Initial commit.

Author: gmccue

.travis.yml

@@ -0,0 +1,11 @@
+language: go
+
+go:
+  - 1.2
+  - 1.3.3
+  - 1.4.2
+  - 1.5
+  - tip
+
+script:
+  - go test -v ./...

README.md

@@ -0,0 +1,63 @@
+# go-ipset
+
+[![Build Status](https://api.travis-ci.org/gmccue/go-ipset.png?branch=master)](https://travis-ci.org/gmccue/go-ipset)
+[![GoDoc](https://godoc.org/github.com/gmccue/go-ipset?status.svg)](https://godoc.org/github.com/gmccue/go-ipset)
+
+go-ipset provides basic bindings for the [ipset kernel utility](http://ipset.netfilter.org/).
+
+## Installation
+```go
+go get github.com/gmccue/go-ipset
+```
+
+## Usage
+The following are some basic usage examples for go-iptables. For more information, please [checkout the godoc](https://godoc.org/github.com/gmccue/go-ipset).
+
+```go
+import "github.com/gmccue/ipset"
+
+// Construct a new ipset instance
+ipset, err := ipset.New()
+if err != nil {
+    // Your custom error handling here.
+}
+
+// Create a new set
+err := ipset.Create("my_set", "hash:ip")
+if err != nil {
+    // Your custom error handling here.
+}
+```
+
+### Adding an entry to an ipset
+```go
+// Add a new entry to your ipset
+err := ipset.Add("my_set", "127.0.0.1")
+if err != nil {
+    // Your custom error handling here.
+}
+```
+
+### Removing an entry from an ipset
+```go
+err := ipset.Delete("my_set", "127.0.0.1")
+if err != nil {
+    // Your custom error handling here.
+}
+```
+
+### Save your ipset to a file
+```go
+err := ipset.Save("my_set", "/tmp/my_set.txt")
+if err != nil {
+    // Your custom error handling here.
+}
+```
+
+### Restore your ipset from a file
+```go
+err := ipset.Restore("/tmp/my_set.txt")
+if err != nil {
+    // Your custom error handling here.
+}
+```

ipset.go

@@ -0,0 +1,102 @@
+// Package ipset provides a basic wrapper to the ipset utility for IPTables.
+// More information about ipset can be found at:
+// http://ipset.netfilter.org/index.html
+package ipset
+
+import (
+	"bytes"
+	"errors"
+	"os/exec"
+)
+
+type IPSet struct {
+	Path    string
+	Options []string
+}
+
+func New() (*IPSet, error) {
+	binPath, err := exec.LookPath("ipset")
+	if err != nil {
+		return nil, err
+	}
+
+	return &IPSet{binPath, []string{}}, nil
+}
+
+// Create creates a new ipset with a given name and type.
+// For more on set types, please see:
+// http://ipset.netfilter.org/ipset.man.html#lbAT.
+// Additional options can be passed to the Create() command. These options must
+// be passed in a sequential key, value order.
+// For example, ipset.Create("test", "hash:ip", "timeout", "300") will add a
+// new set with the timeout option set to a value of 300.
+func (set *IPSet) Create(name string, typ string, options ...string) error {
+	return set.run(append([]string{"create", name, typ}, options...)...)
+}
+
+// Add adds a new entry to the named set.
+func (set *IPSet) Add(name string, entry string, options ...string) error {
+	return set.run(append([]string{"add", name, entry}, options...)...)
+}
+
+// AddUnique adds a new entry to the named set, if it does not already exist.
+func (set *IPSet) AddUnique(name, entry string, options ...string) error {
+	return set.run(append([]string{"add", name, entry, "-exist"}, options...)...)
+}
+
+// Delete removes an entry from the named set.
+func (set *IPSet) Delete(name string, entry string, options ...string) error {
+	return set.run(append([]string{"del", name, entry}, options...)...)
+}
+
+// Test tests if an entry exists in the named set.
+// The exit status is zero if the tested entry is in the set, and nonzero if
+// it is missing from the set.
+func (set *IPSet) Test(name string, entry string, options ...string) error {
+	return set.run(append([]string{"test", name, entry}, options...)...)
+}
+
+// Destroy destroys a named set, or all sets.
+func (set *IPSet) Destroy(name string) error {
+	return set.run("destroy", name)
+}
+
+// Save saves the named set or all sets to the given file.
+func (set *IPSet) Save(name string, filename string) error {
+	return set.run("save", name, "-file", filename)
+}
+
+// Restore restores a saved set from the given file.
+func (set *IPSet) Restore(filename string) error {
+	return set.run("restore", "-file", filename)
+}
+
+// Flush removes all entries from a named set.
+func (set *IPSet) Flush(name string) error {
+	return set.run("flush", name)
+}
+
+// Rename changes a set name from one value to another.
+func (set *IPSet) Rename(from string, to string) error {
+	return set.run("rename", from, to)
+}
+
+// Swap swaps the content of two existing sets.
+func (set *IPSet) Swap(from string, to string) error {
+	return set.run("swap", from, to)
+}
+
+func (set *IPSet) run(args ...string) error {
+	var stderr bytes.Buffer
+	cmd := exec.Cmd{
+		Path:   set.Path,
+		Args:   append([]string{set.Path}, args...),
+		Stderr: &stderr,
+	}
+
+	if err := cmd.Run(); err != nil {
+		return errors.New(stderr.String())
+	}
+
+	return nil
+}

ipset_test.go

@@ -0,0 +1,134 @@
+package ipset
+
+import (
+	"flag"
+	"log"
+	"os"
+	"testing"
+)
+
+var (
+	ipset       IPSet
+	testSet     = "test"
+	testIP      = "192.168.1.100"
+	testOutfile = "./ipset.txt"
+)
+
+// Perform test setup and teardown functions.
+func TestMain(m *testing.M) {
+	flag.Parse()
+
+	set, err := New()
+	if err != nil {
+		log.Fatal("Could not setup the tests. Is ipset installed? Message:", err)
+	}
+
+	ipset = *set
+
+	os.Exit(m.Run())
+}
+
+func TestNewIPSet(t *testing.T) {
+	_, err := New()
+	if err != nil {
+		t.Error("Could not construct a new set. Error was:", err)
+	}
+}
+
+func TestCreate(t *testing.T) {
+	err := ipset.Create(testSet, "hash:ip", "timeout", "300")
+	if err != nil {
+		t.Error("Could not create a new set. Error was:", err)
+	}
+}
+
+func TestAdd(t *testing.T) {
+	err := ipset.Add(testSet, testIP)
+	if err != nil {
+		t.Error("Could not add an entry to the test set. Error was:", err)
+	}
+}
+
+func TestAddUnique(t *testing.T) {
+	err := ipset.AddUnique(testSet, testIP)
+	if err != nil {
+		t.Error("Could not add a unique entry to the test set. Error was:", err)
+	}
+}
+
+func TestTest(t *testing.T) {
+	err := ipset.Test(testSet, testIP)
+	if err != nil {
+		t.Error("Error while testing for a set entry. Error was:", err)
+	}
+
+	// The following IP should not exist in the set, so we expect an error.
+	nonexistErr := ipset.Test(testSet, "192.168.100.1")
+	if nonexistErr == nil {
+		t.Error("Error while testing for a non-existent set entry. Error was:", err)
+	}
+}
+
+func TestDelete(t *testing.T) {
+	err := ipset.Delete(testSet, testIP)
+	if err != nil {
+		t.Error("Could not delete an entry from the test set. Error was:", err)
+	}
+}
+
+func TestSave(t *testing.T) {
+	err := ipset.Save(testSet, testOutfile)
+	if err != nil {
+		t.Error("Could not save the test set. Error was:", err)
+	}
+}
+
+func TestRestore(t *testing.T) {
+	destroyErr := ipset.Destroy(testSet)
+	if destroyErr != nil {
+		t.Error("Could not destroy the set. Error was:", destroyErr)
+	}
+
+	err := ipset.Restore(testOutfile)
+	if err != nil {
+		t.Error("Could not restore the set from a file. Error was:", err)
+	}
+}
+
+func TestFlush(t *testing.T) {
+	err := ipset.Flush(testSet)
+	if err != nil {
+		t.Error("Could not flush the test set. Error was:", err)
+	}
+}
+
+func TestRename(t *testing.T) {
+	err := ipset.Rename(testSet, "renamedSet")
+	if err != nil {
+		t.Error("Could not rename the test set. Error was:", err)
+	}
+}
+
+func TestSwap(t *testing.T) {
+	newsetErr := ipset.Create(testSet, "hash:ip")
+	if newsetErr != nil {
+		t.Error("Could not create a new set for swapping. Error was:", newsetErr)
+	}
+
+	err := ipset.Swap("renamedSet", testSet)
+	if err != nil {
+		t.Error("Could not swap sets. Error was:", err)
+	}
+}
+
+func TestDestroy(t *testing.T) {
+	destErr := ipset.Destroy("renamedSet")
+	if destErr != nil {
+		t.Error("Could not destroy the copied set. Error was:", destErr)
+	}
+
+	err := ipset.Destroy(testSet)
+	if err != nil {
+		t.Error("Could not destroy the test set. Error was:", err)
+	}
+}