Affected by 
Documentation
¶
Overview ¶
Package iptables manages iptables-related configuration for Cilium.
Index ¶
- func KernelHasNetfilter() bool
- type IptablesManager
- func (m *IptablesManager) GetProxyPort(name string) uint16
- func (m *IptablesManager) Init()
- func (m *IptablesManager) InstallProxyRules(proxyPort uint16, ingress bool, name string) error
- func (m *IptablesManager) InstallRules(ifName string) error
- func (m *IptablesManager) RemoveProxyRules(proxyPort uint16, ingress bool, name string) error
- func (m *IptablesManager) RemoveRules(quiet bool)
- func (m *IptablesManager) SupportsOriginalSourceAddr() bool
- func (m *IptablesManager) TransientRulesEnd(quiet bool)
- func (m *IptablesManager) TransientRulesStart(ifName string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func KernelHasNetfilter ¶
func KernelHasNetfilter() bool
KernelHasNetfilter probes whether iptables related modules are present in the kernel and returns true if indeed the case, else false.
Types ¶
type IptablesManager ¶
type IptablesManager struct {
// contains filtered or unexported fields
}
IptablesManager manages the iptables-related configuration for Cilium.
func (*IptablesManager) GetProxyPort ¶
func (m *IptablesManager) GetProxyPort(name string) uint16
GetProxyPort finds a proxy port used for redirect 'name' installed earlier with InstallProxyRules. By convention "ingress" or "egress" is part of 'name' so it does not need to be specified explicitly. Returns 0 a TPROXY entry with 'name' can not be found.
func (*IptablesManager) Init ¶
func (m *IptablesManager) Init()
Init initializes the iptables manager and checks for iptables kernel modules availability.
func (*IptablesManager) InstallProxyRules ¶
func (m *IptablesManager) InstallProxyRules(proxyPort uint16, ingress bool, name string) error
func (*IptablesManager) InstallRules ¶
func (m *IptablesManager) InstallRules(ifName string) error
InstallRules installs iptables rules for Cilium in specific use-cases (most specifically, interaction with kube-proxy).
func (*IptablesManager) RemoveProxyRules ¶ added in v1.6.0
func (m *IptablesManager) RemoveProxyRules(proxyPort uint16, ingress bool, name string) error
func (*IptablesManager) RemoveRules ¶ added in v1.5.0
func (m *IptablesManager) RemoveRules(quiet bool)
RemoveRules removes iptables rules installed by Cilium.
func (*IptablesManager) SupportsOriginalSourceAddr ¶
func (m *IptablesManager) SupportsOriginalSourceAddr() bool
SupportsOriginalSourceAddr tells if an L7 proxy can use POD's original source address and port in the upstream connection to allow the destination to properly derive the source security ID from the source IP address.
func (*IptablesManager) TransientRulesEnd ¶ added in v1.5.6
func (m *IptablesManager) TransientRulesEnd(quiet bool)
TransientRulesEnd removes Cilium related rules installed from TransientRulesStart.
func (*IptablesManager) TransientRulesStart ¶ added in v1.5.6
func (m *IptablesManager) TransientRulesStart(ifName string) error
TransientRulesStart installs iptables rules for Cilium that need to be kept in-tact during agent restart which removes/installs its main rules. Transient rules are then removed once iptables rule update cycle has completed. This is mainly due to interactions with kube-proxy.
Source Files