endpoints

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 19, 2022 License: AGPL-3.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source
const DisplayHintEndpointList = "endpoint list"

DisplayHintEndpointList marks an option as an endpoint list option. It's meant to be used with DisplayHintAnnotation.

View Source
const EndpointListVerdictNamesAnnotation = "safing/portmaster:ui:endpoint-list:verdict-names"

EndpointListVerdictNamesAnnotation is the annotation identifier used in configuration options to hint the UI on names to be used for endpoint list verdicts. If configured, it must be of type map[string]string, mapping the verdict symbol to a name to be displayed in the UI. May only used when config.DisplayHintAnnotation is set to DisplayHintEndpointList.

Variables

View Source
var ListEntryValidationRegex = strings.Join([]string{
	`^(\+|\-) `,
	`(! +)?`,
	`[A-z0-9\.:\-*/]+`,
	`( `,
	`[A-z0-9*]+`,
	`(/[A-z0-9]+(\-[A-z0-9]+)?)?`,
	`)?`,
	`( +#.*)?`,
}, "")

ListEntryValidationRegex is a regex to bullshit check endpoint list entries.

Functions

func IsDecision added in v0.4.1

func IsDecision(result EPResult) bool

IsDecision returns true if result represents a decision and false if result is NoMatch or Undeterminable.

func ValidateEndpointListConfigOption added in v0.8.5

func ValidateEndpointListConfigOption(value interface{}) error

ValidateEndpointListConfigOption validates the given value.

Types

type EPResult

type EPResult uint8

EPResult represents the result of a check against an EndpointPermission.

const (
	NoMatch EPResult = iota
	MatchError
	Denied
	Permitted
)

Endpoint matching return values.

func (EPResult) String

func (epr EPResult) String() string

type Endpoint

type Endpoint interface {
	Matches(ctx context.Context, entity *intel.Entity) (EPResult, Reason)
	String() string
}

Endpoint describes an Endpoint Matcher.

type EndpointASN

type EndpointASN struct {
	EndpointBase

	ASN uint
}

EndpointASN matches ASNs.

func (*EndpointASN) Matches

func (ep *EndpointASN) Matches(ctx context.Context, entity *intel.Entity) (EPResult, Reason)

Matches checks whether the given entity matches this endpoint definition.

func (*EndpointASN) String

func (ep *EndpointASN) String() string

type EndpointAny

type EndpointAny struct {
	EndpointBase
}

EndpointAny matches anything.

func (*EndpointAny) Matches

func (ep *EndpointAny) Matches(_ context.Context, entity *intel.Entity) (EPResult, Reason)

Matches checks whether the given entity matches this endpoint definition.

func (*EndpointAny) String

func (ep *EndpointAny) String() string

type EndpointBase

type EndpointBase struct {
	Protocol  uint8
	StartPort uint16
	EndPort   uint16

	Permitted bool
}

EndpointBase provides general functions for implementing an Endpoint to reduce boilerplate.

type EndpointCountry

type EndpointCountry struct {
	EndpointBase

	Country string
}

EndpointCountry matches countries.

func (*EndpointCountry) Matches

func (ep *EndpointCountry) Matches(ctx context.Context, entity *intel.Entity) (EPResult, Reason)

Matches checks whether the given entity matches this endpoint definition.

func (*EndpointCountry) String

func (ep *EndpointCountry) String() string

type EndpointDomain

type EndpointDomain struct {
	EndpointBase

	OriginalValue string
	Domain        string
	DomainZone    string
	MatchType     uint8
}

EndpointDomain matches domains.

func (*EndpointDomain) Matches

func (ep *EndpointDomain) Matches(ctx context.Context, entity *intel.Entity) (EPResult, Reason)

Matches checks whether the given entity matches this endpoint definition.

func (*EndpointDomain) String

func (ep *EndpointDomain) String() string

type EndpointIP

type EndpointIP struct {
	EndpointBase

	IP net.IP
}

EndpointIP matches IPs.

func (*EndpointIP) Matches

func (ep *EndpointIP) Matches(_ context.Context, entity *intel.Entity) (EPResult, Reason)

Matches checks whether the given entity matches this endpoint definition.

func (*EndpointIP) String

func (ep *EndpointIP) String() string

type EndpointIPRange

type EndpointIPRange struct {
	EndpointBase

	Net *net.IPNet
}

EndpointIPRange matches IP ranges.

func (*EndpointIPRange) Matches

func (ep *EndpointIPRange) Matches(_ context.Context, entity *intel.Entity) (EPResult, Reason)

Matches checks whether the given entity matches this endpoint definition.

func (*EndpointIPRange) String

func (ep *EndpointIPRange) String() string

type EndpointLists

type EndpointLists struct {
	EndpointBase

	ListSet []string
	Lists   string
}

EndpointLists matches endpoint lists.

func (*EndpointLists) Matches

func (ep *EndpointLists) Matches(ctx context.Context, entity *intel.Entity) (EPResult, Reason)

Matches checks whether the given entity matches this endpoint definition.

func (*EndpointLists) String

func (ep *EndpointLists) String() string

type EndpointScope added in v0.4.4

type EndpointScope struct {
	EndpointBase
	// contains filtered or unexported fields
}

EndpointScope matches network scopes.

func (*EndpointScope) Matches added in v0.4.4

func (ep *EndpointScope) Matches(_ context.Context, entity *intel.Entity) (EPResult, Reason)

Matches checks whether the given entity matches this endpoint definition.

func (*EndpointScope) Scopes added in v0.4.4

func (ep *EndpointScope) Scopes() string

Scopes returns the string representation of all scopes.

func (*EndpointScope) String added in v0.4.4

func (ep *EndpointScope) String() string

type Endpoints

type Endpoints []Endpoint

Endpoints is a list of permitted or denied endpoints.

func ParseEndpoints

func ParseEndpoints(entries []string) (Endpoints, error)

ParseEndpoints parses a list of endpoints and returns a list of Endpoints for matching.

func (Endpoints) IsSet

func (e Endpoints) IsSet() bool

IsSet returns whether the Endpoints object is "set".

func (Endpoints) Match

func (e Endpoints) Match(ctx context.Context, entity *intel.Entity) (result EPResult, reason Reason)

Match checks whether the given entity matches any of the endpoint definitions in the list.

func (Endpoints) MatchMulti added in v0.8.9

func (e Endpoints) MatchMulti(ctx context.Context, entities ...*intel.Entity) (result EPResult, reason Reason)

MatchMulti checks whether the given entities match any of the endpoint definitions in the list. Every rule is evaluated against all given entities and only if not match was registered, the next rule is evaluated.

func (Endpoints) String

func (e Endpoints) String() string

type Reason added in v0.4.1

type Reason interface {
	// String should return a human readable string
	// describing the decision reason.
	String() string

	// Context returns the context that was used
	// for the decision.
	Context() interface{}
}

Reason describes the reason why an endpoint has been permitted or blocked.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL