Documentation ¶
Index ¶
- type ACLAction
- type ACLConfig
- type ConnectionAction
- type InterfaceACLs
- type MockACLEngine
- func (mae *MockACLEngine) ApplyTxn(txn *localclient.Txn) error
- func (mae *MockACLEngine) ConnectionInternetToPod(srcIP string, dstPod podmodel.ID, protocol ProtocolType, ...) ConnectionAction
- func (mae *MockACLEngine) ConnectionPodToInternet(srcPod podmodel.ID, dstIP string, protocol ProtocolType, ...) ConnectionAction
- func (mae *MockACLEngine) ConnectionPodToPod(srcPod podmodel.ID, dstPod podmodel.ID, protocol ProtocolType, ...) ConnectionAction
- func (mae *MockACLEngine) DumpACLs() (acls []*vpp_acl.AccessLists_Acl)
- func (mae *MockACLEngine) GetACLByName(aclName string) *vpp_acl.AccessLists_Acl
- func (mae *MockACLEngine) GetInboundACL(ifName string) *vpp_acl.AccessLists_Acl
- func (mae *MockACLEngine) GetNumOfACLChanges() int
- func (mae *MockACLEngine) GetNumOfACLs() int
- func (mae *MockACLEngine) GetOutboundACL(ifName string) *vpp_acl.AccessLists_Acl
- func (mae *MockACLEngine) RegisterPod(pod podmodel.ID, podIP string, anotherNode bool)
- type PodConfig
- type ProtocolType
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ACLAction ¶
type ACLAction int
ACLAction is one of DENY, PERMIT, REFLECT, FAILURE.
const ( // ACLActionDeny is returned by evalACL when the packet is blocked by ACL. ACLActionDeny ACLAction = iota // ACLActionPermit is returned by evalACL when the packet is allowed by ACL. ACLActionPermit // ACLActionReflect is returned by evalACL when the packet is allowed+reflected by ACL. ACLActionReflect // ACLActionFailure is returned by evalACL when it fails. ACLActionFailure )
type ACLConfig ¶
type ACLConfig struct {
// contains filtered or unexported fields
}
ACLConfig stores currently installed ACLs.
func (*ACLConfig) GetACLs ¶
func (ac *ACLConfig) GetACLs(ifName string) *InterfaceACLs
GetACLs returns ACLs assigned to the given interface.
type ConnectionAction ¶
type ConnectionAction int
ConnectionAction is one of DENY-SYN, DENY-SYN-ACK, ALLOW, FAILURE.
const ( // ConnActionDenySyn is returned by the mock ACL engine when the SYN packet is blocked. ConnActionDenySyn ConnectionAction = iota // ConnActionDenySynAck is returned by the mock ACL engine when the SYN-ACK packet is blocked. ConnActionDenySynAck // ConnActionAllow is returned by the mock ACL engine when the connection is allowed. ConnActionAllow // ConnActionFailure is returned by the mock ACL engine when connection simulation fails. ConnActionFailure )
type InterfaceACLs ¶
type InterfaceACLs struct {
// contains filtered or unexported fields
}
InterfaceACLs stores ACLs assigned to interface.
type MockACLEngine ¶
type MockACLEngine struct { sync.Mutex Log logging.Logger Contiv contiv.API /* for GetIfName(), GetMainPhysicalIfName(), GetVxlanBVIIfName() */ // contains filtered or unexported fields }
MockACLEngine simulates ACL evaluation engine from the VPP/ACL plugin.
func NewMockACLEngine ¶
func NewMockACLEngine(log logging.Logger, contiv contiv.API) *MockACLEngine
NewMockACLEngine is a constructor for MockACLEngine.
func (*MockACLEngine) ApplyTxn ¶
func (mae *MockACLEngine) ApplyTxn(txn *localclient.Txn) error
ApplyTxn applies transaction created by ACL renderer.
func (*MockACLEngine) ConnectionInternetToPod ¶
func (mae *MockACLEngine) ConnectionInternetToPod(srcIP string, dstPod podmodel.ID, protocol ProtocolType, srcPort, dstPort uint16) ConnectionAction
ConnectionInternetToPod allows to simulate a connection establishment between a remote source and a destination pod, returning the outcome in terms of ACLs.
func (*MockACLEngine) ConnectionPodToInternet ¶
func (mae *MockACLEngine) ConnectionPodToInternet(srcPod podmodel.ID, dstIP string, protocol ProtocolType, srcPort, dstPort uint16) ConnectionAction
ConnectionPodToInternet allows to simulate a connection establishment between a pod and a remote destination, returning the outcome in terms of ACLs.
func (*MockACLEngine) ConnectionPodToPod ¶
func (mae *MockACLEngine) ConnectionPodToPod(srcPod podmodel.ID, dstPod podmodel.ID, protocol ProtocolType, srcPort, dstPort uint16) ConnectionAction
ConnectionPodToPod allows to simulate a connection establishment between two pods and tests what the outcome in terms of ACLs would be.
func (*MockACLEngine) DumpACLs ¶
func (mae *MockACLEngine) DumpACLs() (acls []*vpp_acl.AccessLists_Acl)
DumpACLs returns all ACLs currently installed.
func (*MockACLEngine) GetACLByName ¶
func (mae *MockACLEngine) GetACLByName(aclName string) *vpp_acl.AccessLists_Acl
GetACLByName returns ACL with the given name, or nil if there is none.
func (*MockACLEngine) GetInboundACL ¶
func (mae *MockACLEngine) GetInboundACL(ifName string) *vpp_acl.AccessLists_Acl
GetInboundACL returns ACL assigned on the inbound side of the given interface, or nil if there is none.
func (*MockACLEngine) GetNumOfACLChanges ¶
func (mae *MockACLEngine) GetNumOfACLChanges() int
GetNumOfACLChanges returns the number of ACL changes (Put+Delete).
func (*MockACLEngine) GetNumOfACLs ¶
func (mae *MockACLEngine) GetNumOfACLs() int
GetNumOfACLs returns the number of installed ACLs.
func (*MockACLEngine) GetOutboundACL ¶
func (mae *MockACLEngine) GetOutboundACL(ifName string) *vpp_acl.AccessLists_Acl
GetOutboundACL returns ACL assigned on the outbound side of the given interface, or nil if there is none.
func (*MockACLEngine) RegisterPod ¶
func (mae *MockACLEngine) RegisterPod(pod podmodel.ID, podIP string, anotherNode bool)
RegisterPod registers a deployed pod. Set *anotherNode* to true if the pod was deployed on another node. testConnection() assumes no ACLs installed on other nodes.
type PodConfig ¶
type PodConfig struct {
// contains filtered or unexported fields
}
PodConfig encapsulates pod configuration.
type ProtocolType ¶
type ProtocolType int
ProtocolType is one of TCP, UDP, ICMP.
const ( // TCP protocol. TCP ProtocolType = iota // UDP protocol. UDP // ICMP protocol ICMP )