 Documentation
      ¶
      Documentation
      ¶
    
    
  
    
  
    Index ¶
- Constants
- Variables
- func AppendPortIfNeeded(addr string, port int32) string
- func BuildPortsToEndpointsMap(endpoints *v1.Endpoints) map[string][]string
- func EnsureSysctl(sysctl utilsysctl.Interface, name string, newVal int) error
- func FilterIncorrectCIDRVersion(ipStrings []string, ipfamily v1.IPFamily) ([]string, []string)
- func FilterIncorrectIPVersion(ipStrings []string, ipfamily v1.IPFamily) ([]string, []string)
- func GetClusterIPByFamily(ipFamily v1.IPFamily, service *v1.Service) string
- func GetLocalAddrs() ([]net.IP, error)
- func GetNodeAddresses(cidrs []string, nw NetworkInterfacer) (sets.String, error)
- func IPPart(s string) string
- func IsAllowedHost(host net.IP, denied []*net.IPNet) error
- func IsProxyableHostname(ctx context.Context, resolv Resolver, hostname string) error
- func IsProxyableIP(ip string) error
- func IsZeroCIDR(cidr string) bool
- func LogAndEmitIncorrectIPVersionEvent(recorder record.EventRecorder, ...)
- func PortPart(s string) (int, error)
- func RevertPorts(replacementPortsMap, originalPortsMap map[LocalPort]Closeable)
- func ShouldSkipService(service *v1.Service) bool
- func ShuffleStrings(s []string) []string
- func ToCIDR(ip net.IP) string
- type Closeable
- type DialContext
- type FilteredDialOptions
- type LocalPort
- type NetworkInterfacer
- type PortOpener
- type RealNetwork
- type Resolver
Constants ¶
const ( // IPv4ZeroCIDR is the CIDR block for the whole IPv4 address space IPv4ZeroCIDR = "0.0.0.0/0" // IPv6ZeroCIDR is the CIDR block for the whole IPv6 address space IPv6ZeroCIDR = "::/0" )
Variables ¶
var ( // ErrAddressNotAllowed indicates the address is not allowed ErrAddressNotAllowed = errors.New("address not allowed") // ErrNoAddresses indicates there are no addresses for the hostname ErrNoAddresses = errors.New("No addresses for hostname") )
Functions ¶
func AppendPortIfNeeded ¶ added in v1.15.0
AppendPortIfNeeded appends the given port to IP address unless it is already in "ipv4:port" or "[ipv6]:port" format.
func BuildPortsToEndpointsMap ¶ added in v1.16.0
BuildPortsToEndpointsMap builds a map of portname -> all ip:ports for that portname. Explode Endpoints.Subsets[*] into this structure.
func EnsureSysctl ¶ added in v1.19.0
func EnsureSysctl(sysctl utilsysctl.Interface, name string, newVal int) error
EnsureSysctl sets a kernel sysctl to a given numeric value.
func FilterIncorrectCIDRVersion ¶ added in v1.14.0
FilterIncorrectCIDRVersion filters out the incorrect IP version case from a slice of CIDR strings.
func FilterIncorrectIPVersion ¶ added in v1.14.0
FilterIncorrectIPVersion filters out the incorrect IP version case from a slice of IP strings.
func GetClusterIPByFamily ¶ added in v1.20.0
GetClusterIPByFamily returns a service clusterip by family
func GetLocalAddrs ¶ added in v1.18.0
GetLocalAddrs returns a list of all network addresses on the local system
func GetNodeAddresses ¶ added in v1.10.0
func GetNodeAddresses(cidrs []string, nw NetworkInterfacer) (sets.String, error)
GetNodeAddresses return all matched node IP addresses based on given cidr slice. Some callers, e.g. IPVS proxier, need concrete IPs, not ranges, which is why this exists. NetworkInterfacer is injected for test purpose. We expect the cidrs passed in is already validated. Given an empty input `[]`, it will return `0.0.0.0/0` and `::/0` directly. If multiple cidrs is given, it will return the minimal IP sets, e.g. given input `[1.2.0.0/16, 0.0.0.0/0]`, it will only return `0.0.0.0/0`. NOTE: GetNodeAddresses only accepts CIDRs, if you want concrete IPs, e.g. 1.2.3.4, then the input should be 1.2.3.4/32.
func IPPart ¶ added in v1.9.0
IPPart returns just the IP part of an IP or IP:port or endpoint string. If the IP part is an IPv6 address enclosed in brackets (e.g. "[fd00:1::5]:9999"), then the brackets are stripped as well.
func IsAllowedHost ¶ added in v1.20.0
IsAllowedHost checks if the given IP host address is in a network in the denied list.
func IsProxyableHostname ¶ added in v1.10.12
IsProxyableHostname checks if the IP addresses for a given hostname are permitted to be proxied
func IsProxyableIP ¶ added in v1.10.12
IsProxyableIP checks if a given IP address is permitted to be proxied
func IsZeroCIDR ¶ added in v1.10.0
IsZeroCIDR checks whether the input CIDR string is either the IPv4 or IPv6 zero CIDR
func LogAndEmitIncorrectIPVersionEvent ¶ added in v1.10.0
func LogAndEmitIncorrectIPVersionEvent(recorder record.EventRecorder, fieldName, fieldValue, svcNamespace, svcName string, svcUID types.UID)
LogAndEmitIncorrectIPVersionEvent logs and emits incorrect IP version event.
func RevertPorts ¶ added in v1.8.0
RevertPorts is closing ports in replacementPortsMap but not in originalPortsMap. In other words, it only closes the ports opened in this sync.
func ShouldSkipService ¶ added in v1.8.0
ShouldSkipService checks if a given service should skip proxying
func ShuffleStrings ¶ added in v1.16.0
ShuffleStrings copies strings from the specified slice into a copy in random order. It returns a new slice.
Types ¶
type Closeable ¶ added in v1.8.0
type Closeable interface {
	Close() error
}
    Closeable is an interface around closing a port.
type DialContext ¶ added in v1.20.0
DialContext is a dial function matching the signature of net.Dialer.DialContext.
func NewFilteredDialContext ¶ added in v1.20.0
func NewFilteredDialContext(wrapped DialContext, resolv Resolver, opts *FilteredDialOptions) DialContext
NewFilteredDialContext returns a DialContext function that filters connections based on a FilteredDialOptions.
type FilteredDialOptions ¶ added in v1.20.0
type FilteredDialOptions struct {
	// DialHostIPDenylist restricts hosts from being dialed.
	DialHostCIDRDenylist []*net.IPNet
	// AllowLocalLoopback controls connections to local loopback hosts (as defined by
	// IsProxyableIP).
	AllowLocalLoopback bool
}
    FilteredDialOptions configures how a DialContext is wrapped by NewFilteredDialContext.
type LocalPort ¶ added in v1.8.0
type LocalPort struct {
	// Description is the identity message of a given local port.
	Description string
	// IP is the IP address part of a given local port.
	// If this string is empty, the port binds to all local IP addresses.
	IP string
	// Port is the port part of a given local port.
	Port int
	// Protocol is the protocol part of a given local port.
	// The value is assumed to be lower-case. For example, "udp" not "UDP", "tcp" not "TCP".
	Protocol string
}
    LocalPort describes a port on specific IP address and protocol
type NetworkInterfacer ¶ added in v1.10.0
type NetworkInterfacer interface {
	Addrs(intf *net.Interface) ([]net.Addr, error)
	Interfaces() ([]net.Interface, error)
}
    NetworkInterfacer defines an interface for several net library functions. Production code will forward to net library functions, and unit tests will override the methods for testing purposes.
type PortOpener ¶ added in v1.8.0
PortOpener is an interface around port opening/closing. Abstracted out for testing.
type RealNetwork ¶ added in v1.10.0
type RealNetwork struct{}
    RealNetwork implements the NetworkInterfacer interface for production code, just wrapping the underlying net library function calls.
func (RealNetwork) Addrs ¶ added in v1.10.0
Addrs wraps net.Interface.Addrs(), it's a part of NetworkInterfacer interface.
func (RealNetwork) Interfaces ¶ added in v1.10.0
func (RealNetwork) Interfaces() ([]net.Interface, error)
Interfaces wraps net.Interfaces(), it's a part of NetworkInterfacer interface.