- Sort Score
- Result 10 results
- Languages All
Results 21 - 30 of 1,589 for tproxy (0.15 sec)
-
tools/packaging/common/istio-start.sh
# Update iptables, based on config file "${ISTIO_BIN_BASE}/pilot-agent" istio-iptables fi fi EXEC_USER=${EXEC_USER:-istio-proxy} if [ "${ISTIO_INBOUND_INTERCEPTION_MODE}" = "TPROXY" ] ; then # In order to allow redirect inbound traffic using TPROXY, run envoy with the CAP_NET_ADMIN capability. # This allows configuring listeners with the "transparent" socket option set to true. EXEC_USER=root fi
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Mar 06 22:16:26 UTC 2024 - 5.4K bytes - Viewed (0) -
tools/istio-iptables/pkg/capture/run_linux.go
) // configureTProxyRoutes configures ip firewall rules to enable TPROXY support. // See https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/original_src_filter func configureTProxyRoutes(cfg *config.Config) error { if cfg.InboundPortsInclude != "" { if cfg.InboundInterceptionMode == constants.TPROXY { link, err := netlink.LinkByName("lo") if err != nil {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Apr 30 22:24:38 UTC 2024 - 3.1K bytes - Viewed (0) -
tools/istio-iptables/pkg/capture/run.go
// to the local service. If not set, no inbound port will be intercepted by istio iptablesOrFail. var table string if cfg.cfg.InboundPortsInclude != "" { if cfg.cfg.InboundInterceptionMode == constants.TPROXY { // When using TPROXY, create a new chain for routing all inbound traffic to // Envoy. Any packet entering this chain gets marked with the ${INBOUND_TPROXY_MARK} mark,
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 06 03:53:23 UTC 2024 - 35.4K bytes - Viewed (0) -
cni/pkg/iptables/iptables_linux.go
} for _, family := range families { // Equiv: // ip rule add fwmark 0x111/0xfff pref 32764 lookup 100 // // Adds in-pod rules for marking packets with the istio-specific TPROXY mark. // A very similar mechanism is used for sidecar TPROXY. // // TODO largely identical/copied from tools/istio-iptables/pkg/capture/run_linux.go inpodMarkRule := netlink.NewRule() inpodMarkRule.Family = family
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Apr 30 22:24:38 UTC 2024 - 3.3K bytes - Viewed (0) -
tools/istio-iptables/pkg/capture/run_unspecified.go
) // ErrNotImplemented is returned when a requested feature is not implemented. var ErrNotImplemented = errors.New("not implemented") // configureTProxyRoutes configures ip firewall rules to enable TPROXY support. // See https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/original_src_filter func configureTProxyRoutes(cfg *config.Config) error { return ErrNotImplemented }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed Nov 01 16:18:12 UTC 2023 - 1.2K bytes - Viewed (0) -
pkg/test/framework/resource/settings.go
SkipString ArrayFlags SkipMatcher *Matcher // SkipWorkloadClasses can be used to skip deploying special workload types like TPROXY, VMs, etc. SkipWorkloadClasses ArrayFlags // OnlyWorkloadClasses can be used to only deploy specific workload types like TPROXY, VMs, etc. OnlyWorkloadClasses ArrayFlags // The label selector, in parsed form. Selector label.Selector
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 09 19:04:51 UTC 2024 - 9.2K bytes - Viewed (0) -
tools/istio-clean-iptables/pkg/cmd/cleanup_test.go
func(cfg *config.Config) { cfg.RedirectDNS = true cfg.OwnerGroupsExclude = "888,ftp" }, }, { "inbound-interception-mode", func(cfg *config.Config) { cfg.InboundInterceptionMode = "TPROXY" cfg.InboundTProxyMark = "1337" }, }, } for _, tt := range cases { t.Run(tt.name, func(t *testing.T) { cfg := constructTestConfig() tt.config(cfg) ext := &dep.DependenciesStub{}
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Mar 11 17:46:23 UTC 2024 - 3.2K bytes - Viewed (0) -
pkg/kube/inject/webhook.go
return } // Overriding RunAsUser is now allowed in TPROXY mode, it must always run with uid=0 tproxy := false if proxyConfig.InterceptionMode == meshconfig.ProxyConfig_TPROXY { tproxy = true } else if mode, found := finalPod.Annotations[annotation.SidecarInterceptionMode.Name]; found && mode == iptablesconstants.TPROXY { tproxy = true }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue May 14 17:59:39 UTC 2024 - 42.2K bytes - Viewed (0) -
pilot/pkg/networking/core/listener_test.go
tests := []struct { name string proxy *model.Proxy expected [2]string }{ { name: "ipv4 only", proxy: &model.Proxy{ IPAddresses: []string{"1.1.1.1", "127.0.0.1", "2.2.2.2"}, }, expected: [2]string{WildcardAddress, LocalhostAddress}, }, { name: "ipv6 only", proxy: &model.Proxy{ IPAddresses: []string{"1111:2222::1", "::1", "2222:3333::1"},
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Jun 13 01:56:28 UTC 2024 - 93.6K bytes - Viewed (0) -
tools/istio-clean-iptables/pkg/cmd/root.go
&cfg.CaptureAllDNS) flag.BindEnv(fs, constants.InboundInterceptionMode, "m", "The mode used to redirect inbound connections to Envoy, either \"REDIRECT\" or \"TPROXY\".", &cfg.InboundInterceptionMode) flag.BindEnv(fs, constants.InboundTProxyMark, "t", "", &cfg.InboundTProxyMark) } func GetCommand(logOpts *log.Options) *cobra.Command { cfg := config.DefaultConfig()
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Mar 11 17:46:23 UTC 2024 - 3K bytes - Viewed (0)