Documentation ¶
Index ¶
Constants ¶
const ( // SessionRuleTagPrefix is used to tag session rules created for the implementation // of K8s policies. SessionRuleTagPrefix = "contiv/vpp-policy" // AnyProtocolSessionRuleTag is used to mark rules used to implement // filtering for ANY protocol. AnyProtocolSessionRuleTag = "-ANY" // SplitSessionRuleTag is used to mark deny-all rules split into two // (two halves of the IP address space) in order to avoid collision with // the VPP proxy rules. SplitSessionRuleTag = "-SPLIT" // ScopeGlobal is a constant used to set the global scope for a session rule. ScopeGlobal = 1 // ScopeLocal is a constant used to set the local scope for a session rule. ScopeLocal = 2 // ScopeBoth is a constant used to set both the local and the global scope // for a session rule. ScopeBoth = 3 // ActionDoNothing is a constant used to set DO-NOTHING action for a session // rule. ActionDoNothing = ^uint32(0) // ActionDeny is a constant used to set DENY action for a session rule. ActionDeny = ^uint32(0) - 1 // ActionAllow is a constant used to set ALLOW action for a session rule. ActionAllow = ^uint32(0) - 2 // ProtoTCP is a constant used to set TCP protocol for a session rule. ProtoTCP = 0 // ProtoUDP is a constant used to set UDP protocol for a session rule. ProtoUDP = 1 )
Variables ¶
This section is empty.
Functions ¶
func ImportSessionRules ¶
func ImportSessionRules(rules []*SessionRule, ipnet IPNet, log logging.Logger) (tables []*cache.ContivRuleTable)
ImportSessionRules imports a list of session rules into a newly created list of ContivRule tables, suitable for Resync with the cache.
Types ¶
type IPNet ¶
type IPNet interface { // GetNsIndex returns application namespace related to the given pod. GetNsIndex(podNamespace, podName string) (nsIndex uint32, exists bool) // GetPodByAppNsIndex returns pod related to the given application namespace. GetPodByAppNsIndex(nsIndex uint32) (podNamespace, podName string, exists bool) }
IPNet interface lists methods (formerly) provided by IPNet plugin, which are needed by VPPTCP Renderer.
type SessionRule ¶
type SessionRule struct { TransportProto uint8 IsIP4 uint8 LclIP [16]byte LclPlen uint8 RmtIP [16]byte RmtPlen uint8 LclPort uint16 RmtPort uint16 ActionIndex uint32 AppnsIndex uint32 Scope uint8 Tag [64]byte }
SessionRule defines and groups the fields of a VPP session rule.
func ExportSessionRules ¶
func ExportSessionRules(rules []*renderer.ContivRule, podID *podmodel.ID, podIP net.IP, ipnet IPNet, log logging.Logger) []*SessionRule
ExportSessionRules converts Contiv rules into the corresponding set of session rules. Set *podID* to nil if the rules are from the global table.
func (*SessionRule) Compare ¶
func (sr *SessionRule) Compare(sr2 *SessionRule, compareTag bool) int
Compare returns -1, 0, 1 if this<sr2 or this==sr2 or this>sr2, respectively. Session rules have a total order defined on them.
func (*SessionRule) Copy ¶
func (sr *SessionRule) Copy() *SessionRule
Copy creates a deep copy of the Session rule.
func (*SessionRule) String ¶
func (sr *SessionRule) String() string
String converts Session Rule into a human-readable string representation.