policy

package
v0.0.0-...-b4cb883 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 25, 2020 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// TypeNone policy action is UNKNOWN: no decision, apply the next rule.
	TypeNone = iota
	// TypeRefuse policy action is REFUSE: do not resolve a query and return code REFUSED
	TypeRefuse
	// TypeAllow policy action is ALLOW: continue to resolve query
	TypeAllow
	// TypeBlock policy action is BLOCK: do not resolve a query and return code NXDOMAIN
	TypeBlock
	// TypeDrop policy action is DROP: do not resolve a query and simulate a lost query
	TypeDrop

	// TypeCount total number of actions allowed
	TypeCount
)

Variables

View Source
var NameTypes = map[int]string{
	TypeNone:   "none",
	TypeAllow:  "allow",
	TypeRefuse: "refuse",
	TypeBlock:  "block",
	TypeDrop:   "drop",
}

NameTypes keep a mapping of the byte constant to the corresponding name

Functions

This section is empty.

Types

type Engine

type Engine interface {
	// BuildRules - create a Rule based on args or throw an error, This Rule will be evaluated during processing of DNS Queries
	BuildRule(args []string) (Rule, error) // create a rule based on parameters

	//BuildQueryData generate the data needed to evaluate - for one query - ALL the rules of this Engine
	BuildQueryData(ctx context.Context, state request.Request) (interface{}, error)

	//BuildReplyData generate the data needed to evaluate - for one response - ALL the rules of this Engine
	BuildReplyData(ctx context.Context, state request.Request, queryData interface{}) (interface{}, error)
}

Engine for Firewall plugin

type Engineer

type Engineer interface {
	Engine(name string) Engine
}

Engineer allow registration of Policy Engines. One plugin can declare several Engines.

type ExprEngine

type ExprEngine struct {
	// contains filtered or unexported fields
}

ExprEngine implement interface Engine for Firewall plugin it evaluate the rues using an the lib Knetic/govaluate

func NewExprEngine

func NewExprEngine() *ExprEngine

NewExprEngine create a new Engine with default configuration

func (*ExprEngine) BuildQueryData

func (x *ExprEngine) BuildQueryData(ctx context.Context, state request.Request) (interface{}, error)

BuildQueryData here return a dataAsParam that can be used by to evaluate the variables of the expression

func (*ExprEngine) BuildReplyData

func (x *ExprEngine) BuildReplyData(ctx context.Context, state request.Request, query interface{}) (interface{}, error)

BuildReplyData here return a dataAsParam that can be used by to evaluate the variables of the expression

func (*ExprEngine) BuildRule

func (x *ExprEngine) BuildRule(args []string) (Rule, error)

BuildRule create a rule for Expression Engine: - first param is one of the action to return - second and following param is a sentence the represent an Expression

type Rule

type Rule interface {
	// Evaluate the rule and return one of the TypeXXX defined above
	//   - TypeNone should be returned if the Rule is not able to decide any action for this query
	//   - otherwise return one of TypeAllow/TypeRefuse/TypeDrop/TypeBlock
	Evaluate(data interface{}) (int, error)
}

Rule defines a policy for continuing DNS query processing.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL