该包是ipset工具的Golang封装。它使得Golang程序更简单地操作ipset。
访问http://ipset.netfilter.org/ipset.man.html了解更多ipset命令文档。ipset需要v6.0+版本。
使用go get安装ipset:
go get -u github.com/gonetx/ipsetpackage main
import (
"log"
"time"
"github.com/gonetx/ipset"
)
func init() {
if err := ipset.Check(); err != nil {
panic(err)
}
}
func main() {
// create test set even it's exist
set, _ := ipset.New("test", ipset.HashIp, ipset.Exist(true), ipset.Timeout(time.Hour))
// output: test
log.Println(set.Name())
_ = set.Flush()
_ = set.Add("1.1.1.1", ipset.Timeout(time.Hour))
ok, _ := set.Test("1.1.1.1")
// output: true
log.Println(ok)
ok, _ = set.Test("1.1.1.2")
// output: false
log.Println(ok)
info, _ := set.List()
// output: &{test hash:ip 4 family inet hashsize 1024 maxelem 65536 timeout 3600 216 0 [1.1.1.1 timeout 3599]}
log.Println(info)
_ = set.Del("1.1.1.1")
_ = set.Destroy()
}在使用该库之前,您应该记住始终先调用ipset.Check并处理错误。此方法将检查ipset是否在OS PATH中存在以及其版本是否有效。
func init() {
// err will be ipset.ErrNotFound
// or ipset.ErrVersionNotSupported
// if check failed.
if err := ipset.Check(); err != nil {
panic(err)
}
}使用ipset.New创建一个用setname和指定的set类型标识的set。如果指定了ipset.Exist选项,则当已经存在相同的set(set名称和创建参数相同)时,ipset将忽略该错误。
set, _ := ipset.New("test", ipset.HashIp, ipset.Exist(true), ipset.Netmask(24))每个set类型可能具有不同的创建选项,请访问SetType和Option以获取更多详细信息。
创建set后,可以使用以下方法:
// IPSet is abstract of ipset
type IPSet interface {
// List dumps header data and the entries for the set to an
// *Info instance. The Resolve option can be used to force
// action lookups(which may be slow).
List(options ...Option) (*Info, error)
// List dumps header data and the entries for the set to the
// specific file. The Resolve option can be used to force
// action lookups(which may be slow).
ListToFile(filename string, options ...Option) error
// Name returns the set's name
Name() string
// Rename the set's action and the new action must not exist.
Rename(newName string) error
// Add adds a given entry to the set. If the Exist option is
// specified, ipset ignores the error if the entry already
// added to the set.
Add(entry string, options ...Option) error
// Del deletes an entry from a set. If the Exist option is
// specified and the entry is not in the set (maybe already
// expired), then the command ignores the error.
Del(entry string, options ...Option) error
// Test tests whether an entry is in a set or not.
Test(entry string) (bool, error)
// Flush flushed all entries from the the set.
Flush() error
// Destroy removes the set from kernel.
Destroy() error
// Save dumps the set data to a io.Reader in a format that restore
// can read.
Save(options ...Option) (io.Reader, error)
// SaveToFile dumps the set data to s specific file in a format
// that restore can read.
SaveToFile(filename string, options ...Option) error
// Restore restores a saved session from io.Reader generated by
// save. Set exist to true to ignore exist error.
Restore(r io.Reader, exist ...bool) error
// RestoreFromFile restores a saved session from a specific file
// generated by save. Set exist to true to ignore exist error.
RestoreFromFile(filename string, exist ...bool) error
}使用ipset.Swap交换两个set的内容,换句话说,交换两个set的动作。引用的set必须存在,并且兼容类型的set才能互换。
ipset.Swap("foo", "bar")使用ipset.Flush刷新指定set中的所有条目或者所有set。
// Flush foo and bar set
ipset.Flush("foo", "bar")
// Flush all
ipset.Flush()使用ipset.Destroy删除指定的set或所有set。如果set有被引用时,则什么也不做,也不会破坏set。
// Destroy foo and bar set
ipset.Destroy("foo", "bar")
// Destroy all
ipset.Destroy()