Documentation
¶
Index ¶
Constants ¶
const DebugLogLevel uint16 = 7
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
Owner Owner
Redirect Redirect
Ebpf Ebpf
// DropInvalidPackets when set will enable configuration which should drop
// packets in invalid states
DropInvalidPackets bool
// IPv6 when set will be used to configure iptables as well as ip6tables
IPv6 bool
// RuntimeStdout is the place where Any debugging, runtime information
// will be placed (os.Stdout by default)
RuntimeStdout io.Writer
// RuntimeStderr is the place where error, runtime information will be
// placed (os.Stderr by default)
RuntimeStderr io.Writer
// Verbose when set will generate iptables configuration with longer
// argument/flag names, additional comments etc.
Verbose bool
// DryRun when set will not execute, but just display instructions which
// otherwise would have served to install transparent proxy
DryRun bool
// Log is the place where configuration for logging iptables rules will
// be placed
Log LogConfig
}
func MergeConfigWithDefaults ¶
func (Config) ShouldCaptureAllDNS ¶
ShouldCaptureAllDNS is just a convenience function which can be used in iptables conditional command generations instead of inlining anonymous functions i.e. AppendIf(ShouldCaptureAllDNS, Match(...), Jump(Drop()))
func (Config) ShouldConntrackZoneSplit ¶
ShouldConntrackZoneSplit is a function which will check if DNS redirection and conntrack zone splitting settings are enabled (return false if not), and then will verify if there is conntrack iptables extension available to apply the DNS conntrack zone splitting iptables rules
func (Config) ShouldDropInvalidPackets ¶
ShouldDropInvalidPackets is just a convenience function which can be used in iptables conditional command generations instead of inlining anonymous functions i.e. AppendIf(ShouldDropInvalidPackets, Match(...), Jump(Drop()))
func (Config) ShouldRedirectDNS ¶
ShouldRedirectDNS is just a convenience function which can be used in iptables conditional command generations instead of inlining anonymous functions i.e. AppendIf(ShouldRedirectDNS, Match(...), Jump(Drop()))
type Redirect ¶
type Redirect struct {
// NamePrefix is a prefix which will be used go generate chains name
NamePrefix string
Inbound TrafficFlow
Outbound TrafficFlow
DNS DNS
}
type TrafficFlow ¶
type TrafficFlow struct {
Enabled bool
Port uint16
PortIPv6 uint16
Chain Chain
RedirectChain Chain
ExcludePorts []uint16
ExcludePortsForUIDs []UIDsToPorts
IncludePorts []uint16
}
TrafficFlow is a struct for Inbound/Outbound configuration
type UIDsToPorts ¶ added in v0.6.0
type UIDsToPorts struct {
Protocol string
UIDs ValueOrRangeList
Ports ValueOrRangeList
}
type ValueOrRangeList ¶ added in v0.6.0
type ValueOrRangeList string
ValueOrRangeList is a format acceptable by iptables in which single values are denoted by just a number e.g. 1000 multiple values (lists) are denoted by a number separated by a comma e.g. 1000,1001 ranges are denoted by a colon e.g. 1000:1003 meaning 1000,1001,1002,1003 ranges and multiple values can be mixed e.g. 1000,1005:1006 meaning 1000,1005,1006
Source Files