conntrack

package
v0.0.0-...-21cfbab Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 10, 2023 License: Apache-2.0, Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TypeNormal uint8 = iota
	TypeNATForward
	TypeNATReverse
)
View Source 
const (
	ProtoICMP = 1
	ProtoTCP  = 6
	ProtoUDP  = 17
)
View Source 
const KeySize = curVer.KeySize
View Source 
const MaxEntries = curVer.MaxEntries
View Source 
const ValueSize = curVer.ValueSize

Variables

View Source 
var MapParams = curVer.MapParams

Functions

func GetKeyValueTypeFromVersion 

func GetKeyValueTypeFromVersion(version int, k, v []byte) (maps.Upgradable, maps.Upgradable)

func GetMapParams 

func GetMapParams(version int) maps.MapParameters

func Map 

func Map() maps.Map

func MapMemIter 

func MapMemIter(m MapMem) func(k, v []byte)

MapMemIter returns maps.MapIter that loads the provided MapMem

func MapV2 

func MapV2() maps.Map

func SetMapSize 

func SetMapSize(size int)

Types

type EntryGet 

type EntryGet func(Key) (Value, error)

EntryGet is a function prototype provided to EntryScanner in case it needs to evaluate other entries to make a verdict

type EntryScanner 

type EntryScanner interface {
	Check(Key, Value, EntryGet) ScanVerdict
}

EntryScanner is a function prototype to be called on every entry by the scanner

type EntryScannerSynced 

type EntryScannerSynced interface {
	EntryScanner
	IterationStart()
	IterationEnd()
}

EntryScannerSynced is a scaner synchronized with the iteration start/end.

type Key 

type Key = curVer.Key

func BytesToKey 

func BytesToKey(bytes []byte) Key

BytesToKey turns a slice of bytes into a Key

func KeyFromBytes 

func KeyFromBytes(k []byte) Key

func NewKey 

func NewKey(proto uint8, ipA net.IP, portA uint16, ipB net.IP, portB uint16) Key

func StringToKey 

func StringToKey(str string) Key

StringToKey turns a string into a Key

type Leg 

type Leg = curVer.Leg

type LivenessScanner 

type LivenessScanner struct {
	// contains filtered or unexported fields
}

func NewLivenessScanner 

func NewLivenessScanner(timeouts Timeouts, dsr bool, opts ...LivenessScannerOpt) *LivenessScanner

func (*LivenessScanner) Check 

func (l *LivenessScanner) Check(ctKey Key, ctVal Value, get EntryGet) ScanVerdict

type LivenessScannerOpt 

type LivenessScannerOpt func(ls *LivenessScanner)

func WithTimeShim 

func WithTimeShim(shim timeshim.Interface) LivenessScannerOpt

type MapMem 

type MapMem = curVer.MapMem

func LoadMapMem 

func LoadMapMem(m maps.Map) (MapMem, error)

LoadMapMem loads ConntrackMap into memory

type NATChecker 

type NATChecker interface {
	ConntrackScanStart()
	ConntrackScanEnd()
	ConntrackFrontendHasBackend(ip net.IP, port uint16, backendIP net.IP, backendPort uint16, proto uint8) bool
}

NATChecker returns true a given combination of frontend-backend exists

type ScanVerdict 

type ScanVerdict int

ScanVerdict represents the set of values returned by EntryScan 

const (
	// ScanVerdictOK means entry is fine and should remain
	ScanVerdictOK ScanVerdict = iota
	// ScanVerdictDelete means entry should be deleted
	ScanVerdictDelete

	// ScanPeriod determines how often we iterate over the conntrack table.
	ScanPeriod = 10 * time.Second
)

type Scanner 

type Scanner struct {
	// contains filtered or unexported fields
}

Scanner iterates over a provided conntrack map and call a set of EntryScanner functions on each entry in the order as they were passed to NewScanner. If any of the EntryScanner returns ScanVerdictDelete, it deletes the entry, does not call any other EntryScanner and continues the iteration.

It provides a delete-save iteration over the conntrack table for multiple evaluation functions, to keep their implementation simpler.

func NewScanner 

func NewScanner(ctMap maps.Map, scanners ...EntryScanner) *Scanner

NewScanner returns a scanner for the given conntrack map and the set of EntryScanner. They are executed in the provided order on each entry.

func (*Scanner) AddUnlocked 

func (s *Scanner) AddUnlocked(scanner EntryScanner)

AddUnlocked adds an additional EntryScanner to a non-running Scanner

func (*Scanner) Scan 

func (s *Scanner) Scan()

Scan executes a scanning iteration

func (*Scanner) Start 

func (s *Scanner) Start()

Start the periodic scanner

func (*Scanner) Stop 

func (s *Scanner) Stop()

Stop stops the Scanner and waits for it finishing.

type StaleNATScanner 

type StaleNATScanner struct {
	// contains filtered or unexported fields
}

StaleNATScanner removes any entries to frontend that do not have the backend anymore.

func NewStaleNATScanner 

func NewStaleNATScanner(frontendHasBackend NATChecker) *StaleNATScanner

NewStaleNATScanner returns an EntryScanner that checks if entries have existing NAT entries using the provided NATChecker and if not, it deletes them.

func (*StaleNATScanner) Check 

func (sns *StaleNATScanner) Check(k Key, v Value, _ EntryGet) ScanVerdict

Check checks the conntrack entry

func (*StaleNATScanner) IterationEnd 

func (sns *StaleNATScanner) IterationEnd()

IterationEnd satisfies EntryScannerSynced

func (*StaleNATScanner) IterationStart 

func (sns *StaleNATScanner) IterationStart()

IterationStart satisfies EntryScannerSynced

type Timeouts 

type Timeouts struct {
	CreationGracePeriod time.Duration

	TCPPreEstablished time.Duration
	TCPEstablished    time.Duration
	TCPFinsSeen       time.Duration
	TCPResetSeen      time.Duration

	UDPLastSeen time.Duration

	// GenericIPLastSeen is the timeout for IP protocols that we don't know.
	GenericIPLastSeen time.Duration

	ICMPLastSeen time.Duration
}

func DefaultTimeouts 

func DefaultTimeouts() Timeouts

func (*Timeouts) EntryExpired 

func (t *Timeouts) EntryExpired(nowNanos int64, proto uint8, entry Value) (reason string, expired bool)

EntryExpired checks whether a given conntrack table entry for a given protocol and time, is expired.

type Value 

type Value = curVer.Value

func BytesToValue 

func BytesToValue(bytes []byte) Value

BytesToValue turns a slice of bytes into a value

func NewValueNATForward 

func NewValueNATForward(created, lastSeen time.Duration, flags uint16, revKey Key) Value

NewValueNATForward creates a new Value of type TypeNATForward for the given arguments and the reverse key

func NewValueNATReverse 

func NewValueNATReverse(created, lastSeen time.Duration, flags uint16, legA, legB Leg,
	tunnelIP, origIP net.IP, origPort uint16) Value

NewValueNATReverse creates a new Value of type TypeNATReverse for the given arguments and reverse parameters

func NewValueNATReverseSNAT 

func NewValueNATReverseSNAT(created, lastSeen time.Duration, flags uint16, legA, legB Leg,
	tunnelIP, origIP, origSrcIP net.IP, origPort uint16) Value

NewValueNATReverseSNAT in addition to NewValueNATReverse sets the orig source IP

func NewValueNormal 

func NewValueNormal(created, lastSeen time.Duration, flags uint16, legA, legB Leg) Value

NewValueNormal creates a new Value of type TypeNormal based on the given parameters

func StringToValue 

func StringToValue(str string) Value

StringToValue turns a string into a Value

func ValueFromBytes 

func ValueFromBytes(v []byte) Value

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.