Documentation ¶
Overview ¶
Package iptables contains the necessary data structures and functions to interact with iptables and therefore insert/delete filter and NAT rules.
Index ¶
- Constants
- type IPTHandler
- func (h IPTHandler) EnsureChainRulesPerCluster(tep *netv1alpha1.TunnelEndpoint) error
- func (h IPTHandler) EnsureChainsPerCluster(clusterID string) error
- func (h IPTHandler) EnsureForwardExtRules(tep *netv1alpha1.TunnelEndpoint) error
- func (h IPTHandler) EnsurePostroutingRules(tep *netv1alpha1.TunnelEndpoint) error
- func (h IPTHandler) EnsurePreroutingRulesPerNatMapping(nm *netv1alpha1.NatMapping) error
- func (h IPTHandler) EnsurePreroutingRulesPerTunnelEndpoint(tep *netv1alpha1.TunnelEndpoint) error
- func (h IPTHandler) Init() error
- func (h IPTHandler) ListRulesInChain(chain string) ([]string, error)
- func (h IPTHandler) RemoveIPTablesConfigurationPerCluster(tep *netv1alpha1.TunnelEndpoint) error
- func (h IPTHandler) Terminate() error
- type IPTableRule
Constants ¶
const ( // MASQUERADE action constant. MASQUERADE = "MASQUERADE" // SNAT action constant. SNAT = "SNAT" // DNAT action constant. DNAT = "DNAT" // NETMAP action constant. NETMAP = "NETMAP" // ACCEPT action constant. ACCEPT = "ACCEPT" // DROP action constant. DROP = "DROP" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IPTHandler ¶
type IPTHandler struct {
// contains filtered or unexported fields
}
IPTHandler a handler that exposes all the functions needed to configure the iptables chains and rules.
func NewIPTHandler ¶
func NewIPTHandler() (IPTHandler, error)
NewIPTHandler return the iptables handler used to configure the iptables rules.
func (IPTHandler) EnsureChainRulesPerCluster ¶
func (h IPTHandler) EnsureChainRulesPerCluster(tep *netv1alpha1.TunnelEndpoint) error
EnsureChainRulesPerCluster reads TunnelEndpoint resource and makes sure that chain rules for the given cluster exist.
func (IPTHandler) EnsureChainsPerCluster ¶
func (h IPTHandler) EnsureChainsPerCluster(clusterID string) error
EnsureChainsPerCluster is used to be sure input, output, postrouting and prerouting chain for a given cluster are present in the NAT table and Filter table.
func (IPTHandler) EnsureForwardExtRules ¶ added in v0.6.0
func (h IPTHandler) EnsureForwardExtRules(tep *netv1alpha1.TunnelEndpoint) error
EnsureForwardExtRules makes sure that the forwarding rules for a given cluster are in place and updated.
func (IPTHandler) EnsurePostroutingRules ¶
func (h IPTHandler) EnsurePostroutingRules(tep *netv1alpha1.TunnelEndpoint) error
EnsurePostroutingRules makes sure that the postrouting rules for a given cluster are in place and updated.
func (IPTHandler) EnsurePreroutingRulesPerNatMapping ¶
func (h IPTHandler) EnsurePreroutingRulesPerNatMapping(nm *netv1alpha1.NatMapping) error
EnsurePreroutingRulesPerNatMapping makes sure that the prerouting rules extracted from a NatMapping resource are place and updated.
func (IPTHandler) EnsurePreroutingRulesPerTunnelEndpoint ¶
func (h IPTHandler) EnsurePreroutingRulesPerTunnelEndpoint(tep *netv1alpha1.TunnelEndpoint) error
EnsurePreroutingRulesPerTunnelEndpoint makes sure that the prerouting rules extracted from a TunnelEndpoint resource are place and updated.
func (IPTHandler) Init ¶
func (h IPTHandler) Init() error
Init function is called at startup of the operator. here we: create LIQONET-FORWARD in the filter table and insert it in the "FORWARD" chain. create LIQONET-INPUT in the filter table and insert it in the input chain. create LIQONET-POSTROUTING in the nat table and insert it in the "POSTROUTING" chain. create LIQONET-PREROUTING in the nat table and insert it in the "PREROUTING" chain.
func (IPTHandler) ListRulesInChain ¶
func (h IPTHandler) ListRulesInChain(chain string) ([]string, error)
ListRulesInChain is used to adjust the result returned by List of go-iptables.
func (IPTHandler) RemoveIPTablesConfigurationPerCluster ¶
func (h IPTHandler) RemoveIPTablesConfigurationPerCluster(tep *netv1alpha1.TunnelEndpoint) error
RemoveIPTablesConfigurationPerCluster clears and deletes input, forward, prerouting and postrouting chains for a remote cluster. In order to remove them, function first deletes related rules in LIQO-POSTROUTING, LIQO-PREROUTING, LIQO-FORWARD and LIQO-INPUT.
func (IPTHandler) Terminate ¶
func (h IPTHandler) Terminate() error
Terminate func is the counterpart of Init. It removes Liqo configuration from iptables.
type IPTableRule ¶
type IPTableRule []string
IPTableRule is a slice of string. This is the format used by module go-iptables.
func ParseRule ¶ added in v0.6.0
func ParseRule(rule string) (IPTableRule, error)
ParseRule parses a string rule in the format used by go-iptables.
func (IPTableRule) String ¶ added in v0.6.0
func (itr IPTableRule) String() string
String returns the string representation of the rule.