renderer

package
v2.0.4+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 6, 2019 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ActionType

type ActionType int

ActionType is either DENY or PERMIT.

const (
	// ActionDeny tells the policy engine to block the matching traffic.
	ActionDeny ActionType = iota

	// ActionPermit tells the policy engine to block the matching traffic.
	ActionPermit
)

func (ActionType) String

func (at ActionType) String() string

String converts ActionType into a human-readable string.

type ContivRule

type ContivRule struct {
	// Action to perform when traffic matches.
	Action ActionType

	// L3
	SrcNetwork  *net.IPNet // empty = match all
	DestNetwork *net.IPNet // empty = match all

	// L4
	Protocol ProtocolType
	SrcPort  uint16 // 0 = match all
	DestPort uint16 // 0 = match all
}

ContivRule is an n-tuple with the most basic policy rule definition that the destination network stack must support.

func (*ContivRule) Compare

func (cr *ContivRule) Compare(cr2 *ContivRule) int

Compare returns -1, 0, 1 if this<cr2 or this==cr2 or this>cr2, respectively. Contiv rules have a total order defined on them. It holds that if cr matches subset of the traffic matched by cr2, then cr<cr2.

func (*ContivRule) Copy

func (cr *ContivRule) Copy() *ContivRule

Copy creates a deep copy of the Contiv rule.

func (*ContivRule) String

func (cr *ContivRule) String() string

String converts Contiv Rule (pointer) into a human-readable string representation.

type PolicyRendererAPI

type PolicyRendererAPI interface {
	// NewTxn starts a new transaction. The rendering should execute only after
	// Commit() is called. Ideally, the transaction should support rollback
	// to recover from an in-progress fail.
	// If <resync> is enabled, the supplied configuration should completely
	// replace the existing one. Otherwise, perform the changes incrementally,
	// i.e. pods not mentioned in the transaction should remain unaffected.
	NewTxn(resync bool) Txn
}

PolicyRendererAPI defines the API of Policy Renderer. Policy Renderer implements rendering of Contiv rules for a specific network stack. How the rules are actually installed is up to the implementation. The interface is used to plug the renderer into the layer above, which is Policy Configurator.

type ProtocolType

type ProtocolType int

ProtocolType is either TCP or UDP or OTHER.

const (
	// TCP protocol.
	TCP ProtocolType = iota

	// UDP protocol.
	UDP

	// OTHER is some NON-UDP, NON-TCP traffic (used ONLY in unit tests).
	OTHER

	// ANY L4 protocol or even pure L3 traffic (port numbers are ignored).
	ANY
)

func (ProtocolType) String

func (at ProtocolType) String() string

String converts ProtocolType into a human-readable string.

type Txn

type Txn interface {
	// Render applies the set of ingress & egress rules for a given pod.
	// The existing rules are replaced.
	// The traffic direction (ingress, egress) is considered from the vswitch
	// point of view!
	// For ingress rules the source IP is unset, i.e. 0.0.0.0/ (match all).
	// For egress rules the destination IP is unset, i.e. 0.0.0.0/ (match all).
	// The renderer may use the provided pod IP to make the rules fully specific
	// in case they are installed globally and not assigned to interfaces.
	// Empty set of rules should allow any traffic in that direction.
	// The flag *removed* is set to true if the pod was just removed - in such
	// case *podIP* may be nil and both list of rules are empty.
	Render(pod podmodel.ID, podIP *net.IPNet, ingress []*ContivRule, egress []*ContivRule, removed bool) Txn

	// Commit proceeds with the rendering. The changes are propagated into
	// the destination network stack.
	Commit() error
}

Txn defines API of PolicyRenderer transaction.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL