Codebase Browser
kubernetes
Go to App

kubernetes/pkg/util/iptables/iptables.go 

type RulePosition

const Prepend

const Append

type Interface

type Protocol

const ProtocolIPv4

const ProtocolIPv6

type Table

const TableNAT

const TableFilter

const TableMangle

type Chain

const ChainPostrouting

const ChainPrerouting

const ChainOutput

const ChainInput

const ChainForward

const cmdIPTablesSave

const cmdIPTablesRestore

const cmdIPTables

const cmdIP6TablesRestore

const cmdIP6TablesSave

const cmdIP6Tables

type RestoreCountersFlag

const RestoreCounters

const NoRestoreCounters

type FlushFlag

const FlushTables

const NoFlushTables

var MinCheckVersion

var RandomFullyMinVersion

var WaitMinVersion

var WaitIntervalMinVersion

var WaitSecondsMinVersion

var WaitRestoreMinVersion

const WaitString

const WaitSecondsValue

const WaitIntervalString

const WaitIntervalUsecondsValue

const LockfilePath16x

const LockfilePath14x

type runner

// newInternal returns a new Interface which will exec iptables, and allows the
// caller to change the iptables-restore lockfile path
func newInternal(exec utilexec.Interface, protocol Protocol, lockfilePath14x, lockfilePath16x string) Interface {}

// New returns a new Interface which will exec iptables.
func New(exec utilexec.Interface, protocol Protocol) Interface {}

// EnsureChain is part of Interface.
func (runner *runner) EnsureChain(table Table, chain Chain) (bool, error) {}

// FlushChain is part of Interface.
func (runner *runner) FlushChain(table Table, chain Chain) error {}

// DeleteChain is part of Interface.
func (runner *runner) DeleteChain(table Table, chain Chain) error {}

// EnsureRule is part of Interface.
func (runner *runner) EnsureRule(position RulePosition, table Table, chain Chain, args ...string) (bool, error) {}

// DeleteRule is part of Interface.
func (runner *runner) DeleteRule(table Table, chain Chain, args ...string) error {}

func (runner *runner) IsIPv6() bool {}

func (runner *runner) Protocol() Protocol {}

// SaveInto is part of Interface.
func (runner *runner) SaveInto(table Table, buffer *bytes.Buffer) error {}

// Restore is part of Interface.
func (runner *runner) Restore(table Table, data []byte, flush FlushFlag, counters RestoreCountersFlag) error {}

// RestoreAll is part of Interface.
func (runner *runner) RestoreAll(data []byte, flush FlushFlag, counters RestoreCountersFlag) error {}

type iptablesLocker

// restoreInternal is the shared part of Restore/RestoreAll
func (runner *runner) restoreInternal(args []string, data []byte, flush FlushFlag, counters RestoreCountersFlag) error {}

func iptablesSaveCommand(protocol Protocol) string {}

func iptablesRestoreCommand(protocol Protocol) string {}

func iptablesCommand(protocol Protocol) string {}

func (runner *runner) run(op operation, args []string) ([]byte, error) {}

func (runner *runner) runContext(ctx context.Context, op operation, args []string) ([]byte, error) {}

// Returns (bool, nil) if it was able to check the existence of the rule, or
// (<undefined>, error) if the process of checking failed.
func (runner *runner) checkRule(table Table, chain Chain, args ...string) (bool, error) {}

var hexnumRE

func trimhex(s string) string {}

// Executes the rule check without using the "-C" flag, instead parsing iptables-save.
// Present for compatibility with <1.4.11 versions of iptables.  This is full
// of hack and half-measures.  We should nix this ASAP.
func (runner *runner) checkRuleWithoutCheck(table Table, chain Chain, args ...string) (bool, error) {}

// Executes the rule check using the "-C" flag
func (runner *runner) checkRuleUsingCheck(args []string) (bool, error) {}

const iptablesFlushTimeout

const iptablesFlushPollTime

// Monitor is part of Interface
func (runner *runner) Monitor(canary Chain, tables []Table, reloadFunc func(), interval time.Duration, stopCh <-chan struct{}

// ChainExists is part of Interface
func (runner *runner) ChainExists(table Table, chain Chain) (bool, error) {}

type operation

const opCreateChain

const opFlushChain

const opDeleteChain

const opListChain

const opCheckRule

const opDeleteRule

func makeFullArgs(table Table, chain Chain, args ...string) []string {}

const iptablesVersionPattern

// getIPTablesVersion runs "iptables --version" and parses the returned version
func getIPTablesVersion(exec utilexec.Interface, protocol Protocol) (*utilversion.Version, error) {}

// Checks if iptables version has a "wait" flag
func getIPTablesWaitFlag(version *utilversion.Version) []string {}

// Checks if iptables-restore has a "wait" flag
func getIPTablesRestoreWaitFlag(version *utilversion.Version, exec utilexec.Interface, protocol Protocol) []string {}

// getIPTablesRestoreVersionString runs "iptables-restore --version" to get the version string
// in the form "X.X.X"
func getIPTablesRestoreVersionString(exec utilexec.Interface, protocol Protocol) (string, error) {}

func (runner *runner) HasRandomFully() bool {}

// Present tests if iptable is supported on current kernel by checking the existence
// of default table and chain
func (runner *runner) Present() bool {}

var iptablesNotFoundStrings

// IsNotFoundError returns true if the error indicates "not found".  It parses
// the error string looking for known values, which is imperfect; beware using
// this function for anything beyond deciding between logging or ignoring an
// error.
func IsNotFoundError(err error) bool {}

const iptablesStatusResourceProblem

// isResourceError returns true if the error indicates that iptables ran into a "resource
// problem" and was unable to attempt the request. In particular, this will be true if it
// times out trying to get the iptables lock.
func isResourceError(err error) bool {}

type ParseError

type parseError

func (e parseError) Line() int {}

func (e parseError) Error() string {}

type LineData

var regexpParseError

// parseRestoreError extracts the line from the error, if it matches returns parseError
// for example:
// input: iptables-restore: line 51 failed
// output: parseError:  cmd = iptables-restore, line = 51
// NOTE: parseRestoreError depends on the error format of iptables, if it ever changes
// we need to update this function
func parseRestoreError(str string) (ParseError, bool) {}

// ExtractLines extracts the -count and +count data from the lineNum row of lines and return
// NOTE: lines start from line 1
func ExtractLines(lines []byte, line, count int) []LineData {}