Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( RouteGet = netlink.RouteGet LinkByIndex = netlink.LinkByIndex )
var ExcludeDNSIPRuleConfigs = []Config{ IPRuleConfig{ Rule: netlink.Rule{ Table: unix.RT_TABLE_MAIN, Priority: hairpinDNSRequestRulePriority, Dport: netlink.NewRulePortRange(53, 53), SuppressIfgroup: -1, SuppressPrefixlen: -1, Mark: -1, Mask: -1, Goto: -1, Flow: -1, }, RuleAdd: netlink.RuleAdd, RuleDel: netlink.RuleDel, RuleList: netlink.RuleList, }, IPRuleConfig{ Rule: netlink.Rule{ Table: unix.RT_TABLE_MAIN, Priority: hairpinDNSResponseRulePriority, Sport: netlink.NewRulePortRange(53, 53), SuppressIfgroup: -1, SuppressPrefixlen: -1, Mark: -1, Mask: -1, Goto: -1, Flow: -1, }, RuleAdd: netlink.RuleAdd, RuleDel: netlink.RuleDel, RuleList: netlink.RuleList, }, }
var ExcludeUDPIPRuleConfig = IPRuleConfig{ Rule: netlink.Rule{ Table: unix.RT_TABLE_MAIN, Priority: hairpinUDPRulePriority, IPProto: unix.IPPROTO_UDP, SuppressIfgroup: -1, SuppressPrefixlen: -1, Mark: -1, Mask: -1, Goto: -1, Flow: -1, }, RuleAdd: netlink.RuleAdd, RuleDel: netlink.RuleDel, RuleList: netlink.RuleList, }
var LocalTableRuleConfigs = []Config{ IPRuleConfig{ Rule: netlink.Rule{ Table: unix.RT_TABLE_LOCAL, Priority: localTableRulePriority, Dst: &loopbackDst, SuppressIfgroup: -1, SuppressPrefixlen: -1, Mark: -1, Mask: -1, Goto: -1, Flow: -1, }, RuleAdd: netlink.RuleAdd, RuleDel: netlink.RuleDel, RuleList: netlink.RuleList, }, IPRuleConfig{ Rule: netlink.Rule{ Table: unix.RT_TABLE_LOCAL, Priority: localTableRulePriority, Dst: &linkLocalNet, SuppressIfgroup: -1, SuppressPrefixlen: -1, Mark: -1, Mask: -1, Goto: -1, Flow: -1, }, RuleAdd: netlink.RuleAdd, RuleDel: netlink.RuleDel, RuleList: netlink.RuleList, }, }
LocalTableRuleConfigs are needed to enforce necessary traffic to go through the local routing table. This is required when our policy routing configs are installed with a high priority than the default local rule. Notably some additional configs will be rendered dynamically and appended during init time.
var PolicyRoutingConfigSet = Set{ false, "PolicyRouting", nil, }
PolicyRoutingConfigSet defines the Policy Routing rules
var SourceValidMarkConfig = SysctlConfig{ Key: sysctlSrcValidMark, Value: "1", DefaultValue: "0", SysctlFunc: sysctl.Sysctl, }
Functions ¶
func InitPolicyRouting ¶ added in v0.10.2
InitPolicyRouting performs necessary initialization for policy routing. It should be called before running the policy routing enforcement loop.
Types ¶
type IPRouteConfig ¶
IPRouteConfig defines route config
func (IPRouteConfig) Ensure ¶
func (r IPRouteConfig) Ensure(enabled bool) error
Ensure IPRouteConfig
type IPRuleConfig ¶
type IPRuleConfig struct {
Rule netlink.Rule
RuleAdd ruleAdder
RuleDel ruleDeler
RuleList ruleLister
}
IPRuleConfig defines the config for ip rule
type IPTablesChainSpec ¶ added in v0.1.2
type IPTablesChainSpec struct {
TableName, ChainName string
IsDefaultChain bool // Is a System default chain, if yes, we won't delete it.
IPT iptabler
}
IPTablesChainSpec defines iptable chain
type IPTablesRuleConfig ¶
type IPTablesRuleConfig struct {
Spec IPTablesChainSpec
RuleSpecs []IPTablesRuleSpec
IPT iptabler
}
IPTablesRuleConfig defines iptable rule
func (IPTablesRuleConfig) Ensure ¶
func (r IPTablesRuleConfig) Ensure(enabled bool) error
Ensure IPTablesRuleConfig
type IPTablesRuleSpec ¶ added in v0.1.2
type IPTablesRuleSpec []string
IPTablesRuleSpec defines the config for ip table rule
type SysctlConfig ¶
type SysctlConfig struct {
Key, Value, DefaultValue string
SysctlFunc sysctler
}
SysctlConfig defines sysctl config
Source Files