
default: default:
log.Printf("unknown nested ADT attribute from kernel: %+v", attr) log.Printf("unknown nested ADT attribute from kernel: %+v", attr)

70
ipset_linux_test.go
View File

@@ -145,7 +145,7 @@ func TestIpsetCreateListAddDelDestroy(t *testing.T) {
err = IpsetAdd("my-test-ipset-1", &IPSetEntry{ err = IpsetAdd("my-test-ipset-1", &IPSetEntry{
Comment: "test comment", Comment: "test comment",
IP: net.ParseIP("10.99.99.99").To4(), IP: net.ParseIP("10.99.99.99"),
Replace: false, Replace: false,
}) })
@@ -173,7 +173,7 @@ func TestIpsetCreateListAddDelDestroy(t *testing.T) {
err = IpsetDel("my-test-ipset-1", &IPSetEntry{ err = IpsetDel("my-test-ipset-1", &IPSetEntry{
Comment: "test comment", Comment: "test comment",
IP: net.ParseIP("10.99.99.99").To4(), IP: net.ParseIP("10.99.99.99"),
}) })
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)
@@ -224,7 +224,7 @@ func TestIpsetCreateListAddDelDestroyWithTestCases(t *testing.T) {
}, },
entry: &IPSetEntry{ entry: &IPSetEntry{
Comment: "test comment", Comment: "test comment",
IP: net.ParseIP("10.99.99.99").To4(), IP: net.ParseIP("10.99.99.99"),
Replace: false, Replace: false,
}, },
}, },
@@ -241,7 +241,7 @@ func TestIpsetCreateListAddDelDestroyWithTestCases(t *testing.T) {
}, },
entry: &IPSetEntry{ entry: &IPSetEntry{
Comment: "test comment", Comment: "test comment",
IP: net.ParseIP("10.99.99.0").To4(), IP: net.ParseIP("10.99.99.0"),
CIDR: 24, CIDR: 24,
Replace: false, Replace: false,
}, },
@@ -259,9 +259,9 @@ func TestIpsetCreateListAddDelDestroyWithTestCases(t *testing.T) {
}, },
entry: &IPSetEntry{ entry: &IPSetEntry{
Comment: "test comment", Comment: "test comment",
IP: net.ParseIP("10.99.99.0").To4(), IP: net.ParseIP("10.99.99.0"),
CIDR: 24, CIDR: 24,
IP2: net.ParseIP("10.99.0.0").To4(), IP2: net.ParseIP("10.99.0.0"),
CIDR2: 24, CIDR2: 24,
Replace: false, Replace: false,
}, },
@@ -279,8 +279,8 @@ func TestIpsetCreateListAddDelDestroyWithTestCases(t *testing.T) {
}, },
entry: &IPSetEntry{ entry: &IPSetEntry{
Comment: "test comment", Comment: "test comment",
IP: net.ParseIP("10.99.99.0").To4(), IP: net.ParseIP("10.99.99.0"),
IP2: net.ParseIP("10.99.0.0").To4(), IP2: net.ParseIP("10.99.0.0"),
Replace: false, Replace: false,
}, },
}, },
@@ -297,7 +297,7 @@ func TestIpsetCreateListAddDelDestroyWithTestCases(t *testing.T) {
}, },
entry: &IPSetEntry{ entry: &IPSetEntry{
Comment: "test comment", Comment: "test comment",
IP: net.ParseIP("10.99.99.1").To4(), IP: net.ParseIP("10.99.99.1"),
Protocol: &protocalTCP, Protocol: &protocalTCP,
Port: &port, Port: &port,
Replace: false, Replace: false,
@@ -316,9 +316,9 @@ func TestIpsetCreateListAddDelDestroyWithTestCases(t *testing.T) {
}, },
entry: &IPSetEntry{ entry: &IPSetEntry{
Comment: "test comment", Comment: "test comment",
IP: net.ParseIP("10.99.99.0").To4(), IP: net.ParseIP("10.99.99.0"),
CIDR: 24, CIDR: 24,
IP2: net.ParseIP("10.99.0.0").To4(), IP2: net.ParseIP("10.99.0.0"),
CIDR2: 24, CIDR2: 24,
Protocol: &protocalTCP, Protocol: &protocalTCP,
Port: &port, Port: &port,
@@ -355,7 +355,7 @@ func TestIpsetCreateListAddDelDestroyWithTestCases(t *testing.T) {
}, },
entry: &IPSetEntry{ entry: &IPSetEntry{
Comment: "test comment", Comment: "test comment",
IP: net.ParseIP("10.99.99.0").To4(), IP: net.ParseIP("10.99.99.0"),
CIDR: 24, CIDR: 24,
IFace: "eth0", IFace: "eth0",
Replace: false, Replace: false,
@@ -374,11 +374,51 @@ func TestIpsetCreateListAddDelDestroyWithTestCases(t *testing.T) {
}, },
entry: &IPSetEntry{ entry: &IPSetEntry{
Comment: "test comment", Comment: "test comment",
IP: net.ParseIP("10.99.99.0").To4(), IP: net.ParseIP("10.99.99.0"),
Mark: &timeout, Mark: &timeout,
Replace: false, Replace: false,
}, },
}, },
{
desc: "Type-hash:net6",
setname: "my-test-ipset-11",
typename: "hash:net",
options: IpsetCreateOptions{
Replace: true,
Timeout: &timeout,
Counters: false,
Comments: true,
Skbinfo: true,
Family: unix.AF_INET6,
},
entry: &IPSetEntry{
Comment: "test comment",
IP: net.ParseIP("::1"),
CIDR: 128,
Replace: false,
},
},
{
desc: "Type-hash:net6:net6",
setname: "my-test-ipset-11",
typename: "hash:net,net",
options: IpsetCreateOptions{
Replace: true,
Timeout: &timeout,
Counters: false,
Comments: true,
Skbinfo: true,
Family: unix.AF_INET6,
},
entry: &IPSetEntry{
Comment: "test comment",
IP: net.ParseIP("::1"),
CIDR: 128,
IP2: net.ParseIP("::2"),
CIDR2: 128,
Replace: false,
},
},
} }
for _, tC := range testCases { for _, tC := range testCases {
@@ -528,7 +568,7 @@ func TestIpsetBitmapCreateListWithTestCases(t *testing.T) {
}, },
entry: &IPSetEntry{ entry: &IPSetEntry{
Comment: "test comment", Comment: "test comment",
IP: net.ParseIP("10.99.99.0").To4(), IP: net.ParseIP("10.99.99.0"),
CIDR: 26, CIDR: 26,
Mark: &timeout, Mark: &timeout,
Replace: false, Replace: false,
@@ -593,7 +633,7 @@ func TestIpsetSwap(t *testing.T) {
}() }()
err = IpsetAdd(ipset1, &IPSetEntry{ err = IpsetAdd(ipset1, &IPSetEntry{
IP: net.ParseIP("10.99.99.99").To4(), IP: net.ParseIP("10.99.99.99"),
}) })
if err != nil { if err != nil {
t.Fatal(err) t.Fatal(err)

5
nl/ipset_linux.go
View File

@@ -88,6 +88,11 @@ const (
SET_ATTR_CREATE_MAX SET_ATTR_CREATE_MAX
) )
const (
IPSET_ATTR_IPADDR_IPV4 = 1
IPSET_ATTR_IPADDR_IPV6 = 2
)
/* ADT specific attributes */ /* ADT specific attributes */
const ( const (
IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + iota + 1 IPSET_ATTR_ETHER = IPSET_ATTR_CADT_MAX + iota + 1