trireme-lib: Index | Files

package enforcerproxy

import ""

Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally


Package Files

enforcerproxy.go rpcserver.go

func NewProxyEnforcer Uses

func NewProxyEnforcer(
    mutualAuth bool,
    filterQueue *fqconfig.FilterQueue,
    collector collector.EventCollector,
    secrets secrets.Secrets,
    serverID string,
    validity time.Duration,
    cmdArg string,
    procMountPoint string,
    ExternalIPCacheTimeout time.Duration,
    packetLogs bool,
    cfg *runtime.Configuration,
    runtimeError chan *policy.RuntimeError,
    remoteParameters *env.RemoteParameters,
    tokenIssuer common.ServiceTokenIssuer,
    binaryTokens bool,
    isBPFEnabled bool,
    ipv6Enabled bool,
    rpcServer rpcwrapper.RPCServer,
) enforcer.Enforcer

NewProxyEnforcer creates a new proxy to remote enforcers.

type ProxyInfo Uses

type ProxyInfo struct {
    Secrets secrets.Secrets

    ExternalIPCacheTimeout time.Duration

    // contains filtered or unexported fields

ProxyInfo is the struct used to hold state about active enforcers in the system

func (*ProxyInfo) CleanUp Uses

func (s *ProxyInfo) CleanUp() error

CleanUp sends a cleanup command to all the remotes forcing them to exit and clean their state.

func (*ProxyInfo) EnableDatapathPacketTracing Uses

func (s *ProxyInfo) EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error

EnableDatapathPacketTracing enable nfq packet tracing in remote container

func (*ProxyInfo) EnableIPTablesPacketTracing Uses

func (s *ProxyInfo) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error

EnableIPTablesPacketTracing enable iptables tracing

func (*ProxyInfo) Enforce Uses

func (s *ProxyInfo) Enforce(contextID string, puInfo *policy.PUInfo) error

Enforce method makes a RPC call for the remote enforcer enforce method

func (*ProxyInfo) GetBPFObject Uses

func (s *ProxyInfo) GetBPFObject() ebpf.BPFModule

GetBPFObject returns the bpf object

func (*ProxyInfo) GetFilterQueue Uses

func (s *ProxyInfo) GetFilterQueue() *fqconfig.FilterQueue

GetFilterQueue returns the current FilterQueueConfig.

func (*ProxyInfo) Ping Uses

func (s *ProxyInfo) Ping(ctx context.Context, contextID string, pingConfig *policy.PingConfig) error

Ping runs ping from the given config.

func (*ProxyInfo) Run Uses

func (s *ProxyInfo) Run(ctx context.Context) error

Run starts the the remote enforcer proxy.

func (*ProxyInfo) SetLogLevel Uses

func (s *ProxyInfo) SetLogLevel(level constants.LogLevel) error

SetLogLevel sets log level.

func (*ProxyInfo) SetTargetNetworks Uses

func (s *ProxyInfo) SetTargetNetworks(cfg *runtime.Configuration) error

SetTargetNetworks does the RPC call for SetTargetNetworks to the corresponding remote enforcers

func (*ProxyInfo) Unenforce Uses

func (s *ProxyInfo) Unenforce(contextID string) error

Unenforce stops enforcing policy for the given contextID.

func (*ProxyInfo) UpdateSecrets Uses

func (s *ProxyInfo) UpdateSecrets(token secrets.Secrets) error

UpdateSecrets updates the secrets used for signing communication between trireme instances

type ProxyRPCServer Uses

type ProxyRPCServer struct {
    // contains filtered or unexported fields

ProxyRPCServer This struct is a receiver for Statsserver and maintains a handle to the RPC ProxyRPCServer.

func (*ProxyRPCServer) PostReportEvent Uses

func (r *ProxyRPCServer) PostReportEvent(req rpcwrapper.Request, resp *rpcwrapper.Response) error

PostReportEvent posts report events to the listener.

func (*ProxyRPCServer) PostStats Uses

func (r *ProxyRPCServer) PostStats(req rpcwrapper.Request, resp *rpcwrapper.Response) error

PostStats is the function called from the remoteenforcer when it has new flow events to publish.

func (*ProxyRPCServer) RetrieveToken Uses

func (r *ProxyRPCServer) RetrieveToken(req rpcwrapper.Request, resp *rpcwrapper.Response) error

RetrieveToken propagates the master request to the token retriever and returns a token.

Package enforcerproxy imports 22 packages (graph) and is imported by 2 packages. Updated 2020-04-05. Refresh now. Tools for package owners.