builder

package
v0.0.0-...-1d35728 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 27, 2024 License: Apache-2.0 Imports: 9 Imported by: 8

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BuildCleanupFromState

func BuildCleanupFromState(tableState map[string]struct{ Chains, Rules []string }) [][]string

BuildCustomCleanup generates a set of iptables commands to clean up unexpected leftover rules and chains. The function takes the current state of iptables, represented by a map of table names to their associated chains and rules. It first transforms the provided rules into corresponding undo rules. It then appends flush and delete commands for each ISTIO_* chain. This function is used to clean up any leftover state that does not match the iptables configuration.

Types

type IptablesRuleBuilder

type IptablesRuleBuilder struct {
	// contains filtered or unexported fields
}

IptablesRuleBuilder is an implementation for IptablesRuleBuilder interface

func NewIptablesRuleBuilder

func NewIptablesRuleBuilder(cfg *config.Config) *IptablesRuleBuilder

NewIptablesBuilders creates a new IptablesRuleBuilder

func (*IptablesRuleBuilder) AppendRule

func (rb *IptablesRuleBuilder) AppendRule(command iptableslog.Command, chain string, table string, params ...string) *IptablesRuleBuilder

func (*IptablesRuleBuilder) AppendRuleV4

func (rb *IptablesRuleBuilder) AppendRuleV4(command iptableslog.Command, chain string, table string, params ...string) *IptablesRuleBuilder

func (*IptablesRuleBuilder) AppendRuleV6

func (rb *IptablesRuleBuilder) AppendRuleV6(command iptableslog.Command, chain string, table string, params ...string) *IptablesRuleBuilder

func (*IptablesRuleBuilder) AppendVersionedRule

func (rb *IptablesRuleBuilder) AppendVersionedRule(ipv4 string, ipv6 string, command iptableslog.Command, chain string, table string, params ...string)

AppendVersionedRule is a wrapper around AppendRule that substitutes an ipv4/ipv6 specific value in place in the params. This allows appending a dual-stack rule that has an IP value in it.

func (*IptablesRuleBuilder) BuildCheckV4

func (rb *IptablesRuleBuilder) BuildCheckV4() [][]string

func (*IptablesRuleBuilder) BuildCheckV6

func (rb *IptablesRuleBuilder) BuildCheckV6() [][]string

func (*IptablesRuleBuilder) BuildCleanupGuardrails

func (rb *IptablesRuleBuilder) BuildCleanupGuardrails() [][]string

func (*IptablesRuleBuilder) BuildCleanupV4

func (rb *IptablesRuleBuilder) BuildCleanupV4() [][]string

func (*IptablesRuleBuilder) BuildCleanupV6

func (rb *IptablesRuleBuilder) BuildCleanupV6() [][]string

func (*IptablesRuleBuilder) BuildGuardrails

func (rb *IptablesRuleBuilder) BuildGuardrails() [][]string

func (*IptablesRuleBuilder) BuildV4

func (rb *IptablesRuleBuilder) BuildV4() [][]string

func (*IptablesRuleBuilder) BuildV4Restore

func (rb *IptablesRuleBuilder) BuildV4Restore() string

func (*IptablesRuleBuilder) BuildV6

func (rb *IptablesRuleBuilder) BuildV6() [][]string

func (*IptablesRuleBuilder) BuildV6Restore

func (rb *IptablesRuleBuilder) BuildV6Restore() string

func (*IptablesRuleBuilder) GetStateFromSave

func (rb *IptablesRuleBuilder) GetStateFromSave(data string) map[string]map[string][]string

getStateFromSave function takes a string in iptables-restore format and returns a map of the tables, chains, and rules. Note that if this function is used to parse iptables-save output, the rules may have changed since they were first applied as rules do not necessarily undergo a round-trip through the kernel in the same form. Therefore, these rules should not be used for any critical checks.

func (*IptablesRuleBuilder) InsertRule

func (rb *IptablesRuleBuilder) InsertRule(command iptableslog.Command, chain string, table string, position int, params ...string) *IptablesRuleBuilder

func (*IptablesRuleBuilder) InsertRuleV4

func (rb *IptablesRuleBuilder) InsertRuleV4(command iptableslog.Command, chain string, table string, position int, params ...string) *IptablesRuleBuilder

func (*IptablesRuleBuilder) InsertRuleV6

func (rb *IptablesRuleBuilder) InsertRuleV6(command iptableslog.Command, chain string, table string, position int, params ...string) *IptablesRuleBuilder

type Rule

type Rule struct {
	// contains filtered or unexported fields
}

Rule represents iptables rule - chain, table and options

func CheckRules

func CheckRules(rules []Rule) []Rule

CheckRules generates a set of iptables rules that are used to verify the existence of the input rules. The function transforms -A/--append and -I/--insert flags into -C/--check flags while preserving the structure of other parameters. The transformation allows for checking whether the corresponding rules are already present in the iptables configuration.

func UndoRules

func UndoRules(rules []Rule) []Rule

UndoRules generates the minimal set of rules that are necessary to undo the changes made by the input rules. The function transforms -A/--append and -I/--insert flags into -D/--delete flags while preserving the structure of other parameters. Non-jump rules in ISTIO_* chains are skipped as these chains will be flushed, but jump rules are retained to ensure proper reversal. Note: This function does not support converting rules with -D/--delete flags back to -A/-I flags.

type Rules

type Rules struct {
	// contains filtered or unexported fields
}

Rules represents iptables for V4 and V6

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL