net

package

v1.2.1 Latest Latest Go to latest Published: Apr 29, 2021 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/elotl/itzo

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Constants
func EnableForwarding() error
func EnsurePodMasq(ipt iptables.Interface, mainNic, podIP string) error
func GetPrimaryNetworkInterface() (string, error)
func SetupNetNamespace(podIP string) (string, string, string, error)
type NetNamespacer
- func NewNoopNetNamespacer() NetNamespacer
- func NewOSNetNamespacer(nsname string) NetNamespacer
type NoopNetNamespacer
type OSNetNamespacer

Constants ¶

View Source

const (
	NetnsPath = "/var/run/netns"
	Veth0     = "veth0"
	Veth1     = "veth1"
)

View Source

const (
	PodNetNamespaceName = "pod"
)

Variables ¶

This section is empty.

Functions ¶

func EnableForwarding ¶

func EnableForwarding() error

func EnsurePodMasq ¶

func EnsurePodMasq(ipt iptables.Interface, mainNic, podIP string) error

Enable SNAT so the pod can communicate with the public internet. E.g. if the pod IP is 10.0.30.14:

iptables -t nat -N POD_MASQ_CHAIN
iptables -t nat -A POSTROUTING -j POD_MASQ_CHAIN
iptables -t nat -A POD_MASQ_CHAIN ! -o eth0 -j RETURN
iptables -t nat -A POD_MASQ_CHAIN ! -s 10.0.30.14 -j RETURN
iptables -t nat -A POD_MASQ_CHAIN -d 10.0.0.0/8 -j RETURN
iptables -t nat -A POD_MASQ_CHAIN -d 172.16.0.0/12 -j RETURN
iptables -t nat -A POD_MASQ_CHAIN -d 192.168.0.0/16 -j RETURN
iptables -t nat -A POD_MASQ_CHAIN -j MASQUERADE

func GetPrimaryNetworkInterface ¶

func GetPrimaryNetworkInterface() (string, error)

func SetupNetNamespace ¶

func SetupNetNamespace(podIP string) (string, string, string, error)

Types ¶

type NetNamespacer ¶

type NetNamespacer interface {
	Create() error
	WithNetNamespace(cb func() error) error
	CreateVeth(ipaddr string) error
}

func NewNoopNetNamespacer ¶

func NewNoopNetNamespacer() NetNamespacer

func NewOSNetNamespacer ¶

func NewOSNetNamespacer(nsname string) NetNamespacer

type NoopNetNamespacer ¶

type NoopNetNamespacer struct {
}

func (*NoopNetNamespacer) Create ¶

func (n *NoopNetNamespacer) Create() error

func (*NoopNetNamespacer) CreateVeth ¶

func (n *NoopNetNamespacer) CreateVeth(ipaddr string) error

func (*NoopNetNamespacer) WithNetNamespace ¶

func (n *NoopNetNamespacer) WithNetNamespace(cb func() error) error

type OSNetNamespacer ¶

type OSNetNamespacer struct {
	NSName string
}

func (*OSNetNamespacer) Create ¶

func (n *OSNetNamespacer) Create() error

Start a new net namespace, and ensure it persists via creating a bind mount to it. We use NetnsPath to ensure "ip netns" interoperability, so e.g. "ip netns exec <nsname> ip link ls" will work.

func (*OSNetNamespacer) CreateVeth ¶

func (n *OSNetNamespacer) CreateVeth(ipaddr string) error

Create a veth pair, and move the second one into a net namespace.

func (*OSNetNamespacer) WithNetNamespace ¶

func (n *OSNetNamespacer) WithNetNamespace(cb func() error) error

Change to a net namespace temporarily, call a function, and switch back.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL