iptables

package

v0.4.0 Latest Latest Go to latest Published: Feb 21, 2020 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/vmware-tanzu/antrea

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Client
- func NewClient(hostGateway string, serviceCIDR *net.IPNet, ...) *Client

Constants ¶

View Source

const (
	NATTable    = "nat"
	FilterTable = "filter"
	MangleTable = "mangle"
	RawTable    = "raw"

	AcceptTarget     = "ACCEPT"
	MasqueradeTarget = "MASQUERADE"
	MarkTarget       = "MARK"
	ConnTrackTarget  = "CT"

	PreRoutingChain        = "PREROUTING"
	ForwardChain           = "FORWARD"
	PostRoutingChain       = "POSTROUTING"
	AntreaForwardChain     = "ANTREA-FORWARD"
	AntreaPostRoutingChain = "ANTREA-POSTROUTING"
	AntreaMangleChain      = "ANTREA-MANGLE"
	AntreaRawChain         = "ANTREA-RAW"
)

Variables ¶

View Source

var (

	// RtTblSelectorValue selects which route table to use to forward service traffic back to host gateway gw0.
	RtTblSelectorValue = 1 << 11
)

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client knows how to set up host iptables rules Antrea requires.

func NewClient ¶

func NewClient(hostGateway string, serviceCIDR *net.IPNet, encapMode config.TrafficEncapModeType) *Client

NewClient constructs a Client instance for iptables operations.

func (*Client) AddPeerCIDR ¶ added in v0.4.0

func (c *Client) AddPeerCIDR(peerPodCIDR *net.IPNet, peerNodeIP net.IP) error

AddPeerCIDR adds iptables rules relevant to peerPodCIDR It's idempotent and can be safely called on every startup.

func (*Client) Initialize ¶ added in v0.4.0

func (c *Client) Initialize(nodeConfig *config.NodeConfig) error

Initialize sets up internal variables and ensures the iptables rules Antrea requires are set up. It's idempotent and can be safely called on every startup.

func (*Client) IsInRuleStore ¶ added in v0.4.0

func (c *Client) IsInRuleStore(table string, chain string, ruleSpec []string) bool

IsInRuleStore returns true if rule is in rule store.

func (*Client) PrintStoredRules ¶ added in v0.4.0

func (c *Client) PrintStoredRules() string

PrintStoredRules dumps stored ip rules for debugging.

func (*Client) Reconcile ¶ added in v0.4.0

func (c *Client) Reconcile() error

Reconcile removes stale antrea rules

Source Files ¶

View all Source files

iptables.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL