restrictedsession

package
v1.3.3-0...-3aec24a Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 13, 2022 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ParseIPSpec

func ParseIPSpec(cidr string) (*net.IPNet, error)

ParseIPSpec takes in either a CIDR format (e.g. 192.168.1.2/16 or fe::/8) or a single IP address (e.g. 10.1.2.3 or fe::1) and returns *net.IPNet. In case of a single IP address, the associated network length is either /32 for IPv4 or /128 for IPv6.

Types

type Manager

type Manager interface {
	// OpenSession starts enforcing restrictions for a cgroup with cgroupID
	OpenSession(ctx *bpf.SessionContext, cgroupID uint64)
	// CloseSession stops enforcing restrictions for a cgroup with cgroupID
	CloseSession(ctx *bpf.SessionContext, cgroupID uint64)
	// Close stops the manager, cleaning up any resources
	Close()
}

Manager starts and stop enforcing restrictions for a given session.

func New

New returns a new NOP service. Note this function does nothing.

type NOP

type NOP struct{}

Stubbed out Manager interface for cases where the real thing is not used.

func (NOP) Close

func (NOP) Close()

func (NOP) CloseSession

func (NOP) CloseSession(ctx *bpf.SessionContext, cgroupID uint64)

func (NOP) OpenSession

func (NOP) OpenSession(ctx *bpf.SessionContext, cgroupID uint64)

func (NOP) UpdateNetworkRestrictions

func (NOP) UpdateNetworkRestrictions(r *NetworkRestrictions) error

type NetworkRestrictions

type NetworkRestrictions struct {
	// Enabled controls if restrictions are enforced.
	Enabled bool

	// Allow holds a list of IPs (with masks) to allow, overriding deny list
	Allow []net.IPNet

	// Deny holds a list of IPs (with masks) to deny (block)
	Deny []net.IPNet
}

NetworkRestrictions specifies which addresses should be blocked.

type RestrictionsWatcherClient

type RestrictionsWatcherClient interface {
	services.Restrictions
	types.Events
}

RestrictionsWatcherClient is used by changeset to fetch a list of proxies and subscribe to updates

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL