Skip to content
Blame History Permalink
  • Florent Fourcot's avatar
    Add new wiset module · eb16bfcf
    Florent Fourcot authored 
    

IPSet object from ipset.py is providing a low level API to manage
NFNetlink sockets. It's "stateless" since it does not have any context
of the ipset manipulated (for example, to know ipset entries and help to
parse responses). Moreover, it's made to manipulate all ipsets in the
same time.

This module provides or more high level API, based on WiSet object. A
WiSet is directly mapped to a real ipset object in kernel, and help to
store metadata like:
 - type of entries
 - configuration of ipset (counters enabled, comments, etc)
 - low level configuration like hash table size, module revision, etc

All data are stored in native python format, and you don't need to know
IPSET_ATTR_* variable to set or read values. Netlink interface is fully
abstract with this object.

It's help to run a batch of command on a set without to have to provide
at each call all relevant metadata. It also provides helpers like
"replace_entries" method, to fill a set with a new content is an atomic
call.

Since some magic is made to abstract netlink socket provided by IPSet
object, we provide several way to make life of users easier:

 - you never need to explicit open/close of sockets if you don't want to
   (easy to use)
 - you may provide a already opened socket at each call (performance)
 - WiSet provides __enter__ and __close__ methods, so it's easy to use
   in a pythonic way

However, some features are not yet implemented:
 - we only support IPv4 addresses
 - we don't support all ipset modules provided by recent kernels
 - only basic flags are currently supported

This code is running in production since a year on many devices. I'm
sorry to not provide a real git history of changes, but the project
began out of pyroute2 repository. The backport of code from our
externals libraries and pyroute2 project was not so easy.

Signed-off-by: default avatarFlorent Fourcot <florent.fourcot@wifirst.fr>
Signed-off-by: default avatarFlorian Vichot <florian.vichot@wifirst.fr>
Signed-off-by: default avatarÉtienne Noss <etienne.noss@wifirst.fr>
Signed-off-by: default avatarRomain Bellan <romain.bellan@wifirst.fr>
    eb16bfcf