Documentation ¶
Index ¶
- func TestIptablesPinned(bpf string) error
- type BaseIPTables
- type BatchProvider
- func (b *BatchProvider) Append(table, chain string, rulespec ...string) error
- func (b *BatchProvider) ClearChain(table, chain string) error
- func (b *BatchProvider) Commit() error
- func (b *BatchProvider) Delete(table, chain string, rulespec ...string) error
- func (b *BatchProvider) DeleteChain(table, chain string) error
- func (b *BatchProvider) Insert(table, chain string, pos int, rulespec ...string) error
- func (b *BatchProvider) ListChains(table string) ([]string, error)
- func (b *BatchProvider) NewChain(table, chain string) error
- func (b *BatchProvider) ResetRules(subs string) error
- func (b *BatchProvider) RetrieveTable() map[string]map[string][]string
- type Ipset
- type IpsetProvider
- type IptablesProvider
- type TestIpset
- type TestIpsetProvider
- type TestIptablesProvider
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func TestIptablesPinned ¶
TestIptablesPinned returns error if the kernel doesn't support bpf pinning in iptables
Types ¶
type BaseIPTables ¶
type BaseIPTables interface { // Append apends a rule to chain of table Append(table, chain string, rulespec ...string) error // Insert inserts a rule to a chain of table at the required pos Insert(table, chain string, pos int, rulespec ...string) error // Delete deletes a rule of a chain in the given table Delete(table, chain string, rulespec ...string) error // ListChains lists all the chains associated with a table ListChains(table string) ([]string, error) // ClearChain clears a chain in a table ClearChain(table, chain string) error // DeleteChain deletes a chain in the table. There should be no references to this chain DeleteChain(table, chain string) error // NewChain creates a new chain NewChain(table, chain string) error }
BaseIPTables is the base interface of iptables functions.
type BatchProvider ¶
BatchProvider uses iptables-restore to program ACLs
func NewCustomBatchProvider ¶
func NewCustomBatchProvider(ipt BaseIPTables, commit func(buf *bytes.Buffer) error, batchTables []string) *BatchProvider
NewCustomBatchProvider is a custom batch provider wher the downstream iptables utility is provided by the caller. Very useful for testing the ACL functions with a mock.
func (*BatchProvider) Append ¶
func (b *BatchProvider) Append(table, chain string, rulespec ...string) error
Append will append the provided rule to the local cache or call directly the iptables command depending on the table.
func (*BatchProvider) ClearChain ¶
func (b *BatchProvider) ClearChain(table, chain string) error
ClearChain will clear the chains.
func (*BatchProvider) Commit ¶
func (b *BatchProvider) Commit() error
Commit commits the rules to the system
func (*BatchProvider) Delete ¶
func (b *BatchProvider) Delete(table, chain string, rulespec ...string) error
Delete will delete the rule from the local cache or the system.
func (*BatchProvider) DeleteChain ¶
func (b *BatchProvider) DeleteChain(table, chain string) error
DeleteChain will delete the chains.
func (*BatchProvider) Insert ¶
func (b *BatchProvider) Insert(table, chain string, pos int, rulespec ...string) error
Insert will insert the rule in the corresponding position in the local cache or call the corresponding iptables command, depending on the table.
func (*BatchProvider) ListChains ¶
func (b *BatchProvider) ListChains(table string) ([]string, error)
ListChains will provide a list of the current chains.
func (*BatchProvider) NewChain ¶
func (b *BatchProvider) NewChain(table, chain string) error
NewChain creates a new chain.
func (*BatchProvider) ResetRules ¶
func (b *BatchProvider) ResetRules(subs string) error
ResetRules resets the rules to the original form. It is implemented as "iptables-save | grep "-v" subs | iptables-restore"
func (*BatchProvider) RetrieveTable ¶
func (b *BatchProvider) RetrieveTable() map[string]map[string][]string
RetrieveTable allows a caller to retrieve the final table. Mostly needed for debuging and unit tests.
type Ipset ¶
type Ipset interface { Add(entry string, timeout int) error AddOption(entry string, option string, timeout int) error Del(entry string) error Destroy() error Flush() error Test(entry string) (bool, error) }
Ipset is an abstraction of all the methods an implementation of userspace ipsets need to provide.
type IpsetProvider ¶
type IpsetProvider interface { NewIpset(name string, ipsetType string, p *ipset.Params) (Ipset, error) GetIpset(name string) Ipset DestroyAll(prefix string) error ListIPSets() ([]string, error) }
IpsetProvider returns a fabric for Ipset.
func NewGoIPsetProvider ¶
func NewGoIPsetProvider() IpsetProvider
NewGoIPsetProvider Return a Go IPSet Provider
type IptablesProvider ¶
type IptablesProvider interface { BaseIPTables // Commit will commit changes if it is a batch provider. Commit() error // RetrieveTable allows a caller to retrieve the final table. RetrieveTable() map[string]map[string][]string // ResetRules resets the rules to a state where rules with the substring subs are removed ResetRules(subs string) error }
IptablesProvider is an abstraction of all the methods an implementation of userspace iptables need to provide.
func NewGoIPTablesProviderV4 ¶
func NewGoIPTablesProviderV4(batchTables []string) (IptablesProvider, error)
NewGoIPTablesProviderV4 returns an IptablesProvider interface based on the go-iptables external package.
func NewGoIPTablesProviderV6 ¶
func NewGoIPTablesProviderV6(batchTables []string) (IptablesProvider, error)
NewGoIPTablesProviderV6 returns an IptablesProvider interface based on the go-iptables external package.
type TestIpset ¶
type TestIpset interface { Ipset MockAdd(t *testing.T, impl func(entry string, timeout int) error) MockAddOption(t *testing.T, impl func(entry string, option string, timeout int) error) MockDel(t *testing.T, impl func(entry string) error) MockDestroy(t *testing.T, impl func() error) MockFlush(t *testing.T, impl func() error) MockTest(t *testing.T, impl func(entry string) (bool, error)) }
TestIpset is a test implementation for Ipset
type TestIpsetProvider ¶
type TestIpsetProvider interface { IpsetProvider MockNewIpset(t *testing.T, impl func(name string, hasht string, p *ipset.Params) (Ipset, error)) MockGetIpset(t *testing.T, impl func(name string) Ipset) MockDestroyAll(t *testing.T, impl func(string) error) MockListIPSets(t *testing.T, impl func() ([]string, error)) }
TestIpsetProvider is a test implementation for IpsetProvider
func NewTestIpsetProvider ¶
func NewTestIpsetProvider() TestIpsetProvider
NewTestIpsetProvider returns a new TestManipulator.
type TestIptablesProvider ¶
type TestIptablesProvider interface { IptablesProvider MockAppend(t *testing.T, impl func(table, chain string, rulespec ...string) error) MockInsert(t *testing.T, impl func(table, chain string, pos int, rulespec ...string) error) MockDelete(t *testing.T, impl func(table, chain string, rulespec ...string) error) MockListChains(t *testing.T, impl func(table string) ([]string, error)) MockClearChain(t *testing.T, impl func(table, chain string) error) MockDeleteChain(t *testing.T, impl func(table, chain string) error) MockNewChain(t *testing.T, impl func(table, chain string) error) MockCommit(t *testing.T, impl func() error) MockReset(t *testing.T, impl func(subs string) error) }
TestIptablesProvider is a test implementation for IptablesProvider
func NewTestIptablesProvider ¶
func NewTestIptablesProvider() TestIptablesProvider
NewTestIptablesProvider returns a new TestManipulator.