nfqdatapath

package
v10.358.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2021 License: Apache-2.0 Imports: 82 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// ACLCheckMultipler is the multiplie on delay that is used to attempt and fallbackto acls
	ACLCheckMultipler = retransmitDelay * 12
)
View Source 
const DefaultExternalIPTimeout = "500ms"

DefaultExternalIPTimeout is the default used for the cache for External IPTimeout.

Variables

View Source 
var GetUDPRawSocket = afinetrawsocket.CreateSocket

GetUDPRawSocket is placeholder for createSocket function. It is useful to mock tcp unit tests.

Functions

func EndpointTypeMatcher 

func EndpointTypeMatcher(x interface{}) gomock.Matcher

EndpointTypeMatcher extends MyMatcher to match endpoint Type and ID

func MyCounterMatcher 

func MyCounterMatcher(x *collector.CounterReport) gomock.Matcher

MyCounterMatcher custom matcher for counter record

func MyMatcher 

func MyMatcher(x interface{}) gomock.Matcher

MyMatcher returns gomock matcher

func PacketEventMatcher 

func PacketEventMatcher(x interface{}) gomock.Matcher

PacketEventMatcher return gomock matcher

Types

type Accessor 

type Accessor interface {
	ContextProcessor
	RuleProcessor
}

Accessor is an interface for datapth to access contexts/rules/tokens

type ContextProcessor 

type ContextProcessor interface {
	DoesContextExist(contextID string) bool
	IsContextServer(contextID string, backendip string) bool
}

ContextProcessor is an interface to provide context checks

type Datapath 

type Datapath struct {

	// CacheTimeout used for Trireme auto-detecion
	ExternalIPCacheTimeout time.Duration
	// contains filtered or unexported fields
}

Datapath is the structure holding all information about a connection filter

func New 

func New(
	mutualAuth bool,
	filterQueue fqconfig.FilterQueue,
	collector collector.EventCollector,
	serverID string,
	validity time.Duration,
	secrets secrets.Secrets,
	mode constants.ModeType,
	procMountPoint string,
	ExternalIPCacheTimeout time.Duration,
	packetLogs bool,
	tokenaccessor tokenaccessor.TokenAccessor,
	puFromContextID cache.DataStore,
	cfg *runtime.Configuration,
	isBPFEnabled bool,
	agentVersion semver.Version,
	serviceMeshType policy.ServiceMesh,
) *Datapath

New will create a new data path structure. It instantiates the data stores needed to track sessions. The data path is started with a different call. Only required parameters must be provided. Rest a pre-populated with defaults.

func (*Datapath) CleanUp 

func (d *Datapath) CleanUp() error

CleanUp implements the cleanup interface.

func (*Datapath) DebugCollect 

func (d *Datapath) DebugCollect(ctx context.Context, contextID string, debugConfig *policy.DebugConfig) error

DebugCollect collects debug information for remote enforcers

func (*Datapath) EnableDatapathPacketTracing 

func (d *Datapath) EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error

EnableDatapathPacketTracing enable nfq datapath packet tracing

func (*Datapath) EnableIPTablesPacketTracing 

func (d *Datapath) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error

EnableIPTablesPacketTracing enable iptables -j trace for the particular pu and is much wider packet stream.

func (*Datapath) Enforce 

func (d *Datapath) Enforce(ctx context.Context, contextID string, puInfo *policy.PUInfo) error

Enforce implements the Enforce interface method and configures the data path for a new PU

func (*Datapath) GetBPFObject 

func (d *Datapath) GetBPFObject() ebpf.BPFModule

GetBPFObject returns the bpf object

func (*Datapath) GetFilterQueue 

func (d *Datapath) GetFilterQueue() fqconfig.FilterQueue

GetFilterQueue returns the filter queues used by the data path

func (*Datapath) GetServiceMeshType 

func (d *Datapath) GetServiceMeshType() policy.ServiceMesh

GetServiceMeshType gets the service mesh that is enabled on this datapath

func (*Datapath) PacketLogsEnabled 

func (d *Datapath) PacketLogsEnabled() bool

PacketLogsEnabled returns true if the packet logs are enabled.

func (*Datapath) Ping 

func (d *Datapath) Ping(ctx context.Context, contextID string, pingConfig *policy.PingConfig) error

Ping runs ping to the given config.

func (*Datapath) ProcessApplicationUDPPacket 

func (d *Datapath) ProcessApplicationUDPPacket(p *packet.Packet) (conn *connection.UDPConnection, err error)

ProcessApplicationUDPPacket processes packets arriving from an application and are destined to the network

func (*Datapath) ProcessNetworkUDPPacket 

func (d *Datapath) ProcessNetworkUDPPacket(p *packet.Packet) (conn *connection.UDPConnection, err error)

ProcessNetworkUDPPacket processes packets arriving from network and are destined to the application.

func (*Datapath) Run 

func (d *Datapath) Run(ctx context.Context) error

Run starts the application and network interceptors

func (*Datapath) SetLogLevel 

func (d *Datapath) SetLogLevel(level constants.LogLevel) error

SetLogLevel sets log level.

func (*Datapath) SetTargetNetworks 

func (d *Datapath) SetTargetNetworks(cfg *runtime.Configuration) error

SetTargetNetworks sets new target networks used by datapath

func (*Datapath) Unenforce 

func (d *Datapath) Unenforce(ctx context.Context, contextID string) error

Unenforce removes the configuration for the given PU

func (*Datapath) UpdateSecrets 

func (d *Datapath) UpdateSecrets(s secrets.Secrets) error

UpdateSecrets updates the secrets used for signing communication between trireme instances

type DropReason 

type DropReason string

DropReason is used to indicate the drop reason for a packet 

const (
	InvalidUDPState DropReason = "invalidUDPState"
	PolicyDrop      DropReason = "policyDrop"
)

DropReason is the reason a packet is dropped and fin packets are generated

type PingConn 

type PingConn interface {
	ConstructWirePacket(srcIP, dstIP net.IP, transport packet.Packet, payload packet.Packet) ([]byte, error)
	Write(data []byte) (int, error)
	Close() error
}

PingConn is an interface to send ping packets/data to network. Also implements io.Writer interface.

type RuleProcessor 

type RuleProcessor interface {
	CheckRejectRecvRules(contextID string) (int, bool)
	CheckAcceptRecvRules(contextID string) (int, bool)
	CheckRejectTxRules(contextID string) (int, bool)
	CheckAcceptTxRules(contextID string) (int, bool)
}

RuleProcessor is an interface to access rules

Source Files

View all Source files

Directories

Path Synopsis
mocktokenaccessor
Package mocktokenaccessor is a generated GoMock package.
 Package mocktokenaccessor is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.