Documentation ¶
Index ¶
- Constants
- type Client
- func (client *Client) AllowIPAddressesOnSnatBridge() error
- func (client *Client) AllowInboundFromHostToNC() error
- func (client *Client) AllowInboundFromNCToHost() error
- func (client *Client) BlockIPAddressesOnSnatBridge() error
- func (client *Client) ConfigureSnatContainerInterface() error
- func (client *Client) CreateSnatEndpoint() error
- func (client *Client) DeleteInboundFromHostToNC() error
- func (client *Client) DeleteInboundFromNCToHost() error
- func (client *Client) DeleteSnatEndpoint() error
- func (client *Client) DropArpForSnatBridgeApipaRange(snatBridgeIP, azSnatVethIfName string) error
- func (client *Client) MoveSnatEndpointToContainerNS(netnsPath string, nsID uintptr) error
- func (client *Client) SetupSnatContainerInterface() error
Constants ¶
View Source
const ( SnatBridgeName = "azSnatbr" ImdsIP = "169.254.169.254/32" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct { SnatBridgeIP string SkipAddressesFromBlock []string // contains filtered or unexported fields }
func NewSnatClient ¶
func (*Client) AllowIPAddressesOnSnatBridge ¶
AllowIPAddressesOnSnatBridge adds iptables rules that allows only specific Private IPs via linux bridge
func (*Client) AllowInboundFromHostToNC ¶
*
This function adds iptables rules that allows only host to NC communication and not the other way
*
func (*Client) AllowInboundFromNCToHost ¶
*
This function adds iptables rules that allows only NC to Host communication and not the other way
*
func (*Client) BlockIPAddressesOnSnatBridge ¶
BlockIPAddressesOnSnatBridge adds iptables rules that blocks all private IPs flowing via linux bridge
func (*Client) ConfigureSnatContainerInterface ¶
func (*Client) CreateSnatEndpoint ¶
func (*Client) DeleteInboundFromHostToNC ¶
func (*Client) DeleteInboundFromNCToHost ¶
func (*Client) DeleteSnatEndpoint ¶
func (*Client) DropArpForSnatBridgeApipaRange ¶
func (*Client) MoveSnatEndpointToContainerNS ¶
*
Move container veth inside container network namespace
*
Click to show internal directories.
Click to hide internal directories.