trireme-lib: go.aporeto.io/trireme-lib/controller/internal/supervisor Index | Files | Directories

package supervisor

import "go.aporeto.io/trireme-lib/controller/internal/supervisor"

Index

Package Files

interfaces.go supervisor.go

type Config Uses

type Config struct {
    sync.Mutex
    // contains filtered or unexported fields
}

Config is the structure holding all information about the supervisor

func (*Config) ACLProvider Uses

func (s *Config) ACLProvider() []provider.IptablesProvider

ACLProvider returns the ACL provider used by the supervisor that can be shared with other entities.

func (*Config) CleanUp Uses

func (s *Config) CleanUp() error

CleanUp implements the cleanup interface

func (*Config) EnableIPTablesPacketTracing Uses

func (s *Config) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error

EnableIPTablesPacketTracing enables ip tables packet tracing

func (*Config) Run Uses

func (s *Config) Run(ctx context.Context) error

Run starts the supervisor

func (*Config) SetTargetNetworks Uses

func (s *Config) SetTargetNetworks(cfg *runtime.Configuration) error

SetTargetNetworks sets the target networks of the supervisor

func (*Config) Supervise Uses

func (s *Config) Supervise(contextID string, pu *policy.PUInfo) error

Supervise creates a mapping between an IP address and the corresponding labels. it invokes the various handlers that process the parameter policy.

func (*Config) Unsupervise Uses

func (s *Config) Unsupervise(contextID string) error

Unsupervise removes the mapping from cache and cleans up the iptable rules. ALL remove operations will print errors by they don't return error. We want to force as much cleanup as possible to avoid stale state

type Implementor Uses

type Implementor interface {

    // ConfigureRules configures the rules in the ACLs and datapath
    ConfigureRules(version int, contextID string, containerInfo *policy.PUInfo) error

    // UpdateRules updates the rules with a new version
    UpdateRules(version int, contextID string, containerInfo *policy.PUInfo, oldContainerInfo *policy.PUInfo) error

    // DeleteRules
    DeleteRules(version int, context string, tcpPorts, udpPorts string, mark string, uid string, proxyPort string, dnsProxyPort string, puType common.PUType) error

    // SetTargetNetworks sets the target networks of the supervisor
    SetTargetNetworks(cfg *runtime.Configuration) error

    // Start initializes any defaults
    Run(ctx context.Context) error

    // CleanUp requests the implementor to clean up all ACLs
    CleanUp() error

    // ACLProvider returns the ACL provider used by the implementor
    ACLProvider() []provider.IptablesProvider
}

Implementor is the interface of the implementation based on iptables, ipsets, remote etc

type Supervisor Uses

type Supervisor interface {

    // Supervise adds a new supervised processing unit.
    Supervise(contextID string, puInfo *policy.PUInfo) error

    // Unsupervise unsupervises the given PU
    Unsupervise(contextID string) error

    // Start starts the Supervisor.
    Run(ctx context.Context) error

    // SetTargetNetworks sets the target networks of the supervisor
    SetTargetNetworks(cfg *runtime.Configuration) error

    // CleanUp requests the supervisor to clean up all ACLs
    CleanUp() error

    // EnableIPTablesPacketTracing enables ip tables packet tracing
    EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error
}

A Supervisor is implementing the node control plane that captures the packets.

func NewSupervisor Uses

func NewSupervisor(
    collector collector.EventCollector,
    enforcerInstance enforcer.Enforcer,
    mode constants.ModeType,
    cfg *runtime.Configuration,
    p packetprocessor.PacketProcessor,
) (Supervisor, error)

NewSupervisor will create a new connection supervisor that uses IPTables to redirect specific packets to userspace. It instantiates multiple data stores to maintain efficient mappings between contextID, policy and IP addresses. This simplifies the lookup operations at the expense of memory.

Directories

PathSynopsis
iptablesctrl
mocksupervisorPackage mocksupervisor is a generated GoMock package.
proxyPackage supervisorproxy package implements the supervisor interface and forwards the requests on this interface to a remote supervisor over an rpc call.

Package supervisor imports 17 packages (graph) and is imported by 6 packages. Updated 2019-09-15. Refresh now. Tools for package owners.