rule

package
v3.0.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 4, 2019 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// SessionRuleTagPrefix is used to tag session rules created for the implementation
	// of K8s policies.
	SessionRuleTagPrefix = "contiv/vpp-policy"

	// AnyProtocolSessionRuleTag is used to mark rules used to implement
	// filtering for ANY protocol.
	AnyProtocolSessionRuleTag = "-ANY"

	// SplitSessionRuleTag is used to mark deny-all rules split into two
	// (two halves of the IP address space) in order to avoid collision with
	// the VPP proxy rules.
	SplitSessionRuleTag = "-SPLIT"

	// ScopeGlobal is a constant used to set the global scope for a session rule.
	ScopeGlobal = 1

	// ScopeLocal is a constant used to set the local scope for a session rule.
	ScopeLocal = 2

	// ScopeBoth is a constant used to set both the local and the global scope
	// for a session rule.
	ScopeBoth = 3

	// ActionDoNothing is a constant used to set DO-NOTHING action for a session
	// rule.
	ActionDoNothing = ^uint32(0)

	// ActionDeny is a constant used to set DENY action for a session rule.
	ActionDeny = ^uint32(0) - 1

	// ActionAllow is a constant used to set ALLOW action for a session rule.
	ActionAllow = ^uint32(0) - 2

	// ProtoTCP is a constant used to set TCP protocol for a session rule.
	ProtoTCP = 0

	// ProtoUDP is a constant used to set UDP protocol for a session rule.
	ProtoUDP = 1
)

Variables

This section is empty.

Functions

func ImportSessionRules

func ImportSessionRules(rules []*SessionRule, ipnet IPNet, log logging.Logger) (tables []*cache.ContivRuleTable)

ImportSessionRules imports a list of session rules into a newly created list of ContivRule tables, suitable for Resync with the cache.

Types

type IPNet

type IPNet interface {
	// GetNsIndex returns application namespace related to the given pod.
	GetNsIndex(podNamespace, podName string) (nsIndex uint32, exists bool)
	// GetPodByAppNsIndex returns pod related to the given application namespace.
	GetPodByAppNsIndex(nsIndex uint32) (podNamespace, podName string, exists bool)
}

IPNet interface lists methods (formerly) provided by IPNet plugin, which are needed by VPPTCP Renderer.

type SessionRule

type SessionRule struct {
	TransportProto uint8
	IsIP4          uint8
	LclIP          [16]byte
	LclPlen        uint8
	RmtIP          [16]byte
	RmtPlen        uint8
	LclPort        uint16
	RmtPort        uint16
	ActionIndex    uint32
	AppnsIndex     uint32
	Scope          uint8
	Tag            [64]byte
}

SessionRule defines and groups the fields of a VPP session rule.

func ExportSessionRules

func ExportSessionRules(rules []*renderer.ContivRule, podID *podmodel.ID, podIP net.IP, ipnet IPNet, log logging.Logger) []*SessionRule

ExportSessionRules converts Contiv rules into the corresponding set of session rules. Set *podID* to nil if the rules are from the global table.

func (*SessionRule) Compare

func (sr *SessionRule) Compare(sr2 *SessionRule, compareTag bool) int

Compare returns -1, 0, 1 if this<sr2 or this==sr2 or this>sr2, respectively. Session rules have a total order defined on them.

func (*SessionRule) Copy

func (sr *SessionRule) Copy() *SessionRule

Copy creates a deep copy of the Session rule.

func (*SessionRule) String

func (sr *SessionRule) String() string

String converts Session Rule into a human-readable string representation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL