iptables

package

v0.4.1 Latest Latest Go to latest Published: Feb 28, 2020 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/vmware-tanzu/antrea

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Client
- func NewClient(hostGateway string, serviceCIDR *net.IPNet, ...) *Client

Constants ¶

View Source

const (
	NATTable    = "nat"
	FilterTable = "filter"
	MangleTable = "mangle"
	RawTable    = "raw"

	AcceptTarget     = "ACCEPT"
	MasqueradeTarget = "MASQUERADE"
	MarkTarget       = "MARK"
	ConnTrackTarget  = "CT"

	PreRoutingChain        = "PREROUTING"
	ForwardChain           = "FORWARD"
	PostRoutingChain       = "POSTROUTING"
	AntreaForwardChain     = "ANTREA-FORWARD"
	AntreaPostRoutingChain = "ANTREA-POSTROUTING"
	AntreaMangleChain      = "ANTREA-MANGLE"
	AntreaRawChain         = "ANTREA-RAW"
)

Variables ¶

View Source

var (

	// RtTblSelectorValue selects which route table to use to forward service traffic back to host gateway gw0.
	RtTblSelectorValue = 1 << 11
)

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client knows how to set up host iptables rules Antrea requires.

func NewClient ¶

func NewClient(hostGateway string, serviceCIDR *net.IPNet, encapMode config.TrafficEncapModeType) *Client

NewClient constructs a Client instance for iptables operations.

func (*Client) AddPeerCIDR ¶ added in v0.4.0

func (c *Client) AddPeerCIDR(peerPodCIDR *net.IPNet, peerNodeIP net.IP) error

AddPeerCIDR adds iptables rules relevant to peerPodCIDR It's idempotent and can be safely called on every startup.

func (*Client) Initialize ¶ added in v0.4.0

func (c *Client) Initialize(nodeConfig *config.NodeConfig) error

Initialize sets up internal variables and ensures the iptables rules Antrea requires are set up. It's idempotent and can be safely called on every startup.

func (*Client) IsInRuleStore ¶ added in v0.4.0

func (c *Client) IsInRuleStore(table string, chain string, ruleSpec []string) bool

IsInRuleStore returns true if rule is in rule store.

func (*Client) PrintStoredRules ¶ added in v0.4.0

func (c *Client) PrintStoredRules() string

PrintStoredRules dumps stored ip rules for debugging.

func (*Client) Reconcile ¶ added in v0.4.0

func (c *Client) Reconcile() error

Reconcile removes stale antrea rules

Source Files ¶

View all Source files

iptables.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL