The highest tagged major version is v5.

isolation

package

v2.4.0-bind Latest Latest Go to latest Published: Jul 15, 2020 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

gitlab.com/NickCao/RAIT/v2

Documentation ¶

Rendered for

Overview ¶

Package isolation provides primitives for isolating overlay from underlay

Index ¶

func LinkIn(list []*LinkAttrs, item *LinkAttrs) bool
func LinkString(links []*LinkAttrs) (stringed []string)
func NetNSFromName(name string) (netns.NsHandle, error)
func NetlinkFromName(name string) (*netlink.Handle, error)
func Register(name string, fn func(string, string) (Isolation, error))
type Isolation
- func NewIsolation(kind, transitScope, interfaceScope string) (Isolation, error)
- func NewNetnsIsolation(transitNamespace, interfaceNamespace string) (Isolation, error)
type LinkAttrs
- func LinkFilter(links []*LinkAttrs, filterFunc func(*LinkAttrs) bool) (filtered []*LinkAttrs)
type NetnsIsolation

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func LinkIn ¶ added in v2.4.0

func LinkIn(list []*LinkAttrs, item *LinkAttrs) bool

func LinkString ¶ added in v2.4.0

func LinkString(links []*LinkAttrs) (stringed []string)

func NetNSFromName ¶ added in v2.4.0

func NetNSFromName(name string) (netns.NsHandle, error)

NetNSFromName creates and returns named network namespace, or the current namespace if no name is specified

func NetlinkFromName ¶

func NetlinkFromName(name string) (*netlink.Handle, error)

NetlinkFromName returns netlink handle created in the specified netns

func Register ¶ added in v2.4.0

func Register(name string, fn func(string, string) (Isolation, error))

Register registers a isolation type into a internal registry to be used by NewIsolation

Types ¶

type Isolation ¶

type Isolation interface {
	// LinkEnsure ensures the existence and state of the given link is as expected
	// this method should be idempotent as it's also used to sync the state of links
	LinkEnsure(attrs *LinkAttrs, config wgtypes.Config) error
	// LinkAbsent ensures the absence of the given link
	LinkAbsent(attrs *LinkAttrs) error
	// LinkList returns the wireguard links as seen by the isolation
	LinkList() ([]*LinkAttrs, error)
}

Isolation represents a management interface for wireguard links together with the isolation technique employed to isolate overlay from underlay

func NewIsolation ¶ added in v2.4.0

func NewIsolation(kind, transitScope, interfaceScope string) (Isolation, error)

NewIsolation provides a unified constructor for concrete implementations current supported isolation types are netns and vrf

func NewNetnsIsolation ¶

func NewNetnsIsolation(transitNamespace, interfaceNamespace string) (Isolation, error)

NewNetnsIsolation takes two arguments: transit and interface namespace the creation of netns is handled internally the links and sockets will be created in the transit namespace and the links will be moved into the interface namespace

type LinkAttrs ¶ added in v2.4.0

type LinkAttrs struct {
	MTU   int
	Name  string
	Group int
}

LinkAttrs represents a single link managed by isolation

func LinkFilter ¶ added in v2.4.0

func LinkFilter(links []*LinkAttrs, filterFunc func(*LinkAttrs) bool) (filtered []*LinkAttrs)

type NetnsIsolation ¶

type NetnsIsolation struct {
	// contains filtered or unexported fields
}

NetnsIsolation is the recommended implementation as by the wireguard developers It keeps the wireguard sockets and interfaces in different netns to facilitate isolation

func (*NetnsIsolation) LinkAbsent ¶

func (i *NetnsIsolation) LinkAbsent(attrs *LinkAttrs) error

func (*NetnsIsolation) LinkEnsure ¶

func (i *NetnsIsolation) LinkEnsure(attrs *LinkAttrs, config wgtypes.Config) (err error)

func (*NetnsIsolation) LinkList ¶ added in v2.4.0

func (i *NetnsIsolation) LinkList() ([]*LinkAttrs, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL