github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/internal/supervisor/iptablesctrl/ipv4.go

github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/internal/supervisor/iptablesctrl/ipv4.go (about)

     1  package iptablesctrl
     2  
     3  import (
     4  	"fmt"
     5  	"net"
     6  	"strings"
     7  
     8  	"github.com/aporeto-inc/go-ipset/ipset"
     9  	provider "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/aclprovider"
    10  	"go.aporeto.io/gaia/protocols"
    11  )
    12  
    13  const (
    14  	// IPv4DefaultIP is the default ip address of ipv4 subnets
    15  	IPv4DefaultIP = "0.0.0.0/0"
    16  )
    17  
    18  var ipsetV4Param *ipset.Params
    19  
    20  type ipv4 struct {
    21  	ipt provider.IptablesProvider
    22  }
    23  
    24  func init() {
    25  	ipsetV4Param = &ipset.Params{}
    26  }
    27  
    28  // GetIPv4Impl creates the instance of ipv4 struct which implements the interface
    29  // ipImpl
    30  func GetIPv4Impl() (IPImpl, error) {
    31  	ipt, err := provider.NewGoIPTablesProviderV4([]string{"mangle"}, CustomQOSChain)
    32  	if err != nil {
    33  		return nil, fmt.Errorf("unable to initialize iptables provider: %s", err)
    34  	}
    35  
    36  	return &ipv4{ipt: ipt}, nil
    37  }
    38  
    39  func (i *ipv4) IPVersion() int {
    40  	return IPV4
    41  }
    42  
    43  func (i *ipv4) IPFilter() func(net.IP) bool {
    44  	ipv4Filter := func(ip net.IP) bool {
    45  		return (ip.To4() != nil)
    46  	}
    47  
    48  	return ipv4Filter
    49  }
    50  
    51  func (i *ipv4) GetDefaultIP() string {
    52  	return IPv4DefaultIP
    53  }
    54  
    55  func (i *ipv4) NeedICMP() bool {
    56  	return false
    57  }
    58  
    59  func (i *ipv4) ProtocolAllowed(proto string) bool {
    60  
    61  	return !(strings.ToUpper(proto) == protocols.L4ProtocolICMP6)
    62  }
    63  
    64  func (i *ipv4) Append(table, chain string, rulespec ...string) error {
    65  	return i.ipt.Append(table, chain, rulespec...)
    66  }
    67  
    68  func (i *ipv4) Insert(table, chain string, pos int, rulespec ...string) error {
    69  	return i.ipt.Insert(table, chain, pos, rulespec...)
    70  }
    71  
    72  func (i *ipv4) ListChains(table string) ([]string, error) {
    73  	return i.ipt.ListChains(table)
    74  }
    75  
    76  func (i *ipv4) ClearChain(table, chain string) error {
    77  	return i.ipt.ClearChain(table, chain)
    78  }
    79  
    80  func (i *ipv4) DeleteChain(table, chain string) error {
    81  	return i.ipt.DeleteChain(table, chain)
    82  }
    83  
    84  func (i *ipv4) NewChain(table, chain string) error {
    85  	return i.ipt.NewChain(table, chain)
    86  }
    87  
    88  func (i *ipv4) Commit() error {
    89  	return i.ipt.Commit()
    90  }
    91  
    92  func (i *ipv4) Delete(table, chain string, rulespec ...string) error {
    93  	return i.ipt.Delete(table, chain, rulespec...)
    94  }
    95  
    96  func (i *ipv4) RetrieveTable() map[string]map[string][]string {
    97  	return i.ipt.RetrieveTable()
    98  }
    99  
   100  func (i *ipv4) ResetRules(subs string) error {
   101  	return i.ipt.ResetRules(subs)
   102  }
   103  
   104  func (i *ipv4) ListRules(table, chain string) ([]string, error) {
   105  	return i.ipt.ListRules(table, chain)
   106  }