ipsetmanager

package
v10.321.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2021 License: Apache-2.0 Imports: 15 Imported by: 3

Documentation

Index

Constants

View Source
const (
	//IPv6DefaultIP is the default ip of v6
	IPv6DefaultIP = "::/0"
	//IPv4DefaultIP is the  default ip for v4
	IPv4DefaultIP = "0.0.0.0/0"
	//IPsetV4 version for ipv4
	IPsetV4 = iota
	//IPsetV6 version for ipv6
	IPsetV6
)
View Source
const (
	//IPv6DefaultIP is the default ip of v6
	IPv6DefaultIP = "::/0"
	//IPv4DefaultIP is the  default ip for v4
	IPv4DefaultIP = "0.0.0.0/0"
	//IPsetV4 version for ipv4
	IPsetV4 = iota
	//IPsetV6 version for ipv6
	IPsetV6
)

Variables

This section is empty.

Functions

func SetIPsetPath

func SetIPsetPath()

SetIPsetPath sets the path for aporeto-ipset

func SetIpsetTestInstance

func SetIpsetTestInstance(ipsetprovider IpsetProvider)

SetIpsetTestInstance sets a test instance of ipsetprovider

Types

type ACLL3

type ACLL3 interface {
	//RegisterExternalNets registers the ipsets corresponding the external networks.
	RegisterExternalNets(contextID string, extnets policy.IPRuleList) error
	//AddACLIPsets adds the IPs in the ipsets corresponding to the external network service ID.
	UpdateACLIPsets([]string, string)
	//DestroyUnusedIPsets will remove the unused ipsets.
	DestroyUnusedIPsets()
	//RemoveExternalNets removes the external networks corresponding to the PU contextID.
	RemoveExternalNets(contextID string)
	//GetACLIPsets returns the ipset string that correspond to the external networks in the argument
	GetACLIPsetsNames(extnets policy.IPRuleList) []string
	// DeleteEntryFromIPset delete an entry from an ipset
	DeleteEntryFromIPset(ips []string, serviceID string)
}

ACLL3 interface is used to interact with the ipsets required for application and network acl's in L3.

type ACLManager

type ACLManager interface {
	AddToIPset(set provider.Ipset, data string) error
	DelFromIPset(set provider.Ipset, data string) error

	RegisterExternalNets(contextID string, extnets policy.IPRuleList) error
	DestroyUnusedIPsets()
	RemoveExternalNets(contextID string)
	GetIPsets(extnets policy.IPRuleList, ipver int) []string
	UpdateIPsets([]string, string)
}

ACLManager interface is used by supervisor. This interface provides the supervisor to create ipsets corresponding to service ID.

func CreateIPsetManager

func CreateIPsetManager(ipsetv4 provider.IpsetProvider, ipsetv6 provider.IpsetProvider) ACLManager

CreateIPsetManager creates the handle with Interface ACLManager

type DestroyAll

type DestroyAll interface {
	//DestroyAllIPsets destroys the created ipsets.
	DestroyAllIPsets() error
}

DestroyAll destroys all the ipsets created.

type IPSetManager

type IPSetManager interface {
	TargetAndExcludedNetworks
	ServerL3
	ACLL3
	ProxyL4
	DestroyAll
	IPsetPrefix

	Reset()
}

IPSetManager interface is used by supervisor. This interface provides the supervisor to create ipsets corresponding to service ID.

func V4

func V4() IPSetManager

V4 returns the ipv4 instance of ipsetmanager

func V4test

func V4test() IPSetManager

V4test returns the test handler for ipv4

func V6

func V6() IPSetManager

V6 returns the ipv6 instance of ipsetmanager

func V6test

func V6test() IPSetManager

V6test returns the test handler for ipv6

type IPsetPrefix

type IPsetPrefix interface {
	//GetIPsetPrefix returns the prefix.
	GetIPsetPrefix() string
}

IPsetPrefix returns the prefix used to construct the ipset.

type Ipset

type Ipset interface {
	Add(entry string, timeout int) error
	AddOption(entry string, option string, timeout int) error
	Del(entry string) error
	Destroy() error
	Flush() error
	Test(entry string) (bool, error)
}

Ipset is an abstraction of all the methods an implementation of userspace ipsets need to provide.

type IpsetProvider

type IpsetProvider interface {
	NewIpset(name string, ipsetType string, p *ipset.Params) (Ipset, error)
	GetIpset(name string) Ipset
	DestroyAll(prefix string) error
	ListIPSets() ([]string, error)
}

IpsetProvider returns a fabric for Ipset.

type ProxyL4

type ProxyL4 interface {
	//CreateProxySets creates the ipsets to implement L4/L7 services
	CreateProxySets(contextID string) error
	//GetProxyIPsetNames returns the ipset strings that correspond to the pu
	GetProxySetNames(contextID string) (string, string)
	//DestroyProxySet destroys the ipsets being used for L4/L7 services
	DestroyProxySets(contextID string)
	//FlushProxySets flushes the proxy IPsets
	FlushProxySets(contextID string)
	//AddIPPortToDependentService adds ip port to the dependent service
	AddIPPortToDependentService(contextID string, ip *net.IPNet, port string) error
	//AddPortToExposedService adds the port that this service is exposing
	AddPortToExposedService(contextID string, port string) error
}

ProxyL4 interface is used to interact with the ipsets required for L4/L7 Services. These include dependent services and exposed Services

type ServerL3

type ServerL3 interface {
	//CreateServerPortSet creates the ipset.
	CreateServerPortSet(contextID string) error
	//GetServerPortSetName returns the name of the portset created
	GetServerPortSetName(contextID string) string
	//DestroyServerPortSet destroys the server port set.
	DestroyServerPortSet(contextID string) error
	//AddPortToServerPortSet adds port to the portset.
	AddPortToServerPortSet(contextID string, port string) error
	//DeletePortFromServerPortSet deletes the port from port set.
	DeletePortFromServerPortSet(contextID string, port string) error
}

ServerL3 interface is used to interact with the ipsets required to program ports that the server(PU) listens on in L3 datapath.

type TargetAndExcludedNetworks

type TargetAndExcludedNetworks interface {
	//CreateIPsetsForTargetAndExcludedNetworks creates the ipsets for target and excluded networks
	CreateIPsetsForTargetAndExcludedNetworks() error
	//UpdateIPsetsForTargetAndExcludedNetworks updates the ipsets accordingly.
	UpdateIPsetsForTargetAndExcludedNetworks([]string, []string, []string) error
	//GetIPsetNamesForTargetAndExcludedNetworks returns the ipsets names for tcp, udp and excluded networks
	GetIPsetNamesForTargetAndExcludedNetworks() (string, string, string)
}

TargetAndExcludedNetworks interface is used to interact with target and excluded networks

type TestIpset

type TestIpset interface {
	Ipset
	MockAdd(t *testing.T, impl func(entry string, timeout int) error)
	MockAddOption(t *testing.T, impl func(entry string, option string, timeout int) error)
	MockDel(t *testing.T, impl func(entry string) error)
	MockDestroy(t *testing.T, impl func() error)
	MockFlush(t *testing.T, impl func() error)
	MockTest(t *testing.T, impl func(entry string) (bool, error))
}

TestIpset is a test implementation for Ipset

func NewTestIpset

func NewTestIpset() TestIpset

NewTestIpset returns a new TestManipulator.

type TestIpsetProvider

type TestIpsetProvider interface {
	IpsetProvider
	MockNewIpset(t *testing.T, impl func(name string, hasht string, p *ipset.Params) (Ipset, error))
	MockGetIpset(t *testing.T, impl func(name string) Ipset)
	MockDestroyAll(t *testing.T, impl func(string) error)
	MockListIPSets(t *testing.T, impl func() ([]string, error))
}

TestIpsetProvider is a test implementation for IpsetProvider

func NewTestIpsetProvider

func NewTestIpsetProvider() TestIpsetProvider

NewTestIpsetProvider returns a new TestManipulator.

Directories

Path Synopsis
Package mock_ipsetmanager is a generated GoMock package.
Package mock_ipsetmanager is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL