trireme-lib: Index | Files | Directories

package nfqdatapath

import ""


Package Files

autoport.go autoport_nonwindows.go datapath.go datapath_linux.go datapath_tcp.go datapath_udp.go diagnostics_tcp.go interfaces.go nfq_linux.go test_utils.go utils.go


const DefaultExternalIPTimeout = "500ms"

DefaultExternalIPTimeout is the default used for the cache for External IPTimeout.


var GetUDPRawSocket = afinetrawsocket.CreateSocket

GetUDPRawSocket is placeholder for createSocket function. It is useful to mock tcp unit tests.

func MyCounterMatcher Uses

func MyCounterMatcher(x interface{}) gomock.Matcher

MyCounterMatcher custom matcher for counter record

func MyMatcher Uses

func MyMatcher(x interface{}) gomock.Matcher

MyMatcher returns gomock matcher

func PacketEventMatcher Uses

func PacketEventMatcher(x interface{}) gomock.Matcher

PacketEventMatcher return gomock matcher

type Accessor Uses

type Accessor interface {

Accessor is an interface for datapth to access contexts/rules/tokens

type ContextProcessor Uses

type ContextProcessor interface {
    DoesContextExist(contextID string) bool
    IsContextServer(contextID string, backendip string) bool

ContextProcessor is an interface to provide context checks

type Datapath Uses

type Datapath struct {

    // CacheTimeout used for Trireme auto-detecion
    ExternalIPCacheTimeout time.Duration
    // contains filtered or unexported fields

Datapath is the structure holding all information about a connection filter

func New Uses

func New(
    mutualAuth bool,
    filterQueue *fqconfig.FilterQueue,
    collector collector.EventCollector,
    serverID string,
    validity time.Duration,
    service packetprocessor.PacketProcessor,
    secrets secrets.Secrets,
    mode constants.ModeType,
    procMountPoint string,
    ExternalIPCacheTimeout time.Duration,
    packetLogs bool,
    tokenaccessor tokenaccessor.TokenAccessor,
    puFromContextID cache.DataStore,
    cfg *runtime.Configuration,
    aclmanager ipsetmanager.ACLManager,
    agentVersion semver.Version,
) *Datapath

New will create a new data path structure. It instantiates the data stores needed to track sessions. The data path is started with a different call. Only required parameters must be provided. Rest a pre-populated with defaults.

func NewWithDefaults Uses

func NewWithDefaults(
    serverID string,
    collector collector.EventCollector,
    service packetprocessor.PacketProcessor,
    secrets secrets.Secrets,
    mode constants.ModeType,
    procMountPoint string,
    targetNetworks []string,
    aclmanager ipsetmanager.ACLManager,
) *Datapath

NewWithDefaults create a new data path with most things used by default

func (*Datapath) CleanUp Uses

func (d *Datapath) CleanUp() error

CleanUp implements the cleanup interface.

func (*Datapath) EnableDatapathPacketTracing Uses

func (d *Datapath) EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error

EnableDatapathPacketTracing enable nfq datapath packet tracing

func (*Datapath) EnableIPTablesPacketTracing Uses

func (d *Datapath) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error

EnableIPTablesPacketTracing enable iptables -j trace for the particular pu and is much wider packet stream.

func (*Datapath) Enforce Uses

func (d *Datapath) Enforce(contextID string, puInfo *policy.PUInfo) error

Enforce implements the Enforce interface method and configures the data path for a new PU

func (*Datapath) GetFilterQueue Uses

func (d *Datapath) GetFilterQueue() *fqconfig.FilterQueue

GetFilterQueue returns the filter queues used by the data path

func (*Datapath) PacketLogsEnabled Uses

func (d *Datapath) PacketLogsEnabled() bool

PacketLogsEnabled returns true if the packet logs are enabled.

func (*Datapath) Ping Uses

func (d *Datapath) Ping(ctx context.Context, contextID string, pingConfig *policy.PingConfig) error

Ping runs ping to the given config.

func (*Datapath) ProcessApplicationUDPPacket Uses

func (d *Datapath) ProcessApplicationUDPPacket(p *packet.Packet) (conn *connection.UDPConnection, err error)

ProcessApplicationUDPPacket processes packets arriving from an application and are destined to the network

func (*Datapath) ProcessNetworkUDPPacket Uses

func (d *Datapath) ProcessNetworkUDPPacket(p *packet.Packet) (conn *connection.UDPConnection, err error)

ProcessNetworkUDPPacket processes packets arriving from network and are destined to the application.

func (*Datapath) Run Uses

func (d *Datapath) Run(ctx context.Context) error

Run starts the application and network interceptors

func (*Datapath) SetLogLevel Uses

func (d *Datapath) SetLogLevel(level constants.LogLevel) error

SetLogLevel sets log level.

func (*Datapath) SetTargetNetworks Uses

func (d *Datapath) SetTargetNetworks(cfg *runtime.Configuration) error

SetTargetNetworks sets new target networks used by datapath

func (*Datapath) Unenforce Uses

func (d *Datapath) Unenforce(contextID string) error

Unenforce removes the configuration for the given PU

func (*Datapath) UpdateSecrets Uses

func (d *Datapath) UpdateSecrets(token secrets.Secrets) error

UpdateSecrets updates the secrets used for signing communication between trireme instances

type RuleProcessor Uses

type RuleProcessor interface {
    CheckRejectRecvRules(contextID string) (int, bool)
    CheckAcceptRecvRules(contextID string) (int, bool)
    CheckRejectTxRules(contextID string) (int, bool)
    CheckAcceptTxRules(contextID string) (int, bool)

RuleProcessor is an interface to access rules



Package nfqdatapath imports 55 packages (graph) and is imported by 2 packages. Updated 2020-01-25. Refresh now. Tools for package owners.