iptables

package
v1.7.15 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 10, 2021 License: Apache-2.0 Imports: 21 Imported by: 7

Documentation

Overview

Package iptables manages iptables-related configuration for Cilium.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func KernelHasNetfilter

func KernelHasNetfilter() bool

KernelHasNetfilter probes whether iptables related modules are present in the kernel and returns true if indeed the case, else false.

Types

type IptablesManager

type IptablesManager struct {
	// contains filtered or unexported fields
}

IptablesManager manages the iptables-related configuration for Cilium.

func (*IptablesManager) GetProxyPort

func (m *IptablesManager) GetProxyPort(name string) uint16

GetProxyPort finds a proxy port used for redirect 'name' installed earlier with InstallProxyRules. By convention "ingress" or "egress" is part of 'name' so it does not need to be specified explicitly. Returns 0 a TPROXY entry with 'name' can not be found.

func (*IptablesManager) Init

func (m *IptablesManager) Init()

Init initializes the iptables manager and checks for iptables kernel modules availability.

func (*IptablesManager) InstallProxyRules

func (m *IptablesManager) InstallProxyRules(proxyPort uint16, ingress bool, name string) error

func (*IptablesManager) InstallRules

func (m *IptablesManager) InstallRules(ifName string) error

InstallRules installs iptables rules for Cilium in specific use-cases (most specifically, interaction with kube-proxy).

func (*IptablesManager) RemoveProxyRules added in v1.6.0

func (m *IptablesManager) RemoveProxyRules(proxyPort uint16, ingress bool, name string) error

func (*IptablesManager) RemoveRules added in v1.5.0

func (m *IptablesManager) RemoveRules()

RemoveRules removes iptables rules installed by Cilium.

func (*IptablesManager) SupportsOriginalSourceAddr

func (m *IptablesManager) SupportsOriginalSourceAddr() bool

SupportsOriginalSourceAddr tells if an L7 proxy can use POD's original source address and port in the upstream connection to allow the destination to properly derive the source security ID from the source IP address.

func (*IptablesManager) TransientRulesEnd added in v1.5.6

func (m *IptablesManager) TransientRulesEnd(quiet bool)

TransientRulesEnd removes Cilium related rules installed from TransientRulesStart.

func (*IptablesManager) TransientRulesStart added in v1.5.6

func (m *IptablesManager) TransientRulesStart(ifName string) error

TransientRulesStart installs iptables rules for Cilium that need to be kept in-tact during agent restart which removes/installs its main rules. Transient rules are then removed once iptables rule update cycle has completed. This is mainly due to interactions with kube-proxy.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL