Documentation
¶
Index ¶
- Constants
- Variables
- func IsDecision(result EPResult) bool
- func ValidateEndpointListConfigOption(value interface{}) error
- type EPResult
- type Endpoint
- type EndpointASN
- type EndpointAny
- type EndpointBase
- type EndpointContinent
- type EndpointCountry
- type EndpointDomain
- type EndpointIP
- type EndpointIPRange
- type EndpointLists
- type EndpointScope
- type Endpoints
- type Reason
Constants ¶
const DisplayHintEndpointList = "endpoint list"
DisplayHintEndpointList marks an option as an endpoint list option. It's meant to be used with DisplayHintAnnotation.
const EndpointListVerdictNamesAnnotation = "safing/portmaster:ui:endpoint-list:verdict-names"
EndpointListVerdictNamesAnnotation is the annotation identifier used in configuration options to hint the UI on names to be used for endpoint list verdicts. If configured, it must be of type map[string]string, mapping the verdict symbol to a name to be displayed in the UI. May only used when config.DisplayHintAnnotation is set to DisplayHintEndpointList.
Variables ¶
var ListEntryValidationRegex = strings.Join([]string{
`^(\+|\-) `,
`(! +)?`,
`[A-z0-9\.:\-*/]+`,
`( `,
`[A-z0-9*]+`,
`(/[A-z0-9]+(\-[A-z0-9]+)?)?`,
`)?`,
`( +#.*)?`,
}, "")
ListEntryValidationRegex is a regex to bullshit check endpoint list entries.
Functions ¶
func IsDecision ¶
IsDecision returns true if result represents a decision and false if result is NoMatch or Undeterminable.
func ValidateEndpointListConfigOption ¶
func ValidateEndpointListConfigOption(value interface{}) error
ValidateEndpointListConfigOption validates the given value.
Types ¶
type EPResult ¶
type EPResult uint8
EPResult represents the result of a check against an EndpointPermission.
type Endpoint ¶
type Endpoint interface {
Matches(ctx context.Context, entity *intel.Entity) (EPResult, Reason)
String() string
}
Endpoint describes an Endpoint Matcher.
type EndpointASN ¶
type EndpointASN struct {
EndpointBase
ASN uint
}
EndpointASN matches ASNs.
func (*EndpointASN) Matches ¶
Matches checks whether the given entity matches this endpoint definition.
func (*EndpointASN) String ¶
func (ep *EndpointASN) String() string
type EndpointAny ¶
type EndpointAny struct {
EndpointBase
}
EndpointAny matches anything.
func (*EndpointAny) Matches ¶
Matches checks whether the given entity matches this endpoint definition.
func (*EndpointAny) String ¶
func (ep *EndpointAny) String() string
type EndpointBase ¶
EndpointBase provides general functions for implementing an Endpoint to reduce boilerplate.
type EndpointContinent ¶
type EndpointContinent struct {
EndpointBase
ContinentCode string
}
EndpointContinent matches countries.
func (*EndpointContinent) Matches ¶
Matches checks whether the given entity matches this endpoint definition.
func (*EndpointContinent) String ¶
func (ep *EndpointContinent) String() string
type EndpointCountry ¶
type EndpointCountry struct {
EndpointBase
CountryCode string
}
EndpointCountry matches countries.
func (*EndpointCountry) Matches ¶
Matches checks whether the given entity matches this endpoint definition.
func (*EndpointCountry) String ¶
func (ep *EndpointCountry) String() string
type EndpointDomain ¶
type EndpointDomain struct {
EndpointBase
OriginalValue string
Domain string
DomainZone string
MatchType uint8
}
EndpointDomain matches domains.
func (*EndpointDomain) Matches ¶
Matches checks whether the given entity matches this endpoint definition.
func (*EndpointDomain) String ¶
func (ep *EndpointDomain) String() string
type EndpointIP ¶
type EndpointIP struct {
EndpointBase
IP net.IP
}
EndpointIP matches IPs.
func (*EndpointIP) Matches ¶
Matches checks whether the given entity matches this endpoint definition.
func (*EndpointIP) String ¶
func (ep *EndpointIP) String() string
type EndpointIPRange ¶
type EndpointIPRange struct {
EndpointBase
Net *net.IPNet
}
EndpointIPRange matches IP ranges.
func (*EndpointIPRange) Matches ¶
Matches checks whether the given entity matches this endpoint definition.
func (*EndpointIPRange) String ¶
func (ep *EndpointIPRange) String() string
type EndpointLists ¶
type EndpointLists struct {
EndpointBase
ListSet []string
Lists string
}
EndpointLists matches endpoint lists.
func (*EndpointLists) Matches ¶
Matches checks whether the given entity matches this endpoint definition.
func (*EndpointLists) String ¶
func (ep *EndpointLists) String() string
type EndpointScope ¶
type EndpointScope struct {
EndpointBase
// contains filtered or unexported fields
}
EndpointScope matches network scopes.
func (*EndpointScope) Matches ¶
Matches checks whether the given entity matches this endpoint definition.
func (*EndpointScope) Scopes ¶
func (ep *EndpointScope) Scopes() string
Scopes returns the string representation of all scopes.
func (*EndpointScope) String ¶
func (ep *EndpointScope) String() string
type Endpoints ¶
type Endpoints []Endpoint
Endpoints is a list of permitted or denied endpoints.
func ParseEndpoints ¶
ParseEndpoints parses a list of endpoints and returns a list of Endpoints for matching.
func (Endpoints) Match ¶
func (e Endpoints) Match(ctx context.Context, entity *intel.Entity) (result EPResult, reason Reason)
Match checks whether the given entity matches any of the endpoint definitions in the list.
func (Endpoints) MatchMulti ¶
func (e Endpoints) MatchMulti(ctx context.Context, entities ...*intel.Entity) (result EPResult, reason Reason)
MatchMulti checks whether the given entities match any of the endpoint definitions in the list. Every rule is evaluated against all given entities and only if not match was registered, the next rule is evaluated.
type Reason ¶
type Reason interface {
// String should return a human readable string
// describing the decision reason.
String() string
// Context returns the context that was used
// for the decision.
Context() interface{}
}
Reason describes the reason why an endpoint has been permitted or blocked.
Source Files