ipsetmanager

package

v10.331.1+incompatible Latest Latest Go to latest Published: Apr 23, 2021 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aporeto-inc/trireme-lib

Links

Open Source Insights

Documentation ¶

Rendered for

Constants ¶

View Source

const (
	//IPv6DefaultIP is the default ip of v6
	IPv6DefaultIP = "::/0"
	//IPv4DefaultIP is the  default ip for v4
	IPv4DefaultIP = "0.0.0.0/0"
	//IPsetV4 version for ipv4
	IPsetV4 = iota
	//IPsetV6 version for ipv6
	IPsetV6
)

View Source

const (
	//IPv6DefaultIP is the default ip of v6
	IPv6DefaultIP = "::/0"
	//IPv4DefaultIP is the  default ip for v4
	IPv4DefaultIP = "0.0.0.0/0"
	//IPsetV4 version for ipv4
	IPsetV4 = iota
	//IPsetV6 version for ipv6
	IPsetV6
)

Variables ¶

This section is empty.

Functions ¶

func SetIPsetPath ¶

func SetIPsetPath()

SetIPsetPath sets the path for aporeto-ipset

func SetIpsetTestInstance ¶

func SetIpsetTestInstance(ipsetprovider IpsetProvider)

SetIpsetTestInstance sets a test instance of ipsetprovider

Types ¶

type ACLL3 ¶

type ACLL3 interface {
	//RegisterExternalNets registers the ipsets corresponding the external networks.
	RegisterExternalNets(contextID string, extnets policy.IPRuleList) error
	//AddACLIPsets adds the IPs in the ipsets corresponding to the external network service ID.
	UpdateACLIPsets([]string, string)
	//DestroyUnusedIPsets will remove the unused ipsets.
	DestroyUnusedIPsets()
	//RemoveExternalNets removes the external networks corresponding to the PU contextID.
	RemoveExternalNets(contextID string)
	//GetACLIPsets returns the ipset string that correspond to the external networks in the argument
	GetACLIPsetsNames(extnets policy.IPRuleList) []string
	// DeleteEntryFromIPset delete an entry from an ipset
	DeleteEntryFromIPset(ips []string, serviceID string)
}

ACLL3 interface is used to interact with the ipsets required for application and network acl's in L3.

type ACLManager ¶

type ACLManager interface {
	AddToIPset(set provider.Ipset, data string) error
	DelFromIPset(set provider.Ipset, data string) error

	RegisterExternalNets(contextID string, extnets policy.IPRuleList) error
	DestroyUnusedIPsets()
	RemoveExternalNets(contextID string)
	GetIPsets(extnets policy.IPRuleList, ipver int) []string
	UpdateIPsets([]string, string)
}

ACLManager interface is used by supervisor. This interface provides the supervisor to create ipsets corresponding to service ID.

func CreateIPsetManager ¶

func CreateIPsetManager(ipsetv4 provider.IpsetProvider, ipsetv6 provider.IpsetProvider) ACLManager

CreateIPsetManager creates the handle with Interface ACLManager

type DestroyAll ¶

type DestroyAll interface {
	//DestroyAllIPsets destroys the created ipsets.
	DestroyAllIPsets() error
}

DestroyAll destroys all the ipsets created.

type IPSetManager ¶

type IPSetManager interface {
	TargetAndExcludedNetworks
	ServerL3
	ACLL3
	ProxyL4
	DestroyAll
	IPsetPrefix

	Reset()
}

IPSetManager interface is used by supervisor. This interface provides the supervisor to create ipsets corresponding to service ID.

func V4 ¶

func V4() IPSetManager

V4 returns the ipv4 instance of ipsetmanager

func V4test ¶

func V4test() IPSetManager

V4test returns the test handler for ipv4

func V6 ¶

func V6() IPSetManager

V6 returns the ipv6 instance of ipsetmanager

func V6test ¶

func V6test() IPSetManager

V6test returns the test handler for ipv6

type IPsetPrefix ¶

type IPsetPrefix interface {
	//GetIPsetPrefix returns the prefix.
	GetIPsetPrefix() string
}

IPsetPrefix returns the prefix used to construct the ipset.

type Ipset ¶

type Ipset interface {
	Add(entry string, timeout int) error
	AddOption(entry string, option string, timeout int) error
	Del(entry string) error
	Destroy() error
	Flush() error
	Test(entry string) (bool, error)
}

Ipset is an abstraction of all the methods an implementation of userspace ipsets need to provide.

type IpsetProvider ¶

type IpsetProvider interface {
	NewIpset(name string, ipsetType string, p *ipset.Params) (Ipset, error)
	GetIpset(name string) Ipset
	DestroyAll(prefix string) error
	ListIPSets() ([]string, error)
}

IpsetProvider returns a fabric for Ipset.

type ProxyL4 ¶

type ProxyL4 interface {
	//CreateProxySets creates the ipsets to implement L4/L7 services
	CreateProxySets(contextID string) error
	//GetProxyIPsetNames returns the ipset strings that correspond to the pu
	GetProxySetNames(contextID string) (string, string)
	//DestroyProxySet destroys the ipsets being used for L4/L7 services
	DestroyProxySets(contextID string)
	//FlushProxySets flushes the proxy IPsets
	FlushProxySets(contextID string)
	//AddIPPortToDependentService adds ip port to the dependent service
	AddIPPortToDependentService(contextID string, ip *net.IPNet, port string) error
	//AddPortToExposedService adds the port that this service is exposing
	AddPortToExposedService(contextID string, port string) error
}

ProxyL4 interface is used to interact with the ipsets required for L4/L7 Services. These include dependent services and exposed Services

type ServerL3 ¶

type ServerL3 interface {
	//CreateServerPortSet creates the ipset.
	CreateServerPortSet(contextID string) error
	//GetServerPortSetName returns the name of the portset created
	GetServerPortSetName(contextID string) string
	//DestroyServerPortSet destroys the server port set.
	DestroyServerPortSet(contextID string) error
	//AddPortToServerPortSet adds port to the portset.
	AddPortToServerPortSet(contextID string, port string) error
	//DeletePortFromServerPortSet deletes the port from port set.
	DeletePortFromServerPortSet(contextID string, port string) error
}

ServerL3 interface is used to interact with the ipsets required to program ports that the server(PU) listens on in L3 datapath.

type TargetAndExcludedNetworks ¶

type TargetAndExcludedNetworks interface {
	//CreateIPsetsForTargetAndExcludedNetworks creates the ipsets for target and excluded networks
	CreateIPsetsForTargetAndExcludedNetworks() error
	//UpdateIPsetsForTargetAndExcludedNetworks updates the ipsets accordingly.
	UpdateIPsetsForTargetAndExcludedNetworks([]string, []string, []string) error
	//GetIPsetNamesForTargetAndExcludedNetworks returns the ipsets names for tcp, udp and excluded networks
	GetIPsetNamesForTargetAndExcludedNetworks() (string, string, string)
}

TargetAndExcludedNetworks interface is used to interact with target and excluded networks

type TestIpset ¶

type TestIpset interface {
	Ipset
	MockAdd(t *testing.T, impl func(entry string, timeout int) error)
	MockAddOption(t *testing.T, impl func(entry string, option string, timeout int) error)
	MockDel(t *testing.T, impl func(entry string) error)
	MockDestroy(t *testing.T, impl func() error)
	MockFlush(t *testing.T, impl func() error)
	MockTest(t *testing.T, impl func(entry string) (bool, error))
}

TestIpset is a test implementation for Ipset

func NewTestIpset ¶

func NewTestIpset() TestIpset

NewTestIpset returns a new TestManipulator.

type TestIpsetProvider ¶

type TestIpsetProvider interface {
	IpsetProvider
	MockNewIpset(t *testing.T, impl func(name string, hasht string, p *ipset.Params) (Ipset, error))
	MockGetIpset(t *testing.T, impl func(name string) Ipset)
	MockDestroyAll(t *testing.T, impl func(string) error)
	MockListIPSets(t *testing.T, impl func() ([]string, error))
}

TestIpsetProvider is a test implementation for IpsetProvider

func NewTestIpsetProvider ¶

func NewTestIpsetProvider() TestIpsetProvider

NewTestIpsetProvider returns a new TestManipulator.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
mock_ipsetmanager Package mock_ipsetmanager is a generated GoMock package.	Package mock_ipsetmanager is a generated GoMock package.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL