Documentation
¶
Index ¶
- Constants
- Variables
- func AreRulePortsEq(l, r []SGRulePorts) bool
- func ValidatePortRange(pr PortRange, canBeNull bool) error
- type ChainDefaultAction
- type FQDN
- type FQDNRule
- type FQDNRuleIdentity
- type ICMP
- type IECidrSgIcmpRule
- type IECidrSgIcmpRuleID
- type IECidrSgRule
- type IECidrSgRuleIdenity
- type IESgSgIcmpRule
- type IESgSgIcmpRuleID
- type IESgSgRule
- type IESgSgRuleIdentity
- type Network
- type NetworkName
- type NetworkTransport
- type PortNumber
- type PortRange
- type PortRanges
- type PortSource
- func (ps *PortSource) FromPortRange(r PortRange) error
- func (ps *PortSource) FromPortRanges(rr PortRanges) error
- func (ps PortSource) IsEq(other PortSource) bool
- func (ps PortSource) IsValid() bool
- func (ps PortSource) ToPortRange() (PortRange, error)
- func (ps PortSource) ToPortRanges() (PortRanges, error)
- type RuleAction
- type RulePriority
- type SGRule
- type SGRuleIdentity
- type SGRulePorts
- type SecurityGroup
- type SgIcmpRule
- type SgIcmpRuleID
- type SgSgIcmpRule
- type SgSgIcmpRuleID
- type SyncStatus
- type Traffic
- type Validatable
Constants ¶
const ( // IPv4 IP family v4 IPv4 = 4 // IPv6 IP family v6 IPv6 = 6 )
Variables ¶
var ( // ErrSPortsAreOverlapped - ErrSPortsAreOverlapped = errors.New("source ports have overlapped regions") // ErrUnexpectedNullPortRange - ErrUnexpectedNullPortRange = errors.New("unexpected null port range") // ErrInvalidFQDN - ErrInvalidFQDN = errors.New("invalid FQDN") )
var PortRangeFactory = ranges.IntsFactory(PortNumber(0))
PortRangeFactory ...
var PortRangeFull = PortRangeFactory.Range(0, false, ^PortNumber(0), false)
PortRangeFull port range [0, 65535]
Functions ¶
func ValidatePortRange ¶
ValidatePortRange portrange model validate
Types ¶
type ChainDefaultAction ¶
type ChainDefaultAction uint8
ChainDefaultAction default action for SG {DROP|ACCEPT}
const ( // DEFAULT is mean default action DEFAULT ChainDefaultAction = iota // DROP drop action net packet DROP // ACCEPT accept action net packet ACCEPT )
func (*ChainDefaultAction) FromString ¶
func (a *ChainDefaultAction) FromString(s string) error
FromString inits from string
func (ChainDefaultAction) Validate ¶
func (a ChainDefaultAction) Validate() error
Validate ChainDefaultAction validator
type FQDNRule ¶
type FQDNRule struct {
NdpiProtocols dict.RBSet[dict.StringCiKey]
// contains filtered or unexported fields
}
FQDNRule rule for from SG to FQDN
type FQDNRuleIdentity ¶
type FQDNRuleIdentity struct {
Transport NetworkTransport
SgFrom string
FqdnTo FQDN
}
FQDNRuleIdentity -
func (FQDNRuleIdentity) IdentityHash ¶
func (sgRuleKey FQDNRuleIdentity) IdentityHash() string
IdentityHash makes ID as hash for FQDNRuleIdentity
func (FQDNRuleIdentity) IsEq ¶
func (sgRuleKey FQDNRuleIdentity) IsEq(other FQDNRuleIdentity) bool
IsEq -
func (FQDNRuleIdentity) String ¶
func (sgRuleKey FQDNRuleIdentity) String() string
String impl Stringer
func (FQDNRuleIdentity) Validate ¶
func (o FQDNRuleIdentity) Validate() error
Validate validate of FQDNRuleIdentity
type ICMP ¶
type ICMP struct {
IPv uint8 // Use in IP net version 4 or 6
Types dict.RBSet[uint8] // Use ICMP message types set of [0-254]
}
ICMP an ICMP proto spec
type IECidrSgIcmpRule ¶ added in v1.13.0
type IECidrSgIcmpRule struct {
Traffic Traffic
CIDR net.IPNet
SG string
Icmp ICMP
Logs bool
Trace bool
Action RuleAction
Priority RulePriority
}
IECidrSgIcmpRule <IN|E>GRESS:CIDR-SG:ICMP rule
func (IECidrSgIcmpRule) ID ¶ added in v1.13.0
func (o IECidrSgIcmpRule) ID() IECidrSgIcmpRuleID
ID -
type IECidrSgIcmpRuleID ¶ added in v1.13.0
IECidrSgIcmpRuleID <IN|E>GRESS:CIDR-SG:ICMP rule ID
func (IECidrSgIcmpRuleID) Cmp ¶ added in v1.13.0
func (o IECidrSgIcmpRuleID) Cmp(other IECidrSgIcmpRuleID) int
Cmp -
func (IECidrSgIcmpRuleID) IdentityHash ¶ added in v1.13.0
func (o IECidrSgIcmpRuleID) IdentityHash() string
IdentityHash -
type IECidrSgRule ¶ added in v1.13.0
type IECidrSgRule = ruleT[IECidrSgRuleIdenity]
IECidrSgRule proto:CIDR:SG:[INGRESS|EGRESS] rule
type IECidrSgRuleIdenity ¶ added in v1.13.0
type IECidrSgRuleIdenity struct {
Transport NetworkTransport
Traffic Traffic
SG string
CIDR net.IPNet
}
IECidrSgRuleIdenity -
func (IECidrSgRuleIdenity) Cmp ¶ added in v1.13.0
func (o IECidrSgRuleIdenity) Cmp(other IECidrSgRuleIdenity) int
Cmp -
func (IECidrSgRuleIdenity) IdentityHash ¶ added in v1.13.0
func (o IECidrSgRuleIdenity) IdentityHash() string
IdentityHash -
func (IECidrSgRuleIdenity) IsEq ¶ added in v1.13.0
func (o IECidrSgRuleIdenity) IsEq(other IECidrSgRuleIdenity) bool
IsEq -
func (IECidrSgRuleIdenity) String ¶ added in v1.13.0
func (o IECidrSgRuleIdenity) String() string
String -
func (IECidrSgRuleIdenity) Validate ¶ added in v1.13.0
func (o IECidrSgRuleIdenity) Validate() error
Validate validate of CidrSgRuleIdenity
type IESgSgIcmpRule ¶ added in v1.11.0
type IESgSgIcmpRule struct {
Traffic Traffic
SgLocal string
Sg string
Icmp ICMP
Logs bool
Trace bool
Action RuleAction
Priority RulePriority
}
IESgSgIcmpRule <IN|E>GRESS:SG-SG:ICMP rule
type IESgSgIcmpRuleID ¶ added in v1.11.0
IESgSgIcmpRuleID <IN|E>GRESS:SG-SG:ICMP rule ID
func (IESgSgIcmpRuleID) IdentityHash ¶ added in v1.11.0
func (o IESgSgIcmpRuleID) IdentityHash() string
IdentityHash -
type IESgSgRule ¶ added in v1.13.0
type IESgSgRule = ruleT[IESgSgRuleIdentity]
IESgSgRule proto:SG:SG:[INGRESS|EGRESS] rule
type IESgSgRuleIdentity ¶ added in v1.13.0
type IESgSgRuleIdentity struct {
Transport NetworkTransport
Traffic Traffic
SgLocal string
Sg string
}
IESgSgRuleIdentity -
func (IESgSgRuleIdentity) IdentityHash ¶ added in v1.13.0
func (o IESgSgRuleIdentity) IdentityHash() string
IdentityHash implements ruleID.
func (IESgSgRuleIdentity) IsEq ¶ added in v1.13.0
func (o IESgSgRuleIdentity) IsEq(other IESgSgRuleIdentity) bool
IsEq implements ruleID.
func (IESgSgRuleIdentity) String ¶ added in v1.13.0
func (o IESgSgRuleIdentity) String() string
String implements ruleID.
func (IESgSgRuleIdentity) Validate ¶ added in v1.13.0
func (o IESgSgRuleIdentity) Validate() error
Validate implements ruleID.
type NetworkTransport ¶
type NetworkTransport uint8
NetworkTransport net transport
const ( // TCP ... TCP NetworkTransport = iota // UDP ... UDP )
func (*NetworkTransport) FromString ¶
func (nt *NetworkTransport) FromString(s string) error
FromString init from string
func (NetworkTransport) Validate ¶
func (nt NetworkTransport) Validate() error
Validate net transport validator
type PortSource ¶
type PortSource string
func (*PortSource) FromPortRange ¶
func (ps *PortSource) FromPortRange(r PortRange) error
FromPortRange inits from PortRange
func (*PortSource) FromPortRanges ¶
func (ps *PortSource) FromPortRanges(rr PortRanges) error
FromPortRanges -
func (PortSource) IsValid ¶
func (ps PortSource) IsValid() bool
IsValid check string of port range is valid
func (PortSource) ToPortRange ¶
func (ps PortSource) ToPortRange() (PortRange, error)
ToPortRange string to port range
func (PortSource) ToPortRanges ¶
func (ps PortSource) ToPortRanges() (PortRanges, error)
ToPortRanges -
type RuleAction ¶ added in v1.14.0
type RuleAction uint8
RuleAction terminal verdict action for rules
const ( // RA_UNDEF - RA_UNDEF RuleAction = iota // RA_DROP setups rule to drop packet RA_DROP // RA_ACCEPT setups rule to accept packet RA_ACCEPT )
func (*RuleAction) FromString ¶ added in v1.14.0
func (a *RuleAction) FromString(s string) error
FromString init from string
func (RuleAction) String ¶ added in v1.14.0
func (a RuleAction) String() string
String impl Stringer
func (RuleAction) Validate ¶ added in v1.14.0
func (a RuleAction) Validate() error
Validate RuleAction validator
type RulePriority ¶ added in v1.14.0
RulePriority represents rule priority i e relative placement pos in the rule list
func (RulePriority) IsEq ¶ added in v1.14.0
func (o RulePriority) IsEq(other RulePriority) bool
IsEq -
type SGRuleIdentity ¶
type SGRuleIdentity struct {
Transport NetworkTransport
SgFrom string
SgTo string
}
SGRuleIdentity security rule ID as key
func (SGRuleIdentity) IdentityHash ¶
func (sgRuleKey SGRuleIdentity) IdentityHash() string
IdentityHash makes ID as hash for SGRule
func (SGRuleIdentity) Validate ¶
func (sgRuleKey SGRuleIdentity) Validate() error
Validate validate of SGRuleIdentity
type SGRulePorts ¶
type SGRulePorts struct {
S PortRanges
D PortRanges
}
SGRulePorts source and destination port ranges
func (SGRulePorts) Validate ¶
func (ports SGRulePorts) Validate() error
Validate SGRulePorts model validate
type SecurityGroup ¶
type SecurityGroup struct {
Name string
Networks []NetworkName
Logs bool
Trace bool
DefaultAction ChainDefaultAction
}
SecurityGroup security group for networks(s)
func (SecurityGroup) Validate ¶
func (sg SecurityGroup) Validate() error
Validate security grpoup model validate
type SgIcmpRule ¶
type SgIcmpRule struct {
Sg string
Icmp ICMP
Logs bool
Trace bool
Action RuleAction
}
SgIcmpRule SG:ICMP default rule
type SgIcmpRuleID ¶
SgIcmpRuleID SG:ICMP rule ID
type SgSgIcmpRule ¶
type SgSgIcmpRule struct {
SgFrom string
SgTo string
Icmp ICMP
Logs bool
Trace bool
Action RuleAction
Priority RulePriority
}
SgSgIcmpRule SG-SG:ICMP default rule
type SgSgIcmpRuleID ¶
SgSgIcmpRuleID SG-SG:ICMP rule ID
type SyncStatus ¶
SyncStatus succeeded sync-op status
type Traffic ¶
type Traffic uint8
Traffic packet traffic any of [INGRESS, EGRESS]
func (*Traffic) FromString ¶
FromString init from string
Source Files