Documentation ¶
Index ¶
- Variables
- func GetErrorCounters() []collector.Counters
- func PuContextError(err ErrorType, logMsg string) error
- func ToError(errType ErrorType) error
- type ErrorType
- type PUContext
- func (p *PUContext) Annotations() *policy.TagStore
- func (p *PUContext) ApplicationACLPolicyFromAddr(addr net.IP, port uint16) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)
- func (p *PUContext) Autoport() bool
- func (p *PUContext) CacheExternalFlowPolicy(packet *packet.Packet, plc interface{})
- func (p *PUContext) CreateRcvRules(policyRules policy.TagSelectorList)
- func (p *PUContext) CreateTxtRules(policyRules policy.TagSelectorList)
- func (p *PUContext) GetCachedTokenAndServiceContext() ([]byte, []byte, error)
- func (p *PUContext) GetErrorCounters() []collector.Counters
- func (p *PUContext) GetJWT() (string, error)
- func (p *PUContext) GetProcessKeys() (string, []string, []string)
- func (p *PUContext) ID() string
- func (p *PUContext) Identity() *policy.TagStore
- func (p *PUContext) ManagementID() string
- func (p *PUContext) ManagementNamespace() string
- func (p *PUContext) Mark() string
- func (p *PUContext) NetworkACLPolicy(packet *packet.Packet) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)
- func (p *PUContext) NetworkACLPolicyFromAddr(addr net.IP, port uint16) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)
- func (p *PUContext) PuContextError(err ErrorType, logMsg string) error
- func (p *PUContext) RetrieveCachedExternalFlowPolicy(id string) (interface{}, error)
- func (p *PUContext) Scopes() []string
- func (p *PUContext) SearchRcvRules(tags *policy.TagStore) (report *policy.FlowPolicy, packet *policy.FlowPolicy)
- func (p *PUContext) SearchTxtRules(tags *policy.TagStore, skipRejectPolicies bool) (report *policy.FlowPolicy, packet *policy.FlowPolicy)
- func (p *PUContext) SynServiceContext() []byte
- func (p *PUContext) TCPPorts() []string
- func (p *PUContext) Type() common.PUType
- func (p *PUContext) UDPPorts() []string
- func (p *PUContext) UpdateApplicationACLs(rules policy.IPRuleList) error
- func (p *PUContext) UpdateCachedTokenAndServiceContext(token []byte, serviceContext []byte)
- func (p *PUContext) UpdateJWT(jwt string, expiration time.Time)
- func (p *PUContext) UpdateNetworkACLs(rules policy.IPRuleList) error
- func (p *PUContext) UpdateSynServiceContext(synServiceContext []byte)
- func (p *PUContext) Username() string
- type PuErrors
Constants ¶
This section is empty.
Variables ¶
var CounterNames = []string{ ErrUnknownError: "UNKNOWNERROR", ErrInvalidNetState: "INVALIDNETSTATE", ErrNonPUTraffic: "NONPUTRAFFIC", ErrNetSynNotSeen: "SYNNOTSEEN", ErrNoConnFound: "CONNECTIONNOTFOUND", ErrRejectPacket: "REJECTEDPACKET", ErrTCPAuthNotFound: "TCPAUTHENTICATIONOPTIONNOTFOUND", ErrInvalidConnState: "INVALIDCONNECTIONSTATE", ErrMarkNotFound: "MARKNOTFOUND", ErrPortNotFound: "PORTNOTFOUND", ErrContextIDNotFound: "CONTEXTNOTFOUND", ErrInvalidProtocol: "INVALIDPROTOCOL", ErrServicePreprocessorFailed: "PREPROCESSINGFAILED", ErrServicePostprocessorFailed: "POSTPROCESSINGFAILED", ErrDroppedExternalService: "ACLSYNDROPPED", ErrSynDroppedNoClaims: "SYNDROPPEDNOCLAIMS", ErrSynDroppedInvalidToken: "SYNDROPPEDINVALIDTOKEN", ErrSynDroppedTCPOption: "SYNDROPPEDAUTHOPTIONNOTFOUND", ErrSynDroppedInvalidFormat: "SYNDROPPEDINVALIDFORMAT", ErrSynRejectPacket: "SYNDROPPEDPOLICY", ErrOutOfOrderSynAck: "UNEXPECTEDSYNACK", ErrInvalidSynAck: "DEADPUSYNACK", ErrSynAckMissingToken: "SYNACKDROPPEDINVALIDTOKEN", ErrSynAckBadClaims: "SYNACKDROPPEDBADCLAIMS", ErrSynAckMissingClaims: "SYNACKDROPPEDNOCLAIMS", ErrSynAckNoTCPAuthOption: "SYNACKAUTHOPTIONNOTFOUND", ErrSynAckInvalidFormat: "SYNACKDROPPEDINVALIDFORMAT", ErrSynAckClaimsMisMatch: "SYNACKDROPPEDCLAIMSMISMATCH", ErrSynAckRejected: "SYNACKDROPPEDPOLICY", ErrSynAckDroppedExternalService: "ERRSYNACKDROPPEDEXTERNALSERVICE", ErrAckRejected: "ACKDROPPEDPOLICY", ErrAckTCPNoTCPAuthOption: "ACKDROPPEDAUTHOPTIONNOTFOUND", ErrAckSigValidationFailed: "ACKDROPPEDSIGVALIDATIONFAILED", ErrAckInvalidFormat: "ACKDROPPEDINVALIDFORMAT", ErrAckInUnknownState: "ACKDROPPEDUNKNOWNCONNSTATE", ErrSynUnexpectedPacket: "SYNUNEXPECTEDPACKET", ErrConnectionsProcessed: "CONNECTIONSPROCESSED", ErrEncrConnectionsProcessed: "ENCRCONNECTIONSPROCESSED", ErrUDPInvalidNetState: "UDPINVALIDNETSTATE", ErrUDPDropSynAck: "UDPDROPSYNACK", ErrUDPDropFin: "UDPDROPFIN", ErrUDPDropPacket: "UDPDROPPACKET", ErrUDPPreProcessingFailed: "UDPPREPROCESSINGFAILED", ErrUDPRejected: "UDPREJECTED", ErrUDPPostProcessingFailed: "UDPPOSTPROCESSINGFAILED", ErrUDPNoConnection: "UDPDROPNOCONNECTION", ErrUDPSynInvalidToken: "UDPSYNINVALIDTOKEN", ErrUDPSynMissingClaims: "UDPSYNMISSINGCLAIMS", ErrUDPSynDroppedPolicy: "UDPSYNDROPPEDPOLICY", ErrUDPSynAckBadClaims: "UDPSYNACKBADCLAIMS", ErrUDPSynAckMissingClaims: "UDPSYNACKMISSINGCLAIMS", ErrUDPSynAckPolicy: "UDPSYNACKPOLICY", ErrUDPInvalidSignature: "UDPACKINVALIDSIGNATURE", ErrUDPConnectionsProcessed: "UDPCONNECTIONSPROCESSED", ErrUDPContextIDNotFound: "UDPCONTEXTIDNOTFOUND", ErrUDPDropQueueFull: "UDPDROPQUEUEFULL", ErrUDPDropInNfQueue: "UDPDROPINNFQUEUE", ErrUDPSynDropped: "UDPSYNDROPPED", }
CounterNames is the name for each error reported to the collector
var LookupHost = net.LookupHost
LookupHost is mapped to the function net.LookupHost
Functions ¶
func GetErrorCounters ¶
GetErrorCounters returns the counters for packets whose PU is not known
func PuContextError ¶
PuContextError increments a global unknown PU counter and returns an error
Types ¶
type ErrorType ¶
type ErrorType int
ErrorType custom counter error type
const ( ErrUnknownError ErrorType = iota ErrInvalidNetState ErrNonPUTraffic ErrNetSynNotSeen ErrNoConnFound ErrRejectPacket ErrTCPAuthNotFound ErrInvalidConnState ErrMarkNotFound ErrPortNotFound ErrContextIDNotFound ErrInvalidProtocol ErrServicePreprocessorFailed ErrServicePostprocessorFailed ErrDroppedExternalService ErrSynDroppedNoClaims ErrSynDroppedInvalidToken ErrSynDroppedTCPOption ErrSynDroppedInvalidFormat ErrSynRejectPacket ErrOutOfOrderSynAck ErrInvalidSynAck ErrSynAckMissingToken ErrSynAckBadClaims ErrSynAckMissingClaims ErrSynAckNoTCPAuthOption ErrSynAckInvalidFormat ErrSynAckClaimsMisMatch ErrSynAckRejected ErrSynAckDroppedExternalService ErrAckRejected ErrAckTCPNoTCPAuthOption ErrAckSigValidationFailed ErrAckInvalidFormat ErrAckInUnknownState ErrSynUnexpectedPacket ErrConnectionsProcessed ErrEncrConnectionsProcessed ErrUDPInvalidNetState ErrUDPDropSynAck ErrUDPDropFin ErrUDPDropPacket ErrUDPPreProcessingFailed ErrUDPRejected ErrUDPPostProcessingFailed ErrUDPNoConnection ErrUDPSynInvalidToken ErrUDPSynMissingClaims ErrUDPSynDroppedPolicy ErrUDPSynAckBadClaims ErrUDPSynAckMissingClaims ErrUDPSynAckPolicy ErrUDPInvalidSignature ErrUDPConnectionsProcessed ErrUDPContextIDNotFound ErrUDPDropQueueFull ErrUDPDropInNfQueue ErrUDPSynDropped )
Error Constants
type PUContext ¶
type PUContext struct { ApplicationACLs *acls.ACLCache DNSACLs cache.DataStore Extension interface{} CancelFunc context.CancelFunc sync.RWMutex // contains filtered or unexported fields }
PUContext holds data indexed by the PU ID
func (*PUContext) Annotations ¶
Annotations returns the annotations
func (*PUContext) ApplicationACLPolicyFromAddr ¶
func (p *PUContext) ApplicationACLPolicyFromAddr(addr net.IP, port uint16) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)
ApplicationACLPolicyFromAddr retrieve the policy given an address and port.
func (*PUContext) CacheExternalFlowPolicy ¶
CacheExternalFlowPolicy will cache an external flow
func (*PUContext) CreateRcvRules ¶
func (p *PUContext) CreateRcvRules(policyRules policy.TagSelectorList)
CreateRcvRules create receive rules for this PU based on the update of the policy.
func (*PUContext) CreateTxtRules ¶
func (p *PUContext) CreateTxtRules(policyRules policy.TagSelectorList)
CreateTxtRules create receive rules for this PU based on the update of the policy.
func (*PUContext) GetCachedTokenAndServiceContext ¶
GetCachedTokenAndServiceContext returns the cached syn packet token
func (*PUContext) GetErrorCounters ¶
GetErrorCounters returns the error counters and resets the counters to zero
func (*PUContext) GetJWT ¶
GetJWT retrieves the JWT if it exists in the cache. Returns error otherwise.
func (*PUContext) GetProcessKeys ¶
GetProcessKeys returns the cache keys for a process
func (*PUContext) ManagementID ¶
ManagementID returns the management ID
func (*PUContext) ManagementNamespace ¶
ManagementNamespace returns the management namespace
func (*PUContext) NetworkACLPolicy ¶
func (p *PUContext) NetworkACLPolicy(packet *packet.Packet) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)
NetworkACLPolicy retrieves the policy based on ACLs
func (*PUContext) NetworkACLPolicyFromAddr ¶
func (p *PUContext) NetworkACLPolicyFromAddr(addr net.IP, port uint16) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)
NetworkACLPolicyFromAddr retrieve the policy given an address and port.
func (*PUContext) PuContextError ¶
PuContextError increments the error counter and returns an error
func (*PUContext) RetrieveCachedExternalFlowPolicy ¶
RetrieveCachedExternalFlowPolicy returns the policy for an external IP
func (*PUContext) SearchRcvRules ¶
func (p *PUContext) SearchRcvRules( tags *policy.TagStore, ) (report *policy.FlowPolicy, packet *policy.FlowPolicy)
SearchRcvRules searches both receive and observed receive rules and returns the index and action
func (*PUContext) SearchTxtRules ¶
func (p *PUContext) SearchTxtRules( tags *policy.TagStore, skipRejectPolicies bool, ) (report *policy.FlowPolicy, packet *policy.FlowPolicy)
SearchTxtRules searches both receive and observed transmit rules and returns the index and action
func (*PUContext) SynServiceContext ¶
SynServiceContext returns synServiceContext
func (*PUContext) UpdateApplicationACLs ¶
func (p *PUContext) UpdateApplicationACLs(rules policy.IPRuleList) error
UpdateApplicationACLs updates the application ACL policy
func (*PUContext) UpdateCachedTokenAndServiceContext ¶
UpdateCachedTokenAndServiceContext updates the local cached token
func (*PUContext) UpdateNetworkACLs ¶
func (p *PUContext) UpdateNetworkACLs(rules policy.IPRuleList) error
UpdateNetworkACLs updates the network ACL policy
func (*PUContext) UpdateSynServiceContext ¶
UpdateSynServiceContext updates the synServiceContext