Compare commits
1 Commits
fc0210d0ce
...
c734079436
| Author | SHA1 | Date |
|---|---|---|
Paul Greenberg
|
c734079436 |
33
conn.go
33
conn.go
|
|
@ -17,7 +17,6 @@ package nftables
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"math"
|
|
||||||
"os"
|
"os"
|
||||||
"sync"
|
"sync"
|
||||||
"syscall"
|
"syscall"
|
||||||
|
|
@ -39,14 +38,12 @@ type Conn struct {
|
||||||
TestDial nltest.Func // for testing only; passed to nltest.Dial
|
TestDial nltest.Func // for testing only; passed to nltest.Dial
|
||||||
NetNS int // fd referencing the network namespace netlink will interact with.
|
NetNS int // fd referencing the network namespace netlink will interact with.
|
||||||
|
|
||||||
lasting bool // establish a lasting connection to be used across multiple netlink operations.
|
lasting bool // establish a lasting connection to be used across multiple netlink operations.
|
||||||
mu sync.Mutex // protects the following state
|
mu sync.Mutex // protects the following state
|
||||||
messages []netlink.Message
|
messages []netlink.Message
|
||||||
err error
|
err error
|
||||||
nlconn *netlink.Conn // netlink socket using NETLINK_NETFILTER protocol.
|
nlconn *netlink.Conn // netlink socket using NETLINK_NETFILTER protocol.
|
||||||
sockOptions []SockOption
|
sockOptions []SockOption
|
||||||
lastID uint32
|
|
||||||
allocatedIDs uint32
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ConnOption is an option to change the behavior of the nftables Conn returned by Open.
|
// ConnOption is an option to change the behavior of the nftables Conn returned by Open.
|
||||||
|
|
@ -247,7 +244,6 @@ func (cc *Conn) Flush() error {
|
||||||
cc.mu.Lock()
|
cc.mu.Lock()
|
||||||
defer func() {
|
defer func() {
|
||||||
cc.messages = nil
|
cc.messages = nil
|
||||||
cc.allocatedIDs = 0
|
|
||||||
cc.mu.Unlock()
|
cc.mu.Unlock()
|
||||||
}()
|
}()
|
||||||
if len(cc.messages) == 0 {
|
if len(cc.messages) == 0 {
|
||||||
|
|
@ -373,20 +369,3 @@ func batch(messages []netlink.Message) []netlink.Message {
|
||||||
|
|
||||||
return batch
|
return batch
|
||||||
}
|
}
|
||||||
|
|
||||||
// allocateTransactionID allocates an identifier which is only valid in the
|
|
||||||
// current transaction.
|
|
||||||
func (cc *Conn) allocateTransactionID() uint32 {
|
|
||||||
if cc.allocatedIDs == math.MaxUint32 {
|
|
||||||
panic(fmt.Sprintf("trying to allocate more than %d IDs in a single nftables transaction", math.MaxUint32))
|
|
||||||
}
|
|
||||||
// To make it more likely to catch when a transaction ID is erroneously used
|
|
||||||
// in a later transaction, cc.lastID is not reset after each transaction;
|
|
||||||
// instead it is only reset once it rolls over from math.MaxUint32 to 0.
|
|
||||||
cc.allocatedIDs++
|
|
||||||
cc.lastID++
|
|
||||||
if cc.lastID == 0 {
|
|
||||||
cc.lastID = 1
|
|
||||||
}
|
|
||||||
return cc.lastID
|
|
||||||
}
|
|
||||||
|
|
|
||||||
6
go.mod
6
go.mod
|
|
@ -1,17 +1,17 @@
|
||||||
module github.com/google/nftables
|
module github.com/google/nftables
|
||||||
|
|
||||||
go 1.23.0
|
go 1.21
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/google/go-cmp v0.6.0
|
github.com/google/go-cmp v0.6.0
|
||||||
github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42
|
github.com/mdlayher/netlink v1.7.3-0.20250113171957-fbb4dce95f42
|
||||||
github.com/vishvananda/netlink v1.3.0
|
github.com/vishvananda/netlink v1.3.0
|
||||||
github.com/vishvananda/netns v0.0.4
|
github.com/vishvananda/netns v0.0.4
|
||||||
golang.org/x/sys v0.31.0
|
golang.org/x/sys v0.28.0
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
github.com/mdlayher/socket v0.5.0 // indirect
|
github.com/mdlayher/socket v0.5.0 // indirect
|
||||||
golang.org/x/net v0.37.0 // indirect
|
golang.org/x/net v0.33.0 // indirect
|
||||||
golang.org/x/sync v0.6.0 // indirect
|
golang.org/x/sync v0.6.0 // indirect
|
||||||
)
|
)
|
||||||
|
|
|
||||||
8
go.sum
8
go.sum
|
|
@ -8,11 +8,11 @@ github.com/vishvananda/netlink v1.3.0 h1:X7l42GfcV4S6E4vHTsw48qbrV+9PVojNfIhZcwQ
|
||||||
github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
|
github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
|
||||||
github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
|
github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
|
||||||
github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
|
github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
|
||||||
golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c=
|
golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I=
|
||||||
golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
|
golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
|
||||||
golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
|
golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
|
||||||
golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
|
||||||
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
|
golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA=
|
||||||
golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
|
golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||||
|
|
|
||||||
5
set.go
5
set.go
|
|
@ -46,6 +46,8 @@ const (
|
||||||
NFTA_SET_ELEM_EXPRESSIONS = 0x11
|
NFTA_SET_ELEM_EXPRESSIONS = 0x11
|
||||||
)
|
)
|
||||||
|
|
||||||
|
var allocSetID uint32
|
||||||
|
|
||||||
// SetDatatype represents a datatype declared by nft.
|
// SetDatatype represents a datatype declared by nft.
|
||||||
type SetDatatype struct {
|
type SetDatatype struct {
|
||||||
Name string
|
Name string
|
||||||
|
|
@ -530,7 +532,8 @@ func (cc *Conn) AddSet(s *Set, vals []SetElement) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if s.ID == 0 {
|
if s.ID == 0 {
|
||||||
s.ID = cc.allocateTransactionID()
|
allocSetID++
|
||||||
|
s.ID = allocSetID
|
||||||
if s.Anonymous {
|
if s.Anonymous {
|
||||||
s.Name = "__set%d"
|
s.Name = "__set%d"
|
||||||
if s.IsMap {
|
if s.IsMap {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue