github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/internal/supervisor/iptablesctrl/ipv6.go

github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/internal/supervisor/iptablesctrl/ipv6.go (about)

     1  package iptablesctrl
     2  
     3  import (
     4  	"net"
     5  	"strings"
     6  
     7  	"github.com/aporeto-inc/go-ipset/ipset"
     8  	provider "go.aporeto.io/enforcerd/trireme-lib/controller/pkg/aclprovider"
     9  	"go.aporeto.io/gaia/protocols"
    10  )
    11  
    12  const (
    13  	// IPv6DefaultIP is the default IP subnet of ipv6
    14  	IPv6DefaultIP = "::/0"
    15  )
    16  
    17  type ipv6 struct {
    18  	ipt         provider.IptablesProvider
    19  	ipv6Enabled bool
    20  }
    21  
    22  var ipsetV6Param *ipset.Params
    23  
    24  func init() {
    25  	ipsetV6Param = &ipset.Params{HashFamily: "inet6"}
    26  }
    27  
    28  func (i *ipv6) IPVersion() int {
    29  	return IPV6
    30  }
    31  
    32  func (i *ipv6) IPFilter() func(net.IP) bool {
    33  	ipv6Filter := func(ip net.IP) bool {
    34  		return (ip.To4() == nil)
    35  	}
    36  
    37  	return ipv6Filter
    38  }
    39  
    40  func (i *ipv6) GetDefaultIP() string {
    41  	return IPv6DefaultIP
    42  }
    43  
    44  func (i *ipv6) NeedICMP() bool {
    45  	return true
    46  }
    47  
    48  func (i *ipv6) ProtocolAllowed(proto string) bool {
    49  	return !(strings.ToUpper(proto) == protocols.L4ProtocolICMP)
    50  }
    51  
    52  func (i *ipv6) Append(table, chain string, rulespec ...string) error {
    53  	if !i.ipv6Enabled || i.ipt == nil {
    54  		return nil
    55  	}
    56  
    57  	return i.ipt.Append(table, chain, rulespec...)
    58  }
    59  
    60  func (i *ipv6) Insert(table, chain string, pos int, rulespec ...string) error {
    61  	if !i.ipv6Enabled || i.ipt == nil {
    62  		return nil
    63  	}
    64  
    65  	return i.ipt.Insert(table, chain, pos, rulespec...)
    66  }
    67  
    68  func (i *ipv6) ListChains(table string) ([]string, error) {
    69  	if !i.ipv6Enabled || i.ipt == nil {
    70  		return nil, nil
    71  	}
    72  
    73  	return i.ipt.ListChains(table)
    74  }
    75  
    76  func (i *ipv6) ClearChain(table, chain string) error {
    77  	if !i.ipv6Enabled || i.ipt == nil {
    78  		return nil
    79  	}
    80  
    81  	return i.ipt.ClearChain(table, chain)
    82  }
    83  
    84  func (i *ipv6) DeleteChain(table, chain string) error {
    85  	if !i.ipv6Enabled || i.ipt == nil {
    86  		return nil
    87  	}
    88  
    89  	return i.ipt.DeleteChain(table, chain)
    90  }
    91  
    92  func (i *ipv6) NewChain(table, chain string) error {
    93  	if !i.ipv6Enabled || i.ipt == nil {
    94  		return nil
    95  	}
    96  
    97  	return i.ipt.NewChain(table, chain)
    98  }
    99  
   100  func (i *ipv6) Commit() error {
   101  	if !i.ipv6Enabled || i.ipt == nil {
   102  		return nil
   103  	}
   104  
   105  	return i.ipt.Commit()
   106  }
   107  
   108  func (i *ipv6) Delete(table, chain string, rulespec ...string) error {
   109  	if !i.ipv6Enabled || i.ipt == nil {
   110  		return nil
   111  	}
   112  
   113  	return i.ipt.Delete(table, chain, rulespec...)
   114  }
   115  
   116  func (i *ipv6) RetrieveTable() map[string]map[string][]string {
   117  	return i.ipt.RetrieveTable()
   118  }
   119  
   120  func (i *ipv6) ResetRules(subs string) error {
   121  	if !i.ipv6Enabled || i.ipt == nil {
   122  		return nil
   123  	}
   124  
   125  	return i.ipt.ResetRules(subs)
   126  }
   127  
   128  func (i *ipv6) ListRules(table, chain string) ([]string, error) {
   129  	return i.ipt.ListRules(table, chain)
   130  }