capture

package

v0.0.0-...-ce68545 Latest Latest Go to latest Published: Dec 19, 2024 License: Apache-2.0 Imports: 14 Imported by: 7

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/istio/istio

Documentation ¶

Rendered for

Overview ¶

Copyright Istio Authors

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Copyright Istio Authors ¶

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index ¶

func CombineMatchers(values []string, matcher func(value string) []string) []string
func ConfigureRoutes(cfg *config.Config) error
func Flatten(lists ...[]string) []string
func HandleDNSUDP(ops Ops, iptables *builder.IptablesRuleBuilder, ext dep.Dependencies, ...)
func HasIstioLeftovers(state map[string]map[string][]string) map[string]struct{ ... }
func VerifyIptablesState(log *istiolog.Scope, ext dep.Dependencies, ...) (bool, bool)
type IptablesConfigurator
- func NewIptablesConfigurator(cfg *config.Config, ext dep.Dependencies) *IptablesConfigurator
- func (cfg *IptablesConfigurator) Run() error
type NetworkRange
type Ops
type UDPRuleApplier

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CombineMatchers ¶

func CombineMatchers(values []string, matcher func(value string) []string) []string

func ConfigureRoutes ¶

func ConfigureRoutes(cfg *config.Config) error

func Flatten ¶

func Flatten(lists ...[]string) []string

func HandleDNSUDP ¶

func HandleDNSUDP(
	ops Ops, iptables *builder.IptablesRuleBuilder, ext dep.Dependencies,
	iptV, ipt6V *dep.IptablesVersion, proxyUID, proxyGID string, dnsServersV4 []string, dnsServersV6 []string, captureAllDNS bool,
	ownerGroupsFilter config.InterceptFilter,
)

HandleDNSUDP is a helper function to tackle with DNS UDP specific operations. This helps the creation logic of DNS UDP rules in sync with the deletion.

func HasIstioLeftovers ¶

func HasIstioLeftovers(state map[string]map[string][]string) map[string]struct{ Chains, Rules []string }

HasIstioLeftovers checks the given iptables state for any chains or rules related to Istio. It scans the provided map of tables, chains, and rules to identify any chains that start with the "ISTIO_" prefix, as well as any rules that involve Istio-specific jumps. The function returns a map where the keys are the tables, and the values are structs containing the leftover "ISTIO_" chains and jump rules for each table. Only tables with Istio-related leftovers are included in the result.

func VerifyIptablesState ¶

func VerifyIptablesState(log *istiolog.Scope, ext dep.Dependencies, ruleBuilder *builder.IptablesRuleBuilder,
	iptVer, ipt6Ver *dep.IptablesVersion,
) (bool, bool)

VerifyIptablesState function verifies the current iptables state against the expected state. The current state is considered equal to the expected state if the following three conditions are met:

Every ISTIO_* chain in the expected state must also exist in the current state.
Every ISTIO_* chain must have the same number of elements in both the current and expected state.
Every rule in the expected state (whether it is in an ISTIO or non-ISTIO chain) must also exist in the current state. The verification is performed by using "iptables -C" on the rule produced by our iptables builder. No comparison of the parsed rules is done.

Note: The order of the rules is not checked and is not used to determine the equivalence of the two states. The function returns two boolean values, the first one indicates whether residues exist, and the second one indicates whether differences were found between the current and expected state.

Types ¶

type IptablesConfigurator ¶

type IptablesConfigurator struct {
	// contains filtered or unexported fields
}

func NewIptablesConfigurator ¶

func NewIptablesConfigurator(cfg *config.Config, ext dep.Dependencies) *IptablesConfigurator

func (*IptablesConfigurator) Run ¶

func (cfg *IptablesConfigurator) Run() error

type NetworkRange ¶

type NetworkRange struct {
	IsWildcard    bool
	CIDRs         []netip.Prefix
	HasLoopBackIP bool
}

type Ops ¶

type Ops int

const (
	// AppendOps performs append operations of rules
	AppendOps Ops = iota
	// DeleteOps performs delete operations of rules
	DeleteOps
)

type UDPRuleApplier ¶

type UDPRuleApplier struct {
	// contains filtered or unexported fields
}

func (UDPRuleApplier) Run ¶

func (f UDPRuleApplier) Run(args ...string)

func (UDPRuleApplier) RunV4 ¶

func (f UDPRuleApplier) RunV4(args ...string)

func (UDPRuleApplier) RunV6 ¶

func (f UDPRuleApplier) RunV6(args ...string)

func (UDPRuleApplier) WithChain ¶

func (f UDPRuleApplier) WithChain(chain string) UDPRuleApplier

func (UDPRuleApplier) WithTable ¶

func (f UDPRuleApplier) WithTable(table string) UDPRuleApplier

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL