drivers

package

v0.0.0-...-51844b1 Latest Latest Go to latest Published: Mar 2, 2021 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/wallyworld/lxd

Links

Open Source Insights

Documentation ¶

Constants ¶

View Source

const FilterIPv4All = "0.0.0.0"

FilterIPv4All used to indicate to firewall package to filter all IPv4 traffic.

View Source

const FilterIPv6All = "::"

FilterIPv6All used to indicate to firewall package to filter all IPv6 traffic.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Nftables ¶

type Nftables struct{}

Nftables is an implmentation of LXD firewall using nftables.

func (Nftables) Compat ¶

func (d Nftables) Compat() (bool, error)

Compat returns whether the driver backend is in use, and any host compatibility errors.

func (Nftables) InstanceClearBridgeFilter ¶

func (d Nftables) InstanceClearBridgeFilter(projectName string, instanceName string, deviceName string, parentName string, hostName string, hwAddr string, _ net.IP, _ net.IP) error

InstanceClearBridgeFilter removes any filter rules that were added to apply bridged device IP filtering.

func (Nftables) InstanceClearProxyNAT ¶

func (d Nftables) InstanceClearProxyNAT(projectName string, instanceName string, deviceName string) error

InstanceClearProxyNAT remove DNAT rules for proxy devices.

func (Nftables) InstanceClearRPFilter ¶

func (d Nftables) InstanceClearRPFilter(projectName string, instanceName string, deviceName string) error

InstanceClearRPFilter removes reverse path filtering for the specified instance device on the host interface.

func (Nftables) InstanceSetupBridgeFilter ¶

func (d Nftables) InstanceSetupBridgeFilter(projectName string, instanceName string, deviceName string, parentName string, hostName string, hwAddr string, IPv4 net.IP, IPv6 net.IP) error

InstanceSetupBridgeFilter sets up the filter rules to apply bridged device IP filtering.

func (Nftables) InstanceSetupProxyNAT ¶

func (d Nftables) InstanceSetupProxyNAT(projectName string, instanceName string, deviceName string, listen, connect *deviceConfig.ProxyAddress) error

InstanceSetupProxyNAT creates DNAT rules for proxy devices.

func (Nftables) InstanceSetupRPFilter ¶

func (d Nftables) InstanceSetupRPFilter(projectName string, instanceName string, deviceName string, hostName string) error

InstanceSetupRPFilter activates reverse path filtering for the specified instance device on the host interface.

func (Nftables) NetworkClear ¶

func (d Nftables) NetworkClear(networkName string, ipVersion uint) error

NetworkClear removes the LXD network related chains.

func (Nftables) NetworkSetupDHCPDNSAccess ¶

func (d Nftables) NetworkSetupDHCPDNSAccess(networkName string, ipVersion uint) error

NetworkSetupDHCPDNSAccess sets up basic nftables overrides for DHCP/DNS.

func (Nftables) NetworkSetupDHCPv4Checksum ¶

func (d Nftables) NetworkSetupDHCPv4Checksum(networkName string) error

NetworkSetupDHCPv4Checksum attempts a workaround for broken DHCP clients. No-op as not supported by nftables. See https://wiki.nftables.org/wiki-nftables/index.php/Supported_features_compared_to_xtables#CHECKSUM.

func (Nftables) NetworkSetupForwardingPolicy ¶

func (d Nftables) NetworkSetupForwardingPolicy(networkName string, ipVersion uint, allow bool) error

NetworkSetupForwardingPolicy allows forwarding dependent on boolean argument

func (Nftables) NetworkSetupOutboundNAT ¶

func (d Nftables) NetworkSetupOutboundNAT(networkName string, subnet *net.IPNet, srcIP net.IP, _ bool) error

NetworkSetupOutboundNAT configures outbound NAT. If srcIP is non-nil then SNAT is used with the specified address, otherwise MASQUERADE mode is used. Append mode is always on and so the append argument is ignored.

func (Nftables) String ¶

func (d Nftables) String() string

String returns the driver name.

type Xtables ¶

type Xtables struct{}

Xtables is an implmentation of LXD firewall using {ip, ip6, eb}tables

func (Xtables) Compat ¶

func (d Xtables) Compat() (bool, error)

Compat returns whether the driver backend is in use, and any host compatibility errors.

func (Xtables) InstanceClearBridgeFilter ¶

func (d Xtables) InstanceClearBridgeFilter(projectName string, instanceName string, deviceName string, parentName string, hostName string, hwAddr string, IPv4 net.IP, IPv6 net.IP) error

InstanceClearBridgeFilter removes any filter rules that were added to apply bridged device IP filtering.

func (Xtables) InstanceClearProxyNAT ¶

func (d Xtables) InstanceClearProxyNAT(projectName string, instanceName string, deviceName string) error

InstanceClearProxyNAT remove DNAT rules for proxy devices.

func (Xtables) InstanceClearRPFilter ¶

func (d Xtables) InstanceClearRPFilter(projectName string, instanceName string, deviceName string) error

InstanceClearRPFilter removes reverse path filtering for the specified instance device on the host interface.

func (Xtables) InstanceSetupBridgeFilter ¶

func (d Xtables) InstanceSetupBridgeFilter(projectName string, instanceName string, deviceName string, parentName string, hostName string, hwAddr string, IPv4 net.IP, IPv6 net.IP) error

InstanceSetupBridgeFilter sets up the filter rules to apply bridged device IP filtering.

func (Xtables) InstanceSetupProxyNAT ¶

func (d Xtables) InstanceSetupProxyNAT(projectName string, instanceName string, deviceName string, listen *deviceConfig.ProxyAddress, connect *deviceConfig.ProxyAddress) error

InstanceSetupProxyNAT creates DNAT rules for proxy devices.

func (Xtables) InstanceSetupRPFilter ¶

func (d Xtables) InstanceSetupRPFilter(projectName string, instanceName string, deviceName string, hostName string) error

InstanceSetupRPFilter activates reverse path filtering for the specified instance device on the host interface.

func (Xtables) NetworkClear ¶

func (d Xtables) NetworkClear(networkName string, ipVersion uint) error

NetworkClear removes network rules from filter, mangle and nat tables.

func (Xtables) NetworkSetupDHCPDNSAccess ¶

func (d Xtables) NetworkSetupDHCPDNSAccess(networkName string, ipVersion uint) error

NetworkSetupDHCPDNSAccess sets up basic iptables overrides for DHCP/DNS.

func (Xtables) NetworkSetupDHCPv4Checksum ¶

func (d Xtables) NetworkSetupDHCPv4Checksum(networkName string) error

NetworkSetupDHCPv4Checksum attempts a workaround for broken DHCP clients.

func (Xtables) NetworkSetupForwardingPolicy ¶

func (d Xtables) NetworkSetupForwardingPolicy(networkName string, ipVersion uint, allow bool) error

NetworkSetupForwardingPolicy allows forwarding dependent on boolean argument

func (Xtables) NetworkSetupOutboundNAT ¶

func (d Xtables) NetworkSetupOutboundNAT(networkName string, subnet *net.IPNet, srcIP net.IP, appendRule bool) error

NetworkSetupOutboundNAT configures outbound NAT. If srcIP is non-nil then SNAT is used with the specified address, otherwise MASQUERADE mode is used.

func (Xtables) String ¶

func (d Xtables) String() string

String returns the driver name.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL