nfqdatapath

package
v10.353.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2021 License: Apache-2.0 Imports: 82 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// ACLCheckMultipler is the multiplie on delay that is used to attempt and fallbackto acls
	ACLCheckMultipler = retransmitDelay * 12
)
View Source
const DefaultExternalIPTimeout = "500ms"

DefaultExternalIPTimeout is the default used for the cache for External IPTimeout.

Variables

View Source
var GetUDPRawSocket = afinetrawsocket.CreateSocket

GetUDPRawSocket is placeholder for createSocket function. It is useful to mock tcp unit tests.

Functions

func EndpointTypeMatcher

func EndpointTypeMatcher(x interface{}) gomock.Matcher

EndpointTypeMatcher extends MyMatcher to match endpoint Type and ID

func MyCounterMatcher

func MyCounterMatcher(x *collector.CounterReport) gomock.Matcher

MyCounterMatcher custom matcher for counter record

func MyMatcher

func MyMatcher(x interface{}) gomock.Matcher

MyMatcher returns gomock matcher

func PacketEventMatcher

func PacketEventMatcher(x interface{}) gomock.Matcher

PacketEventMatcher return gomock matcher

Types

type Accessor

type Accessor interface {
	ContextProcessor
	RuleProcessor
}

Accessor is an interface for datapth to access contexts/rules/tokens

type ContextProcessor

type ContextProcessor interface {
	DoesContextExist(contextID string) bool
	IsContextServer(contextID string, backendip string) bool
}

ContextProcessor is an interface to provide context checks

type Datapath

type Datapath struct {

	// CacheTimeout used for Trireme auto-detecion
	ExternalIPCacheTimeout time.Duration
	// contains filtered or unexported fields
}

Datapath is the structure holding all information about a connection filter

func New

func New(
	mutualAuth bool,
	filterQueue fqconfig.FilterQueue,
	collector collector.EventCollector,
	serverID string,
	validity time.Duration,
	secrets secrets.Secrets,
	mode constants.ModeType,
	procMountPoint string,
	ExternalIPCacheTimeout time.Duration,
	packetLogs bool,
	tokenaccessor tokenaccessor.TokenAccessor,
	puFromContextID cache.DataStore,
	cfg *runtime.Configuration,
	isBPFEnabled bool,
	agentVersion semver.Version,
	serviceMeshType policy.ServiceMesh,
) *Datapath

New will create a new data path structure. It instantiates the data stores needed to track sessions. The data path is started with a different call. Only required parameters must be provided. Rest a pre-populated with defaults.

func (*Datapath) CleanUp

func (d *Datapath) CleanUp() error

CleanUp implements the cleanup interface.

func (*Datapath) DebugCollect

func (d *Datapath) DebugCollect(ctx context.Context, contextID string, debugConfig *policy.DebugConfig) error

DebugCollect collects debug information for remote enforcers

func (*Datapath) EnableDatapathPacketTracing

func (d *Datapath) EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error

EnableDatapathPacketTracing enable nfq datapath packet tracing

func (*Datapath) EnableIPTablesPacketTracing

func (d *Datapath) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error

EnableIPTablesPacketTracing enable iptables -j trace for the particular pu and is much wider packet stream.

func (*Datapath) Enforce

func (d *Datapath) Enforce(ctx context.Context, contextID string, puInfo *policy.PUInfo) error

Enforce implements the Enforce interface method and configures the data path for a new PU

func (*Datapath) GetBPFObject

func (d *Datapath) GetBPFObject() ebpf.BPFModule

GetBPFObject returns the bpf object

func (*Datapath) GetFilterQueue

func (d *Datapath) GetFilterQueue() fqconfig.FilterQueue

GetFilterQueue returns the filter queues used by the data path

func (*Datapath) GetServiceMeshType

func (d *Datapath) GetServiceMeshType() policy.ServiceMesh

GetServiceMeshType gets the service mesh that is enabled on this datapath

func (*Datapath) PacketLogsEnabled

func (d *Datapath) PacketLogsEnabled() bool

PacketLogsEnabled returns true if the packet logs are enabled.

func (*Datapath) Ping

func (d *Datapath) Ping(ctx context.Context, contextID string, pingConfig *policy.PingConfig) error

Ping runs ping to the given config.

func (*Datapath) ProcessApplicationUDPPacket

func (d *Datapath) ProcessApplicationUDPPacket(p *packet.Packet) (conn *connection.UDPConnection, err error)

ProcessApplicationUDPPacket processes packets arriving from an application and are destined to the network

func (*Datapath) ProcessNetworkUDPPacket

func (d *Datapath) ProcessNetworkUDPPacket(p *packet.Packet) (conn *connection.UDPConnection, err error)

ProcessNetworkUDPPacket processes packets arriving from network and are destined to the application.

func (*Datapath) Run

func (d *Datapath) Run(ctx context.Context) error

Run starts the application and network interceptors

func (*Datapath) SetLogLevel

func (d *Datapath) SetLogLevel(level constants.LogLevel) error

SetLogLevel sets log level.

func (*Datapath) SetTargetNetworks

func (d *Datapath) SetTargetNetworks(cfg *runtime.Configuration) error

SetTargetNetworks sets new target networks used by datapath

func (*Datapath) Unenforce

func (d *Datapath) Unenforce(ctx context.Context, contextID string) error

Unenforce removes the configuration for the given PU

func (*Datapath) UpdateSecrets

func (d *Datapath) UpdateSecrets(s secrets.Secrets) error

UpdateSecrets updates the secrets used for signing communication between trireme instances

type DropReason

type DropReason string

DropReason is used to indicate the drop reason for a packet

const (
	InvalidUDPState DropReason = "invalidUDPState"
	PolicyDrop      DropReason = "policyDrop"
)

DropReason is the reason a packet is dropped and fin packets are generated

type PingConn

type PingConn interface {
	ConstructWirePacket(srcIP, dstIP net.IP, transport packet.Packet, payload packet.Packet) ([]byte, error)
	Write(data []byte) (int, error)
	Close() error
}

PingConn is an interface to send ping packets/data to network. Also implements io.Writer interface.

type RuleProcessor

type RuleProcessor interface {
	CheckRejectRecvRules(contextID string) (int, bool)
	CheckAcceptRecvRules(contextID string) (int, bool)
	CheckRejectTxRules(contextID string) (int, bool)
	CheckAcceptTxRules(contextID string) (int, bool)
}

RuleProcessor is an interface to access rules

Directories

Path Synopsis
mocktokenaccessor
Package mocktokenaccessor is a generated GoMock package.
Package mocktokenaccessor is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL