Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

setsync

package

Go to main page

Versions in this module

v1

v1.37.1

Mar 23, 2026

v1.37.0

Mar 23, 2026

v1.36.0

Mar 23, 2026

Changes in this version

+ const DefaultMemoryBudget

+ const ErrElementNotExist

+ const ErrFileExists

+ const ErrIntervalOverlaps

+ const ErrNoSuchFile

+ const MinAllowedPrefixLen

+ const TableFamilyIPv4

+ const TableFamilyIPv6

+ var BogonPrefixes = []string

+ var ErrMemoryBudgetExceeded = errors.New("CIDR merge aborted: memory budget exceeded")

+ func ApplyDiffToSetWithStats(nft *NFTManager, set *nftables.Set, diff util.DiffResult[string]) (added, removed, unchanged int, err error)

+ func ApplyStringDiffToSet(nft *NFTManager, set *nftables.Set, diff util.DiffResult[string]) error

+ func BatchApplyDiff(nft *NFTManager, applications []DiffApplication) error

+ func GetSyncEfficiency(stats *SyncStats) float64

+ func IsFastSync(stats *SyncStats, threshold int) bool

+ func MergeCIDRsSafe(cidrs []string) ([]string, *MergeStats, *FilterStats, error)

+ func NftListSet(family, table, setName string) (string, error)

+ func PrintSyncResult(result *SyncResult)

+ func PrintSyncStats(stats *SyncStats)

+ func SetMemoryBudget(bytes uint64)

+ type DiffApplication struct

+ Diff util.DiffResult[string]

+ Set *nftables.Set

+ type DiffResult = util.DiffResult[string]

+ func ComputeDiff(desiredIPs []string, currentIPs []string) *DiffResult

+ type FilterStats struct

+ Bogon int

+ Filtered int

+ Kept int

+ TooLarge int

+ Total int

+ func FilterProblematicCIDRs(cidrs []string) ([]string, *FilterStats)

+ type IPRange struct

+ End uint32

+ Start uint32

+ type IPRange6 struct

+ End [16]byte

+ Start [16]byte

+ type MergeStats struct

+ InputCIDRs int

+ OutputRanges int

+ OverlapsMerged int

+ ReductionPct float64

+ func MergeCIDRs(cidrs []string) ([]string, *MergeStats, error)

+ type NFTManager struct

+ func NewNFTManager() (*NFTManager, error)

+ func (m *NFTManager) AddCIDRElements(set *nftables.Set, cidrs []string) error

+ func (m *NFTManager) AddCIDRElementsWithStats(set *nftables.Set, cidrs []string) (*MergeStats, error)

+ func (m *NFTManager) AddDropRuleForSet(chain *nftables.Chain, set *nftables.Set, ipv4 bool) error

+ func (m *NFTManager) AddIPWithTimeout(set *nftables.Set, ipStr string, timeout time.Duration) error

+ func (m *NFTManager) AddPortElements(set *nftables.Set, ports []int) error

+ func (m *NFTManager) AddSetElements(set *nftables.Set, ips []string) error

+ func (m *NFTManager) Close()

+ func (m *NFTManager) CreateChainIfNotExists(table *nftables.Table, chainName string, chainType nftables.ChainType, ...) (*nftables.Chain, error)

+ func (m *NFTManager) DeleteFromIntervalSetCLI(set *nftables.Set, ipStr string) error

+ func (m *NFTManager) DeletePortElements(set *nftables.Set, ports []int) error

+ func (m *NFTManager) DeleteSetElements(set *nftables.Set, ips []string) error

+ func (m *NFTManager) FlushSet(set *nftables.Set) error

+ func (m *NFTManager) GetOrCreateHashSet(table *nftables.Table, setName string, ipv4 bool) (*nftables.Set, error)

+ func (m *NFTManager) GetOrCreateIntervalSet(table *nftables.Table, setName string, ipv4 bool) (*nftables.Set, error)

+ func (m *NFTManager) GetOrCreatePortSet(table *nftables.Table, setName string) (*nftables.Set, error)

+ func (m *NFTManager) GetOrCreateSet(table *nftables.Table, setName string, ipv4 bool) (*nftables.Set, error)

+ func (m *NFTManager) GetOrCreateTable(family nftables.TableFamily) (*nftables.Table, error)

+ func (m *NFTManager) GetPortSet(table *nftables.Table, setName string) (*nftables.Set, error)

+ func (m *NFTManager) GetSetCount(set *nftables.Set) (int, error)

+ func (m *NFTManager) GetSetElements(set *nftables.Set) ([]string, error)

+ func (m *NFTManager) InvalidateTableCache()

+ type Set = nftables.Set

+ type SyncResult struct

+ BlacklistIPv4 *SyncStats

+ BlacklistIPv6 *SyncStats

+ Success bool

+ TotalDuration time.Duration

+ WhitelistIPv4 *SyncStats

+ WhitelistIPv6 *SyncStats

+ func FullSync(nft *NFTManager, whitelistIPv4Set, whitelistIPv6Set *nftables.Set, ...) (*SyncResult, error)

+ type SyncStats struct

+ Duration time.Duration

+ Error error

+ IPsAdded int

+ IPsRemoved int

+ IPsUnchanged int

+ SetName string

+ TotalCurrent int

+ TotalDesired int

+ func SyncSetToNFT(nft *NFTManager, set *nftables.Set, desiredIPs []string) (*SyncStats, error)

+ type TableFamily = nftables.TableFamily