aclengine

package
v0.0.0-...-2d08fe4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 20, 2023 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ACLAction 

type ACLAction int

ACLAction is one of DENY, PERMIT, REFLECT, FAILURE. 

const (
	// ACLActionDeny is returned by evalACL when the packet is blocked by ACL.
	ACLActionDeny ACLAction = iota

	// ACLActionPermit is returned by evalACL when the packet is allowed by ACL.
	ACLActionPermit

	// ACLActionReflect is returned by evalACL when the packet is allowed+reflected by ACL.
	ACLActionReflect

	// ACLActionFailure is returned by evalACL when it fails.
	ACLActionFailure
)

type ACLConfig 

type ACLConfig struct {
	// contains filtered or unexported fields
}

ACLConfig stores currently installed ACLs.

func NewACLConfig 

func NewACLConfig() *ACLConfig

NewACLConfig is a constructor for ACLConfig.

func (*ACLConfig) DelACL 

func (ac *ACLConfig) DelACL(aclName string) error

DelACL removes ACL with the given name.

func (*ACLConfig) GetACLs 

func (ac *ACLConfig) GetACLs(ifName string) *InterfaceACLs

GetACLs returns ACLs assigned to the given interface.

func (*ACLConfig) PutACL 

func (ac *ACLConfig) PutACL(acl *vpp_acl.ACL) error

PutACL adds the given ACL.

type ConnectionAction 

type ConnectionAction int

ConnectionAction is one of DENY-SYN, DENY-SYN-ACK, ALLOW, FAILURE. 

const (
	// ConnActionDenySyn is returned by the mock ACL engine when the SYN packet is blocked.
	ConnActionDenySyn ConnectionAction = iota

	// ConnActionDenySynAck is returned by the mock ACL engine when the SYN-ACK packet is blocked.
	ConnActionDenySynAck

	// ConnActionAllow is returned by the mock ACL engine when the connection is allowed.
	ConnActionAllow

	// ConnActionFailure is returned by the mock ACL engine when connection simulation fails.
	ConnActionFailure
)

type ContivConfAPI 

type ContivConfAPI interface {
	// GetMainInterfaceName returns the logical name of the VPP physical interface
	// to use for connecting the node with the cluster.
	// If empty, a loopback interface should be configured instead.
	GetMainInterfaceName() string
}

ContivConfAPI interface lists methods from ContivConf plugin which are needed by MockACLEngine.

type InterfaceACLs 

type InterfaceACLs struct {
	// contains filtered or unexported fields
}

InterfaceACLs stores ACLs assigned to interface.

type MockACLEngine 

type MockACLEngine struct {
	sync.Mutex

	Log        logging.Logger
	IPNet      ipnet.API     /* for GetIfName(), GetVxlanBVIIfName() */
	ContivConf ContivConfAPI /* for GetMainInterfaceName() */
	// contains filtered or unexported fields
}

MockACLEngine simulates ACL evaluation engine from the VPP/ACL plugin.

func NewMockACLEngine 

func NewMockACLEngine(log logging.Logger, ipNet ipnet.API, contivConf ContivConfAPI) *MockACLEngine

NewMockACLEngine is a constructor for MockACLEngine.

func (*MockACLEngine) ApplyTxn 

func (mae *MockACLEngine) ApplyTxn(txn *localclient.Txn, latestRevs *syncbase.PrevRevisions) error

ApplyTxn applies transaction created by ACL renderer.

func (*MockACLEngine) ClearACLs 

func (mae *MockACLEngine) ClearACLs()

ClearACLs clears the list of configured ACLs.

func (*MockACLEngine) ConnectionInternetToPod 

func (mae *MockACLEngine) ConnectionInternetToPod(srcIP string, dstPod podmodel.ID,
	protocol renderer.ProtocolType, srcPort, dstPort uint16) ConnectionAction

ConnectionInternetToPod allows to simulate a connection establishment between a remote source and a destination pod, returning the outcome in terms of ACLs.

func (*MockACLEngine) ConnectionPodToInternet 

func (mae *MockACLEngine) ConnectionPodToInternet(srcPod podmodel.ID, dstIP string,
	protocol renderer.ProtocolType, srcPort, dstPort uint16) ConnectionAction

ConnectionPodToInternet allows to simulate a connection establishment between a pod and a remote destination, returning the outcome in terms of ACLs.

func (*MockACLEngine) ConnectionPodToPod 

func (mae *MockACLEngine) ConnectionPodToPod(srcPod podmodel.ID, dstPod podmodel.ID,
	protocol renderer.ProtocolType, srcPort, dstPort uint16) ConnectionAction

ConnectionPodToPod allows to simulate a connection establishment between two pods and tests what the outcome in terms of ACLs would be.

func (*MockACLEngine) DumpACLs 

func (mae *MockACLEngine) DumpACLs() (acls []*vpp_acl.ACL)

DumpACLs returns all ACLs currently installed.

func (*MockACLEngine) GetACLByName 

func (mae *MockACLEngine) GetACLByName(aclName string) *vpp_acl.ACL

GetACLByName returns ACL with the given name, or nil if there is none.

func (*MockACLEngine) GetInboundACL 

func (mae *MockACLEngine) GetInboundACL(ifName string) *vpp_acl.ACL

GetInboundACL returns ACL assigned on the inbound side of the given interface, or nil if there is none.

func (*MockACLEngine) GetNumOfACLChanges 

func (mae *MockACLEngine) GetNumOfACLChanges() int

GetNumOfACLChanges returns the number of ACL changes (Put+Delete).

func (*MockACLEngine) GetNumOfACLs 

func (mae *MockACLEngine) GetNumOfACLs() int

GetNumOfACLs returns the number of installed ACLs.

func (*MockACLEngine) GetOutboundACL 

func (mae *MockACLEngine) GetOutboundACL(ifName string) *vpp_acl.ACL

GetOutboundACL returns ACL assigned on the outbound side of the given interface, or nil if there is none.

func (*MockACLEngine) RegisterPod 

func (mae *MockACLEngine) RegisterPod(pod podmodel.ID, podIP string, anotherNode bool)

RegisterPod registers a deployed pod. Set *anotherNode* to true if the pod was deployed on another node. testConnection() assumes no ACLs installed on other nodes.

type PodConfig 

type PodConfig struct {
	// contains filtered or unexported fields
}

PodConfig encapsulates pod configuration.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.