trireme-lib: go.aporeto.io/trireme-lib/controller/internal/enforcer Index | Files | Directories

package enforcer

import "go.aporeto.io/trireme-lib/controller/internal/enforcer"

Index

Package Files

enforcer.go

type DebugInfo Uses

type DebugInfo interface {
    //  EnableDatapathPacketTracing will enable tracing of packets received by the datapath for a particular PU. Setting Disabled as tracing direction will stop tracing for the contextID
    EnableDatapathPacketTracing(contextID string, direction packettracing.TracingDirection, interval time.Duration) error

    // EnablePacketTracing enable iptables -j trace for the particular pu and is much wider packet stream.
    EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error
}

DebugInfo is interface to implement methods to configure datapath packet tracing in the nfqdatapath

type Enforcer Uses

type Enforcer interface {

    // Enforce starts enforcing policies for the given policy.PUInfo.
    Enforce(contextID string, puInfo *policy.PUInfo) error

    // Unenforce stops enforcing policy for the given IP.
    Unenforce(contextID string) error

    // GetFilterQueue returns the current FilterQueueConfig.
    GetFilterQueue() *fqconfig.FilterQueue

    // Run starts the PolicyEnforcer.
    Run(ctx context.Context) error

    // UpdateSecrets -- updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push
    UpdateSecrets(secrets secrets.Secrets) error

    // SetTargetNetworks sets the target network configuration of the controllers.
    SetTargetNetworks(cfg *runtime.Configuration) error

    // SetLogLevel sets log level.
    SetLogLevel(level constants.LogLevel) error

    // Cleanup request a clean up of the controllers.
    CleanUp() error

    DebugInfo
}

A Enforcer is an implementation of the enforcer datapath. The interface can be implemented by one or multiple datapaths.

func New Uses

func New(
    mutualAuthorization bool,
    fqConfig *fqconfig.FilterQueue,
    collector collector.EventCollector,
    service packetprocessor.PacketProcessor,
    secrets secrets.Secrets,
    serverID string,
    validity time.Duration,
    mode constants.ModeType,
    procMountPoint string,
    externalIPCacheTimeout time.Duration,
    packetLogs bool,
    cfg *runtime.Configuration,
    tokenIssuer common.ServiceTokenIssuer,
    binaryTokens bool,
) (Enforcer, error)

New returns a new policy enforcer that implements both the data paths.

func NewWithDefaults Uses

func NewWithDefaults(
    serverID string,
    collector collector.EventCollector,
    service packetprocessor.PacketProcessor,
    secrets secrets.Secrets,
    mode constants.ModeType,
    procMountPoint string,
    targetNetworks []string,
) Enforcer

NewWithDefaults create a new data path with most things used by default

Directories

PathSynopsis
acls
apiauth
applicationproxy
applicationproxy/common
applicationproxy/http
applicationproxy/markedconn
applicationproxy/protomux
applicationproxy/servicecache
applicationproxy/serviceregistry
applicationproxy/tcp
constants
dnsproxy
lookup
metadata
mockenforcerPackage mockenforcer is a generated GoMock package.
nfqdatapath
nfqdatapath/afinetrawsocket
nfqdatapath/nflog
nfqdatapath/tokenaccessor
proxyPackage enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
secretsproxy
utils/nsenter
utils/packetgenPackage packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon
utils/rpcwrapper
utils/rpcwrapper/mockrpcwrapperPackage mockrpcwrapper is a generated GoMock package.

Package enforcer imports 18 packages (graph) and is imported by 8 packages. Updated 2019-09-15. Refresh now. Tools for package owners.