trireme-lib: go.aporeto.io/trireme-lib/controller/internal/enforcer/nfqdatapath Index | Files | Directories

package nfqdatapath

import "go.aporeto.io/trireme-lib/controller/internal/enforcer/nfqdatapath"

Index

Package Files

autoport.go datapath.go datapath_tcp.go datapath_udp.go interfaces.go nfq_linux.go test_utils.go utils.go

Constants

const DefaultExternalIPTimeout = "500ms"

DefaultExternalIPTimeout is the default used for the cache for External IPTimeout.

Variables

var GetUDPRawSocket = afinetrawsocket.CreateSocket

GetUDPRawSocket is placeholder for createSocket function. It is useful to mock tcp unit tests.

func MyCounterMatcher Uses

func MyCounterMatcher(x interface{}) gomock.Matcher

MyCounterMatcher custom matcher for counter record

func MyMatcher Uses

func MyMatcher(x interface{}) gomock.Matcher

MyMatcher returns gomock matcher

func PacketEventMatcher Uses

func PacketEventMatcher(x interface{}) gomock.Matcher

PacketEventMatcher return gomock matcher

type Accessor Uses

type Accessor interface {
    ContextProcessor
    RuleProcessor
}

Accessor is an interface for datapth to access contexts/rules/tokens

type ContextProcessor Uses

type ContextProcessor interface {
    DoesContextExist(contextID string) bool
    IsContextServer(contextID string, backendip string) bool
}

ContextProcessor is an interface to provide context checks

type Datapath Uses

type Datapath struct {

    // CacheTimeout used for Trireme auto-detecion
    ExternalIPCacheTimeout time.Duration
    // contains filtered or unexported fields
}

Datapath is the structure holding all information about a connection filter

func New Uses

func New(
    mutualAuth bool,
    filterQueue *fqconfig.FilterQueue,
    collector collector.EventCollector,
    serverID string,
    validity time.Duration,
    service packetprocessor.PacketProcessor,
    secrets secrets.Secrets,
    mode constants.ModeType,
    procMountPoint string,
    ExternalIPCacheTimeout time.Duration,
    packetLogs bool,
    tokenaccessor tokenaccessor.TokenAccessor,
    puFromContextID cache.DataStore,
    cfg *runtime.Configuration,
    aclmanager ipsetmanager.ACLManager,
) *Datapath

New will create a new data path structure. It instantiates the data stores needed to track sessions. The data path is started with a different call. Only required parameters must be provided. Rest a pre-populated with defaults.

func NewWithDefaults Uses

func NewWithDefaults(
    serverID string,
    collector collector.EventCollector,
    service packetprocessor.PacketProcessor,
    secrets secrets.Secrets,
    mode constants.ModeType,
    procMountPoint string,
    targetNetworks []string,
    aclmanager ipsetmanager.ACLManager,
) *Datapath

NewWithDefaults create a new data path with most things used by default

func (*Datapath) CleanUp Uses

func (d *Datapath) CleanUp() error

CleanUp implements the cleanup interface.

func (*Datapath) EnableDatapathPacketTracing Uses

func (d *Datapath) EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error

EnableDatapathPacketTracing enable nfq datapath packet tracing

func (*Datapath) EnableIPTablesPacketTracing Uses

func (d *Datapath) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error

EnableIPTablesPacketTracing enable iptables -j trace for the particular pu and is much wider packet stream.

func (*Datapath) Enforce Uses

func (d *Datapath) Enforce(contextID string, puInfo *policy.PUInfo) error

Enforce implements the Enforce interface method and configures the data path for a new PU

func (*Datapath) GetFilterQueue Uses

func (d *Datapath) GetFilterQueue() *fqconfig.FilterQueue

GetFilterQueue returns the filter queues used by the data path

func (*Datapath) PacketLogsEnabled Uses

func (d *Datapath) PacketLogsEnabled() bool

PacketLogsEnabled returns true if the packet logs are enabled.

func (*Datapath) ProcessApplicationUDPPacket Uses

func (d *Datapath) ProcessApplicationUDPPacket(p *packet.Packet) (conn *connection.UDPConnection, err error)

ProcessApplicationUDPPacket processes packets arriving from an application and are destined to the network

func (*Datapath) ProcessNetworkUDPPacket Uses

func (d *Datapath) ProcessNetworkUDPPacket(p *packet.Packet) (conn *connection.UDPConnection, err error)

ProcessNetworkUDPPacket processes packets arriving from network and are destined to the application.

func (*Datapath) Run Uses

func (d *Datapath) Run(ctx context.Context) error

Run starts the application and network interceptors

func (*Datapath) SetLogLevel Uses

func (d *Datapath) SetLogLevel(level constants.LogLevel) error

SetLogLevel sets log level.

func (*Datapath) SetTargetNetworks Uses

func (d *Datapath) SetTargetNetworks(cfg *runtime.Configuration) error

SetTargetNetworks sets new target networks used by datapath

func (*Datapath) Unenforce Uses

func (d *Datapath) Unenforce(contextID string) error

Unenforce removes the configuration for the given PU

func (*Datapath) UpdateSecrets Uses

func (d *Datapath) UpdateSecrets(token secrets.Secrets) error

UpdateSecrets updates the secrets used for signing communication between trireme instances

type RuleProcessor Uses

type RuleProcessor interface {
    CheckRejectRecvRules(contextID string) (int, bool)
    CheckAcceptRecvRules(contextID string) (int, bool)
    CheckRejectTxRules(contextID string) (int, bool)
    CheckAcceptTxRules(contextID string) (int, bool)
}

RuleProcessor is an interface to access rules

Directories

PathSynopsis
afinetrawsocket
nflog
tokenaccessor

Package nfqdatapath imports 44 packages (graph) and is imported by 2 packages. Updated 2019-11-05. Refresh now. Tools for package owners.