- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 364 for tproxy (0.06 sec)
-
cni/pkg/iptables/testdata/tproxy.golden
-A ISTIO_PRERT ! -d 127.0.0.1/32 -p tcp -i lo -j ACCEPT -A ISTIO_PRERT -p tcp -m tcp --dport 15008 -m mark ! --mark 0x539/0xfff -j TPROXY --on-port 15008 --tproxy-mark 0x111/0xfff -A ISTIO_PRERT -p tcp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ISTIO_PRERT ! -d 127.0.0.1/32 -p tcp -m mark ! --mark 0x539/0xfff -j TPROXY --on-port 15006 --tproxy-mark 0x111/0xfff
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Wed Sep 25 20:54:34 UTC 2024 - 1.5K bytes - Viewed (0) -
cni/pkg/plugin/testdata/tproxy.txt.golden
* mangle -N ISTIO_DIVERT -N ISTIO_TPROXY -N ISTIO_INBOUND -A ISTIO_DIVERT -j MARK --set-mark 1337 -A ISTIO_DIVERT -j ACCEPT -A ISTIO_TPROXY ! -d 127.0.0.1/32 -p tcp -j TPROXY --tproxy-mark 1337/0xffffffff --on-port 15006 -A PREROUTING -p tcp -j ISTIO_INBOUND -A ISTIO_INBOUND -p tcp --dport 15020 -j RETURN -A ISTIO_INBOUND -p tcp --dport 15021 -j RETURN -A ISTIO_INBOUND -p tcp --dport 15090 -j RETURN
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Thu Feb 16 22:54:20 UTC 2023 - 1.9K bytes - Viewed (0) -
cni/pkg/plugin/testdata/custom-uid-tproxy.txt.golden
* mangle -N ISTIO_DIVERT -N ISTIO_TPROXY -N ISTIO_INBOUND -A ISTIO_DIVERT -j MARK --set-mark 1337 -A ISTIO_DIVERT -j ACCEPT -A ISTIO_TPROXY ! -d 127.0.0.1/32 -p tcp -j TPROXY --tproxy-mark 1337/0xffffffff --on-port 15006 -A PREROUTING -p tcp -j ISTIO_INBOUND -A ISTIO_INBOUND -p tcp --dport 15020 -j RETURN -A ISTIO_INBOUND -p tcp --dport 15021 -j RETURN -A ISTIO_INBOUND -p tcp --dport 15090 -j RETURN
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Wed Apr 26 16:39:28 UTC 2023 - 2K bytes - Viewed (0) -
istioctl/pkg/kubeinject/testdata/mesh-config.yaml
# If "TPROXY", use iptables TPROXY to redirect to Envoy. # The "TPROXY" mode preserves both the source and destination IP # addresses and ports, so that they can be used for advanced filtering # and manipulation. # The "TPROXY" mode also configures the sidecar to run with the # CAP_NET_ADMIN capability, which is required to use TPROXY. #interceptionMode: REDIRECT #
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Thu Jun 15 15:02:17 UTC 2023 - 2.2K bytes - Viewed (0) -
cni/pkg/iptables/testdata/tproxy_ipv6.golden
-A ISTIO_PRERT ! -d 127.0.0.1/32 -p tcp -i lo -j ACCEPT -A ISTIO_PRERT -p tcp -m tcp --dport 15008 -m mark ! --mark 0x539/0xfff -j TPROXY --on-port 15008 --tproxy-mark 0x111/0xfff -A ISTIO_PRERT -p tcp -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ISTIO_PRERT ! -d 127.0.0.1/32 -p tcp -m mark ! --mark 0x539/0xfff -j TPROXY --on-port 15006 --tproxy-mark 0x111/0xfff
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Wed Sep 25 20:54:34 UTC 2024 - 3K bytes - Viewed (0) -
cni/pkg/plugin/plugin_dryrun_test.go
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Tue Aug 27 16:44:45 UTC 2024 - 8.5K bytes - Viewed (0) -
cni/pkg/iptables/iptables.go
"-p", iptablesconstants.TCP, "-i", "lo", "-j", "ACCEPT") // CLI: -A ISTIO_PRERT -p tcp -m tcp --dport <INPORT> -m mark ! --mark 0x539/0xfff -j TPROXY --on-port <INPORT> --on-ip 127.0.0.1 --tproxy-mark 0x111/0xfff // // DESC: Anything heading to <INPORT> that does not have the mark, TPROXY to ztunnel inbound port <INPORT> iptablesBuilder.AppendRule( iptableslog.UndefinedCommand, ChainInpodPrerouting, iptablesconstants.MANGLE,
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Tue Oct 15 15:39:28 UTC 2024 - 23.3K bytes - Viewed (0) -
cni/pkg/iptables/iptables_linux.go
} for _, family := range families { // Equiv: // ip rule add fwmark 0x111/0xfff pref 32764 lookup 100 // // Adds in-pod rules for marking packets with the istio-specific TPROXY mark. // A very similar mechanism is used for sidecar TPROXY. // // TODO largely identical/copied from tools/istio-iptables/pkg/capture/run_linux.go inpodMarkRule := netlink.NewRule() inpodMarkRule.Family = family
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Fri Sep 06 09:44:28 UTC 2024 - 4K bytes - Viewed (0) -
cni/pkg/constants/constants.go
ExcludeNamespaces = "exclude-namespaces" AmbientEnabled = "ambient-enabled" AmbientDNSCapture = "ambient-dns-capture" AmbientIPv6 = "ambient-ipv6" AmbientTPROXYRedirection = "ambient-tproxy-redirection" // Repair RepairEnabled = "repair-enabled" RepairDeletePods = "repair-delete-pods" RepairRepairPods = "repair-repair-pods" RepairLabelPods = "repair-label-pods"
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Fri Aug 16 15:33:47 UTC 2024 - 3K bytes - Viewed (0) -
cni/pkg/iptables/iptables_test.go
name string config func(cfg *Config) ingressMode bool }{ { name: "default", config: func(cfg *Config) { cfg.RedirectDNS = true }, }, { name: "tproxy", config: func(cfg *Config) { cfg.TPROXYRedirection = true cfg.RedirectDNS = true }, }, { name: "ingress", config: func(cfg *Config) { }, ingressMode: true, }, }
Registered: Wed Nov 06 22:53:10 UTC 2024 - Last Modified: Tue Oct 15 15:39:28 UTC 2024 - 4.1K bytes - Viewed (0)