Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DebugInfo ¶
type DebugInfo interface { // EnableDatapathPacketTracing will enable tracing of packets received by the datapath for a particular PU. Setting Disabled as tracing direction will stop tracing for the contextID EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error // EnablePacketTracing enable iptables -j trace for the particular pu and is much wider packet stream. EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error }
DebugInfo is interface to implement methods to configure datapath packet tracing in the nfqdatapath
type Enforcer ¶
type Enforcer interface { // Enforce starts enforcing policies for the given policy.PUInfo. Enforce(contextID string, puInfo *policy.PUInfo) error // Unenforce stops enforcing policy for the given IP. Unenforce(contextID string) error // GetFilterQueue returns the current FilterQueueConfig. GetFilterQueue() *fqconfig.FilterQueue // Run starts the PolicyEnforcer. Run(ctx context.Context) error // UpdateSecrets -- updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push UpdateSecrets(secrets secrets.Secrets) error // SetTargetNetworks sets the target network configuration of the controllers. SetTargetNetworks(cfg *runtime.Configuration) error // SetLogLevel sets log level. SetLogLevel(level constants.LogLevel) error // Cleanup request a clean up of the controllers. CleanUp() error DebugInfo }
A Enforcer is an implementation of the enforcer datapath. The interface can be implemented by one or multiple datapaths.
func New ¶
func New( mutualAuthorization bool, fqConfig *fqconfig.FilterQueue, collector collector.EventCollector, service packetprocessor.PacketProcessor, secrets secrets.Secrets, serverID string, validity time.Duration, mode constants.ModeType, procMountPoint string, externalIPCacheTimeout time.Duration, packetLogs bool, cfg *runtime.Configuration, tokenIssuer common.ServiceTokenIssuer, binaryTokens bool, aclmanager ipsetmanager.ACLManager, ) (Enforcer, error)
New returns a new policy enforcer that implements both the data paths.
func NewWithDefaults ¶
func NewWithDefaults( serverID string, collector collector.EventCollector, service packetprocessor.PacketProcessor, secrets secrets.Secrets, mode constants.ModeType, procMountPoint string, targetNetworks []string, aclmanager ipsetmanager.ACLManager, ) Enforcer
NewWithDefaults create a new data path with most things used by default
Directories ¶
Path | Synopsis |
---|---|
Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
|
Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally |
utils
|
|
Click to show internal directories.
Click to hide internal directories.