ITQC/containernetworking-plugins
24
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 34 Wiki Activity
containernetworking-plugins/vendor/github.com/networkplumbing/go-nft/nft/config.go
Miguel Duarte Barroso 83fe87c5b0 build: consume specific tables/chains via go-nft 
This go-nft version allows its users to only read particular
tables/chains when invoking `ReadConfig`, instead of the entire ruleset.

This will make deleting rules from a large ruleset faster, thus speeding
up CNI DELs.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2175041

Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
2023-04-20 10:08:18 +02:00

70 lines
2.3 KiB
Go
Raw Blame History

/*
* This file is part of the go-nft project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* Copyright 2021 Red Hat, Inc.
*
*/
package nft
import (
"context"
"time"
nftconfig "github.com/networkplumbing/go-nft/nft/config"
nftexec "github.com/networkplumbing/go-nft/nft/exec"
)
type Config = nftconfig.Config
const (
defaultTimeout = 30 * time.Second
)
// NewConfig returns a new nftables config structure.
func NewConfig() *nftconfig.Config {
return nftconfig.New()
}
// ReadConfig loads the nftables configuration from the system and
// returns it as a nftables config structure.
// The system is expected to have the `nft` executable deployed and nftables enabled in the kernel.
func ReadConfig(filterCommands ...string) (*Config, error) {
ctx, cancel := context.WithTimeout(context.Background(), defaultTimeout)
defer cancel()
return ReadConfigContext(ctx, filterCommands...)
}
// ReadConfigContext loads the nftables configuration from the system and
// returns it as a nftables config structure.
// The system is expected to have the `nft` executable deployed and nftables enabled in the kernel.
func ReadConfigContext(ctx context.Context, filterCommands ...string) (*Config, error) {
return nftexec.ReadConfig(ctx, filterCommands...)
}
// ApplyConfig applies the given nftables config on the system.
// The system is expected to have the `nft` executable deployed and nftables enabled in the kernel.
func ApplyConfig(c *Config) error {
ctx, cancel := context.WithTimeout(context.Background(), defaultTimeout)
defer cancel()
return ApplyConfigContext(ctx, c)
}
// ApplyConfigContext applies the given nftables config on the system.
// The system is expected to have the `nft` executable deployed and nftables enabled in the kernel.
func ApplyConfigContext(ctx context.Context, c *Config) error {
return nftexec.ApplyConfig(ctx, c)
}
View Git Blame Copy Permalink