Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseIPSpec ¶
ParseIPSpec takes in either a CIDR format (e.g. 192.168.1.2/16 or fe::/8) or a single IP address (e.g. 10.1.2.3 or fe::1) and returns *net.IPNet. In case of a single IP address, the associated network length is either /32 for IPv4 or /128 for IPv6.
Types ¶
type Manager ¶
type Manager interface { // OpenSession starts enforcing restrictions for a cgroup with cgroupID OpenSession(ctx *bpf.SessionContext, cgroupID uint64) // CloseSession stops enforcing restrictions for a cgroup with cgroupID CloseSession(ctx *bpf.SessionContext, cgroupID uint64) // Close stops the manager, cleaning up any resources Close() }
Manager starts and stop enforcing restrictions for a given session.
func New ¶
func New(config *bpf.RestrictedSessionConfig, wc RestrictionsWatcherClient) (Manager, error)
New returns a new NOP service. Note this function does nothing.
type NOP ¶
type NOP struct{}
Stubbed out Manager interface for cases where the real thing is not used.
func (NOP) CloseSession ¶
func (NOP) CloseSession(ctx *bpf.SessionContext, cgroupID uint64)
func (NOP) OpenSession ¶
func (NOP) OpenSession(ctx *bpf.SessionContext, cgroupID uint64)
func (NOP) UpdateNetworkRestrictions ¶
func (NOP) UpdateNetworkRestrictions(r *NetworkRestrictions) error
type NetworkRestrictions ¶
type NetworkRestrictions struct { // Enabled controls if restrictions are enforced. Enabled bool // Allow holds a list of IPs (with masks) to allow, overriding deny list Allow []net.IPNet // Deny holds a list of IPs (with masks) to deny (block) Deny []net.IPNet }
NetworkRestrictions specifies which addresses should be blocked.
type RestrictionsWatcherClient ¶
type RestrictionsWatcherClient interface { services.Restrictions types.Events }
RestrictionsWatcherClient is used by changeset to fetch a list of proxies and subscribe to updates
Click to show internal directories.
Click to hide internal directories.