builder

package

v0.0.0-...-ce68545 Latest Latest Go to latest Published: Dec 19, 2024 License: Apache-2.0 Imports: 9 Imported by: 8

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/istio/istio

Documentation ¶

Index ¶

func BuildCleanupFromState(tableState map[string]struct{ ... }) [][]string
type IptablesRuleBuilder
- func NewIptablesRuleBuilder(cfg *config.Config) *IptablesRuleBuilder
type Rule
- func CheckRules(rules []Rule) []Rule
- func UndoRules(rules []Rule) []Rule
type Rules

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BuildCleanupFromState ¶

func BuildCleanupFromState(tableState map[string]struct{ Chains, Rules []string }) [][]string

BuildCustomCleanup generates a set of iptables commands to clean up unexpected leftover rules and chains. The function takes the current state of iptables, represented by a map of table names to their associated chains and rules. It first transforms the provided rules into corresponding undo rules. It then appends flush and delete commands for each ISTIO_* chain. This function is used to clean up any leftover state that does not match the iptables configuration.

Types ¶

type IptablesRuleBuilder ¶

type IptablesRuleBuilder struct {
	// contains filtered or unexported fields
}

IptablesRuleBuilder is an implementation for IptablesRuleBuilder interface

func NewIptablesRuleBuilder ¶

func NewIptablesRuleBuilder(cfg *config.Config) *IptablesRuleBuilder

NewIptablesBuilders creates a new IptablesRuleBuilder

func (*IptablesRuleBuilder) AppendRule ¶

func (rb *IptablesRuleBuilder) AppendRule(command iptableslog.Command, chain string, table string, params ...string) *IptablesRuleBuilder

func (*IptablesRuleBuilder) AppendRuleV4 ¶

func (rb *IptablesRuleBuilder) AppendRuleV4(command iptableslog.Command, chain string, table string, params ...string) *IptablesRuleBuilder

func (*IptablesRuleBuilder) AppendRuleV6 ¶

func (rb *IptablesRuleBuilder) AppendRuleV6(command iptableslog.Command, chain string, table string, params ...string) *IptablesRuleBuilder

func (*IptablesRuleBuilder) AppendVersionedRule ¶

func (rb *IptablesRuleBuilder) AppendVersionedRule(ipv4 string, ipv6 string, command iptableslog.Command, chain string, table string, params ...string)

AppendVersionedRule is a wrapper around AppendRule that substitutes an ipv4/ipv6 specific value in place in the params. This allows appending a dual-stack rule that has an IP value in it.

func (*IptablesRuleBuilder) BuildCheckV4 ¶

func (rb *IptablesRuleBuilder) BuildCheckV4() [][]string

func (*IptablesRuleBuilder) BuildCheckV6 ¶

func (rb *IptablesRuleBuilder) BuildCheckV6() [][]string

func (*IptablesRuleBuilder) BuildCleanupGuardrails ¶

func (rb *IptablesRuleBuilder) BuildCleanupGuardrails() [][]string

func (*IptablesRuleBuilder) BuildCleanupV4 ¶

func (rb *IptablesRuleBuilder) BuildCleanupV4() [][]string

func (*IptablesRuleBuilder) BuildCleanupV6 ¶

func (rb *IptablesRuleBuilder) BuildCleanupV6() [][]string

func (*IptablesRuleBuilder) BuildGuardrails ¶

func (rb *IptablesRuleBuilder) BuildGuardrails() [][]string

func (*IptablesRuleBuilder) BuildV4 ¶

func (rb *IptablesRuleBuilder) BuildV4() [][]string

func (*IptablesRuleBuilder) BuildV4Restore ¶

func (rb *IptablesRuleBuilder) BuildV4Restore() string

func (*IptablesRuleBuilder) BuildV6 ¶

func (rb *IptablesRuleBuilder) BuildV6() [][]string

func (*IptablesRuleBuilder) BuildV6Restore ¶

func (rb *IptablesRuleBuilder) BuildV6Restore() string

func (*IptablesRuleBuilder) GetStateFromSave ¶

func (rb *IptablesRuleBuilder) GetStateFromSave(data string) map[string]map[string][]string

getStateFromSave function takes a string in iptables-restore format and returns a map of the tables, chains, and rules. Note that if this function is used to parse iptables-save output, the rules may have changed since they were first applied as rules do not necessarily undergo a round-trip through the kernel in the same form. Therefore, these rules should not be used for any critical checks.

func (*IptablesRuleBuilder) InsertRule ¶

func (rb *IptablesRuleBuilder) InsertRule(command iptableslog.Command, chain string, table string, position int, params ...string) *IptablesRuleBuilder

func (*IptablesRuleBuilder) InsertRuleV4 ¶

func (rb *IptablesRuleBuilder) InsertRuleV4(command iptableslog.Command, chain string, table string, position int, params ...string) *IptablesRuleBuilder

func (*IptablesRuleBuilder) InsertRuleV6 ¶

func (rb *IptablesRuleBuilder) InsertRuleV6(command iptableslog.Command, chain string, table string, position int, params ...string) *IptablesRuleBuilder

type Rule ¶

type Rule struct {
	// contains filtered or unexported fields
}

Rule represents iptables rule - chain, table and options

func CheckRules ¶

func CheckRules(rules []Rule) []Rule

CheckRules generates a set of iptables rules that are used to verify the existence of the input rules. The function transforms -A/--append and -I/--insert flags into -C/--check flags while preserving the structure of other parameters. The transformation allows for checking whether the corresponding rules are already present in the iptables configuration.

func UndoRules ¶

func UndoRules(rules []Rule) []Rule

UndoRules generates the minimal set of rules that are necessary to undo the changes made by the input rules. The function transforms -A/--append and -I/--insert flags into -D/--delete flags while preserving the structure of other parameters. Non-jump rules in ISTIO_* chains are skipped as these chains will be flushed, but jump rules are retained to ensure proper reversal. Note: This function does not support converting rules with -D/--delete flags back to -A/-I flags.

type Rules ¶

type Rules struct {
	// contains filtered or unexported fields
}

Rules represents iptables for V4 and V6

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL