control

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 16, 2023 License: Apache-2.0 Imports: 52 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func InitTracer

func InitTracer(tracing env.Tracing, id string) (io.Closer, error)

InitTracer initializes the global tracer.

func LoadCorePolicies

func LoadCorePolicies(cfg config.Policies) (beacon.CorePolicies, error)

LoadCorePolicies loads the policies for beaconing in a core CS.

func LoadNonCorePolicies

func LoadNonCorePolicies(cfg config.Policies) (beacon.Policies, error)

LoadNonCorePolicies loads the policies for beaconing in a non-core CS.

func LoadTrustMaterial

func LoadTrustMaterial(ctx context.Context, configDir string, db trust.DB) error

LoadTrustMaterial loads the trust material from disk. The logger must not be nil.

func MACGenFactory

func MACGenFactory(configDir string) (func() hash.Hash, error)

MACGenFactory creates a MAC factory

func NewChainBuilder

func NewChainBuilder(cfg ChainBuilderConfig) renewal.ChainBuilder

NewChainBuilder creates a renewing chain builder.

func NewSigner

func NewSigner(ia addr.IA, db trust.DB, cfgDir string) cstrust.RenewingSigner

NewSigner creates a renewing signer backed by a certificate chain.

func NewTLSCertificateLoader added in v0.9.0

func NewTLSCertificateLoader(
	ia addr.IA,
	extKeyUsage x509.ExtKeyUsage,
	db trust.DB,
	cfgDir string,
) cstrust.TLSCertificateLoader

func RegisterHTTPEndpoints

func RegisterHTTPEndpoints(
	elemId string,
	cfg config.Config,
	signer cstrust.RenewingSigner,
	ca renewal.ChainBuilder,
	topo *topology.Loader,
) error

RegisterHTTPEndpoints starts the HTTP endpoints that expose the metrics and additional information.

Types

type ChainBuilderConfig

type ChainBuilderConfig struct {
	IA          addr.IA
	DB          trust.DB
	MaxValidity time.Duration
	ConfigDir   string
	Metrics     renewal.Metrics

	// ForceECDSAWithSHA512 forces the CA policy to use ECDSAWithSHA512 as the
	// signature algorithm for signing the issued certificate. This field
	// forces the old behavior extending the acceptable signature algorithms
	// in https://github.com/scionproto/scion/commit/df8565dc97cb6ef7c7925c26f23f3e9954ab2a97.
	//
	// Experimental: This field is experimental and will be subject to change.
	ForceECDSAWithSHA512 bool
}

type HiddenPathConfigurator

type HiddenPathConfigurator struct {
	LocalIA           addr.IA
	Verifier          infra.Verifier
	Signer            hpgrpc.Signer
	PathDB            pathdb.DB
	Dialer            libgrpc.Dialer
	FetcherConfig     segreq.FetcherConfig
	IntraASTCPServer  *grpc.Server
	InterASQUICServer *grpc.Server
}

HiddenPathConfigurator can be used to configure the hidden path servers.

func (HiddenPathConfigurator) Setup

Setup sets up the hidden paths servers using the configuration at the given location. An empty location will not enable any hidden path behavior. It returns the configuration for the hidden segment writer. The return value can be nil if this AS isn't a writer.

type HiddenPathRegistrationCfg

type HiddenPathRegistrationCfg struct {
	Policy     hiddenpath.RegistrationPolicy
	Router     snet.Router
	Discoverer hiddenpath.Discoverer
	RPC        hiddenpath.Register
}

HiddenPathRegistrationCfg contains the required options to configure hidden paths down segment registration.

type Metrics

type Metrics struct {
	BeaconDBQueriesTotal                   *prometheus.CounterVec
	BeaconingOriginatedTotal               *prometheus.CounterVec
	BeaconingPropagatedTotal               *prometheus.CounterVec
	BeaconingPropagatorInternalErrorsTotal *prometheus.CounterVec
	BeaconingReceivedTotal                 *prometheus.CounterVec
	BeaconingRegisteredTotal               *prometheus.CounterVec
	BeaconingRegistrarInternalErrorsTotal  *prometheus.CounterVec
	CAHealth                               *prometheus.GaugeVec
	DiscoveryRequestsTotal                 *prometheus.CounterVec
	PathDBQueriesTotal                     *prometheus.CounterVec
	RenewalServerRequestsTotal             *prometheus.CounterVec
	RenewalHandledRequestsTotal            *prometheus.CounterVec
	RenewalRegisteredHandlers              *prometheus.GaugeVec
	SegmentLookupRequestsTotal             *prometheus.CounterVec
	SegmentLookupSegmentsSentTotal         *prometheus.CounterVec
	SegmentRegistrationsTotal              *prometheus.CounterVec
	SegmentExpirationDeficient             *prometheus.GaugeVec
	TrustDBQueriesTotal                    *prometheus.CounterVec
	TrustLatestTRCNotBefore                prometheus.Gauge
	TrustLatestTRCNotAfter                 prometheus.Gauge
	TrustLatestTRCSerial                   prometheus.Gauge
	TrustTRCFileWritesTotal                *prometheus.CounterVec
	SCIONNetworkMetrics                    snet.SCIONNetworkMetrics
	SCIONPacketConnMetrics                 snet.SCIONPacketConnMetrics
	SCMPErrors                             metrics.Counter
	TopoLoader                             topology.LoaderMetrics
	DRKeySecretValueQueriesTotal           *prometheus.CounterVec
	DRKeyLevel1QueriesTotal                *prometheus.CounterVec
	RenewalMetrics                         renewal.Metrics
}

Metrics defines the metrics exposed by the control server.

XXX(roosd): Currently, most counters are created in the packages. The will eventually be moved here.

func NewMetrics

func NewMetrics() *Metrics

type RevocationHandler

type RevocationHandler struct {
	RevCache revcache.RevCache
}

RevocationHandler handles raw revocations from the snet stack and inserts them into the

func (RevocationHandler) Revoke

func (h RevocationHandler) Revoke(ctx context.Context, revInfo *path_mgmt.RevInfo) error

type Store

type Store interface {
	// PreFilter indicates whether the beacon will be filtered on insert by
	// returning an error with the reason. This allows the caller to drop
	// ignored beacons.
	PreFilter(beacon beacon.Beacon) error
	// BeaconsToPropagate returns an error and an empty slice if an error (e.g., connection or
	// parsing error) occurs; otherwise, it returns a slice containing the beacons (which
	// potentially could be empty when no beacon is found) and no error.
	// The selection is based on the configured propagation policy.
	BeaconsToPropagate(ctx context.Context) ([]beacon.Beacon, error)
	// SegmentsToRegister returns an error and an empty slice if an error (e.g., connection or
	// parsing error) occurs; otherwise, it returns a slice containing the beacons (which
	// potentially could be empty when no beacon is found) and no error.
	// The selections is based on the configured propagation policy for the requested segment type.
	SegmentsToRegister(ctx context.Context, segType seg.Type) ([]beacon.Beacon, error)
	// InsertBeacon adds a verified beacon to the store, ignoring revocations.
	InsertBeacon(ctx context.Context, beacon beacon.Beacon) (beacon.InsertStats, error)
	// UpdatePolicy updates the policy. Beacons that are filtered by all
	// policies after the update are removed.
	UpdatePolicy(ctx context.Context, policy beacon.Policy) error
	// MaxExpTime returns the segment maximum expiration time for the given policy.
	MaxExpTime(policyType beacon.PolicyType) uint8
}

Store is the interface to interact with the beacon store.

type Tasks

type Tasks struct {
	Originator      *periodic.Runner
	Propagator      *periodic.Runner
	Registrars      []*periodic.Runner
	DRKeyPrefetcher *periodic.Runner

	PathCleaner   *periodic.Runner
	DRKeyCleaners []*periodic.Runner
}

Tasks keeps track of the running tasks.

func StartTasks

func StartTasks(cfg TasksConfig) (*Tasks, error)

func (*Tasks) Kill

func (t *Tasks) Kill()

Kill stops all running tasks immediately.

type TasksConfig

type TasksConfig struct {
	Core       bool
	IA         addr.IA
	MTU        uint16
	NextHopper interface {
		UnderlayNextHop(uint16) *net.UDPAddr
	}
	Public                *net.UDPAddr
	AllInterfaces         *ifstate.Interfaces
	PropagationInterfaces func() []*ifstate.Interface
	OriginationInterfaces func() []*ifstate.Interface
	TrustDB               trust.DB
	PathDB                pathdb.DB
	RevCache              revcache.RevCache
	BeaconSenderFactory   beaconing.SenderFactory
	SegmentRegister       beaconing.RPC
	BeaconStore           Store
	SignerGen             beaconing.SignerGen
	Inspector             trust.Inspector
	Metrics               *Metrics
	DRKeyEngine           *drkey.ServiceEngine

	MACGen     func() hash.Hash
	StaticInfo func() *beaconing.StaticInfoCfg

	OriginationInterval  time.Duration
	PropagationInterval  time.Duration
	RegistrationInterval time.Duration
	DRKeyEpochInterval   time.Duration
	// HiddenPathRegistrationCfg contains the required options to configure
	// hidden paths down segment registration. If it is nil, normal path
	// registration is used instead.
	HiddenPathRegistrationCfg *HiddenPathRegistrationCfg

	AllowIsdLoop bool

	EPIC bool
}

TasksConfig holds the necessary configuration to start the periodic tasks a CS is expected to run.

func (*TasksConfig) DRKeyCleaners added in v0.9.0

func (t *TasksConfig) DRKeyCleaners() []*periodic.Runner

func (*TasksConfig) DRKeyPrefetcher added in v0.9.0

func (t *TasksConfig) DRKeyPrefetcher() *periodic.Runner

func (*TasksConfig) Originator

func (t *TasksConfig) Originator() *periodic.Runner

Originator starts a periodic beacon origination task. For non-core ASes, no periodic runner is started.

func (*TasksConfig) Propagator

func (t *TasksConfig) Propagator() *periodic.Runner

Propagator starts a periodic beacon propagation task.

func (*TasksConfig) SegmentWriters

func (t *TasksConfig) SegmentWriters() []*periodic.Runner

SegmentWriters starts periodic segment registration tasks.

Directories

Path Synopsis
mock_beacon
Package mock_beacon is a generated GoMock package.
Package mock_beacon is a generated GoMock package.
Package beaconing implements tasks and handlers related to beacon propagation and registration.
Package beaconing implements tasks and handlers related to beacon propagation and registration.
mock_beaconing
Package mock_beaconing is a generated GoMock package.
Package mock_beaconing is a generated GoMock package.
cmd
Package config describes the configuration of the beacon server.
Package config describes the configuration of the beacon server.
grpc/mock_grpc
Package mock_grpc is a generated GoMock package.
Package mock_grpc is a generated GoMock package.
mock_drkey
Package mock_drkey is a generated GoMock package.
Package mock_drkey is a generated GoMock package.
Package ifstate implements the interface state in memory structure as well as related tasks and handlers.
Package ifstate implements the interface state in memory structure as well as related tasks and handlers.
Package mgmtapi provides primitives to interact with the openapi HTTP API.
Package mgmtapi provides primitives to interact with the openapi HTTP API.
mock_mgmtapi
Package mock_mgmtapi is a generated GoMock package.
Package mock_mgmtapi is a generated GoMock package.
segreg
Package segreq contains everything that is needed to handle segment requests in the path server.
Package segreq contains everything that is needed to handle segment requests in the path server.
mock_trust
Package mock_trust is a generated GoMock package.
Package mock_trust is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL