Documentation ¶
Index ¶
- func InitTracer(tracing env.Tracing, id string) (io.Closer, error)
- func LoadCorePolicies(cfg config.Policies) (beacon.CorePolicies, error)
- func LoadNonCorePolicies(cfg config.Policies) (beacon.Policies, error)
- func LoadTrustMaterial(ctx context.Context, configDir string, db trust.DB) error
- func MACGenFactory(configDir string) (func() hash.Hash, error)
- func NewChainBuilder(cfg ChainBuilderConfig) renewal.ChainBuilder
- func NewSigner(ia addr.IA, db trust.DB, cfgDir string) cstrust.RenewingSigner
- func NewTLSCertificateLoader(ia addr.IA, extKeyUsage x509.ExtKeyUsage, db trust.DB, cfgDir string) cstrust.TLSCertificateLoader
- func RegisterHTTPEndpoints(elemId string, cfg config.Config, signer cstrust.RenewingSigner, ...) error
- type ChainBuilderConfig
- type HiddenPathConfigurator
- type HiddenPathRegistrationCfg
- type Metrics
- type RevocationHandler
- type Store
- type Tasks
- type TasksConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func InitTracer ¶
InitTracer initializes the global tracer.
func LoadCorePolicies ¶
func LoadCorePolicies(cfg config.Policies) (beacon.CorePolicies, error)
LoadCorePolicies loads the policies for beaconing in a core CS.
func LoadNonCorePolicies ¶
LoadNonCorePolicies loads the policies for beaconing in a non-core CS.
func LoadTrustMaterial ¶
LoadTrustMaterial loads the trust material from disk. The logger must not be nil.
func MACGenFactory ¶
MACGenFactory creates a MAC factory
func NewChainBuilder ¶
func NewChainBuilder(cfg ChainBuilderConfig) renewal.ChainBuilder
NewChainBuilder creates a renewing chain builder.
func NewTLSCertificateLoader ¶ added in v0.9.0
func NewTLSCertificateLoader( ia addr.IA, extKeyUsage x509.ExtKeyUsage, db trust.DB, cfgDir string, ) cstrust.TLSCertificateLoader
func RegisterHTTPEndpoints ¶
func RegisterHTTPEndpoints( elemId string, cfg config.Config, signer cstrust.RenewingSigner, ca renewal.ChainBuilder, topo *topology.Loader, ) error
RegisterHTTPEndpoints starts the HTTP endpoints that expose the metrics and additional information.
Types ¶
type ChainBuilderConfig ¶
type ChainBuilderConfig struct { IA addr.IA DB trust.DB MaxValidity time.Duration ConfigDir string Metrics renewal.Metrics // ForceECDSAWithSHA512 forces the CA policy to use ECDSAWithSHA512 as the // signature algorithm for signing the issued certificate. This field // forces the old behavior extending the acceptable signature algorithms // in https://github.com/scionproto/scion/commit/df8565dc97cb6ef7c7925c26f23f3e9954ab2a97. // // Experimental: This field is experimental and will be subject to change. ForceECDSAWithSHA512 bool }
type HiddenPathConfigurator ¶
type HiddenPathConfigurator struct { LocalIA addr.IA Verifier infra.Verifier Signer hpgrpc.Signer PathDB pathdb.DB Dialer libgrpc.Dialer FetcherConfig segreq.FetcherConfig IntraASTCPServer *grpc.Server InterASQUICServer *grpc.Server }
HiddenPathConfigurator can be used to configure the hidden path servers.
func (HiddenPathConfigurator) Setup ¶
func (c HiddenPathConfigurator) Setup(location string) (*HiddenPathRegistrationCfg, error)
Setup sets up the hidden paths servers using the configuration at the given location. An empty location will not enable any hidden path behavior. It returns the configuration for the hidden segment writer. The return value can be nil if this AS isn't a writer.
type HiddenPathRegistrationCfg ¶
type HiddenPathRegistrationCfg struct { Policy hiddenpath.RegistrationPolicy Router snet.Router Discoverer hiddenpath.Discoverer RPC hiddenpath.Register }
HiddenPathRegistrationCfg contains the required options to configure hidden paths down segment registration.
type Metrics ¶
type Metrics struct { BeaconDBQueriesTotal *prometheus.CounterVec BeaconingOriginatedTotal *prometheus.CounterVec BeaconingPropagatedTotal *prometheus.CounterVec BeaconingPropagatorInternalErrorsTotal *prometheus.CounterVec BeaconingReceivedTotal *prometheus.CounterVec BeaconingRegisteredTotal *prometheus.CounterVec BeaconingRegistrarInternalErrorsTotal *prometheus.CounterVec CAHealth *prometheus.GaugeVec DiscoveryRequestsTotal *prometheus.CounterVec PathDBQueriesTotal *prometheus.CounterVec RenewalServerRequestsTotal *prometheus.CounterVec RenewalHandledRequestsTotal *prometheus.CounterVec RenewalRegisteredHandlers *prometheus.GaugeVec SegmentLookupRequestsTotal *prometheus.CounterVec SegmentLookupSegmentsSentTotal *prometheus.CounterVec SegmentRegistrationsTotal *prometheus.CounterVec SegmentExpirationDeficient *prometheus.GaugeVec TrustDBQueriesTotal *prometheus.CounterVec TrustLatestTRCNotBefore prometheus.Gauge TrustLatestTRCNotAfter prometheus.Gauge TrustLatestTRCSerial prometheus.Gauge TrustTRCFileWritesTotal *prometheus.CounterVec SCIONNetworkMetrics snet.SCIONNetworkMetrics SCIONPacketConnMetrics snet.SCIONPacketConnMetrics SCMPErrors metrics.Counter TopoLoader topology.LoaderMetrics DRKeySecretValueQueriesTotal *prometheus.CounterVec DRKeyLevel1QueriesTotal *prometheus.CounterVec RenewalMetrics renewal.Metrics }
Metrics defines the metrics exposed by the control server.
XXX(roosd): Currently, most counters are created in the packages. The will eventually be moved here.
func NewMetrics ¶
func NewMetrics() *Metrics
type RevocationHandler ¶
RevocationHandler handles raw revocations from the snet stack and inserts them into the
type Store ¶
type Store interface { // PreFilter indicates whether the beacon will be filtered on insert by // returning an error with the reason. This allows the caller to drop // ignored beacons. PreFilter(beacon beacon.Beacon) error // BeaconsToPropagate returns an error and an empty slice if an error (e.g., connection or // parsing error) occurs; otherwise, it returns a slice containing the beacons (which // potentially could be empty when no beacon is found) and no error. // The selection is based on the configured propagation policy. BeaconsToPropagate(ctx context.Context) ([]beacon.Beacon, error) // SegmentsToRegister returns an error and an empty slice if an error (e.g., connection or // parsing error) occurs; otherwise, it returns a slice containing the beacons (which // potentially could be empty when no beacon is found) and no error. // The selections is based on the configured propagation policy for the requested segment type. SegmentsToRegister(ctx context.Context, segType seg.Type) ([]beacon.Beacon, error) // InsertBeacon adds a verified beacon to the store, ignoring revocations. InsertBeacon(ctx context.Context, beacon beacon.Beacon) (beacon.InsertStats, error) // UpdatePolicy updates the policy. Beacons that are filtered by all // policies after the update are removed. UpdatePolicy(ctx context.Context, policy beacon.Policy) error // MaxExpTime returns the segment maximum expiration time for the given policy. MaxExpTime(policyType beacon.PolicyType) uint8 }
Store is the interface to interact with the beacon store.
type Tasks ¶
type Tasks struct { Originator *periodic.Runner Propagator *periodic.Runner Registrars []*periodic.Runner DRKeyPrefetcher *periodic.Runner PathCleaner *periodic.Runner DRKeyCleaners []*periodic.Runner }
Tasks keeps track of the running tasks.
func StartTasks ¶
func StartTasks(cfg TasksConfig) (*Tasks, error)
type TasksConfig ¶
type TasksConfig struct { Core bool IA addr.IA MTU uint16 NextHopper interface { UnderlayNextHop(uint16) *net.UDPAddr } Public *net.UDPAddr AllInterfaces *ifstate.Interfaces PropagationInterfaces func() []*ifstate.Interface OriginationInterfaces func() []*ifstate.Interface TrustDB trust.DB PathDB pathdb.DB RevCache revcache.RevCache BeaconSenderFactory beaconing.SenderFactory SegmentRegister beaconing.RPC BeaconStore Store SignerGen beaconing.SignerGen Inspector trust.Inspector Metrics *Metrics DRKeyEngine *drkey.ServiceEngine MACGen func() hash.Hash StaticInfo func() *beaconing.StaticInfoCfg OriginationInterval time.Duration PropagationInterval time.Duration RegistrationInterval time.Duration DRKeyEpochInterval time.Duration // HiddenPathRegistrationCfg contains the required options to configure // hidden paths down segment registration. If it is nil, normal path // registration is used instead. HiddenPathRegistrationCfg *HiddenPathRegistrationCfg AllowIsdLoop bool EPIC bool }
TasksConfig holds the necessary configuration to start the periodic tasks a CS is expected to run.
func (*TasksConfig) DRKeyCleaners ¶ added in v0.9.0
func (t *TasksConfig) DRKeyCleaners() []*periodic.Runner
func (*TasksConfig) DRKeyPrefetcher ¶ added in v0.9.0
func (t *TasksConfig) DRKeyPrefetcher() *periodic.Runner
func (*TasksConfig) Originator ¶
func (t *TasksConfig) Originator() *periodic.Runner
Originator starts a periodic beacon origination task. For non-core ASes, no periodic runner is started.
func (*TasksConfig) Propagator ¶
func (t *TasksConfig) Propagator() *periodic.Runner
Propagator starts a periodic beacon propagation task.
func (*TasksConfig) SegmentWriters ¶
func (t *TasksConfig) SegmentWriters() []*periodic.Runner
SegmentWriters starts periodic segment registration tasks.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
mock_beacon
Package mock_beacon is a generated GoMock package.
|
Package mock_beacon is a generated GoMock package. |
Package beaconing implements tasks and handlers related to beacon propagation and registration.
|
Package beaconing implements tasks and handlers related to beacon propagation and registration. |
mock_beaconing
Package mock_beaconing is a generated GoMock package.
|
Package mock_beaconing is a generated GoMock package. |
cmd
|
|
Package config describes the configuration of the beacon server.
|
Package config describes the configuration of the beacon server. |
grpc/mock_grpc
Package mock_grpc is a generated GoMock package.
|
Package mock_grpc is a generated GoMock package. |
mock_drkey
Package mock_drkey is a generated GoMock package.
|
Package mock_drkey is a generated GoMock package. |
Package ifstate implements the interface state in memory structure as well as related tasks and handlers.
|
Package ifstate implements the interface state in memory structure as well as related tasks and handlers. |
Package mgmtapi provides primitives to interact with the openapi HTTP API.
|
Package mgmtapi provides primitives to interact with the openapi HTTP API. |
mock_mgmtapi
Package mock_mgmtapi is a generated GoMock package.
|
Package mock_mgmtapi is a generated GoMock package. |
segreg
|
|
Package segreq contains everything that is needed to handle segment requests in the path server.
|
Package segreq contains everything that is needed to handle segment requests in the path server. |
mock_trust
Package mock_trust is a generated GoMock package.
|
Package mock_trust is a generated GoMock package. |