provider

package
v10.295.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2021 License: Apache-2.0 Imports: 9 Imported by: 7

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func TestIptablesPinned

func TestIptablesPinned(bpf string) error

TestIptablesPinned returns error if the kernel doesn't support bpf pinning in iptables

Types

type BaseIPTables

type BaseIPTables interface {
	// Append apends a rule to chain of table
	Append(table, chain string, rulespec ...string) error
	// Insert inserts a rule to a chain of table at the required pos
	Insert(table, chain string, pos int, rulespec ...string) error
	// Delete deletes a rule of a chain in the given table
	Delete(table, chain string, rulespec ...string) error
	// ListChains lists all the chains associated with a table
	ListChains(table string) ([]string, error)
	// ClearChain clears a chain in a table
	ClearChain(table, chain string) error
	// DeleteChain deletes a chain in the table. There should be no references to this chain
	DeleteChain(table, chain string) error
	// NewChain creates a new chain
	NewChain(table, chain string) error
	// ListRules lists the rules in the table/chain passed to it
	ListRules(table, chain string) ([]string, error)
}

BaseIPTables is the base interface of iptables functions.

type BatchProvider

type BatchProvider struct {
	sync.Mutex
	// contains filtered or unexported fields
}

BatchProvider uses iptables-restore to program ACLs

func NewCustomBatchProvider

func NewCustomBatchProvider(ipt BaseIPTables, commit func(buf *bytes.Buffer) error, batchTables []string) *BatchProvider

NewCustomBatchProvider is a custom batch provider wher the downstream iptables utility is provided by the caller. Very useful for testing the ACL functions with a mock.

func (*BatchProvider) Append

func (b *BatchProvider) Append(table, chain string, rulespec ...string) error

Append will append the provided rule to the local cache or call directly the iptables command depending on the table.

func (*BatchProvider) ClearChain

func (b *BatchProvider) ClearChain(table, chain string) error

ClearChain will clear the chains.

func (*BatchProvider) Commit

func (b *BatchProvider) Commit() error

Commit commits the rules to the system

func (*BatchProvider) Delete

func (b *BatchProvider) Delete(table, chain string, rulespec ...string) error

Delete will delete the rule from the local cache or the system.

func (*BatchProvider) DeleteChain

func (b *BatchProvider) DeleteChain(table, chain string) error

DeleteChain will delete the chains.

func (*BatchProvider) Insert

func (b *BatchProvider) Insert(table, chain string, pos int, rulespec ...string) error

Insert will insert the rule in the corresponding position in the local cache or call the corresponding iptables command, depending on the table.

func (*BatchProvider) ListChains

func (b *BatchProvider) ListChains(table string) ([]string, error)

ListChains will provide a list of the current chains.

func (*BatchProvider) ListRules

func (b *BatchProvider) ListRules(table, chain string) ([]string, error)

ListRules lists the rules in the table/chain passed to it

func (*BatchProvider) NewChain

func (b *BatchProvider) NewChain(table, chain string) error

NewChain creates a new chain.

func (*BatchProvider) ResetRules

func (b *BatchProvider) ResetRules(subs string) error

ResetRules resets the rules to the original form. It is implemented as "iptables-save | grep "-v" subs | iptables-restore"

func (*BatchProvider) RetrieveTable

func (b *BatchProvider) RetrieveTable() map[string]map[string][]string

RetrieveTable allows a caller to retrieve the final table. Mostly needed for debuging and unit tests.

type Ipset

type Ipset interface {
	Add(entry string, timeout int) error
	AddOption(entry string, option string, timeout int) error
	Del(entry string) error
	Destroy() error
	Flush() error
	Test(entry string) (bool, error)
}

Ipset is an abstraction of all the methods an implementation of userspace ipsets need to provide.

type IpsetProvider

type IpsetProvider interface {
	NewIpset(name string, ipsetType string, p *ipset.Params) (Ipset, error)
	GetIpset(name string) Ipset
	DestroyAll(prefix string) error
	ListIPSets() ([]string, error)
}

IpsetProvider returns a fabric for Ipset.

func NewGoIPsetProvider

func NewGoIPsetProvider() IpsetProvider

NewGoIPsetProvider Return a Go IPSet Provider

type IptablesProvider

type IptablesProvider interface {
	BaseIPTables
	// Commit will commit changes if it is a batch provider.
	Commit() error
	// RetrieveTable allows a caller to retrieve the final table.
	RetrieveTable() map[string]map[string][]string
	// ResetRules resets the rules to a state where rules with the substring subs are removed
	ResetRules(subs string) error
}

IptablesProvider is an abstraction of all the methods an implementation of userspace iptables need to provide.

func NewGoIPTablesProviderV4

func NewGoIPTablesProviderV4(batchTables []string, customChain string) (IptablesProvider, error)

NewGoIPTablesProviderV4 returns an IptablesProvider interface based on the go-iptables external package.

func NewGoIPTablesProviderV6

func NewGoIPTablesProviderV6(batchTables []string, customChain string) (IptablesProvider, error)

NewGoIPTablesProviderV6 returns an IptablesProvider interface based on the go-iptables external package.

type TestIpset

type TestIpset interface {
	Ipset
	MockAdd(t *testing.T, impl func(entry string, timeout int) error)
	MockAddOption(t *testing.T, impl func(entry string, option string, timeout int) error)
	MockDel(t *testing.T, impl func(entry string) error)
	MockDestroy(t *testing.T, impl func() error)
	MockFlush(t *testing.T, impl func() error)
	MockTest(t *testing.T, impl func(entry string) (bool, error))
}

TestIpset is a test implementation for Ipset

func NewTestIpset

func NewTestIpset() TestIpset

NewTestIpset returns a new TestManipulator.

type TestIpsetProvider

type TestIpsetProvider interface {
	IpsetProvider
	MockNewIpset(t *testing.T, impl func(name string, hasht string, p *ipset.Params) (Ipset, error))
	MockGetIpset(t *testing.T, impl func(name string) Ipset)
	MockDestroyAll(t *testing.T, impl func(string) error)
	MockListIPSets(t *testing.T, impl func() ([]string, error))
}

TestIpsetProvider is a test implementation for IpsetProvider

func NewTestIpsetProvider

func NewTestIpsetProvider() TestIpsetProvider

NewTestIpsetProvider returns a new TestManipulator.

type TestIptablesProvider

type TestIptablesProvider interface {
	IptablesProvider
	MockAppend(t *testing.T, impl func(table, chain string, rulespec ...string) error)
	MockInsert(t *testing.T, impl func(table, chain string, pos int, rulespec ...string) error)
	MockDelete(t *testing.T, impl func(table, chain string, rulespec ...string) error)
	MockListChains(t *testing.T, impl func(table string) ([]string, error))
	MockClearChain(t *testing.T, impl func(table, chain string) error)
	MockDeleteChain(t *testing.T, impl func(table, chain string) error)
	MockNewChain(t *testing.T, impl func(table, chain string) error)
	MockCommit(t *testing.T, impl func() error)
	MockReset(t *testing.T, impl func(subs string) error)
	MockListRules(t *testing.T, impl func(table, chain string) ([]string, error))
}

TestIptablesProvider is a test implementation for IptablesProvider

func NewTestIptablesProvider

func NewTestIptablesProvider() TestIptablesProvider

NewTestIptablesProvider returns a new TestManipulator.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL