iptablesctrl

package
v10.72.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 19, 2018 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// PuPortSet The prefix for portset names
	PuPortSet = "PUPort-"

	// ProxyPort DefaultProxyPort
	ProxyPort = "5000"
	// TriremeInput represent the chain that contains pu input rules.
	TriremeInput = "Trireme-Input"
	// TriremeOutput represent the chain that contains pu output rules.
	TriremeOutput = "Trireme-Output"

	// HostmodeInput represent the chain that contains hostmode input rules.
	HostmodeInput = "Hostmode-Input"

	// HostmodeOutput represent the chain that contains hostmode output rules.
	HostmodeOutput = "Hostmode-Output"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Instance

type Instance struct {
	// contains filtered or unexported fields
}

Instance is the structure holding all information about a implementation

func NewInstance

func NewInstance(fqc *fqconfig.FilterQueue, mode constants.ModeType, portset portset.PortSet) (*Instance, error)

NewInstance creates a new iptables controller instance

func (*Instance) ACLProvider

func (i *Instance) ACLProvider() provider.IptablesProvider

ACLProvider returns the current ACL provider that can be re-used by other entities.

func (*Instance) CleanAllSynAckPacketCaptures

func (i *Instance) CleanAllSynAckPacketCaptures() error

CleanAllSynAckPacketCaptures cleans the capture rules for SynAck packets irrespective of NFQUEUE

func (*Instance) CleanGlobalRules

func (i *Instance) CleanGlobalRules() error

CleanGlobalRules cleans the capture rules for SynAck packets

func (*Instance) CleanUp

func (i *Instance) CleanUp() error

CleanUp requires the implementor to clean up all ACLs

func (*Instance) ConfigureRules

func (i *Instance) ConfigureRules(version int, contextID string, containerInfo *policy.PUInfo) error

ConfigureRules implmenets the ConfigureRules interface. It will create the port sets and then it will call install rules to create all the ACLs for the given chains. PortSets are only created here. Updates will use the exact same logic.

func (*Instance) DeleteRules

func (i *Instance) DeleteRules(version int, contextID string, tcpPorts, udpPorts string, mark string, uid string, proxyPort string, isHostmode bool) error

DeleteRules implements the DeleteRules interface

func (*Instance) InitializeChains

func (i *Instance) InitializeChains() error

InitializeChains initializes the chains.

func (*Instance) Run

func (i *Instance) Run(ctx context.Context) error

Run starts the iptables controller

func (*Instance) SetTargetNetworks

func (i *Instance) SetTargetNetworks(current, networks []string) error

SetTargetNetworks updates ths target networks for SynAck packets

func (*Instance) UpdateRules

func (i *Instance) UpdateRules(version int, contextID string, containerInfo *policy.PUInfo, oldContainerInfo *policy.PUInfo) error

UpdateRules implements the update part of the interface. Update will call installrules to install the new rules and then it will delete the old rules.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL