Documentation
¶
Overview ¶
Package routes provides route setting functionality.
Index ¶
- Variables
- func TableID() uint
- type Agent
- type GatewayRetriever
- type PolicyAgent
- type PolicyRouter
- func (p *PolicyRouter) CleanupRouting() error
- func (p *PolicyRouter) Disable() error
- func (p *PolicyRouter) Enable() error
- func (p *PolicyRouter) IsEnabled() bool
- func (p *PolicyRouter) SetupRoutingRules(ipv6, enableLocal, lanDiscovery bool, allowSubnets []string) error
- func (p *PolicyRouter) TableID() uint
- type PolicyService
- type RPFilterManager
- type Route
- type Router
- type Service
- type SysctlRPFilterManager
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrNotFound defines that gateway is not found for a given address ErrNotFound = errors.New("gateway not found") )
View Source
var ( // ErrRouteToOtherDestinationExists defines that route for specified network already exists but not to a specified destination ErrRouteToOtherDestinationExists = fmt.Errorf("route to differ") )
Functions ¶
Types ¶
type Agent ¶
type Agent interface {
// Add route to a router
Add(route Route) error
// Flush all existing routes for this router
Flush() error
}
Agent is stateless and is responsible for creating and deleting source based routes.
Used by implementers.
type GatewayRetriever ¶
type GatewayRetriever interface {
// Retrieve a gateway to a given prefix while ignoring the given routing table.
//
// `ignoreTable` is used in order to not receive actual gateway due to the following
// reasons:
// 1. In case VPN connection is active, retrieved gateway will be default route to VPN
// tunnel interface, which is useless for allowlisting functionality.
// 2. Assuming main routing table and default gateway is an incorrect way to determine
// gateway before VPN in environments with multiple physical interfaces.
// Conditional route adding for non-private IPs is not viable solution because IP rule
// setup blocks any traffic for physical network interfaces. `192.168.0.0/16` is
// considered a private IP range and is usually routed through a physical network
// interface.
//
// Default gateway can be retrieved with such `prefix` values:
// * IPv4: `netip.Prefix{}` or `0.0.0.0/0`
// * IPv6: `::/0`
Retrieve(prefix netip.Prefix, ignoreTable uint) (netip.Addr, net.Interface, error)
}
GatewayRetriever is responsible for retrieving gateways for the given networks in current system.
type PolicyAgent ¶
type PolicyAgent interface {
// ipv6Enabled, enableLocal, landDiscovery, allowlist subnets
SetupRoutingRules(bool, bool, bool, []string) error
CleanupRouting() error
TableID() uint
}
PolicyAgent is stateless and is responsible for creating and deleting policy based routes.
Used by implementers.
type PolicyRouter ¶
type PolicyRouter struct {
// contains filtered or unexported fields
}
PolicyRouter is responsible for changing one routing agent over another.
Thread-safe.
func NewPolicyRouter ¶
func NewPolicyRouter(noop, working PolicyAgent, enabled bool) *PolicyRouter
func (*PolicyRouter) CleanupRouting ¶
func (p *PolicyRouter) CleanupRouting() error
func (*PolicyRouter) Disable ¶
func (p *PolicyRouter) Disable() error
func (*PolicyRouter) Enable ¶
func (p *PolicyRouter) Enable() error
func (*PolicyRouter) IsEnabled ¶
func (p *PolicyRouter) IsEnabled() bool
func (*PolicyRouter) SetupRoutingRules ¶
func (p *PolicyRouter) SetupRoutingRules( ipv6, enableLocal, lanDiscovery bool, allowSubnets []string, ) error
func (*PolicyRouter) TableID ¶
func (p *PolicyRouter) TableID() uint
type PolicyService ¶
type PolicyService interface {
// ipv6Enabled, enableLocal, landDiscovery, allowlist subnets
SetupRoutingRules(bool, bool, bool, []string) error
CleanupRouting() error
// TableID of the routing table.
TableID() uint
// Enable sets up previously remembered rules.
Enable() error
// Disable remembers previously added rules before clearing them.
Disable() error
IsEnabled() bool
}
Service is stateful and updates system routing configuration by using the appropriate agent.
Used by callers.
type RPFilterManager ¶
type RPFilterManager interface {
// Set sets the RP filter value to the one which allows policy
// based routing if necessary
Set() error
// Unset sets the RP filter value to the one which was set
// before
Unset() error
}
RPFilterManager should handle the setting and unsetting of the desired RP filter configuration value
type Router ¶
type Router struct {
// contains filtered or unexported fields
}
Router is responsible for changing one routing agent over another.
Thread-safe.
type Service ¶
type Service interface {
// Add route to a router
Add(route Route) error
// Flush all existing routes for this router
Flush() error
// Enable adds previously remembered routes.
Enable(tableID uint) error
// Disable remembers previously added routes before flushing them.
Disable() error
// IsEnabled reports route setting status
IsEnabled() bool
}
Service is stateful and updates system routing configuration by using the appropriate agent.
Used by callers.
type SysctlRPFilterManager ¶
type SysctlRPFilterManager struct {
// contains filtered or unexported fields
}
func NewSysctlRPFilterManager ¶
func NewSysctlRPFilterManager() *SysctlRPFilterManager
func (*SysctlRPFilterManager) Set ¶
func (s *SysctlRPFilterManager) Set() error
func (*SysctlRPFilterManager) Unset ¶
func (s *SysctlRPFilterManager) Unset() error
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package iprule provides Go API for interacting with ip rule.
|
Package iprule provides Go API for interacting with ip rule. |
|
Package netlink provides router implementation that uses netlink.
|
Package netlink provides router implementation that uses netlink. |
|
Package norouter implements noop router.
|
Package norouter implements noop router. |
|
Package norule implements noop policy router.
|
Package norule implements noop policy router. |
Click to show internal directories.
Click to hide internal directories.