acls

package
v10.315.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2021 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrNoMatch = errors.New("No Match")

ErrNoMatch is error returned when no match is found.

Functions

This section is empty.

Types

type ACLCache

type ACLCache struct {
	// contains filtered or unexported fields
}

ACLCache holds all the ACLS in an internal DB map[prefixes][subnets] -> list of ports with their actions

func NewACLCache

func NewACLCache() *ACLCache

NewACLCache a new ACL cache

func (*ACLCache) AddRule

func (c *ACLCache) AddRule(rule policy.IPRule) (err error)

AddRule adds a single rule to the ACL Cache

func (*ACLCache) AddRuleList

func (c *ACLCache) AddRuleList(rules policy.IPRuleList) (err error)

AddRuleList adds a list of rules to the cache

func (*ACLCache) GetMatchingAction

func (c *ACLCache) GetMatchingAction(ip net.IP, port uint16, proto uint8, defaultFlowPolicy *policy.FlowPolicy) (report *policy.FlowPolicy, packet *policy.FlowPolicy, err error)

GetMatchingAction gets the action from the acl cache

func (*ACLCache) GetMatchingICMPAction

func (c *ACLCache) GetMatchingICMPAction(ip net.IP, icmpType, icmpCode int8, defaultFlowPolicy *policy.FlowPolicy) (report *policy.FlowPolicy, packet *policy.FlowPolicy, err error)

GetMatchingICMPAction gets the action based on icmp policy

func (*ACLCache) RemoveIPMask

func (c *ACLCache) RemoveIPMask(ip net.IP, mask int)

RemoveIPMask removes the entries indexed with (ip, mask). This is an idempotent operation and thus does not returns an error

func (*ACLCache) RemoveRulesForAddress

func (c *ACLCache) RemoveRulesForAddress(address *Address, protocol string, ports []string, policy *policy.FlowPolicy) error

RemoveRulesForAddress is going to remove all rules for the provided address, protocol and ports.

type Address

type Address struct {
	IP      net.IP
	Mask    int
	NoMatch bool
}

Address is a parsed IP address or CIDR

func ParseAddress

func ParseAddress(address string) (*Address, error)

ParseAddress parses `address` as an IP or CIDR address - based on the notation that we allow in our backend. If the address is prefixed with a "!"", then the NoMatch attribute will be true. If the Address is of the format "IP/BitMask" (e.g. 192.0.2.0/24), then the mask will be set to 24. If the address is of the form "IP" (e.g. 192.0.2.1), then the mask will be added automatically.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL