trireme-lib: go.aporeto.io/trireme-lib/controller/internal/enforcer/nfqdatapath Index | Files | Directories

package nfqdatapath

import "go.aporeto.io/trireme-lib/controller/internal/enforcer/nfqdatapath"

Index

Package Files

autoport.go datapath.go datapath_tcp.go datapath_udp.go interfaces.go nfq_linux.go utils.go

Constants

const DefaultExternalIPTimeout = "500ms"

DefaultExternalIPTimeout is the default used for the cache for External IPTimeout.

Variables

var GetUDPRawSocket = afinetrawsocket.CreateSocket

GetUDPRawSocket is placeholder for createSocket function. It is useful to mock tcp unit tests.

type Accessor Uses

type Accessor interface {
    ContextProcessor
    RuleProcessor
}

Accessor is an interface for datapth to access contexts/rules/tokens

type ContextProcessor Uses

type ContextProcessor interface {
    DoesContextExist(contextID string) bool
    IsContextServer(contextID string, backendip string) bool
}

ContextProcessor is an interface to provide context checks

type Datapath Uses

type Datapath struct {

    // CacheTimeout used for Trireme auto-detecion
    ExternalIPCacheTimeout time.Duration
    // contains filtered or unexported fields
}

Datapath is the structure holding all information about a connection filter

func New Uses

func New(
    mutualAuth bool,
    filterQueue *fqconfig.FilterQueue,
    collector collector.EventCollector,
    serverID string,
    validity time.Duration,
    service packetprocessor.PacketProcessor,
    secrets secrets.Secrets,
    mode constants.ModeType,
    procMountPoint string,
    ExternalIPCacheTimeout time.Duration,
    packetLogs bool,
    tokenaccessor tokenaccessor.TokenAccessor,
    puFromContextID cache.DataStore,
    targetNetworks []string,
) *Datapath

New will create a new data path structure. It instantiates the data stores needed to track sessions. The data path is started with a different call. Only required parameters must be provided. Rest a pre-populated with defaults.

func NewWithDefaults Uses

func NewWithDefaults(
    serverID string,
    collector collector.EventCollector,
    service packetprocessor.PacketProcessor,
    secrets secrets.Secrets,
    mode constants.ModeType,
    procMountPoint string,
    targetNetworks []string,
) *Datapath

NewWithDefaults create a new data path with most things used by default

func (*Datapath) CreateUDPAuthMarker Uses

func (d *Datapath) CreateUDPAuthMarker(packetType uint8) []byte

CreateUDPAuthMarker creates a UDP auth marker.

func (*Datapath) Enforce Uses

func (d *Datapath) Enforce(contextID string, puInfo *policy.PUInfo) error

Enforce implements the Enforce interface method and configures the data path for a new PU

func (*Datapath) GetFilterQueue Uses

func (d *Datapath) GetFilterQueue() *fqconfig.FilterQueue

GetFilterQueue returns the filter queues used by the data path

func (*Datapath) ProcessApplicationUDPPacket Uses

func (d *Datapath) ProcessApplicationUDPPacket(p *packet.Packet) (err error)

ProcessApplicationUDPPacket processes packets arriving from an application and are destined to the network

func (*Datapath) ProcessNetworkUDPPacket Uses

func (d *Datapath) ProcessNetworkUDPPacket(p *packet.Packet) (err error)

ProcessNetworkUDPPacket processes packets arriving from network and are destined to the application.

func (*Datapath) Run Uses

func (d *Datapath) Run(ctx context.Context) error

Run starts the application and network interceptors

func (*Datapath) SetTargetNetworks Uses

func (d *Datapath) SetTargetNetworks(networks []string) error

SetTargetNetworks sets new target networks used by datapath

func (*Datapath) Unenforce Uses

func (d *Datapath) Unenforce(contextID string) error

Unenforce removes the configuration for the given PU

func (*Datapath) UpdateSecrets Uses

func (d *Datapath) UpdateSecrets(token secrets.Secrets) error

UpdateSecrets updates the secrets used for signing communication between trireme instances

type RuleProcessor Uses

type RuleProcessor interface {
    CheckRejectRecvRules(contextID string) (int, bool)
    CheckAcceptRecvRules(contextID string) (int, bool)
    CheckRejectTxRules(contextID string) (int, bool)
    CheckAcceptTxRules(contextID string) (int, bool)
}

RuleProcessor is an interface to access rules

Directories

PathSynopsis
afinetrawsocket
tokenaccessor

Package nfqdatapath imports 38 packages (graph) and is imported by 2 packages. Updated 2018-11-15. Refresh now. Tools for package owners.