Documentation
¶
Index ¶
- type IPTablesManager
- func (m *IPTablesManager) AddJumpRule(sourceIP, targetChain string) error
- func (m *IPTablesManager) AddRule(chainName string, rule OutboundRule) error
- func (m *IPTablesManager) ChainExists(chainName string) (bool, error)
- func (m *IPTablesManager) ClearAndDeleteChain(chainName string) error
- func (m *IPTablesManager) CreateContainerChain(containerChain string) error
- func (m *IPTablesManager) EnsureMainChainExists() error
- func (m *IPTablesManager) RemoveJumpRule(sourceIP, targetChain string) error
- func (m *IPTablesManager) RemoveJumpRuleByTargetChain(targetChain string) error
- func (m *IPTablesManager) VerifyRules(chainName string, rules []OutboundRule) error
- type IPTablesWrapper
- type Manager
- type OutboundRule
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IPTablesManager ¶
type IPTablesManager struct {
// contains filtered or unexported fields
}
IPTablesManager implements Manager using the go-iptables library.
func (*IPTablesManager) AddJumpRule ¶
func (m *IPTablesManager) AddJumpRule(sourceIP, targetChain string) error
AddJumpRule appends a jump from the main chain to the container chain for the given source IP.
func (*IPTablesManager) AddRule ¶
func (m *IPTablesManager) AddRule(chainName string, rule OutboundRule) error
AddRule inserts a new rule (or rules) into the chain.
func (*IPTablesManager) ChainExists ¶
func (m *IPTablesManager) ChainExists(chainName string) (bool, error)
ChainExists checks whether the chain is present.
func (*IPTablesManager) ClearAndDeleteChain ¶
func (m *IPTablesManager) ClearAndDeleteChain(chainName string) error
ClearAndDeleteChain first clears all rules from the chain, then deletes it.
func (*IPTablesManager) CreateContainerChain ¶
func (m *IPTablesManager) CreateContainerChain(containerChain string) error
CreateContainerChain makes a new chain for a specific container and sets up default rules.
func (*IPTablesManager) EnsureMainChainExists ¶
func (m *IPTablesManager) EnsureMainChainExists() error
EnsureMainChainExists creates the main chain if it doesn't exist and inserts a jump in CNI-FORWARD.
func (*IPTablesManager) RemoveJumpRule ¶
func (m *IPTablesManager) RemoveJumpRule(sourceIP, targetChain string) error
RemoveJumpRule deletes a jump rule referencing the targetChain for the given source IP.
func (*IPTablesManager) RemoveJumpRuleByTargetChain ¶
func (m *IPTablesManager) RemoveJumpRuleByTargetChain(targetChain string) error
RemoveJumpRuleByTargetChain does a more robust token-based matching to avoid partial strings.
func (*IPTablesManager) VerifyRules ¶
func (m *IPTablesManager) VerifyRules(chainName string, rules []OutboundRule) error
VerifyRules verifies that each of the plugin's rules (and default actions) exist in iptables.
type IPTablesWrapper ¶
type IPTablesWrapper interface {
NewChain(table, chain string) error
ClearChain(table, chain string) error
DeleteChain(table, chain string) error
ChainExists(table, chain string) (bool, error)
Append(table, chain string, rulespec ...string) error
Insert(table, chain string, pos int, rulespec ...string) error
Delete(table, chain string, rulespec ...string) error
List(table, chain string) ([]string, error)
}
IPTablesWrapper is a minimal subset of go-iptables/iptables interfaces we rely on (for mocking in tests).
type Manager ¶
type Manager interface {
EnsureMainChainExists() error
CreateContainerChain(containerChain string) error
AddRule(chainName string, rule OutboundRule) error
AddJumpRule(sourceIP, targetChain string) error
RemoveJumpRule(sourceIP, targetChain string) error
RemoveJumpRuleByTargetChain(targetChain string) error
ClearAndDeleteChain(chainName string) error
ChainExists(chainName string) (bool, error)
VerifyRules(chainName string, rules []OutboundRule) error
}
Manager defines the interface for creating chains, rules, etc.
Source Files