capture

package
v0.0.0-...-5ca501d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 7, 2025 License: Apache-2.0 Imports: 14 Imported by: 7

Documentation

Overview

Copyright Istio Authors

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CombineMatchers

func CombineMatchers(values []string, matcher func(value string) []string) []string

func ConfigureRoutes

func ConfigureRoutes(cfg *config.Config) error

func Flatten

func Flatten(lists ...[]string) []string

func HandleDNSUDP

func HandleDNSUDP(
	ops Ops, iptables *builder.IptablesRuleBuilder, ext dep.Dependencies,
	iptV, ipt6V *dep.IptablesVersion, proxyUID, proxyGID string, dnsServersV4 []string, dnsServersV6 []string, captureAllDNS bool,
	ownerGroupsFilter config.InterceptFilter,
)

HandleDNSUDP is a helper function to tackle with DNS UDP specific operations. This helps the creation logic of DNS UDP rules in sync with the deletion.

func HasIstioLeftovers

func HasIstioLeftovers(state map[string]map[string][]string) map[string]struct{ Chains, Rules []string }

HasIstioLeftovers checks the given iptables state for any chains or rules related to Istio. It scans the provided map of tables, chains, and rules to identify any chains that start with the "ISTIO_" prefix, as well as any rules that involve Istio-specific jumps. The function returns a map where the keys are the tables, and the values are structs containing the leftover "ISTIO_" chains and jump rules for each table. Only tables with Istio-related leftovers are included in the result.

func VerifyIptablesState

func VerifyIptablesState(log *istiolog.Scope, ext dep.Dependencies, ruleBuilder *builder.IptablesRuleBuilder,
	iptVer, ipt6Ver *dep.IptablesVersion,
) (bool, bool)

VerifyIptablesState function verifies the current iptables state against the expected state. The current state is considered equal to the expected state if the following three conditions are met:

  • Every ISTIO_* chain in the expected state must also exist in the current state.
  • Every ISTIO_* chain must have the same number of elements in both the current and expected state.
  • Every rule in the expected state (whether it is in an ISTIO or non-ISTIO chain) must also exist in the current state. The verification is performed by using "iptables -C" on the rule produced by our iptables builder. No comparison of the parsed rules is done.

Note: The order of the rules is not checked and is not used to determine the equivalence of the two states. The function returns two boolean values, the first one indicates whether residues exist, and the second one indicates whether differences were found between the current and expected state.

Types

type IptablesConfigurator

type IptablesConfigurator struct {
	// contains filtered or unexported fields
}

func NewIptablesConfigurator

func NewIptablesConfigurator(cfg *config.Config, ext dep.Dependencies) *IptablesConfigurator

func (*IptablesConfigurator) Run

func (cfg *IptablesConfigurator) Run() error

type NetworkRange

type NetworkRange struct {
	IsWildcard    bool
	CIDRs         []netip.Prefix
	HasLoopBackIP bool
}

type Ops

type Ops int
const (
	// AppendOps performs append operations of rules
	AppendOps Ops = iota
	// DeleteOps performs delete operations of rules
	DeleteOps
)

type UDPRuleApplier

type UDPRuleApplier struct {
	// contains filtered or unexported fields
}

func (UDPRuleApplier) Run

func (f UDPRuleApplier) Run(args ...string)

func (UDPRuleApplier) RunV4

func (f UDPRuleApplier) RunV4(args ...string)

func (UDPRuleApplier) RunV6

func (f UDPRuleApplier) RunV6(args ...string)

func (UDPRuleApplier) WithChain

func (f UDPRuleApplier) WithChain(chain string) UDPRuleApplier

func (UDPRuleApplier) WithTable

func (f UDPRuleApplier) WithTable(table string) UDPRuleApplier

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL