package utils

import "github.com/containernetworking/plugins/pkg/utils"

Index

Constants 

const (
	PROTOCOL_TCP  = 6
	PROTOCOL_UDP  = 17
	PROTOCOL_SCTP = 132
)

Assigned Internet Protocol Numbers https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml 

const MaxHashLen = sha512.Size * 2

Functions

func ClearChain 

func ClearChain(ipt *iptables.IPTables, table, chain string) error

ClearChain idempotently clear the iptables rules in the specified table/chain. If the chain does not exist, a new one will be created

func DeleteChain 

func DeleteChain(ipt *iptables.IPTables, table, chain string) error

DeleteChain idempotently deletes the specified table/chain. It does not return an errors if the chain does not exist

func DeleteConntrackEntriesForDstIP 

func DeleteConntrackEntriesForDstIP(dstIP string, protocol uint8) error

DeleteConntrackEntriesForDstIP delete the conntrack entries for the connections specified by the given destination IP and protocol

func DeleteConntrackEntriesForDstPort 

func DeleteConntrackEntriesForDstPort(port uint16, protocol uint8, family netlink.InetFamily) error

DeleteConntrackEntriesForDstPort delete the conntrack entries for the connections specified by the given destination port, protocol and IP family

func DeleteRule 

func DeleteRule(ipt *iptables.IPTables, table, chain string, rulespec ...string) error

DeleteRule idempotently delete the iptables rule in the specified table/chain. It does not return an error if the referring chain doesn't exist

func EnsureChain 

func EnsureChain(ipt *iptables.IPTables, table, chain string) error

EnsureChain idempotently creates the iptables chain. It does not return an error if the chain already exists.

func FormatChainName 

func FormatChainName(name string, id string) string

FormatChainName generates a chain name to be used with iptables. Ensures that the generated chain name is exactly maxChainLength chars in length.

func FormatComment 

func FormatComment(name string, id string) string

FormatComment returns a comment used for easier rule identification within iptables.

func InsertUnique 

func InsertUnique(ipt *iptables.IPTables, table, chain string, prepend bool, rule []string) error

InsertUnique will add a rule to a chain if it does not already exist. By default the rule is appended, unless prepend is true.

func MustFormatChainNameWithPrefix 

func MustFormatChainNameWithPrefix(name string, id string, prefix string) string

MustFormatChainNameWithPrefix generates a chain name similar to FormatChainName, but adds a custom prefix between chainPrefix and unique identifier. Ensures that the generated chain name is exactly maxChainLength chars in length. Panics if the given prefix is too long.

func MustFormatHashWithPrefix 

func MustFormatHashWithPrefix(length int, prefix string, toHash string) string

MustFormatHashWithPrefix returns a string of given length that begins with the given prefix. It is filled with entropy based on the given string toHash.

func SupportsIPTables 

func SupportsIPTables() bool

SupportsIPTables tests whether the system supports using netfilter via the iptables API (whether via "iptables-legacy" or "iptables-nft"). (Note that this returns true if it is *possible* to use iptables; it does not test whether any other components on the system are *actually* using iptables.)

func SupportsNFTables 

func SupportsNFTables() bool

SupportsNFTables tests whether the system supports using netfilter via the nftables API (ie, not via "iptables-nft"). (Note that this returns true if it is *possible* to use nftables; it does not test whether any other components on the system are *actually* using nftables.)

Source Files

conntrack.go iptables.go netfilter.go utils.go

Directories

PathSynopsis
pkg/utils/buildversionBuildversion is a destination for the linker trickery so we can auto set the build-version
pkg/utils/sysctl
Version
v1.7.1 (latest)
Published
Apr 25, 2025
Platform
linux/amd64
Imports
9 packages
Last checked
19 hours ago

Tools for package owners.