Documentation ¶
Index ¶
- Constants
- Variables
- func NewRuleChainDescriptor(scheduler kvs.KVScheduler, ipTablesHandler linuxcalls.IPTablesAPI, ...) *kvs.KVDescriptor
- type RuleChainDescriptor
- func (d *RuleChainDescriptor) Create(key string, rch *linux_iptables.RuleChain) (metadata interface{}, err error)
- func (d *RuleChainDescriptor) Delete(key string, rch *linux_iptables.RuleChain, metadata interface{}) error
- func (d *RuleChainDescriptor) Dependencies(key string, rch *linux_iptables.RuleChain) []kvs.Dependency
- func (d *RuleChainDescriptor) EquivalentRuleChains(key string, oldRCh, newRch *linux_iptables.RuleChain) bool
- func (d *RuleChainDescriptor) Retrieve(correlate []adapter.RuleChainKVWithMetadata) ([]adapter.RuleChainKVWithMetadata, error)
- func (d *RuleChainDescriptor) Validate(key string, rch *linux_iptables.RuleChain) (err error)
Constants ¶
View Source
const (
// RuleChainDescriptorName is the name of the descriptor for Linux iptables rule chains.
RuleChainDescriptorName = "linux-ipt-rulechain-descriptor"
)
Variables ¶
View Source
var ( // ErrCustomChainWithoutName is returned when the chain name is not provided for the custom iptables chain. ErrCustomChainWithoutName = errors.New("iptables chain of type CUSTOM defined without chain name") // ErrInvalidChainForTable is returned when the chain is not valid for the provided table. ErrInvalidChainForTable = errors.New("provided chain is not valid for the provided table") // ErrDefaultPolicyOnNonFilterRule is returned when a default policy is applied on a table different to FILTER. ErrDefaultPolicyOnNonFilterRule = errors.New("iptables default policy can be only applied on FILTER tables") // ErrDefaultPolicyOnCustomChain is returned when a default policy is applied on a custom chain, which is not allowed in iptables. ErrDefaultPolicyOnCustomChain = errors.New("iptables default policy cannot be applied on custom chains") )
A list of non-retriable errors:
Functions ¶
func NewRuleChainDescriptor ¶
func NewRuleChainDescriptor( scheduler kvs.KVScheduler, ipTablesHandler linuxcalls.IPTablesAPI, nsPlugin nsplugin.API, log logging.PluginLogger, goRoutinesCnt int, minRuleCountForPerfRuleAddition int) *kvs.KVDescriptor
NewRuleChainDescriptor creates a new instance of the iptables RuleChain descriptor.
Types ¶
type RuleChainDescriptor ¶
type RuleChainDescriptor struct {
// contains filtered or unexported fields
}
RuleChainDescriptor teaches KVScheduler how to configure Linux iptables rule chains.
func (*RuleChainDescriptor) Create ¶
func (d *RuleChainDescriptor) Create(key string, rch *linux_iptables.RuleChain) (metadata interface{}, err error)
Create creates iptables rule chain.
func (*RuleChainDescriptor) Delete ¶
func (d *RuleChainDescriptor) Delete(key string, rch *linux_iptables.RuleChain, metadata interface{}) error
Delete removes iptables rule chain.
func (*RuleChainDescriptor) Dependencies ¶
func (d *RuleChainDescriptor) Dependencies(key string, rch *linux_iptables.RuleChain) []kvs.Dependency
Dependencies lists dependencies for a iptables rule chain.
func (*RuleChainDescriptor) EquivalentRuleChains ¶
func (d *RuleChainDescriptor) EquivalentRuleChains(key string, oldRCh, newRch *linux_iptables.RuleChain) bool
EquivalentRuleChains is a comparison function for two RuleChain entries.
func (*RuleChainDescriptor) Retrieve ¶
func (d *RuleChainDescriptor) Retrieve(correlate []adapter.RuleChainKVWithMetadata) ([]adapter.RuleChainKVWithMetadata, error)
Retrieve returns all iptables rule chain entries managed by this agent.
func (*RuleChainDescriptor) Validate ¶
func (d *RuleChainDescriptor) Validate(key string, rch *linux_iptables.RuleChain) (err error)
Validate validates iptables rule chain.
Click to show internal directories.
Click to hide internal directories.