policy

package
v1.0.9 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 6, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func MatchProfileProcess 

func MatchProfileProcess(entry *share.CLUSProcessProfileEntry, proc *share.CLUSProcessProfileEntry) bool

Types

type DlpBuildInfo 

type DlpBuildInfo struct {
	DlpRulesInfo []*dp.DPDlpRuleEntry
	DlpDpMacs    utils.Set
	ApplyDir     int
}

type Engine 

type Engine struct {
	NetworkPolicy  map[string]*WorkloadIPPolicyInfo
	ProcessPolicy  map[string]*share.CLUSProcessProfile
	DlpWlRulesInfo map[string]*dp.DPWorkloadDlpRule
	DlpBldInfo     *DlpBuildInfo
	HostID         string
	HostIPs        utils.Set
	TunnelIP       []net.IPNet
	Mutex          sync.Mutex

	PolicyAddrMap map[string]share.CLUSSubnet
	// contains filtered or unexported fields
}

func (*Engine) DeleteNetworkPolicy 

func (e *Engine) DeleteNetworkPolicy(id string)

func (*Engine) DeleteProcessPolicy 

func (e *Engine) DeleteProcessPolicy(name string)

func (*Engine) GetNetworkDlpBuildInfo 

func (e *Engine) GetNetworkDlpBuildInfo() *DlpBuildInfo

func (*Engine) GetNetworkDlpWorkloadRulesInfo 

func (e *Engine) GetNetworkDlpWorkloadRulesInfo() map[string]*dp.DPWorkloadDlpRule

dlp

func (*Engine) GetNetworkPolicy 

func (e *Engine) GetNetworkPolicy() map[string]*WorkloadIPPolicyInfo

func (*Engine) GetPolicyAddrMap 

func (e *Engine) GetPolicyAddrMap() map[string]share.CLUSSubnet

func (*Engine) HostNetworkPolicyLookup 

func (e *Engine) HostNetworkPolicyLookup(wl string, conn *dp.Connection) (uint32, uint8, bool)

func (*Engine) Init 

func (e *Engine) Init(HostID string, HostIPs utils.Set, TunnelIP []net.IPNet, cb GroupProcPolicyCallback)

func (*Engine) InsertNeuvectorProcessProfilePolicy 

func (e *Engine) InsertNeuvectorProcessProfilePolicy(group, role string)

/

func (*Engine) IsAllowedByParentApp 

func (e *Engine) IsAllowedByParentApp(service, id, name, pname, ppath string, pgid int) bool

allowed by parent process name The program logic is located at faccess_linux.go: isAllowedByParentApp()

func (*Engine) IsAllowedSuspiciousApp 

func (e *Engine) IsAllowedSuspiciousApp(service, id, name string) bool

matching the process name: suspicious process is defined by name only

func (*Engine) ObtainProcessPolicy 

func (e *Engine) ObtainProcessPolicy(name, id string) (*share.CLUSProcessProfile, bool)

func (*Engine) ProcessPolicyLookup 

func (e *Engine) ProcessPolicyLookup(name, id string, proc *share.CLUSProcessProfileEntry, pid int) (string, string, string, error)

func (*Engine) PushFqdnInfoToDP 

func (e *Engine) PushFqdnInfoToDP()

func (*Engine) PushNetworkDlpToDP 

func (e *Engine) PushNetworkDlpToDP()

func (*Engine) PushNetworkPolicyToDP 

func (e *Engine) PushNetworkPolicyToDP()

func (*Engine) UpdateNetworkPolicy 

func (e *Engine) UpdateNetworkPolicy(ps []share.CLUSGroupIPPolicy,
	newPolicy map[string]*WorkloadIPPolicyInfo) utils.Set

func (*Engine) UpdateProcessPolicy 

func (e *Engine) UpdateProcessPolicy(name string, profile *share.CLUSProcessProfile) (bool, *share.CLUSProcessProfile)

type GroupProcPolicyCallback 

type GroupProcPolicyCallback func(id string) (*share.CLUSProcessProfile, bool)

type ProcProfileBrief 

type ProcProfileBrief struct {
	// contains filtered or unexported fields
}

type WorkloadIPPolicyInfo 

type WorkloadIPPolicyInfo struct {
	RuleMap    map[string]*dp.DPPolicyIPRule
	Policy     dp.DPWorkloadIPPolicy
	Configured bool
	SkipPush   bool
	HostMode   bool
	CapIntcp   bool
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.