Documentation
¶
Index ¶
Constants ¶
const ( // OP_DROP pops a boolean value and routes to slot 0 when it is true. OP_DROP byte = iota // OP_SLOT pops a boolean value and routes to the following uint8 slot when it is true. OP_SLOT // OP_TRUE pushes true onto the boolean stack. OP_TRUE // OP_FALSE pushes false onto the boolean stack. OP_FALSE // OP_NOT inverts the boolean value on top of the stack. OP_NOT // OP_AND replaces the two top stack values with their logical conjunction. OP_AND // OP_OR replaces the two top stack values with their logical disjunction. OP_OR // OP_NET4 pushes whether the operation is for IPv4 or has an IPv4 address. OP_NET4 // OP_NET6 pushes whether the operation is for IPv6 or has an IPv6 address. OP_NET6 // OP_UDP pushes whether the operation uses a UDP network. OP_UDP // OP_TCP pushes whether the operation uses a TCP network. OP_TCP // OP_FQDN pushes whether the remote address is a hostname rather than an IP. OP_FQDN // OP_LFQDN pushes whether the local address is a hostname rather than an IP. OP_LFQDN // OP_ADDR_S pushes whether the remote address host equals a string table value. OP_ADDR_S // OP_LADDR_S pushes whether the local address host equals a string table value. OP_LADDR_S // OP_ADDR_RE pushes whether the remote address host matches a regexp table value. OP_ADDR_RE // OP_LADDR_RE pushes whether the local address host matches a regexp table value. OP_LADDR_RE // OP_ADDR4 pushes whether the remote address equals an IPv4 table value. OP_ADDR4 // OP_LADDR4 pushes whether the local address equals an IPv4 table value. OP_LADDR4 // OP_ADDR6 pushes whether the remote address equals an IPv6 table value. OP_ADDR6 // OP_LADDR6 pushes whether the local address equals an IPv6 table value. OP_LADDR6 // OP_SNET4 pushes whether the remote IPv4 address is in an IPv4 subnet table value. OP_SNET4 // OP_LSNET4 pushes whether the local IPv4 address is in an IPv4 subnet table value. OP_LSNET4 // OP_SNET6 pushes whether the remote IPv6 address is in an IPv6 subnet table value. OP_SNET6 // OP_LSNET6 pushes whether the local IPv6 address is in an IPv6 subnet table value. OP_LSNET6 // OP_PORT pushes whether the remote address port equals the following uint16 port. OP_PORT // OP_LPORT pushes whether the local address port equals the following uint16 port. OP_LPORT // OP_RULE pushes whether the packet matches an IPMatcher rule. OP_RULE // OP_CGRP pushes whether IPMatcher packet info has the following cgroup id. OP_CGRP // OP_UID pushes whether IPMatcher packet info has the following uid. OP_UID // OP_GID pushes whether IPMatcher packet info has the following gid. OP_GID // OP_UNAME pushes whether IPMatcher packet info has the following user name. OP_UNAME // OP_UEXP pushes whether IPMatcher packet info user matches the following regexp. OP_UEXP // OP_MARK pushes whether IPMatcher packet info has the following route mark. OP_MARK // OP_PID pushes whether IPMatcher packet info has the following pid. OP_PID )
Variables ¶
This section is empty.
Functions ¶
func NewBytecodeRouterCfg ¶
func NewBytecodeRouterCfg(rules BytecodeRules) (gonnect.RouterCfg, error)
NewBytecodeRouterCfg validates rules and returns a gonnect.RouterCfg that evaluates stack-based bytecode for each Router operation.
func NewBytecodeSplitRouter ¶
func NewBytecodeSplitRouter(rules SplitBytecodeRules) (tun.SplitRouter, error)
NewBytecodeSplitRouter validates rules and returns a tun.SplitRouter that evaluates stack-based bytecode against IP packets.
Types ¶
type BytecodeRules ¶
type BytecodeRules struct {
Strings []string
Regexps []*regexp.Regexp
IPv4Addrs []uint32
IPv4Subnets []IPv4Subnet
IPv6Addrs []netip.Addr
IPv6Subnets []netip.Prefix
DialTCP []byte
ListenTCP []byte
DialUDP []byte
RouteUDP []byte
Lookup []byte
}
BytecodeRules contains the immutable tables and bytecode programs used to build a gonnect.RouterCfg.
Each program is encoded as one-byte opcodes followed by the opcode parameter when it has one. OP_SLOT uses one uint8 parameter. String, regexp, address, subnet, and port operations use one little-endian uint16 parameter. A program routes to slot 0 when it finishes without a matching OP_DROP or OP_SLOT.
Every bytecode slice is validated by NewBytecodeRouterCfg. The constructor copies all slices, so later changes to BytecodeRules do not affect routing.
func NewBytecodeRules ¶
func NewBytecodeRules( dialTCP, listenTCP, dialUDP, routeUDP, lookup string, ) (BytecodeRules, error)
NewBytecodeRules parses the simple routing rules language into BytecodeRules.
type IPv4Subnet ¶
IPv4Subnet is an IPv4 CIDR subnet used by bytecode routing rules.
Addr is the canonical big-endian 32-bit IPv4 address. Bits is the CIDR prefix length and must be in the range 0..32.
type SplitBytecodeRules ¶
type SplitBytecodeRules struct {
Matcher sysnet.IPMatcher
Strings []string
Regexps []*regexp.Regexp
IPv4Addrs []uint32
IPv4Subnets []IPv4Subnet
IPv6Addrs []netip.Addr
IPv6Subnets []netip.Prefix
Route []byte
}
SplitBytecodeRules contains the immutable tables and bytecode program used to build a tun.SplitRouter.
The packet router supports the common bytecode opcodes plus OP_RULE, OP_CGRP, OP_UID, OP_GID, OP_UNAME, OP_UEXP, OP_MARK, and OP_PID. The constructor validates and copies all slices before returning the router.
func NewSplitBytecodeRules ¶
func NewSplitBytecodeRules( matcher sysnet.IPMatcher, route string, ) (SplitBytecodeRules, error)
NewSplitBytecodeRules parses the simple routing rules language into SplitBytecodeRules.
Source Files