github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/internal/supervisor/iptablesctrl/portset.go (about) 1 package iptablesctrl 2 3 import ( 4 "fmt" 5 6 "go.aporeto.io/trireme-lib/controller/constants" 7 "go.uber.org/zap" 8 ) 9 10 func (i *iptables) getPortSet(contextID string) string { 11 portset, err := i.contextIDToPortSetMap.Get(contextID) 12 if err != nil { 13 return "" 14 } 15 16 return portset.(string) 17 } 18 19 // createPortSets creates either UID or process port sets. This is only 20 // needed for Linux PUs and it returns immediately for container PUs. 21 func (i *iptables) createPortSet(contextID string, username string) error { 22 23 if i.mode == constants.RemoteContainer { 24 return nil 25 } 26 27 ipsetPrefix := i.impl.GetIPSetPrefix() 28 prefix := "" 29 if username != "" { 30 prefix = ipsetPrefix + uidPortSetPrefix 31 } else { 32 prefix = ipsetPrefix + processPortSetPrefix 33 } 34 portSetName := puPortSetName(contextID, prefix) 35 36 _, err := i.ipset.NewIpset(portSetName, portSetIpsetType, nil) 37 if err != nil { 38 return err 39 } 40 41 i.contextIDToPortSetMap.AddOrUpdate(contextID, portSetName) 42 return nil 43 } 44 45 // deletePortSet delets the ports set that was created for a Linux PU. 46 // It returns without errors for container PUs. 47 func (i *iptables) deletePortSet(contextID string) error { 48 49 if i.mode == constants.RemoteContainer { 50 return nil 51 } 52 53 portSetName := i.getPortSet(contextID) 54 if portSetName == "" { 55 return fmt.Errorf("Failed to find port set") 56 } 57 58 ips := i.ipset.GetIpset(portSetName) 59 if err := ips.Destroy(); err != nil { 60 return fmt.Errorf("Failed to delete pu port set "+portSetName, zap.Error(err)) 61 } 62 63 if err := i.contextIDToPortSetMap.Remove(contextID); err != nil { 64 zap.L().Debug("portset not found for the contextID", zap.String("contextID", contextID)) 65 } 66 67 return nil 68 } 69 70 // DeletePortFromPortSet deletes ports from port sets 71 func (i *iptables) DeletePortFromPortSet(contextID string, port string) error { 72 73 portSetName := i.getPortSet(contextID) 74 if portSetName == "" { 75 return fmt.Errorf("unable to get portset for contextID %s", contextID) 76 } 77 78 ips := i.ipset.GetIpset(portSetName) 79 if err := ips.Del(port); err != nil { 80 return fmt.Errorf("unable to delete port from portset: %s", err) 81 } 82 83 return nil 84 } 85 86 // DeletePortFromPortSet deletes ports from port sets 87 func (i *Instance) DeletePortFromPortSet(contextID string, port string) error { 88 89 if err := i.iptv4.DeletePortFromPortSet(contextID, port); err != nil { 90 zap.L().Warn("Failed to delete port from ipv4 portset ", zap.String("contextID", contextID), zap.String("port", port), zap.Error(err)) 91 } 92 93 if err := i.iptv6.DeletePortFromPortSet(contextID, port); err != nil { 94 zap.L().Warn("Failed to delete port from ipv6 portset ", zap.String("port", port), zap.Error(err)) 95 } 96 97 return nil 98 } 99 100 // AddPortToPortSet adds ports to the portsets 101 func (i *iptables) AddPortToPortSet(contextID string, port string) error { 102 103 portSetName := i.getPortSet(contextID) 104 if portSetName == "" { 105 return fmt.Errorf("unable to get portset for contextID %s", contextID) 106 } 107 ips := i.ipset.GetIpset(portSetName) 108 if err := ips.Add(port, 0); err != nil { 109 return fmt.Errorf("unable to add port to portset: %s", err) 110 } 111 112 return nil 113 } 114 115 // AddPortToPortSet adds ports to the portsets 116 func (i *Instance) AddPortToPortSet(contextID string, port string) error { 117 118 if err := i.iptv4.AddPortToPortSet(contextID, port); err != nil { 119 zap.L().Warn("Failed to add port to ipv4 portset", zap.String("contextID", contextID), zap.String("port", port), zap.Error(err)) 120 } 121 122 if err := i.iptv6.AddPortToPortSet(contextID, port); err != nil { 123 zap.L().Warn("Failed to add port to ipv6 portset", zap.String("contextID", contextID), zap.String("port", port), zap.Error(err)) 124 } 125 126 return nil 127 }