Compare commits
3 Commits
5e747c387a
...
427228225c
| Author | SHA1 | Date |
|---|---|---|
shiningw
|
427228225c | |
dependabot[bot]
|
85aee131ff | |
benson
|
3a2bddd071 |
4
go.mod
4
go.mod
|
|
@ -5,12 +5,12 @@ go 1.21
|
||||||
require (
|
require (
|
||||||
github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42
|
github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42
|
||||||
github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc
|
github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc
|
||||||
golang.org/x/sys v0.18.0
|
golang.org/x/sys v0.28.0
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/google/go-cmp v0.6.0 // indirect
|
github.com/google/go-cmp v0.6.0 // indirect
|
||||||
github.com/mdlayher/socket v0.5.0 // indirect
|
github.com/mdlayher/socket v0.5.0 // indirect
|
||||||
golang.org/x/net v0.23.0 // indirect
|
golang.org/x/net v0.33.0 // indirect
|
||||||
golang.org/x/sync v0.6.0 // indirect
|
golang.org/x/sync v0.6.0 // indirect
|
||||||
)
|
)
|
||||||
|
|
|
||||||
8
go.sum
8
go.sum
|
|
@ -6,9 +6,9 @@ github.com/mdlayher/socket v0.5.0 h1:ilICZmJcQz70vrWVes1MFera4jGiWNocSkykwwoy3XI
|
||||||
github.com/mdlayher/socket v0.5.0/go.mod h1:WkcBFfvyG8QENs5+hfQPl1X6Jpd2yeLIYgrGFmJiJxI=
|
github.com/mdlayher/socket v0.5.0/go.mod h1:WkcBFfvyG8QENs5+hfQPl1X6Jpd2yeLIYgrGFmJiJxI=
|
||||||
github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc h1:R83G5ikgLMxrBvLh22JhdfI8K6YXEPHx5P03Uu3DRs4=
|
github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc h1:R83G5ikgLMxrBvLh22JhdfI8K6YXEPHx5P03Uu3DRs4=
|
||||||
github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
|
github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI=
|
||||||
golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
|
golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
|
||||||
golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
|
golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
|
||||||
golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
|
golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
|
||||||
golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
||||||
golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
|
golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
|
||||||
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||||
|
|
|
||||||
|
|
@ -7816,3 +7816,74 @@ func TestNftablesDeadlock(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
func TestSetElementComment(t *testing.T) {
|
||||||
|
// Create a new network namespace to test these operations
|
||||||
|
conn, newNS := nftest.OpenSystemConn(t, *enableSysTests)
|
||||||
|
defer nftest.CleanupSystemConn(t, newNS)
|
||||||
|
conn.FlushRuleset()
|
||||||
|
defer conn.FlushRuleset()
|
||||||
|
|
||||||
|
// Add a new table
|
||||||
|
table := &nftables.Table{
|
||||||
|
Family: nftables.TableFamilyIPv4,
|
||||||
|
Name: "filter",
|
||||||
|
}
|
||||||
|
conn.AddTable(table)
|
||||||
|
|
||||||
|
// Create a new set
|
||||||
|
set := &nftables.Set{
|
||||||
|
Name: "test-set",
|
||||||
|
Table: table,
|
||||||
|
KeyType: nftables.TypeIPAddr,
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create set elements with comments
|
||||||
|
elements := []nftables.SetElement{
|
||||||
|
{
|
||||||
|
Key: net.ParseIP("192.0.2.1").To4(),
|
||||||
|
Comment: "First IP address",
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Key: net.ParseIP("192.0.2.2").To4(),
|
||||||
|
Comment: "Second IP address",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
// Add the set with elements
|
||||||
|
if err := conn.AddSet(set, elements); err != nil {
|
||||||
|
t.Fatalf("failed to add set: %v", err)
|
||||||
|
}
|
||||||
|
if err := conn.Flush(); err != nil {
|
||||||
|
t.Fatalf("failed to flush: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Get the set elements back and verify comments
|
||||||
|
gotElements, err := conn.GetSetElements(set)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("failed to get set elements: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if got, want := len(gotElements), len(elements); got != want {
|
||||||
|
t.Fatalf("got %d elements, want %d", got, want)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create maps to compare elements by their IP addresses
|
||||||
|
wantMap := make(map[string]string)
|
||||||
|
for _, elem := range elements {
|
||||||
|
wantMap[string(elem.Key)] = elem.Comment
|
||||||
|
}
|
||||||
|
|
||||||
|
gotMap := make(map[string]string)
|
||||||
|
for _, elem := range gotElements {
|
||||||
|
gotMap[string(elem.Key)] = elem.Comment
|
||||||
|
}
|
||||||
|
|
||||||
|
// Compare the comments for each IP
|
||||||
|
for ip, wantComment := range wantMap {
|
||||||
|
if gotComment, ok := gotMap[ip]; !ok {
|
||||||
|
t.Errorf("IP %s not found in retrieved elements", ip)
|
||||||
|
} else if gotComment != wantComment {
|
||||||
|
t.Errorf("for IP %s: got comment %q, want comment %q", ip, gotComment, wantComment)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
15
set.go
15
set.go
|
|
@ -288,6 +288,7 @@ type SetElement struct {
|
||||||
Expires time.Duration
|
Expires time.Duration
|
||||||
|
|
||||||
Counter *expr.Counter
|
Counter *expr.Counter
|
||||||
|
Comment string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *SetElement) decode(fam byte) func(b []byte) error {
|
func (s *SetElement) decode(fam byte) func(b []byte) error {
|
||||||
|
|
@ -322,6 +323,12 @@ func (s *SetElement) decode(fam byte) func(b []byte) error {
|
||||||
s.Timeout = time.Millisecond * time.Duration(ad.Uint64())
|
s.Timeout = time.Millisecond * time.Duration(ad.Uint64())
|
||||||
case unix.NFTA_SET_ELEM_EXPIRATION:
|
case unix.NFTA_SET_ELEM_EXPIRATION:
|
||||||
s.Expires = time.Millisecond * time.Duration(ad.Uint64())
|
s.Expires = time.Millisecond * time.Duration(ad.Uint64())
|
||||||
|
case unix.NFTA_SET_ELEM_USERDATA:
|
||||||
|
userData := ad.Bytes()
|
||||||
|
// Try to extract comment from userdata if present
|
||||||
|
if comment, ok := userdata.GetString(userData, userdata.NFTNL_UDATA_SET_ELEM_COMMENT); ok {
|
||||||
|
s.Comment = comment
|
||||||
|
}
|
||||||
case unix.NFTA_SET_ELEM_EXPR:
|
case unix.NFTA_SET_ELEM_EXPR:
|
||||||
elems, err := parseexprfunc.ParseExprBytesFunc(fam, ad)
|
elems, err := parseexprfunc.ParseExprBytesFunc(fam, ad)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -454,6 +461,12 @@ func (s *Set) makeElemList(vals []SetElement, id uint32) ([]netlink.Attribute, e
|
||||||
// If niether of previous cases matche, it means 'e' is an element of a regular Set, no need to add to the attributes
|
// If niether of previous cases matche, it means 'e' is an element of a regular Set, no need to add to the attributes
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Add comment to userdata if present
|
||||||
|
if len(v.Comment) > 0 {
|
||||||
|
userData := userdata.AppendString(nil, userdata.NFTNL_UDATA_SET_ELEM_COMMENT, v.Comment)
|
||||||
|
item = append(item, netlink.Attribute{Type: unix.NFTA_SET_ELEM_USERDATA, Data: userData})
|
||||||
|
}
|
||||||
|
|
||||||
encodedItem, err := netlink.MarshalAttributes(item)
|
encodedItem, err := netlink.MarshalAttributes(item)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("marshal item %d: %v", i, err)
|
return nil, fmt.Errorf("marshal item %d: %v", i, err)
|
||||||
|
|
@ -807,6 +820,7 @@ func elementsFromMsg(fam byte, msg netlink.Message) ([]SetElement, error) {
|
||||||
b := ad.Bytes()
|
b := ad.Bytes()
|
||||||
if ad.Type() == unix.NFTA_SET_ELEM_LIST_ELEMENTS {
|
if ad.Type() == unix.NFTA_SET_ELEM_LIST_ELEMENTS {
|
||||||
ad, err := netlink.NewAttributeDecoder(b)
|
ad, err := netlink.NewAttributeDecoder(b)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
@ -818,6 +832,7 @@ func elementsFromMsg(fam byte, msg netlink.Message) ([]SetElement, error) {
|
||||||
case unix.NFTA_LIST_ELEM:
|
case unix.NFTA_LIST_ELEM:
|
||||||
ad.Do(elem.decode(fam))
|
ad.Do(elem.decode(fam))
|
||||||
}
|
}
|
||||||
|
|
||||||
elements = append(elements, elem)
|
elements = append(elements, elem)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -46,6 +46,12 @@ const (
|
||||||
NFTNL_UDATA_SET_MAX
|
NFTNL_UDATA_SET_MAX
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Set element userdata types
|
||||||
|
const (
|
||||||
|
NFTNL_UDATA_SET_ELEM_COMMENT Type = iota
|
||||||
|
NFTNL_UDATA_SET_ELEM_FLAGS
|
||||||
|
)
|
||||||
|
|
||||||
func Append(udata []byte, typ Type, data []byte) []byte {
|
func Append(udata []byte, typ Type, data []byte) []byte {
|
||||||
udata = append(udata, byte(typ), byte(len(data)))
|
udata = append(udata, byte(typ), byte(len(data)))
|
||||||
udata = append(udata, data...)
|
udata = append(udata, data...)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue