Documentation
¶
Overview ¶
Package access contains structures for access control management.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DefaultProfile ¶
type DefaultProfile struct {
// contains filtered or unexported fields
}
DefaultProfile controls profile specific IP and client blocking that take place before all other processing. DefaultProfile is safe for concurrent use.
func NewDefaultProfile ¶
func NewDefaultProfile(conf *ProfileConfig) (p *DefaultProfile)
NewDefaultProfile creates a new *DefaultProfile. conf is assumed to be valid.
func (*DefaultProfile) Config ¶
func (p *DefaultProfile) Config() (conf *ProfileConfig)
Config implements the Profile interface for *DefaultProfile.
type EmptyProfile ¶
type EmptyProfile struct{}
EmptyProfile is an empty profile implementation that does nothing.
func (EmptyProfile) Config ¶
func (EmptyProfile) Config() (conf *ProfileConfig)
Config implements the Profile interface for EmptyProfile. It always returns nil.
type Global ¶
type Global struct {
// contains filtered or unexported fields
}
Global controls IP and client blocking that takes place before all other processing. Global is safe for concurrent use.
func (*Global) IsBlockedHost ¶
IsBlockedHost implements the Interface interface for *Global.
type Interface ¶
type Interface interface {
// IsBlockedHost returns true if host should be blocked.
IsBlockedHost(host string, qt uint16) (blocked bool)
// IsBlockedIP returns the status of the IP address blocking as well as the
// rule that blocked it.
IsBlockedIP(ip netip.Addr) (blocked bool)
}
Interface is the access manager interface.
type Profile ¶
type Profile interface {
// Config returns profile access configuration.
Config() (conf *ProfileConfig)
// IsBlocked returns true if the req should be blocked. req must not be
// nil, and req.Question must have one item.
IsBlocked(req *dns.Msg, rAddr netip.AddrPort, l *geoip.Location) (blocked bool)
}
Profile is the profile access manager interface.
type ProfileConfig ¶
type ProfileConfig struct {
// AllowedNets is slice of CIDRs to be allowed.
AllowedNets []netip.Prefix
// BlockedNets is slice of CIDRs to be blocked.
BlockedNets []netip.Prefix
// AllowedNets is slice of location ASNs to be allowed.
AllowedASN []geoip.ASN
// BlockedASN is slice of location ASNs to be blocked.
BlockedASN []geoip.ASN
// BlocklistDomainRules is slice of rules to match requests.
BlocklistDomainRules []string
}
ProfileConfig is a profile specific access configuration.
NOTE: Do not change fields of this structure without incrementing internal/profiledb/internal.FileCacheVersion.
Source Files