manager

package
v0.55.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 20, 2025 License: BSD-3-Clause Imports: 12 Imported by: 5

Documentation

Index

Constants

View Source 
const (
	ForwardingFormatPrefix = "netbird-fwd-"
	ForwardingFormat       = "netbird-fwd-%s-%t"
	PreroutingFormat       = "netbird-prerouting-%s-%t"
	NatFormat              = "netbird-nat-%s-%t"
)

Variables

This section is empty.

Functions

func GenKey 

func GenKey(format string, pair RouterPair) string

func MergeIPRanges added in v0.30.0 

func MergeIPRanges(prefixes []netip.Prefix) []netip.Prefix

MergeIPRanges merges overlapping IP ranges and returns a slice of non-overlapping netip.Prefix

func SetLegacyManagement added in v0.30.0 

func SetLegacyManagement(router LegacyManager, isLegacy bool) error

SetLegacyManagement sets the route manager to use legacy management

func SortPrefixes added in v0.30.1 

func SortPrefixes(prefixes []netip.Prefix)

SortPrefixes sorts the given slice of netip.Prefix in place. It sorts first by IP address, then by prefix length (most specific to least specific).

Types

type Action 

type Action int

Action is the action to be taken on a rule 

const (
	// ActionAccept is the action to accept a packet
	ActionAccept Action = iota
	// ActionDrop is the action to drop a packet
	ActionDrop
)

func (Action) String added in v0.43.0 

func (a Action) String() string

String returns the string representation of the action

type ForwardRule added in v0.38.0 

type ForwardRule struct {
	Protocol          Protocol
	DestinationPort   Port
	TranslatedAddress netip.Addr
	TranslatedPort    Port
}

ForwardRule todo figure out better place to this to avoid circular imports

func (ForwardRule) ID added in v0.38.0 

func (r ForwardRule) ID() string

func (ForwardRule) String added in v0.38.0 

func (r ForwardRule) String() string

type LegacyManager added in v0.30.0 

type LegacyManager interface {
	RemoveAllLegacyRouteRules() error
	GetLegacyManagement() bool
	SetLegacyManagement(bool)
}

LegacyManager defines the interface for legacy management operations

type Manager 

type Manager interface {
	Init(stateManager *statemanager.Manager) error

	// AllowNetbird allows netbird interface traffic
	AllowNetbird() error

	// AddPeerFiltering adds a rule to the firewall
	//
	// If comment argument is empty firewall manager should set
	// rule ID as comment for the rule
	AddPeerFiltering(
		id []byte,
		ip net.IP,
		proto Protocol,
		sPort *Port,
		dPort *Port,
		action Action,
		ipsetName string,
	) ([]Rule, error)

	// DeletePeerRule from the firewall by rule definition
	DeletePeerRule(rule Rule) error

	// IsServerRouteSupported returns true if the firewall supports server side routing operations
	IsServerRouteSupported() bool

	IsStateful() bool

	AddRouteFiltering(
		id []byte,
		sources []netip.Prefix,
		destination Network,
		proto Protocol,
		sPort, dPort *Port,
		action Action,
	) (Rule, error)

	// DeleteRouteRule deletes a routing rule
	DeleteRouteRule(rule Rule) error

	// AddNatRule inserts a routing NAT rule
	AddNatRule(pair RouterPair) error

	// RemoveNatRule removes a routing NAT rule
	RemoveNatRule(pair RouterPair) error

	// SetLegacyManagement sets the legacy management mode
	SetLegacyManagement(legacy bool) error

	// Close closes the firewall manager
	Close(stateManager *statemanager.Manager) error

	// Flush the changes to firewall controller
	Flush() error

	SetLogLevel(log.Level)

	EnableRouting() error

	DisableRouting() error

	// AddDNATRule adds a DNAT rule
	AddDNATRule(ForwardRule) (Rule, error)

	// DeleteDNATRule deletes a DNAT rule
	DeleteDNATRule(Rule) error

	// UpdateSet updates the set with the given prefixes
	UpdateSet(hash Set, prefixes []netip.Prefix) error
}

Manager is the high level abstraction of a firewall manager

It declares methods which handle actions required by the Netbird client for ACL and routing functionality

type Network added in v0.43.0 

type Network struct {
	Set    Set
	Prefix netip.Prefix
}

Network is a rule destination, either a set or a prefix

func (Network) IsPrefix added in v0.43.0 

func (d Network) IsPrefix() bool

IsPrefix returns true if the destination is a valid prefix

func (Network) IsSet added in v0.43.0 

func (d Network) IsSet() bool

IsSet returns true if the destination is a set

func (Network) String added in v0.43.0 

func (d Network) String() string

String returns the string representation of the destination

type Port 

type Port struct {
	// IsRange is true Values contains two values, the first is the start port, the second is the end port
	IsRange bool

	// Values contains one value for single port, multiple values for the list of ports, or two values for the range of ports
	Values []uint16
}

Port of the address for firewall rule todo Move Protocol and Port and RouterPair to the Firwall package or a separate package

func NewPort added in v0.38.0 

func NewPort(ports ...int) (*Port, error)

func (*Port) String 

func (p *Port) String() string

String interface implementation

type Protocol 

type Protocol string

Protocol is the protocol of the port todo Move Protocol and Port and RouterPair to the Firwall package or a separate package 

const (
	// ProtocolTCP is the TCP protocol
	ProtocolTCP Protocol = "tcp"

	// ProtocolUDP is the UDP protocol
	ProtocolUDP Protocol = "udp"

	// ProtocolICMP is the ICMP protocol
	ProtocolICMP Protocol = "icmp"

	// ProtocolALL cover all supported protocols
	ProtocolALL Protocol = "all"
)

type RouterPair 

type RouterPair struct {
	ID          route.ID
	Source      Network
	Destination Network
	Masquerade  bool
	Inverse     bool
}

func GetInversePair added in v0.30.0 

func GetInversePair(pair RouterPair) RouterPair

type Rule 

type Rule interface {
	// ID returns the rule id
	ID() string
}

Rule abstraction should be implemented by each firewall manager

Each firewall type for different OS can use different type of the properties to hold data of the created rule

type RuleDirection 

type RuleDirection int

RuleDirection is the traffic direction which a rule is applied 

const (
	// RuleDirectionIN applies to filters that handlers incoming traffic
	RuleDirectionIN RuleDirection = iota
	// RuleDirectionOUT applies to filters that handlers outgoing traffic
	RuleDirectionOUT
)

type Set added in v0.43.0 

type Set struct {
	// contains filtered or unexported fields
}

func NewDomainSet added in v0.43.0 

func NewDomainSet(domains domain.List) Set

NewDomainSet generates a unique name for an ipset based on the given domains.

func NewPrefixSet added in v0.43.0 

func NewPrefixSet(prefixes []netip.Prefix) Set

NewPrefixSet generates a unique name for an ipset based on the given prefixes.

func (Set) Comment added in v0.43.0 

func (h Set) Comment() string

Comment returns the comment of the set

func (Set) HashedName added in v0.43.0 

func (h Set) HashedName() string

HashedName returns the string representation of the hash

func (Set) String added in v0.43.0 

func (h Set) String() string

String returns the string representation of the set: hashed name and comment

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.