aclengine

package
v0.0.0-...-a11b7ec Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 17, 2018 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ACLAction

type ACLAction int

ACLAction is one of DENY, PERMIT, REFLECT, FAILURE.

const (
	// ACLActionDeny is returned by evalACL when the packet is blocked by ACL.
	ACLActionDeny ACLAction = iota

	// ACLActionPermit is returned by evalACL when the packet is allowed by ACL.
	ACLActionPermit

	// ACLActionReflect is returned by evalACL when the packet is allowed+reflected by ACL.
	ACLActionReflect

	// ACLActionFailure is returned by evalACL when it fails.
	ACLActionFailure
)

type ACLConfig

type ACLConfig struct {
	// contains filtered or unexported fields
}

ACLConfig stores currently installed ACLs.

func NewACLConfig

func NewACLConfig() *ACLConfig

NewACLConfig is a constructor for ACLConfig.

func (*ACLConfig) DelACL

func (ac *ACLConfig) DelACL(aclName string) error

DelACL removes ACL with the given name.

func (*ACLConfig) GetACLs

func (ac *ACLConfig) GetACLs(ifName string) *InterfaceACLs

GetACLs returns ACLs assigned to the given interface.

func (*ACLConfig) PutACL

func (ac *ACLConfig) PutACL(acl *vpp_acl.AccessLists_Acl) error

PutACL adds the given ACL.

type ConnectionAction

type ConnectionAction int

ConnectionAction is one of DENY-SYN, DENY-SYN-ACK, ALLOW, FAILURE.

const (
	// ConnActionDenySyn is returned by the mock ACL engine when the SYN packet is blocked.
	ConnActionDenySyn ConnectionAction = iota

	// ConnActionDenySynAck is returned by the mock ACL engine when the SYN-ACK packet is blocked.
	ConnActionDenySynAck

	// ConnActionAllow is returned by the mock ACL engine when the connection is allowed.
	ConnActionAllow

	// ConnActionFailure is returned by the mock ACL engine when connection simulation fails.
	ConnActionFailure
)

type InterfaceACLs

type InterfaceACLs struct {
	// contains filtered or unexported fields
}

InterfaceACLs stores ACLs assigned to interface.

type MockACLEngine

type MockACLEngine struct {
	sync.Mutex

	Log    logging.Logger
	Contiv contiv.API /* for GetIfName(), GetMainPhysicalIfName(), GetVxlanBVIIfName() */
	// contains filtered or unexported fields
}

MockACLEngine simulates ACL evaluation engine from the VPP/ACL plugin.

func NewMockACLEngine

func NewMockACLEngine(log logging.Logger, contiv contiv.API) *MockACLEngine

NewMockACLEngine is a constructor for MockACLEngine.

func (*MockACLEngine) ApplyTxn

func (mae *MockACLEngine) ApplyTxn(txn *localclient.Txn) error

ApplyTxn applies transaction created by ACL renderer.

func (*MockACLEngine) ConnectionInternetToPod

func (mae *MockACLEngine) ConnectionInternetToPod(srcIP string, dstPod podmodel.ID,
	protocol ProtocolType, srcPort, dstPort uint16) ConnectionAction

ConnectionInternetToPod allows to simulate a connection establishment between a remote source and a destination pod, returning the outcome in terms of ACLs.

func (*MockACLEngine) ConnectionPodToInternet

func (mae *MockACLEngine) ConnectionPodToInternet(srcPod podmodel.ID, dstIP string,
	protocol ProtocolType, srcPort, dstPort uint16) ConnectionAction

ConnectionPodToInternet allows to simulate a connection establishment between a pod and a remote destination, returning the outcome in terms of ACLs.

func (*MockACLEngine) ConnectionPodToPod

func (mae *MockACLEngine) ConnectionPodToPod(srcPod podmodel.ID, dstPod podmodel.ID,
	protocol ProtocolType, srcPort, dstPort uint16) ConnectionAction

ConnectionPodToPod allows to simulate a connection establishment between two pods and tests what the outcome in terms of ACLs would be.

func (*MockACLEngine) DumpACLs

func (mae *MockACLEngine) DumpACLs() (acls []*vpp_acl.AccessLists_Acl)

DumpACLs returns all ACLs currently installed.

func (*MockACLEngine) GetACLByName

func (mae *MockACLEngine) GetACLByName(aclName string) *vpp_acl.AccessLists_Acl

GetACLByName returns ACL with the given name, or nil if there is none.

func (*MockACLEngine) GetInboundACL

func (mae *MockACLEngine) GetInboundACL(ifName string) *vpp_acl.AccessLists_Acl

GetInboundACL returns ACL assigned on the inbound side of the given interface, or nil if there is none.

func (*MockACLEngine) GetNumOfACLChanges

func (mae *MockACLEngine) GetNumOfACLChanges() int

GetNumOfACLChanges returns the number of ACL changes (Put+Delete).

func (*MockACLEngine) GetNumOfACLs

func (mae *MockACLEngine) GetNumOfACLs() int

GetNumOfACLs returns the number of installed ACLs.

func (*MockACLEngine) GetOutboundACL

func (mae *MockACLEngine) GetOutboundACL(ifName string) *vpp_acl.AccessLists_Acl

GetOutboundACL returns ACL assigned on the outbound side of the given interface, or nil if there is none.

func (*MockACLEngine) RegisterPod

func (mae *MockACLEngine) RegisterPod(pod podmodel.ID, podIP string, anotherNode bool)

RegisterPod registers a deployed pod. Set *anotherNode* to true if the pod was deployed on another node. testConnection() assumes no ACLs installed on other nodes.

type PodConfig

type PodConfig struct {
	// contains filtered or unexported fields
}

PodConfig encapsulates pod configuration.

type ProtocolType

type ProtocolType int

ProtocolType is one of TCP, UDP, ICMP.

const (
	// TCP protocol.
	TCP ProtocolType = iota

	// UDP protocol.
	UDP

	// ICMP protocol
	ICMP
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL