Documentation
¶
Overview ¶
Package ipc provides inter-process communication for the NFTBan daemon architecture.
NFTBan uses a single-writer architecture where all nftables write operations must go through the nftband daemon. This package provides the client-side IPC mechanism for communicating with the daemon over a Unix socket.
Architecture ¶
The IPC client connects to nftband daemon at /run/nftban/nftband.sock and sends JSON-encoded requests for operations like:
- Ban/Unban IP addresses
- Sync feeds and geoban sets
- Manage whitelist entries
Usage ¶
client := ipc.NewClient()
resp, err := client.Send(ipc.Request{
Command: "ban",
Args: []string{"192.168.1.100"},
})
Thread Safety ¶
The Client type is safe for concurrent use. Each Send() call creates a new connection to the daemon socket.
See also: cmd/nftband for the daemon implementation.
Index ¶
- Constants
- type Client
- func (c *Client) AddElement(table, set, element string, timeout int) (*Response, error)
- func (c *Client) ApplyRuleset(filePath string, checkOnly bool) (*Response, error)
- func (c *Client) Ban(ip string, timeout int, reason, source string) (*Response, error)
- func (c *Client) Call(method string, params map[string]any) (*Response, error)
- func (c *Client) Check(ip string) (*Response, error)
- func (c *Client) DeleteElement(table, set, element string) (*Response, error)
- func (c *Client) FlushSet(table, set string) (*Response, error)
- func (c *Client) IsConnected() bool
- func (c *Client) LoadCIDRs(setType string, cidrs []string) (*Response, error)
- func (c *Client) LoadPorts() (*Response, error)
- func (c *Client) Modules() (*Response, error)
- func (c *Client) PersistBan(ip, reason, source string) (*Response, error)
- func (c *Client) Ping() error
- func (c *Client) SetTimeout(d time.Duration)
- func (c *Client) SnapshotProfile(profileType string, duration int) (*Response, error)
- func (c *Client) Stats() (*Response, error)
- func (c *Client) StatsHistory(days int) (*Response, error)
- func (c *Client) Status() (*Response, error)
- func (c *Client) Sync() (*Response, error)
- func (c *Client) Unban(ip string) (*Response, error)
- func (c *Client) UnpersistBan(ip string) (*Response, error)
- type Request
- type Response
Constants ¶
const ( // DefaultSocketPath is the default daemon socket location DefaultSocketPath = "/run/nftban/nftband.sock" // DefaultTimeout is the default request timeout DefaultTimeout = 30 * time.Second )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client provides IPC communication with nftband daemon
func NewClientWithSocket ¶
NewClientWithSocket creates a client with custom socket path
func (*Client) AddElement ¶
AddElement adds an element to a set
func (*Client) ApplyRuleset ¶
ApplyRuleset applies a ruleset from file
func (*Client) DeleteElement ¶
DeleteElement removes an element from a set
func (*Client) IsConnected ¶
IsConnected checks if daemon is reachable
func (*Client) LoadCIDRs ¶
LoadCIDRs loads CIDRs into blacklist or whitelist sets setType should be "blacklist" or "whitelist" If cidrs is nil/empty, loads from feeds/trust directories
func (*Client) PersistBan ¶
PersistBan adds an IP to persistent blacklist files This is for permanent bans that survive reboots
func (*Client) SetTimeout ¶
SetTimeout sets the request timeout
func (*Client) SnapshotProfile ¶ added in v1.0.26
SnapshotProfile triggers a pprof profile capture profileType: "heap", "goroutine", or "cpu" duration: seconds for CPU profile (only used for cpu type, default 30s)
func (*Client) StatsHistory ¶ added in v1.0.26
StatsHistory returns historical daily stats for specified number of days days: number of days to retrieve (1-30)
Source Files