Documentation ¶
Index ¶
- func FilterBySandbox(sandbox string, ifaces ...*current.Interface) (in []*current.Interface, out []*current.Interface)
- func IfacesWithName(name string, ifaces ...*current.Interface) []*current.Interface
- func InterfaceIPs(result *current.Result, ifaceName string, sandbox string) []*current.IPConfig
- func RootFilterHandle() uint32
- func VMTapPair(result *current.Result, vmID string) (vmIface *current.Interface, tapIface *current.Interface, err error)
- type FilterNotFoundError
- type LinkNotFoundError
- type MockLink
- type MockNetNS
- type MockNetlinkOps
- func (m *MockNetlinkOps) AddIngressQdisc(link netlink.Link) error
- func (m *MockNetlinkOps) AddRedirectFilter(sourceLink netlink.Link, targetLink netlink.Link) error
- func (m *MockNetlinkOps) CreateTap(name string, mtu int, ownerUID, ownerGID int) (netlink.Link, error)
- func (m *MockNetlinkOps) GetIngressQdisc(sourceLink netlink.Link) (netlink.Qdisc, error)
- func (m *MockNetlinkOps) GetLink(name string) (netlink.Link, error)
- func (m *MockNetlinkOps) GetRedirectFilter(sourceLink netlink.Link, targetLink netlink.Link) (netlink.Filter, error)
- func (m *MockNetlinkOps) RemoveIngressQdisc(sourceLink netlink.Link) error
- func (m *MockNetlinkOps) RemoveLink(name string) error
- type NetlinkOps
- type QdiscNotFoundError
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FilterBySandbox ¶
func FilterBySandbox( sandbox string, ifaces ...*current.Interface, ) (in []*current.Interface, out []*current.Interface)
FilterBySandbox returns scans the provided list of interfaces and returns two lists: the first are a list of interfaces with the provided sandboxID, the second are the other interfaces not in that sandboxID.
func IfacesWithName ¶
IfacesWithName scans the provided list of ifaces and returns the ones with the provided name
func InterfaceIPs ¶
InterfaceIPs returns the IPs associated with the interface possessing the provided name and sandbox.
func RootFilterHandle ¶
func RootFilterHandle() uint32
RootFilterHandle returns a u32 filter handle representing the root of the Qdisc. It's defined as a func so it can be immutable even though the value is retrieved through the netlink library
func VMTapPair ¶
func VMTapPair( result *current.Result, vmID string, ) ( vmIface *current.Interface, tapIface *current.Interface, err error, )
VMTapPair takes a CNI result and returns the vm iface and the tap iface corresponding to the provided vmID. See the vmconf package docs for details on the expected vm and tap iface configurations.
Types ¶
type FilterNotFoundError ¶
type FilterNotFoundError struct {
// contains filtered or unexported fields
}
func (FilterNotFoundError) Error ¶
func (e FilterNotFoundError) Error() string
type LinkNotFoundError ¶
type LinkNotFoundError struct {
// contains filtered or unexported fields
}
func (LinkNotFoundError) Error ¶
func (e LinkNotFoundError) Error() string
type MockNetNS ¶
MockNetNS provides a mocked out ns.NetNS implementation that just executes callbacks in the host netns (to avoid permissions issues that require root to resolve).
type MockNetlinkOps ¶
type MockNetlinkOps struct { // CreatedTap is the mock tap device object that will be returned by the mock methods CreatedTap netlink.Link // RedirectIface is the mock device object that will be returned by the mock methods as the // device with which the tap has a filter redirection with. RedirectIface netlink.Link // AddIngressQdiscErr is an error that will be returned from all AddIngressQdisc calls AddIngressQdiscErr error // GetIngressQdiscErr is an error that will be returned from all GetIngressQdisc calls GetIngressQdiscErr error // RemoveIngressQdiscErr is an error that will be returned from all RemoveIngressQdisc calls RemoveIngressQdiscErr error // RemoveIngressQdiscCalls records the args provided to each call to RemoveIngressQdisc RemoveIngressQdiscCalls []netlink.Link // AddRedirectFilterErr is an error that will be returned from all AddRedirectFilter calls AddRedirectFilterErr error // GetRedirectFilterErr is an error that will be returned from all GetRedirectFilter calls GetRedirectFilterErr error // CreateTapErr is an error that will be returned from all CreateTap calls CreateTapErr error // RemoveLinkErr is an error that will be returned from all RemoveLink calls RemoveLinkErr error // RemoveLinkCalls records the args provided to each call to RemoveLink RemoveLinkCalls []string // GetLinkErr is an error that will be returned from all GetLink calls GetLinkErr error }
MockNetlinkOps provides a no-op implementation of the NetlinkOps interface
func (*MockNetlinkOps) AddIngressQdisc ¶
func (m *MockNetlinkOps) AddIngressQdisc(link netlink.Link) error
AddIngressQdisc does nothing and returns an error if configured to do so (otherwise nil)
func (*MockNetlinkOps) AddRedirectFilter ¶
AddRedirectFilter does nothing and returns an error if configured to do so (otherwise nil)
func (*MockNetlinkOps) CreateTap ¶
func (m *MockNetlinkOps) CreateTap(name string, mtu int, ownerUID, ownerGID int) (netlink.Link, error)
CreateTap returns the configured mock tap link and/or a configured error
func (*MockNetlinkOps) GetIngressQdisc ¶
GetIngressQdisc does nothing and returns an error if configured to do so (otherwise nil)
func (*MockNetlinkOps) GetLink ¶
func (m *MockNetlinkOps) GetLink(name string) (netlink.Link, error)
GetLink returns CreatedTap if provided the name of CreatedTap, RedirectIface if provided the name of RedirectIface or otherwise a netlink.LinkNotFoundError
func (*MockNetlinkOps) GetRedirectFilter ¶
func (m *MockNetlinkOps) GetRedirectFilter(sourceLink netlink.Link, targetLink netlink.Link) (netlink.Filter, error)
GetRedirectFilter does nothing and returns an error if configured to do so (otherwise nil)
func (*MockNetlinkOps) RemoveIngressQdisc ¶
func (m *MockNetlinkOps) RemoveIngressQdisc(sourceLink netlink.Link) error
RemoveIngressQdisc does nothing and returns an error if configured to do so (otherwise nil)
func (*MockNetlinkOps) RemoveLink ¶
func (m *MockNetlinkOps) RemoveLink(name string) error
RemoveLink returns a nil error if provided the name of CreatedTap or RedirectIface. Otherwise it returns a LinkNotFoundError.
type NetlinkOps ¶
type NetlinkOps interface { // CreateTap will create a tap device configured as expected by the tc-redirect-tap plugin for // use by a Firecracker VM. It sets the tap in the up state and with the provided MTU. CreateTap(name string, mtu int, ownerUID int, ownerGID int) (netlink.Link, error) // AddIngressQdisc adds a qdisc to the ingress queue of the provided device. AddIngressQdisc(link netlink.Link) error // GetIngressQdisc looks for an ingress qdisc matching the one added by AddIngressQdisc, // returning it if found. If not found, it returns a QdiscNotFoundError GetIngressQdisc(link netlink.Link) (netlink.Qdisc, error) // RemoveIngressQdisc removes the ingress qdisc added by AddIngressQdisc from the provided // device. It returns a QdiscNotFoundError if the expected qdisc is not attached to the // provided device. RemoveIngressQdisc(link netlink.Link) error // AddRedirectFilter adds a u32 redirect filter to the provided sourceLink that redirects // packets from its ingress queue to the egress queue of the provided targetLink. It requires // that sourceLink have an ingress qdisc attached prior to the call. AddRedirectFilter(sourceLink netlink.Link, targetLink netlink.Link) error // GetRedirectFilter looks for a u32 redirect filter matching the one added by // AddRedirectFilter, returning it if found. If not found, it returns a FilterNotFoundError GetRedirectFilter(sourceLink netlink.Link, targetLink netlink.Link) (netlink.Filter, error) // GetLink returns the netlink.Link for the device with the provided name, or a // LinkNotFoundError if no such device is found in the network namespace in which the call is // executed. GetLink(name string) (netlink.Link, error) // RemoveLink deletes the link with the provided device name. It returns LinkNotFoundError if // the link doesn't exist RemoveLink(name string) error }
NetlinkOps is an interface to the underlying low-level netlink operations that need to be performed by the tc-redirect-tap plugin. It helps keep the system-specific logic separate from the higher-level logic of the plugin. This makes writing unit tests easier and makes it easier to support multiple implementations of the underlying system code if the need ever arises.
The interfaces support setting up a tap device whose traffic is redirected with another device via a U32 tc filter. More background on qdiscs, TC and the idea behind the redirect setup can be found here: * Qdiscs+filters: http://tldp.org/HOWTO/Traffic-Control-HOWTO/components.html * U32 Filters: http://man7.org/linux/man-pages/man8/tc-u32.8.html * Using u32 redirects with taps: https://gist.github.com/mcastelino/7d85f4164ffdaf48242f9281bb1d0f9b
func DefaultNetlinkOps ¶
func DefaultNetlinkOps() NetlinkOps
DefaultNetlinkOps returns a standard implementation of NetlinkOps that performs the corresponding operations via standard netlink calls.
type QdiscNotFoundError ¶
type QdiscNotFoundError struct {
// contains filtered or unexported fields
}
func (QdiscNotFoundError) Error ¶
func (e QdiscNotFoundError) Error() string