generictables

package
v1.11.0-cni-plu...-0112791 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 9, 2025 License: Apache-2.0, Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Compromise: shorter is better for table occupancy and readability. Longer is better for
	// collision-resistance.  16 chars gives us 96 bits of entropy, which is fairly collision
	// resistant.
	HashLength = 16
)

Variables

This section is empty.

Functions

func RuleHashes

func RuleHashes(c *Chain, renderFunc ruleRenderFn, features *environment.Features) []string

RuleHashes is a common helper function for generating a slice of hashes from a chain's rules. It relies on the caller passing the implementation appropriate renderFunc in order to render each Rule structure into a hashable string that uniquely identifies the rule.

Types

type Action

type Action interface {
	ToFragment(features *environment.Features) string
	String() string
}

type ActionFactory

type ActionFactory interface {
	Allow() Action
	Drop() Action
	GoTo(target string) Action
	Return() Action
	SetMark(mark uint32) Action
	SetMaskedMark(mark, mask uint32) Action
	ClearMark(mark uint32) Action
	Jump(target string) Action
	NoTrack() Action
	Log(prefix string) Action
	SNAT(ip string) Action
	DNAT(ip string, port uint16) Action
	Masq(toPorts string) Action
	SetConnmark(mark, mask uint32) Action
	Reject(with RejectWith) Action
}

type AddrType

type AddrType string
const (
	AddrTypeLocal AddrType = "LOCAL"
)

type Chain

type Chain struct {
	Name  string
	Rules []Rule
}

func (*Chain) IPSetNames

func (c *Chain) IPSetNames() (ipSetNames []string)

type MatchCriteria

type MatchCriteria interface {
	Render() string
	String() string
	MarkClear(mark uint32) MatchCriteria
	MarkNotClear(mark uint32) MatchCriteria
	MarkSingleBitSet(mark uint32) MatchCriteria
	MarkMatchesWithMask(mark, mask uint32) MatchCriteria
	NotMarkMatchesWithMask(mark, mask uint32) MatchCriteria
	InInterface(ifaceMatch string) MatchCriteria
	OutInterface(ifaceMatch string) MatchCriteria
	RPFCheckFailed() MatchCriteria
	IPVSConnection() MatchCriteria
	NotIPVSConnection() MatchCriteria
	NotSrcAddrType(addrType AddrType, limitIfaceOut bool) MatchCriteria
	SrcAddrType(addrType AddrType, limitIfaceOut bool) MatchCriteria
	DestAddrType(addrType AddrType) MatchCriteria
	NotDestAddrType(addrType AddrType) MatchCriteria
	ConntrackState(stateNames string) MatchCriteria
	NotConntrackState(stateNames string) MatchCriteria
	Protocol(name string) MatchCriteria
	NotProtocol(name string) MatchCriteria
	ProtocolNum(num uint8) MatchCriteria
	NotProtocolNum(num uint8) MatchCriteria
	SourceNet(net string) MatchCriteria
	NotSourceNet(net string) MatchCriteria
	DestNet(net string) MatchCriteria
	NotDestNet(net string) MatchCriteria
	SourceIPSet(name string) MatchCriteria
	NotSourceIPSet(name string) MatchCriteria
	SourceIPPortSet(name string) MatchCriteria
	NotSourceIPPortSet(name string) MatchCriteria
	DestIPSet(name string) MatchCriteria
	NotDestIPSet(name string) MatchCriteria
	DestIPPortSet(name string) MatchCriteria
	NotDestIPPortSet(name string) MatchCriteria
	IPSetNames() (ipSetNames []string)
	SourcePorts(ports ...uint16) MatchCriteria
	NotSourcePorts(ports ...uint16) MatchCriteria
	DestPort(port uint16) MatchCriteria
	DestPorts(ports ...uint16) MatchCriteria
	NotDestPorts(ports ...uint16) MatchCriteria
	SourcePortRanges(ports []*proto.PortRange) MatchCriteria
	NotSourcePortRanges(ports []*proto.PortRange) MatchCriteria
	DestPortRanges(ports []*proto.PortRange) MatchCriteria
	NotDestPortRanges(ports []*proto.PortRange) MatchCriteria
	ICMPType(t uint8) MatchCriteria
	NotICMPType(t uint8) MatchCriteria
	ICMPTypeAndCode(t, c uint8) MatchCriteria
	NotICMPTypeAndCode(t, c uint8) MatchCriteria
	ICMPV6Type(t uint8) MatchCriteria
	NotICMPV6Type(t uint8) MatchCriteria
	ICMPV6TypeAndCode(t, c uint8) MatchCriteria
	NotICMPV6TypeAndCode(t, c uint8) MatchCriteria

	// Only supported in nftables.
	InInterfaceVMAP(mapname string) MatchCriteria
	OutInterfaceVMAP(mapname string) MatchCriteria
}

type NoopTable

type NoopTable struct{}

NoopTable fulfils the Table interface but does nothing.

func NewNoopTable

func NewNoopTable() *NoopTable

func (*NoopTable) AppendRules

func (t *NoopTable) AppendRules(chainName string, rules []Rule)

func (*NoopTable) Apply

func (t *NoopTable) Apply() time.Duration

func (*NoopTable) CheckRulesPresent

func (n *NoopTable) CheckRulesPresent(chain string, rules []Rule) []Rule

func (*NoopTable) IPVersion

func (t *NoopTable) IPVersion() uint8

func (*NoopTable) InsertOrAppendRules

func (t *NoopTable) InsertOrAppendRules(chainName string, rules []Rule)

func (*NoopTable) InsertRulesNow

func (n *NoopTable) InsertRulesNow(chainName string, rules []Rule) error

func (*NoopTable) InvalidateDataplaneCache

func (t *NoopTable) InvalidateDataplaneCache(reason string)

func (*NoopTable) Name

func (t *NoopTable) Name() string

func (*NoopTable) RemoveChainByName

func (t *NoopTable) RemoveChainByName(name string)

func (*NoopTable) RemoveChains

func (t *NoopTable) RemoveChains([]*Chain)

func (*NoopTable) UpdateChain

func (t *NoopTable) UpdateChain(chain *Chain)

func (*NoopTable) UpdateChains

func (t *NoopTable) UpdateChains([]*Chain)

type RejectWith

type RejectWith string
const RejectWithTCPReset RejectWith = "tcp-reset"

type ReturnActionMarker

type ReturnActionMarker interface {
	IsReturnAction()
}

ReturnActionMarker is a marker interface for actions that return from a chain.

type Rule

type Rule struct {
	Match   MatchCriteria
	Action  Action
	Comment []string
}

type RuleHasher

type RuleHasher interface {
	RuleHashes(c *Chain, features *environment.Features) []string
}

type Table

type Table interface {
	Name() string
	IPVersion() uint8
	InsertOrAppendRules(chainName string, rules []Rule)
	AppendRules(chainName string, rules []Rule)
	UpdateChain(chain *Chain)
	UpdateChains([]*Chain)
	RemoveChains([]*Chain)
	RemoveChainByName(name string)
	InvalidateDataplaneCache(reason string)
	Apply() time.Duration
	InsertRulesNow(chainName string, rules []Rule) error
	CheckRulesPresent(chain string, rules []Rule) []Rule
}

Table is a logical table of chains and rules.

type TableSet

type TableSet interface {
	WithTable(name string) Table
}

TableSet is a collection of one or more logical tables.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL