util/linuxfw: initial implementation of package

This package is an initial implementation of something that can read netfilter and iptables rules from the Linux kernel without needing to shell out to an external utility; it speaks directly to the kernel using syscalls and parses the data returned. Currently this is read-only since it only knows how to parse a subset of the available data. Signed-off-by: Andrew Dunham <andrew@tailscale.com> Change-Id: Iccadf5dcc081b73268d8ccf8884c24eb6a6f1ff5
2025-08-14 23:17:29 +00:00 · 2022-08-24 00:00:06 -04:00
parent 3c107ff301
commit ba48ec5e39
11 changed files with 1347 additions and 7 deletions
--- a/go.mod
+++ b/go.mod
@@ -28,8 +28,9 @@ require (
 	github.com/go-ole/go-ole v1.2.6
 	github.com/godbus/dbus/v5 v5.0.6
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da
-	github.com/google/go-cmp v0.5.8
+	github.com/google/go-cmp v0.5.9
 	github.com/google/go-containerregistry v0.9.0
+	github.com/google/nftables v0.1.1-0.20230115205135-9aa6fdf5a28c
 	github.com/google/uuid v1.3.0
 	github.com/goreleaser/nfpm v1.10.3
 	github.com/hdevalence/ed25519consensus v0.0.0-20220222234857-c00d1f31bab3
@@ -44,7 +45,7 @@ require (
 	github.com/mattn/go-colorable v0.1.12
 	github.com/mattn/go-isatty v0.0.14
 	github.com/mdlayher/genetlink v1.2.0
-	github.com/mdlayher/netlink v1.6.0
+	github.com/mdlayher/netlink v1.7.1
 	github.com/mdlayher/sdnotify v1.0.0
 	github.com/miekg/dns v1.1.43
 	github.com/mitchellh/go-ps v1.0.0
@@ -229,7 +230,7 @@ require (
 	github.com/mattn/go-runewidth v0.0.13 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/mbilski/exhaustivestruct v1.2.0 // indirect
-	github.com/mdlayher/socket v0.2.3 // indirect
+	github.com/mdlayher/socket v0.4.0 // indirect
 	github.com/mgechev/dots v0.0.0-20210922191527-e955255bf517 // indirect
 	github.com/mgechev/revive v1.1.2 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect