Documentation ¶
Index ¶
- Constants
- func RuleHashes(c *Chain, renderFunc ruleRenderFn, features *environment.Features) []string
- type Action
- type ActionFactory
- type AddrType
- type Chain
- type MatchCriteria
- type NoopTable
- func (t *NoopTable) AppendRules(chainName string, rules []Rule)
- func (t *NoopTable) Apply() time.Duration
- func (n *NoopTable) CheckRulesPresent(chain string, rules []Rule) []Rule
- func (t *NoopTable) IPVersion() uint8
- func (t *NoopTable) InsertOrAppendRules(chainName string, rules []Rule)
- func (n *NoopTable) InsertRulesNow(chainName string, rules []Rule) error
- func (t *NoopTable) InvalidateDataplaneCache(reason string)
- func (t *NoopTable) Name() string
- func (t *NoopTable) RemoveChainByName(name string)
- func (t *NoopTable) RemoveChains([]*Chain)
- func (t *NoopTable) UpdateChain(chain *Chain)
- func (t *NoopTable) UpdateChains([]*Chain)
- type RejectWith
- type ReturnActionMarker
- type Rule
- type RuleHasher
- type Table
- type TableSet
Constants ¶
View Source
const ( // Compromise: shorter is better for table occupancy and readability. Longer is better for // collision-resistance. 16 chars gives us 96 bits of entropy, which is fairly collision // resistant. HashLength = 16 )
Variables ¶
This section is empty.
Functions ¶
func RuleHashes ¶
func RuleHashes(c *Chain, renderFunc ruleRenderFn, features *environment.Features) []string
RuleHashes is a common helper function for generating a slice of hashes from a chain's rules. It relies on the caller passing the implementation appropriate renderFunc in order to render each Rule structure into a hashable string that uniquely identifies the rule.
Types ¶
type Action ¶
type Action interface { ToFragment(features *environment.Features) string String() string }
type ActionFactory ¶
type ActionFactory interface { Allow() Action Drop() Action GoTo(target string) Action Return() Action SetMark(mark uint32) Action SetMaskedMark(mark, mask uint32) Action ClearMark(mark uint32) Action Jump(target string) Action NoTrack() Action Log(prefix string) Action SNAT(ip string) Action DNAT(ip string, port uint16) Action Masq(toPorts string) Action SetConnmark(mark, mask uint32) Action Reject(with RejectWith) Action }
type Chain ¶
func (*Chain) IPSetNames ¶
type MatchCriteria ¶
type MatchCriteria interface { Render() string String() string MarkClear(mark uint32) MatchCriteria MarkNotClear(mark uint32) MatchCriteria MarkSingleBitSet(mark uint32) MatchCriteria MarkMatchesWithMask(mark, mask uint32) MatchCriteria NotMarkMatchesWithMask(mark, mask uint32) MatchCriteria InInterface(ifaceMatch string) MatchCriteria OutInterface(ifaceMatch string) MatchCriteria RPFCheckFailed() MatchCriteria IPVSConnection() MatchCriteria NotIPVSConnection() MatchCriteria NotSrcAddrType(addrType AddrType, limitIfaceOut bool) MatchCriteria SrcAddrType(addrType AddrType, limitIfaceOut bool) MatchCriteria DestAddrType(addrType AddrType) MatchCriteria NotDestAddrType(addrType AddrType) MatchCriteria ConntrackState(stateNames string) MatchCriteria NotConntrackState(stateNames string) MatchCriteria Protocol(name string) MatchCriteria NotProtocol(name string) MatchCriteria ProtocolNum(num uint8) MatchCriteria NotProtocolNum(num uint8) MatchCriteria SourceNet(net string) MatchCriteria NotSourceNet(net string) MatchCriteria DestNet(net string) MatchCriteria NotDestNet(net string) MatchCriteria SourceIPSet(name string) MatchCriteria NotSourceIPSet(name string) MatchCriteria SourceIPPortSet(name string) MatchCriteria NotSourceIPPortSet(name string) MatchCriteria DestIPSet(name string) MatchCriteria NotDestIPSet(name string) MatchCriteria DestIPPortSet(name string) MatchCriteria NotDestIPPortSet(name string) MatchCriteria IPSetNames() (ipSetNames []string) SourcePorts(ports ...uint16) MatchCriteria NotSourcePorts(ports ...uint16) MatchCriteria DestPort(port uint16) MatchCriteria DestPorts(ports ...uint16) MatchCriteria NotDestPorts(ports ...uint16) MatchCriteria SourcePortRanges(ports []*proto.PortRange) MatchCriteria NotSourcePortRanges(ports []*proto.PortRange) MatchCriteria DestPortRanges(ports []*proto.PortRange) MatchCriteria NotDestPortRanges(ports []*proto.PortRange) MatchCriteria ICMPType(t uint8) MatchCriteria NotICMPType(t uint8) MatchCriteria ICMPTypeAndCode(t, c uint8) MatchCriteria NotICMPTypeAndCode(t, c uint8) MatchCriteria ICMPV6Type(t uint8) MatchCriteria NotICMPV6Type(t uint8) MatchCriteria ICMPV6TypeAndCode(t, c uint8) MatchCriteria NotICMPV6TypeAndCode(t, c uint8) MatchCriteria // Only supported in nftables. InInterfaceVMAP(mapname string) MatchCriteria OutInterfaceVMAP(mapname string) MatchCriteria }
type NoopTable ¶
type NoopTable struct{}
NoopTable fulfils the Table interface but does nothing.
func NewNoopTable ¶
func NewNoopTable() *NoopTable
func (*NoopTable) AppendRules ¶
func (*NoopTable) CheckRulesPresent ¶
func (*NoopTable) InsertOrAppendRules ¶
func (*NoopTable) InsertRulesNow ¶
func (*NoopTable) InvalidateDataplaneCache ¶
func (*NoopTable) RemoveChainByName ¶
func (*NoopTable) RemoveChains ¶
func (*NoopTable) UpdateChain ¶
func (*NoopTable) UpdateChains ¶
type ReturnActionMarker ¶
type ReturnActionMarker interface {
IsReturnAction()
}
ReturnActionMarker is a marker interface for actions that return from a chain.
type Rule ¶
type Rule struct { Match MatchCriteria Action Action Comment []string }
type RuleHasher ¶
type RuleHasher interface {
RuleHashes(c *Chain, features *environment.Features) []string
}
type Table ¶
type Table interface { Name() string IPVersion() uint8 InsertOrAppendRules(chainName string, rules []Rule) AppendRules(chainName string, rules []Rule) UpdateChain(chain *Chain) UpdateChains([]*Chain) RemoveChains([]*Chain) RemoveChainByName(name string) InvalidateDataplaneCache(reason string) Apply() time.Duration InsertRulesNow(chainName string, rules []Rule) error CheckRulesPresent(chain string, rules []Rule) []Rule }
Table is a logical table of chains and rules.
Click to show internal directories.
Click to hide internal directories.