Documentation ¶
Overview ¶
Copyright Istio Authors
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright Istio Authors ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- func CombineMatchers(values []string, matcher func(value string) []string) []string
- func ConfigureRoutes(cfg *config.Config) error
- func Flatten(lists ...[]string) []string
- func HandleDNSUDP(ops Ops, iptables *builder.IptablesRuleBuilder, ext dep.Dependencies, ...)
- type IptablesConfigurator
- type NetworkRange
- type Ops
- type UDPRuleApplier
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CombineMatchers ¶
func ConfigureRoutes ¶
func HandleDNSUDP ¶
func HandleDNSUDP( ops Ops, iptables *builder.IptablesRuleBuilder, ext dep.Dependencies, iptV, ipt6V *dep.IptablesVersion, proxyUID, proxyGID string, dnsServersV4 []string, dnsServersV6 []string, captureAllDNS bool, ownerGroupsFilter config.InterceptFilter, )
HandleDNSUDP is a helper function to tackle with DNS UDP specific operations. This helps the creation logic of DNS UDP rules in sync with the deletion.
Types ¶
type IptablesConfigurator ¶
type IptablesConfigurator struct {
// contains filtered or unexported fields
}
func NewIptablesConfigurator ¶
func NewIptablesConfigurator(cfg *config.Config, ext dep.Dependencies) *IptablesConfigurator
func (*IptablesConfigurator) Run ¶
func (cfg *IptablesConfigurator) Run() error
func (*IptablesConfigurator) VerifyIptablesState ¶
func (cfg *IptablesConfigurator) VerifyIptablesState(iptVer, ipt6Ver *dep.IptablesVersion) (bool, bool)
VerifyIptablesState function verifies the current iptables state against the expected state. The current state is considered equal to the expected state if the following three conditions are met:
- Every ISTIO_* chain in the expected state must also exist in the current state.
- Every ISTIO_* chain must have the same number of elements in both the current and expected state.
- Every rule in the expected state (whether it is in an ISTIO or non-ISTIO chain) must also exist in the current state. The verification is performed by using "iptables -C" on the rule produced by our iptables builder. No comparison of the parsed rules is done.
Note: The order of the rules is not checked and is not used to determine the equivalence of the two states. The function returns two boolean values, the first one indicates whether residues exist, and the second one indicates whether differences were found between the current and expected state.
type NetworkRange ¶
type UDPRuleApplier ¶
type UDPRuleApplier struct {
// contains filtered or unexported fields
}
func (UDPRuleApplier) Run ¶
func (f UDPRuleApplier) Run(args ...string)
func (UDPRuleApplier) RunV4 ¶
func (f UDPRuleApplier) RunV4(args ...string)
func (UDPRuleApplier) RunV6 ¶
func (f UDPRuleApplier) RunV6(args ...string)
func (UDPRuleApplier) WithChain ¶
func (f UDPRuleApplier) WithChain(chain string) UDPRuleApplier
func (UDPRuleApplier) WithTable ¶
func (f UDPRuleApplier) WithTable(table string) UDPRuleApplier