The highest tagged major version is
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseIPSpec ¶
ParseIPSpec takes in either a CIDR format (e.g. 192.168.1.2/16 or fe::/8) or a single IP address (e.g. 10.1.2.3 or fe::1) and returns *net.IPNet. In case of a single IP address, the associated network length is either /32 for IPv4 or /128 for IPv6.
Types ¶
type Manager ¶
type Manager interface {
// OpenSession starts enforcing restrictions for a cgroup with cgroupID
OpenSession(ctx *bpf.SessionContext, cgroupID uint64)
// CloseSession stops enforcing restrictions for a cgroup with cgroupID
CloseSession(ctx *bpf.SessionContext, cgroupID uint64)
// Close stops the manager, cleaning up any resources
Close()
}
Manager starts and stop enforcing restrictions for a given session.
func New ¶
func New(config *bpf.RestrictedSessionConfig, wc RestrictionsWatcherClient) (Manager, error)
New returns a new NOP service. Note this function does nothing.
type NOP ¶
type NOP struct{}
Stubbed out Manager interface for cases where the real thing is not used.
func (NOP) CloseSession ¶
func (NOP) CloseSession(ctx *bpf.SessionContext, cgroupID uint64)
func (NOP) OpenSession ¶
func (NOP) OpenSession(ctx *bpf.SessionContext, cgroupID uint64)
func (NOP) UpdateNetworkRestrictions ¶
func (NOP) UpdateNetworkRestrictions(r *NetworkRestrictions) error
type NetworkRestrictions ¶
type NetworkRestrictions struct {
// Enabled controls if restrictions are enforced.
Enabled bool
// Allow holds a list of IPs (with masks) to allow, overriding deny list
Allow []net.IPNet
// Deny holds a list of IPs (with masks) to deny (block)
Deny []net.IPNet
}
NetworkRestrictions specifies which addresses should be blocked.
type RestrictionsWatcherClient ¶
type RestrictionsWatcherClient interface {
services.Restrictions
types.Events
}
RestrictionsWatcherClient is used by changeset to fetch a list of proxies and subscribe to updates
Source Files
Click to show internal directories.
Click to hide internal directories.