Почетна Преглед Помоћ
Пријавите се
yosoyhendrix
/
psiphon-tunnel-core
1
0
Креирај огранак 0
Датотеке Дискусије 0 Захтеви за спајање 0 Вики
Дрво: v2.0.32
Гране Ознаке
psiphon-tunnel-...
/
vendor
/
github.com
/
google
/
nftables
/
xt
/
xt.go

xt.go 2.9 KB
Пермалинк Историја Датотека

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748 
  1. /*
    2. 

  2. Package xt implements dedicated types for (some) of the "Info" payload in Match
    3. 

  3. and Target expressions that bridge between the nftables and xtables worlds.
    4. 

  4. 

  5. Bridging between the more unified world of nftables and the slightly
    6. 

  6. heterogenous world of xtables comes with some caveats. Unmarshalling the
    7. 

  7. extension/translation information in Match and Target expressions requires
    8. 

  8. information about the table family the information belongs to, as well as type
    9. 

  9. and type revision information. In consequence, unmarshalling the Match and
    10. 

  10. Target Info field payloads often (but not necessarily always) require the table
    11. 

  11. family and revision information, so it gets passed to the type-specific
    12. 

  12. unmarshallers.
    13. 

  13. 

  14. To complicate things more, even marshalling requires knowledge about the
    15. 

  15. enclosing table family. The NatRange/NatRange2 types are an example, where it is
    16. 

  16. necessary to differentiate between IPv4 and IPv6 address marshalling. Due to
    17. 

  17. Go's net.IP habit to normally store IPv4 addresses as IPv4-compatible IPv6
    18. 

  18. addresses (see also RFC 4291, section 2.5.5.1) marshalling must be handled
    19. 

  19. differently in the context of an IPv6 table compared to an IPv4 table. In an
    20. 

  20. IPv4 table, an IPv4-compatible IPv6 address must be marshalled as a 32bit
    21. 

  21. address, whereas in an IPv6 table the IPv4 address must be marshalled as an
    22. 

  22. 128bit IPv4-compatible IPv6 address. Not relying on heuristics here we avoid
    23. 

  23. behavior unexpected and most probably unknown to our API users. The net.IP habit
    24. 

  24. of storing IPv4 addresses in two different storage formats is already a source
    25. 

  25. for trouble, especially when comparing net.IPs from different Go module sources.
    26. 

  26. We won't add to this confusion. (...or maybe we can, because of it?)
    27. 

  27. 

  28. An important property of all types of Info extension/translation payloads is
    29. 

  29. that their marshalling and unmarshalling doesn't follow netlink's TLV
    30. 

  30. (tag-length-value) architecture. Instead, Info payloads a basically plain binary
    31. 

  31. blobs of their respective type-specific data structures, so host
    32. 

  32. platform/architecture alignment and data type sizes apply. The alignedbuff
    33. 

  33. package implements the different required data types alignments.
    34. 

  34. 

  35. Please note that Info payloads are always padded at their end to the next uint64
    36. 

  36. alignment. Kernel code is checking for the padded payload size and will reject
    37. 

  37. payloads not correctly padded at their ends.
    38. 

  38. 

  39. Most of the time, we find explifcitly sized (unsigned integer) data types.
    40. 

  40. However, there are notable exceptions where "unsigned int" is used: on 64bit
    41. 

  41. platforms this mostly translates into 32bit(!). This differs from Go mapping
    42. 

  42. uint to uint64 instead. This package currently clamps its mapping of C's
    43. 

  43. "unsigned int" to Go's uint32 for marshalling and unmarshalling. If in the
    44. 

  44. future 128bit platforms with a differently sized C unsigned int should come into
    45. 

  45. production, then the alignedbuff package will need to be adapted accordingly, as
    46. 

  46. it abstracts away this data type handling.
    47. 

  47. */
    48. 

  48. package xt
    49.