descriptor

package
v2.5.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 6, 2019 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// RuleChainDescriptorName is the name of the descriptor for Linux iptables rule chains.
	RuleChainDescriptorName = "linux-ipt-rulechain-descriptor"
)

Variables

View Source
var (
	// ErrCustomChainWithoutName is returned when the chain name is not provided for the custom iptables chain.
	ErrCustomChainWithoutName = errors.New("iptables chain of type CUSTOM defined without chain name")

	// ErrInvalidChainForTable is returned when the chain is not valid for the provided table.
	ErrInvalidChainForTable = errors.New("provided chain is not valid for the provided table")

	// ErrDefaultPolicyOnNonFilterRule is returned when a default policy is applied on a table different to FILTER.
	ErrDefaultPolicyOnNonFilterRule = errors.New("iptables default policy can be only applied on FILTER tables")

	// ErrDefaultPolicyOnCustomChain is returned when a default policy is applied on a custom chain, which is not allowed in iptables.
	ErrDefaultPolicyOnCustomChain = errors.New("iptables default policy cannot be applied on custom chains")
)

A list of non-retriable errors:

Functions

func NewRuleChainDescriptor

func NewRuleChainDescriptor(
	scheduler kvs.KVScheduler, ipTablesHandler linuxcalls.IPTablesAPI, nsPlugin nsplugin.API,
	log logging.PluginLogger, goRoutinesCnt int) *kvs.KVDescriptor

NewRuleChainDescriptor creates a new instance of the iptables RuleChain descriptor.

Types

type RuleChainDescriptor

type RuleChainDescriptor struct {
	// contains filtered or unexported fields
}

RuleChainDescriptor teaches KVScheduler how to configure Linux iptables rule chains.

func (*RuleChainDescriptor) Create

func (d *RuleChainDescriptor) Create(key string, rch *linux_iptables.RuleChain) (metadata interface{}, err error)

Create creates iptables rule chain.

func (*RuleChainDescriptor) Delete

func (d *RuleChainDescriptor) Delete(key string, rch *linux_iptables.RuleChain, metadata interface{}) error

Delete removes iptables rule chain.

func (*RuleChainDescriptor) Dependencies

func (d *RuleChainDescriptor) Dependencies(key string, rch *linux_iptables.RuleChain) []kvs.Dependency

Dependencies lists dependencies for a iptables rule chain.

func (*RuleChainDescriptor) EquivalentRuleChains

func (d *RuleChainDescriptor) EquivalentRuleChains(key string, oldRCh, newRch *linux_iptables.RuleChain) bool

EquivalentRuleChains is a comparison function for two RuleChain entries.

func (*RuleChainDescriptor) Retrieve

Retrieve returns all iptables rule chain entries managed by this agent.

func (*RuleChainDescriptor) Validate

func (d *RuleChainDescriptor) Validate(key string, rch *linux_iptables.RuleChain) (err error)

Validate validates iptables rule chain.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL