Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BaseIPTables

type BaseIPTables interface {
	// Append apends a rule to chain of table
	Append(table, chain string, rulespec ...string) error
	// Insert inserts a rule to a chain of table at the required pos
	Insert(table, chain string, pos int, rulespec ...string) error
	// Delete deletes a rule of a chain in the given table
	Delete(table, chain string, rulespec ...string) error
	// ListChains lists all the chains associated with a table
	ListChains(table string) ([]string, error)
	// ClearChain clears a chain in a table
	ClearChain(table, chain string) error
	// DeleteChain deletes a chain in the table. There should be no references to this chain
	DeleteChain(table, chain string) error
	// NewChain creates a new chain
	NewChain(table, chain string) error
}

    BaseIPTables is the base interface of iptables functions.

    type BatchProvider

    type BatchProvider struct {
    	sync.Mutex
    	// contains filtered or unexported fields
    }

      BatchProvider uses iptables-restore to program ACLs

      func NewCustomBatchProvider

      func NewCustomBatchProvider(ipt BaseIPTables, commit func(buf *bytes.Buffer) error, batchTables []string) *BatchProvider

        NewCustomBatchProvider is a custom batch provider wher the downstream iptables utility is provided by the caller. Very useful for testing the ACL functions with a mock.

        func (*BatchProvider) Append

        func (b *BatchProvider) Append(table, chain string, rulespec ...string) error

          Append will append the provided rule to the local cache or call directly the iptables command depending on the table.

          func (*BatchProvider) ClearChain

          func (b *BatchProvider) ClearChain(table, chain string) error

            ClearChain will clear the chains.

            func (*BatchProvider) Commit

            func (b *BatchProvider) Commit() error

              Commit commits the rules to the system

              func (*BatchProvider) Delete

              func (b *BatchProvider) Delete(table, chain string, rulespec ...string) error

                Delete will delete the rule from the local cache or the system.

                func (*BatchProvider) DeleteChain

                func (b *BatchProvider) DeleteChain(table, chain string) error

                  DeleteChain will delete the chains.

                  func (*BatchProvider) Insert

                  func (b *BatchProvider) Insert(table, chain string, pos int, rulespec ...string) error

                    Insert will insert the rule in the corresponding position in the local cache or call the corresponding iptables command, depending on the table.

                    func (*BatchProvider) ListChains

                    func (b *BatchProvider) ListChains(table string) ([]string, error)

                      ListChains will provide a list of the current chains.

                      func (*BatchProvider) NewChain

                      func (b *BatchProvider) NewChain(table, chain string) error

                        NewChain creates a new chain.

                        func (*BatchProvider) RetrieveTable

                        func (b *BatchProvider) RetrieveTable() map[string]map[string][]string

                          RetrieveTable allows a caller to retrieve the final table. Mostly needed for debuging and unit tests.

                          type Ipset

                          type Ipset interface {
                          	Add(entry string, timeout int) error
                          	AddOption(entry string, option string, timeout int) error
                          	Del(entry string) error
                          	Destroy() error
                          	Flush() error
                          	Test(entry string) (bool, error)
                          }

                            Ipset is an abstraction of all the methods an implementation of userspace ipsets need to provide.

                            type IpsetProvider

                            type IpsetProvider interface {
                            	NewIpset(name string, ipsetType string, p *ipset.Params) (Ipset, error)
                            	GetIpset(name string) Ipset
                            	DestroyAll(prefix string) error
                            	ListIPSets() ([]string, error)
                            }

                              IpsetProvider returns a fabric for Ipset.

                              func NewGoIPsetProvider

                              func NewGoIPsetProvider() IpsetProvider

                                NewGoIPsetProvider Return a Go IPSet Provider

                                type IptablesProvider

                                type IptablesProvider interface {
                                	BaseIPTables
                                	// Commit will commit changes if it is a batch provider.
                                	Commit() error
                                	// RetrieveTable allows a caller to retrieve the final table.
                                	RetrieveTable() map[string]map[string][]string
                                }

                                  IptablesProvider is an abstraction of all the methods an implementation of userspace iptables need to provide.

                                  func NewGoIPTablesProviderV4

                                  func NewGoIPTablesProviderV4(batchTables []string) (IptablesProvider, error)

                                    NewGoIPTablesProviderV4 returns an IptablesProvider interface based on the go-iptables external package.

                                    func NewGoIPTablesProviderV6

                                    func NewGoIPTablesProviderV6(batchTables []string) (IptablesProvider, error)

                                      NewGoIPTablesProviderV6 returns an IptablesProvider interface based on the go-iptables external package.

                                      type TestIpset

                                      type TestIpset interface {
                                      	Ipset
                                      	MockAdd(t *testing.T, impl func(entry string, timeout int) error)
                                      	MockAddOption(t *testing.T, impl func(entry string, option string, timeout int) error)
                                      	MockDel(t *testing.T, impl func(entry string) error)
                                      	MockDestroy(t *testing.T, impl func() error)
                                      	MockFlush(t *testing.T, impl func() error)
                                      	MockTest(t *testing.T, impl func(entry string) (bool, error))
                                      }

                                        TestIpset is a test implementation for Ipset

                                        func NewTestIpset

                                        func NewTestIpset() TestIpset

                                          NewTestIpset returns a new TestManipulator.

                                          type TestIpsetProvider

                                          type TestIpsetProvider interface {
                                          	IpsetProvider
                                          	MockNewIpset(t *testing.T, impl func(name string, hasht string, p *ipset.Params) (Ipset, error))
                                          	MockGetIpset(t *testing.T, impl func(name string) Ipset)
                                          	MockDestroyAll(t *testing.T, impl func(string) error)
                                          	MockListIPSets(t *testing.T, impl func() ([]string, error))
                                          }

                                            TestIpsetProvider is a test implementation for IpsetProvider

                                            func NewTestIpsetProvider

                                            func NewTestIpsetProvider() TestIpsetProvider

                                              NewTestIpsetProvider returns a new TestManipulator.

                                              type TestIptablesProvider

                                              type TestIptablesProvider interface {
                                              	IptablesProvider
                                              	MockAppend(t *testing.T, impl func(table, chain string, rulespec ...string) error)
                                              	MockInsert(t *testing.T, impl func(table, chain string, pos int, rulespec ...string) error)
                                              	MockDelete(t *testing.T, impl func(table, chain string, rulespec ...string) error)
                                              	MockListChains(t *testing.T, impl func(table string) ([]string, error))
                                              	MockClearChain(t *testing.T, impl func(table, chain string) error)
                                              	MockDeleteChain(t *testing.T, impl func(table, chain string) error)
                                              	MockNewChain(t *testing.T, impl func(table, chain string) error)
                                              	MockCommit(t *testing.T, impl func() error)
                                              }

                                                TestIptablesProvider is a test implementation for IptablesProvider

                                                func NewTestIptablesProvider

                                                func NewTestIptablesProvider() TestIptablesProvider

                                                  NewTestIptablesProvider returns a new TestManipulator.