-
Notifications
You must be signed in to change notification settings - Fork 175
Expand file tree
/
Copy pathtypes.go
More file actions
146 lines (136 loc) · 3.28 KB
/
types.go
File metadata and controls
146 lines (136 loc) · 3.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
package nftables
import (
"fmt"
"github.com/mdlayher/netlink"
"golang.org/x/sys/unix"
)
type nftMsgType uint16
// See: https://github.com/torvalds/linux/blob/cbd2257dc96e3e46217540fcb095a757ffa20d96/include/uapi/linux/netfilter/nf_tables.h#L110
const (
nftMsgNewTable nftMsgType = iota
nftMsgGetTable
nftMsgDelTable
nftMsgNewChain
nftMsgGetChain
nftMsgDelChain
nftMsgNewRule
nftMsgGetRule
nftMsgDelRule
nftMsgNewSet
nftMsgGetSet
nftMsgDelSet
nftMsgNewSetElem
nftMsgGetSetElem
nftMsgDelSetElem
nftMsgNewGen
nftMsgGetGen
nftMsgTrace
nftMsgNewObj
nftMsgGetObj
nftMsgDelObj
nftMsgGetObjReset
nftMsgNewFlowtable
nftMsgGetFlowtable
nftMsgDelFlowtable
nftMsgGetRuleReset
nftMsgDestroyTable
nftMsgDestroyChain
nftMsgDestroyRule
nftMsgDestroySet
nftMsgDestroySetElem
nftMsgDestroyObj
nftMsgDestroyFlowtable
nftMsgGetSetElemReset
nftMsgMax
)
func (t nftMsgType) String() string {
switch t {
case nftMsgNewTable:
return "NFT_MSG_NEWTABLE"
case nftMsgGetTable:
return "NFT_MSG_GETTABLE"
case nftMsgDelTable:
return "NFT_MSG_DELTABLE"
case nftMsgNewChain:
return "NFT_MSG_NEWCHAIN"
case nftMsgGetChain:
return "NFT_MSG_GETCHAIN"
case nftMsgDelChain:
return "NFT_MSG_DELCHAIN"
case nftMsgNewRule:
return "NFT_MSG_NEWRULE"
case nftMsgGetRule:
return "NFT_MSG_GETRULE"
case nftMsgDelRule:
return "NFT_MSG_DELRULE"
case nftMsgNewSet:
return "NFT_MSG_NEWSET"
case nftMsgGetSet:
return "NFT_MSG_GETSET"
case nftMsgDelSet:
return "NFT_MSG_DELSET"
case nftMsgNewSetElem:
return "NFT_MSG_NEWSETELEM"
case nftMsgGetSetElem:
return "NFT_MSG_GETSETELEM"
case nftMsgDelSetElem:
return "NFT_MSG_DELSETELEM"
case nftMsgNewGen:
return "NFT_MSG_NEWGEN"
case nftMsgGetGen:
return "NFT_MSG_GETGEN"
case nftMsgTrace:
return "NFT_MSG_TRACE"
case nftMsgNewObj:
return "NFT_MSG_NEWOBJ"
case nftMsgGetObj:
return "NFT_MSG_GETOBJ"
case nftMsgDelObj:
return "NFT_MSG_DELOBJ"
case nftMsgGetObjReset:
return "NFT_MSG_GETOBJ_RESET"
case nftMsgNewFlowtable:
return "NFT_MSG_NEWFLOWTABLE"
case nftMsgGetFlowtable:
return "NFT_MSG_GETFLOWTABLE"
case nftMsgDelFlowtable:
return "NFT_MSG_DELFLOWTABLE"
case nftMsgGetRuleReset:
return "NFT_MSG_GETRULE_RESET"
case nftMsgDestroyTable:
return "NFT_MSG_DESTROYTABLE"
case nftMsgDestroyChain:
return "NFT_MSG_DESTROYCHAIN"
case nftMsgDestroyRule:
return "NFT_MSG_DESTROYRULE"
case nftMsgDestroySet:
return "NFT_MSG_DESTROYSET"
case nftMsgDestroySetElem:
return "NFT_MSG_DESTROYSETELEM"
case nftMsgDestroyObj:
return "NFT_MSG_DESTROYOBJ"
case nftMsgDestroyFlowtable:
return "NFT_MSG_DESTROYFLOWTABLE"
case nftMsgGetSetElemReset:
return "NFT_MSG_GETSETELEM_RESET"
default:
return fmt.Sprintf("Unknown NftMsgType(0x%X)", uint16(t))
}
}
func (t nftMsgType) HeaderType() netlink.HeaderType {
return netlink.HeaderType((unix.NFNL_SUBSYS_NFTABLES << 8) | uint16(t))
}
func (t nftMsgType) Ptr() *nftMsgType {
return &t
}
func parseNftMsgType(ht netlink.HeaderType) (*nftMsgType, error) {
subsys := (uint16(ht) >> 8) & 0xff
if subsys != unix.NFNL_SUBSYS_NFTABLES {
return nil, fmt.Errorf("not an nftables subsystem: %d", subsys)
}
msgType := uint16(ht) & 0xff
if msgType >= uint16(nftMsgMax) {
return nil, fmt.Errorf("invalid nftables message type: %d", msgType)
}
return nftMsgType(msgType).Ptr(), nil
}