constants

package
v0.0.0-...-d3afa35 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 26, 2024 License: Apache-2.0 Imports: 3 Imported by: 24

Documentation

Index

Constants

View Source 
const (
	MANGLE = "mangle"
	NAT    = "nat"
	FILTER = "filter"
	RAW    = "raw"
)

iptables tables

View Source 
const (
	INPUT       = "INPUT"
	OUTPUT      = "OUTPUT"
	FORWARD     = "FORWARD"
	PREROUTING  = "PREROUTING"
	POSTROUTING = "POSTROUTING"
)

Built-in iptables chains

View Source 
const (
	TCP = "tcp"
	UDP = "udp"

	TPROXY   = "TPROXY"
	RETURN   = "RETURN"
	ACCEPT   = "ACCEPT"
	REDIRECT = "REDIRECT"
	MARK     = "MARK"
	CT       = "CT"
	DROP     = "DROP"
)

Constants used for generating iptables commands

View Source 
const (
	ISTIOOUTPUT     = "ISTIO_OUTPUT"
	ISTIOINBOUND    = "ISTIO_INBOUND"
	ISTIODIVERT     = "ISTIO_DIVERT"
	ISTIOTPROXY     = "ISTIO_TPROXY"
	ISTIOREDIRECT   = "ISTIO_REDIRECT"
	ISTIOINREDIRECT = "ISTIO_IN_REDIRECT"
	ISTIODROP       = "ISTIO_DROP"
)

iptables chains

View Source 
const (
	InboundInterceptionMode   = "istio-inbound-interception-mode"
	InboundTProxyMark         = "istio-inbound-tproxy-mark"
	InboundTProxyRouteTable   = "istio-inbound-tproxy-route-table"
	InboundPorts              = "istio-inbound-ports"
	LocalExcludePorts         = "istio-local-exclude-ports"
	ExcludeInterfaces         = "istio-exclude-interfaces"
	ServiceCidr               = "istio-service-cidr"
	ServiceExcludeCidr        = "istio-service-exclude-cidr"
	OutboundPorts             = "istio-outbound-ports"
	LocalOutboundPortsExclude = "istio-local-outbound-ports-exclude"
	EnvoyPort                 = "envoy-port"
	InboundCapturePort        = "inbound-capture-port"
	InboundTunnelPort         = "inbound-tunnel-port"
	ProxyUID                  = "proxy-uid"
	ProxyGID                  = "proxy-gid"
	RerouteVirtualInterfaces  = "kube-virt-interfaces"
	DryRun                    = "dry-run"
	TraceLogging              = "iptables-trace-logging"
	SkipRuleApply             = "skip-rule-apply"
	RunValidation             = "run-validation"
	IptablesProbePort         = "iptables-probe-port"
	ProbeTimeout              = "probe-timeout"
	RedirectDNS               = "redirect-dns"
	DropInvalid               = "drop-invalid"
	DualStack                 = "dual-stack"
	CaptureAllDNS             = "capture-all-dns"
	NetworkNamespace          = "network-namespace"
	CNIMode                   = "cni-mode"
	Reconcile                 = "reconcile"
	CleanupOnly               = "cleanup-only"
	ForceApply                = "force-apply"
)

Constants used in cobra/viper CLI

View Source 
const (
	DefaultProxyUID    = "1337"
	DefaultProxyUIDInt = int64(1337)
)
View Source 
const (
	DefaultIptablesProbePortUint = 15002
	DefaultProbeTimeout          = 5 * time.Second
)
View Source 
const (
	ValidationContainerName = "istio-validation"
	ValidationErrorCode     = 126
)
View Source 
const (
	EnvoyUser = "ENVOY_USER"
)

Constants used in environment variables

View Source 
const (
	// IPVersionSpecific is used as an input to rules that will be replaced with an ip version (v4/v6)
	// specific value
	IPVersionSpecific = "PLACEHOLDER_IP_VERSION_SPECIFIC"
)
View Source 
const (
	IstioAgentDNSListenerPort = "15053"
)

DNS ports

View Source 
const (
	// sys/socket.h
	SoOriginalDst = 80
)

Constants for syscall

Variables

View Source 
var (
	HostIPv4LoopbackCidr = env.Register("ISTIO_OUTBOUND_IPV4_LOOPBACK_CIDR", "127.0.0.1/32",
		`IPv4 CIDR range used to identify outbound traffic on loopback interface intended for application container`)

	OwnerGroupsInclude = env.Register("ISTIO_OUTBOUND_OWNER_GROUPS", "*",
		`Comma separated list of groups whose outgoing traffic is to be redirected to Envoy.
A group can be specified either by name or by a numeric GID.
The wildcard character "*" can be used to configure redirection of traffic from all groups.`)

	OwnerGroupsExclude = env.Register("ISTIO_OUTBOUND_OWNER_GROUPS_EXCLUDE", "",
		`Comma separated list of groups whose outgoing traffic is to be excluded from redirection to Envoy.
A group can be specified either by name or by a numeric GID.
Only applies when traffic from all groups (i.e. "*") is being redirected to Envoy.`)

	IstioInboundInterceptionMode = env.Register("INBOUND_INTERCEPTION_MODE", "",
		`The mode used to redirect inbound connections to Envoy, either "REDIRECT" or "TPROXY"`)

	IstioInboundTproxyMark = env.Register("INBOUND_TPROXY_MARK", "",
		``)
)

Environment variables that deliberately have no equivalent command-line flags.

The variables are defined as env.Var for documentation purposes.

Use viper to resolve the value of the environment variable.

View Source 
var BuiltInChainsMap = sets.New(
	INPUT,
	OUTPUT,
	FORWARD,
	PREROUTING,
	POSTROUTING,
	ACCEPT,
	RETURN,
	DROP,
)

Functions

This section is empty.

Types

type IptablesCmd 

type IptablesCmd int

type of iptables operation/command to run, as an enum the implementation will choose the correct underlying binary, so callers should just use these enums to indicate what they want to do. 

const (
	IPTables        IptablesCmd = iota
	IPTablesSave    IptablesCmd = iota
	IPTablesRestore IptablesCmd = iota
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.