policy

package

v0.0.0-...-a98ece3 Latest Latest Go to latest Published: Dec 25, 2020 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

codehub.devcloud.huaweicloud.com/zyfbpt/policy

Documentation ¶

Constants ¶

View Source

const (
	// TypeNone policy action is UNKNOWN: no decision, apply the next rule.
	TypeNone = iota
	// TypeRefuse policy action is REFUSE: do not resolve a query and return code REFUSED
	TypeRefuse
	// TypeAllow policy action is ALLOW: continue to resolve query
	TypeAllow
	// TypeBlock policy action is BLOCK: do not resolve a query and return code NXDOMAIN
	TypeBlock
	// TypeDrop policy action is DROP: do not resolve a query and simulate a lost query
	TypeDrop

	// TypeCount total number of actions allowed
	TypeCount
)

Variables ¶

View Source

var NameTypes = map[int]string{
	TypeNone:   "none",
	TypeAllow:  "allow",
	TypeRefuse: "refuse",
	TypeBlock:  "block",
	TypeDrop:   "drop",
}

NameTypes keep a mapping of the byte constant to the corresponding name

Functions ¶

This section is empty.

Types ¶

type Engine ¶

type Engine interface {
	// BuildRules - create a Rule based on args or throw an error, This Rule will be evaluated during processing of DNS Queries
	BuildRule(args []string) (Rule, error) // create a rule based on parameters

	//BuildQueryData generate the data needed to evaluate - for one query - ALL the rules of this Engine
	BuildQueryData(ctx context.Context, state request.Request) (interface{}, error)

	//BuildReplyData generate the data needed to evaluate - for one response - ALL the rules of this Engine
	BuildReplyData(ctx context.Context, state request.Request, queryData interface{}) (interface{}, error)
}

Engine for Firewall plugin

type Engineer ¶

type Engineer interface {
	Engine(name string) Engine
}

Engineer allow registration of Policy Engines. One plugin can declare several Engines.

type ExprEngine ¶

type ExprEngine struct {
	// contains filtered or unexported fields
}

ExprEngine implement interface Engine for Firewall plugin it evaluate the rues using an the lib Knetic/govaluate

func NewExprEngine ¶

func NewExprEngine() *ExprEngine

NewExprEngine create a new Engine with default configuration

func (*ExprEngine) BuildQueryData ¶

func (x *ExprEngine) BuildQueryData(ctx context.Context, state request.Request) (interface{}, error)

BuildQueryData here return a dataAsParam that can be used by to evaluate the variables of the expression

func (*ExprEngine) BuildReplyData ¶

func (x *ExprEngine) BuildReplyData(ctx context.Context, state request.Request, query interface{}) (interface{}, error)

BuildReplyData here return a dataAsParam that can be used by to evaluate the variables of the expression

func (*ExprEngine) BuildRule ¶

func (x *ExprEngine) BuildRule(args []string) (Rule, error)

BuildRule create a rule for Expression Engine: - first param is one of the action to return - second and following param is a sentence the represent an Expression

type Rule ¶

type Rule interface {
	// Evaluate the rule and return one of the TypeXXX defined above
	//   - TypeNone should be returned if the Rule is not able to decide any action for this query
	//   - otherwise return one of TypeAllow/TypeRefuse/TypeDrop/TypeBlock
	Evaluate(data interface{}) (int, error)
}

Rule defines a policy for continuing DNS query processing.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL