internal

package
v1.15.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 29, 2024 License: MIT Imports: 41 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// ExitOnSuccess do exit when we succeeded to apply netfilter config; def-val=false
	ExitOnSuccess config.ValueT[bool] = "exit-on-success"

	// ContinueOnFailure (default = true)
	// when 'true' it means if something fails it internally restarts all workloads after some tomeout
	// when 'false' if something fails the app exits with code 1
	ContinueOnFailure config.ValueT[bool] = "continue-on-failure"

	// ContinueAfterTimeout (default = '10s' )
	// if 'continue-on-failure'=true then we use this value to do timeout befor restart
	ContinueAfterTimeout config.ValueT[time.Duration] = "continue-after-timeout"

	// AppLoggerLevel log level [optional]
	AppLoggerLevel config.ValueT[string] = "logger/level"
	// AppGracefulShutdown [optional]
	AppGracefulShutdown config.ValueT[time.Duration] = "graceful-schutdown"
	// NetNS network namespace
	NetNS config.ValueT[string] = "netns"

	// NetlinkWatcherLinger netlingk watched linger duration, min(1s)
	NetlinkWatcherLinger config.ValueT[time.Duration] = "netlink/watcher/linger"

	// BaseRulesOutNets represents always list open networks for outgoing requests
	BaseRulesOutNets config.ValueT[[]config.NetCIDR] = "base-rules/networks"

	// FqdnStrategy use strategy to build SG-FQDN rules (DNS|NDPI|Combine); DNS is default
	FqdnStrategy config.ValueT[FqdnRulesStrategy] = "fqdn-rules/strategy"

	// DnsNameservers IP list of trusted nameservers; default = ["8.8.8.8"]
	DnsNameservers config.ValueT[[]config.IP] = "dns/nameservers"
	// DnsProto tcp or udp protp we shoud use; default = udp
	DnsProto config.ValueT[string] = "dns/proto"
	// DnsPort use port to ask nameserver(s); default = 53
	DnsPort config.ValueT[uint16] = "dns/port"
	// DnsRetries on failure retries count; default=3
	DnsRetries config.ValueT[uint8] = "dns/retries"
	// DnsRetriesTmo timeout before retry; default=1s
	DnsRetriesTmo config.ValueT[time.Duration] = "dns/retry-timeout"
	// DnsDialDuration dial max duration; default = 3s
	DnsDialDuration config.ValueT[time.Duration] = "dns/dial-duration"
	// DnsWriteDuration packet write max duration; default = 5s
	DnsWriteDuration config.ValueT[time.Duration] = "dns/write-duration"
	// DnsReadDuration response wait+read max duration; default = 5s
	DnsReadDuration config.ValueT[time.Duration] = "dns/read-duration"

	// ServicesDefDialDuration default dial duraton to conect a service [optional]
	ServicesDefDialDuration config.ValueT[time.Duration] = "extapi/svc/def-daial-duration"

	//                         -= extapi/svc/ SGROUPS =-
	//SGroupsAddress service address [mandatory]
	SGroupsAddress config.ValueT[string] = "extapi/svc/sgroups/address"
	//SGroupsDialDuration sgroups service dial duration [optional]
	SGroupsDialDuration config.ValueT[time.Duration] = "extapi/svc/sgroups/dial-duration"
	//SGroupsSyncStatusInterval interval(duration) backend 'sync-status' check [mandatory]
	SGroupsSyncStatusInterval config.ValueT[time.Duration] = "extapi/svc/sgroups/sync-status/interval"
	//SGroupsSyncStatusPush use push model of 'sync-status'
	SGroupsSyncStatusPush config.ValueT[bool] = "extapi/svc/sgroups/sync-status/push"
	// SGroupsUseJsonCodec use GRPC+JSON codec instead of GRPC+PROTO
	SGroupsUseJsonCodec config.ValueT[bool] = "extapi/svc/sgroups/use-json-codec"
	// SGroupsAPIpathPrefix add path prefix when call SGROUPS API - is not set by default
	SGroupsAPIpathPrefix config.ValueT[string] = "extapi/svc/sgroups/api-path-prefix"

	//                         -= extapi/svc/ SGROUPS/AUTHN =-
	SGroupsAuthnType config.AuthnTypeSelector = "extapi/svc/sgroups/authn/type"
	//                         -= extapi/svc/ SGROUPS/AUTHN/TLS =-
	// SGroupsTLScertFile client cert file
	SGroupsTLScertFile config.TLScertFile = "extapi/svc/sgroups/authn/tls/cert-file"
	// SGroupsTLSprivKeyFile client private key
	SGroupsTLSprivKeyFile config.TLScertFile = "extapi/svc/sgroups/authn/tls/key-file"
	// SGroupsTLSserverVerify if true we need verify server host or IPs
	SGroupsTLSserverVerify config.ValueT[bool] = "extapi/svc/sgroups/authn/tls/server/verify"
	// SGroupsTLSserverName server hostname we need to verify - not set by default
	SGroupsTLSserverName config.TLSverifysServerName = "extapi/svc/sgroups/authn/tls/server/name"
	// SGroupsTLSserverCAs server CA files
	SGroupsTLSserverCAs config.TLScaFiles = "extapi/svc/sgroups/authn/tls/server/ca-files"

	// TelemetryEndpoint server endpoint
	TelemetryEndpoint config.ValueT[string] = "telemetry/endpoint"
	// MetricsEnable enable api metrics
	MetricsEnable config.ValueT[bool] = "telemetry/metrics/enable"
	// HealthcheckEnable enables|disables health check handler
	HealthcheckEnable config.ValueT[bool] = "telemetry/healthcheck/enable"
	// UserAgent
	UserAgent config.ValueT[string] = "telemetry/useragent"
	// ProfileEnable available at /debug/pprof/index
	ProfileEnable config.ValueT[bool] = "telemetry/profile/enable"
	// NftablesCollectorMinFrequency states how often to update cache with nft metrics
	NftablesCollectorMinFrequency config.ValueT[time.Duration] = "telemetry/nft-collector/min-frequency"
)
View Source 
const (
	// HcSyncStatus -
	HcSyncStatus hcIndicator = 1 << iota

	// HcNetConfWatcher -
	HcNetConfWatcher

	// HcDnsRefresher -
	HcDnsRefresher

	// HcNftApplier -
	HcNftApplier
)
View Source 
const (
	// ESrcDNS -
	ESrcDNS = "dns"

	// ESrcNetWatcher -
	ESrcNetWatcher = "net-watcher"

	// ESrcSgBakend -
	ESrcSgBakend = "sgroups-svc"
)

Variables

View Source 
var ConfigFile string

ConfigFile file with actual app config

View Source 
var (
	// ErrDomainAddressQuerierCacheClosed -
	ErrDomainAddressQuerierCacheClosed = errors.New("dns address querier cache is closed")
)

Functions

func AgentSubject 

func AgentSubject() observer.Subject

AgentSubject -

func NewTiedSubj 

func NewTiedSubj(tied observer.Subject) observer.Subject

NewTiedSubj -

func SetupAgentSubject 

func SetupAgentSubject()

SetupAgentSubject -

func SetupContext 

func SetupContext()

SetupContext setup app ctx

func SetupDnsResolver 

func SetupDnsResolver(ctx context.Context) error

SetupDnsResolver -

func SetupLogger 

func SetupLogger() error

SetupLogger setup app logger

func SetupMetrics 

func SetupMetrics(ctx context.Context) error

SetupMetrics -

func WhenSetupTelemtryServer 

func WhenSetupTelemtryServer(ctx context.Context, f func(*server.APIServer) error) error

WhenSetupTelemtryServer -

Types

type AgentMetrics 

type AgentMetrics struct {
	// contains filtered or unexported fields
}

func GetAgentMetrics 

func GetAgentMetrics() *AgentMetrics

GetAgentMetrics -

func (*AgentMetrics) ObserveApplyConfig 

func (am *AgentMetrics) ObserveApplyConfig()

ObserveApplyConfig -

func (*AgentMetrics) ObserveError 

func (am *AgentMetrics) ObserveError(errSource string)

ObserveError -

type AgentSubjectClosed 

type AgentSubjectClosed struct{ observer.EventType }

AgentSubjectClosed -

type DomainAddressQuerier 

type DomainAddressQuerier interface {
	A(ctx context.Context, domain string) DomainAddresses
	AAAA(ctx context.Context, domain string) DomainAddresses
}

DomainAddressQuerier -

func GetDnsResolver 

func GetDnsResolver() DomainAddressQuerier

GetDnsResolver -

func NewDomainAddressQuerier 

func NewDomainAddressQuerier(ctx context.Context) (DomainAddressQuerier, error)

NewDomainAddressQuerier -

type DomainAddressQuerierCacheWrapper 

type DomainAddressQuerierCacheWrapper interface {
	A(ctx context.Context, domain string) DomainAddresses
	AAAA(ctx context.Context, domain string) DomainAddresses
	Close() error
}

DomainAddressQuerierCacheWrapper -

func NewDomainAddressQuerierCache 

func NewDomainAddressQuerierCache(o DomainAddressQuerier) DomainAddressQuerierCacheWrapper

NewDomainAddressQuerierCache -

type DomainAddresses 

type DomainAddresses struct {
	At  time.Time
	TTL time.Duration
	IPs []net.IP
	Err error
}

DomainAddresses -

type FqdnRulesStrategy 

type FqdnRulesStrategy string
const (
	// FqdnRulesStartegyDNS -
	FqdnRulesStartegyDNS FqdnRulesStrategy = "dns"
	// FqdnRulesStartegyNDPI -
	FqdnRulesStartegyNDPI FqdnRulesStrategy = "ndpi"
	// FqdnRulesStartegyCombine -
	FqdnRulesStartegyCombine FqdnRulesStrategy = "combine"
)

func (FqdnRulesStrategy) Eq 

func (o FqdnRulesStrategy) Eq(other FqdnRulesStrategy) bool

Eq -

func (FqdnRulesStrategy) Variants 

func (FqdnRulesStrategy) Variants() []FqdnRulesStrategy

Variants -

type NetlinkError 

type NetlinkError struct {
	nl.ErrMsg

	observer.EventType
}

NetlinkError -

type NetlinkEventSource 

type NetlinkEventSource struct {
	Subject observer.Subject
	nl.NetlinkWatcher
	NetNS string
	// contains filtered or unexported fields
}

NetlinkEventSource -

func (*NetlinkEventSource) Close 

func (w *NetlinkEventSource) Close() error

Close -

func (*NetlinkEventSource) Run 

func (w *NetlinkEventSource) Run(ctx context.Context) error

Run -

type NetlinkUpdates 

type NetlinkUpdates struct {
	Updates []nl.WatcherMsg

	observer.EventType
}

NetlinkUpdates -

type SGClient 

type SGClient = sgAPI.ClosableClient

SGClient is an alias to 'sgAPI.ClosableClient'

func NewSGClient 

func NewSGClient(ctx context.Context) (ret *SGClient, err error)

NewSGClient makes 'sgroups' API client

type SyncStatusError 

type SyncStatusError struct {
	observer.EventType
	// contains filtered or unexported fields
}

SyncStatusError -

func (SyncStatusError) Cause 

func (e SyncStatusError) Cause() error

Cause -

type SyncStatusEventSource 

type SyncStatusEventSource struct {
	Subject       observer.Subject
	SGClient      SGClient
	CheckInterval time.Duration
	UsePushModel  bool
}

SyncStatusEventSource -

func (*SyncStatusEventSource) Run 

func (ss *SyncStatusEventSource) Run(ctx context.Context) error

Run -

type SyncStatusValue 

type SyncStatusValue struct {
	model.SyncStatus
	observer.EventType
}

SyncStatusValue -

Source Files

View all Source files

Directories

Path Synopsis
nft
cases

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.