pucontext

package
v10.240.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 7, 2019 License: Apache-2.0 Imports: 17 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var CounterNames = []string{
	ErrUnknownError:                 "UNKNOWNERROR",
	ErrInvalidNetState:              "INVALIDNETSTATE",
	ErrNonPUTraffic:                 "NONPUTRAFFIC",
	ErrNetSynNotSeen:                "SYNNOTSEEN",
	ErrNoConnFound:                  "CONNECTIONNOTFOUND",
	ErrRejectPacket:                 "REJECTEDPACKET",
	ErrTCPAuthNotFound:              "TCPAUTHENTICATIONOPTIONNOTFOUND",
	ErrInvalidConnState:             "INVALIDCONNECTIONSTATE",
	ErrMarkNotFound:                 "MARKNOTFOUND",
	ErrPortNotFound:                 "PORTNOTFOUND",
	ErrContextIDNotFound:            "CONTEXTNOTFOUND",
	ErrInvalidProtocol:              "INVALIDPROTOCOL",
	ErrServicePreprocessorFailed:    "PREPROCESSINGFAILED",
	ErrServicePostprocessorFailed:   "POSTPROCESSINGFAILED",
	ErrDroppedExternalService:       "ACLSYNDROPPED",
	ErrSynDroppedNoClaims:           "SYNDROPPEDNOCLAIMS",
	ErrSynDroppedInvalidToken:       "SYNDROPPEDINVALIDTOKEN",
	ErrSynDroppedTCPOption:          "SYNDROPPEDAUTHOPTIONNOTFOUND",
	ErrSynDroppedInvalidFormat:      "SYNDROPPEDINVALIDFORMAT",
	ErrSynRejectPacket:              "SYNDROPPEDPOLICY",
	ErrOutOfOrderSynAck:             "UNEXPECTEDSYNACK",
	ErrInvalidSynAck:                "DEADPUSYNACK",
	ErrSynAckMissingToken:           "SYNACKDROPPEDINVALIDTOKEN",
	ErrSynAckBadClaims:              "SYNACKDROPPEDBADCLAIMS",
	ErrSynAckMissingClaims:          "SYNACKDROPPEDNOCLAIMS",
	ErrSynAckNoTCPAuthOption:        "SYNACKAUTHOPTIONNOTFOUND",
	ErrSynAckInvalidFormat:          "SYNACKDROPPEDINVALIDFORMAT",
	ErrSynAckClaimsMisMatch:         "SYNACKDROPPEDCLAIMSMISMATCH",
	ErrSynAckRejected:               "SYNACKDROPPEDPOLICY",
	ErrSynAckDroppedExternalService: "ERRSYNACKDROPPEDEXTERNALSERVICE",
	ErrAckRejected:                  "ACKDROPPEDPOLICY",
	ErrAckTCPNoTCPAuthOption:        "ACKDROPPEDAUTHOPTIONNOTFOUND",
	ErrAckSigValidationFailed:       "ACKDROPPEDSIGVALIDATIONFAILED",
	ErrAckInvalidFormat:             "ACKDROPPEDINVALIDFORMAT",
	ErrAckInUnknownState:            "ACKDROPPEDUNKNOWNCONNSTATE",
	ErrSynUnexpectedPacket:          "SYNUNEXPECTEDPACKET",
	ErrConnectionsProcessed:         "CONNECTIONSPROCESSED",
	ErrEncrConnectionsProcessed:     "ENCRCONNECTIONSPROCESSED",
	ErrUDPInvalidNetState:           "UDPINVALIDNETSTATE",
	ErrUDPDropSynAck:                "UDPDROPSYNACK",
	ErrUDPDropFin:                   "UDPDROPFIN",
	ErrUDPDropPacket:                "UDPDROPPACKET",
	ErrUDPPreProcessingFailed:       "UDPPREPROCESSINGFAILED",
	ErrUDPRejected:                  "UDPREJECTED",
	ErrUDPPostProcessingFailed:      "UDPPOSTPROCESSINGFAILED",
	ErrUDPNoConnection:              "UDPDROPNOCONNECTION",
	ErrUDPSynInvalidToken:           "UDPSYNINVALIDTOKEN",
	ErrUDPSynMissingClaims:          "UDPSYNMISSINGCLAIMS",
	ErrUDPSynDroppedPolicy:          "UDPSYNDROPPEDPOLICY",
	ErrUDPSynAckBadClaims:           "UDPSYNACKBADCLAIMS",
	ErrUDPSynAckMissingClaims:       "UDPSYNACKMISSINGCLAIMS",
	ErrUDPSynAckPolicy:              "UDPSYNACKPOLICY",
	ErrUDPInvalidSignature:          "UDPACKINVALIDSIGNATURE",
	ErrUDPConnectionsProcessed:      "UDPCONNECTIONSPROCESSED",
	ErrUDPContextIDNotFound:         "UDPCONTEXTIDNOTFOUND",
	ErrUDPDropQueueFull:             "UDPDROPQUEUEFULL",
	ErrUDPDropInNfQueue:             "UDPDROPINNFQUEUE",
	ErrUDPSynDropped:                "UDPSYNDROPPED",
}

CounterNames is the name for each error reported to the collector

Functions

func GetErrorCounters 

func GetErrorCounters() []collector.Counters

GetErrorCounters returns the counters for packets whose PU is not known

func PuContextError 

func PuContextError(err ErrorType, logMsg string) error

PuContextError increments a global unknown PU counter and returns an error

func ToError 

func ToError(errType ErrorType) error

ToError returns converts error from ErrorType

Types

type ErrorType 

type ErrorType int

ErrorType custom counter error type 

const (
	ErrUnknownError ErrorType = iota
	ErrInvalidNetState
	ErrNonPUTraffic
	ErrNetSynNotSeen
	ErrNoConnFound
	ErrRejectPacket
	ErrTCPAuthNotFound
	ErrInvalidConnState
	ErrMarkNotFound
	ErrPortNotFound
	ErrContextIDNotFound
	ErrInvalidProtocol
	ErrServicePreprocessorFailed
	ErrServicePostprocessorFailed
	ErrDroppedExternalService
	ErrSynDroppedNoClaims
	ErrSynDroppedInvalidToken
	ErrSynDroppedTCPOption
	ErrSynDroppedInvalidFormat
	ErrSynRejectPacket
	ErrOutOfOrderSynAck
	ErrInvalidSynAck
	ErrSynAckMissingToken
	ErrSynAckBadClaims
	ErrSynAckMissingClaims
	ErrSynAckNoTCPAuthOption
	ErrSynAckInvalidFormat
	ErrSynAckClaimsMisMatch
	ErrSynAckRejected
	ErrSynAckDroppedExternalService
	ErrAckRejected
	ErrAckTCPNoTCPAuthOption
	ErrAckSigValidationFailed
	ErrAckInvalidFormat
	ErrAckInUnknownState
	ErrSynUnexpectedPacket
	ErrConnectionsProcessed
	ErrEncrConnectionsProcessed
	ErrUDPInvalidNetState
	ErrUDPDropSynAck
	ErrUDPDropFin
	ErrUDPDropPacket
	ErrUDPPreProcessingFailed
	ErrUDPRejected
	ErrUDPPostProcessingFailed
	ErrUDPNoConnection
	ErrUDPSynInvalidToken
	ErrUDPSynMissingClaims
	ErrUDPSynDroppedPolicy
	ErrUDPSynAckBadClaims
	ErrUDPSynAckMissingClaims
	ErrUDPSynAckPolicy
	ErrUDPInvalidSignature
	ErrUDPConnectionsProcessed
	ErrUDPContextIDNotFound
	ErrUDPDropQueueFull
	ErrUDPDropInNfQueue
	ErrUDPSynDropped
)

Error Constants

func GetError 

func GetError(err error) ErrorType

GetError gives the errortype for an error

type PUContext 

type PUContext struct {
	ApplicationACLs *acls.ACLCache

	DNSACLs      policy.DNSRuleList
	DNSProxyPort string

	Extension interface{}

	sync.RWMutex
	// contains filtered or unexported fields
}

PUContext holds data indexed by the PU ID

func NewPU 

func NewPU(contextID string, puInfo *policy.PUInfo, timeout time.Duration) (*PUContext, error)

NewPU creates a new PU context

func (*PUContext) Annotations 

func (p *PUContext) Annotations() *policy.TagStore

Annotations returns the annotations

func (*PUContext) ApplicationACLPolicyFromAddr 

func (p *PUContext) ApplicationACLPolicyFromAddr(addr net.IP, port uint16) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)

ApplicationACLPolicyFromAddr retrieve the policy given an address and port.

func (*PUContext) Autoport 

func (p *PUContext) Autoport() bool

Autoport returns if auto port feature is set on the PU

func (*PUContext) CacheExternalFlowPolicy 

func (p *PUContext) CacheExternalFlowPolicy(packet *packet.Packet, plc interface{})

CacheExternalFlowPolicy will cache an external flow

func (*PUContext) CompressedTags 

func (p *PUContext) CompressedTags() *policy.TagStore

CompressedTags returns the compressed tags.

func (*PUContext) CreateRcvRules 

func (p *PUContext) CreateRcvRules(policyRules policy.TagSelectorList)

CreateRcvRules create receive rules for this PU based on the update of the policy.

func (*PUContext) CreateTxtRules 

func (p *PUContext) CreateTxtRules(policyRules policy.TagSelectorList)

CreateTxtRules create receive rules for this PU based on the update of the policy.

func (*PUContext) GetCachedTokenAndServiceContext 

func (p *PUContext) GetCachedTokenAndServiceContext() ([]byte, []byte, error)

GetCachedTokenAndServiceContext returns the cached syn packet token

func (*PUContext) GetErrorCounters 

func (p *PUContext) GetErrorCounters() []collector.Counters

GetErrorCounters returns the error counters and resets the counters to zero

func (*PUContext) GetJWT 

func (p *PUContext) GetJWT() (string, error)

GetJWT retrieves the JWT if it exists in the cache. Returns error otherwise.

func (*PUContext) GetPolicyFromFQDN 

func (p *PUContext) GetPolicyFromFQDN(fqdn string) ([]policy.PortProtocolPolicy, error)

GetPolicyFromFQDN gets the list of policies that are mapped with the hostname

func (*PUContext) GetProcessKeys 

func (p *PUContext) GetProcessKeys() (string, []string, []string)

GetProcessKeys returns the cache keys for a process

func (*PUContext) HashID 

func (p *PUContext) HashID() string

HashID returns the hash of the ID of the PU

func (*PUContext) ID 

func (p *PUContext) ID() string

ID returns the ID of the PU

func (*PUContext) Identity 

func (p *PUContext) Identity() *policy.TagStore

Identity returns the indentity

func (*PUContext) ManagementID 

func (p *PUContext) ManagementID() string

ManagementID returns the management ID

func (*PUContext) ManagementNamespace 

func (p *PUContext) ManagementNamespace() string

ManagementNamespace returns the management namespace

func (*PUContext) Mark 

func (p *PUContext) Mark() string

Mark returns the PU mark

func (*PUContext) NetworkACLPolicy 

func (p *PUContext) NetworkACLPolicy(packet *packet.Packet) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)

NetworkACLPolicy retrieves the policy based on ACLs

func (*PUContext) NetworkACLPolicyFromAddr 

func (p *PUContext) NetworkACLPolicyFromAddr(addr net.IP, port uint16) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)

NetworkACLPolicyFromAddr retrieve the policy given an address and port.

func (*PUContext) PuContextError 

func (p *PUContext) PuContextError(err ErrorType, logMsg string) error

PuContextError increments the error counter and returns an error

func (*PUContext) RemoveApplicationACL 

func (p *PUContext) RemoveApplicationACL(addr net.IP, mask int)

RemoveApplicationACL removes the application ACLs which are indexed with (ip, mask) key

func (*PUContext) RetrieveCachedExternalFlowPolicy 

func (p *PUContext) RetrieveCachedExternalFlowPolicy(id string) (interface{}, error)

RetrieveCachedExternalFlowPolicy returns the policy for an external IP

func (*PUContext) Scopes 

func (p *PUContext) Scopes() []string

Scopes returns the scopes.

func (*PUContext) SearchRcvRules 

func (p *PUContext) SearchRcvRules(
	tags *policy.TagStore,
) (report *policy.FlowPolicy, packet *policy.FlowPolicy)

SearchRcvRules searches both receive and observed receive rules and returns the index and action

func (*PUContext) SearchTxtRules 

func (p *PUContext) SearchTxtRules(
	tags *policy.TagStore,
	skipRejectPolicies bool,
) (report *policy.FlowPolicy, packet *policy.FlowPolicy)

SearchTxtRules searches both receive and observed transmit rules and returns the index and action

func (*PUContext) SynServiceContext 

func (p *PUContext) SynServiceContext() []byte

SynServiceContext returns synServiceContext

func (*PUContext) TCPPorts 

func (p *PUContext) TCPPorts() []string

TCPPorts returns the PU TCP ports

func (*PUContext) Type 

func (p *PUContext) Type() common.PUType

Type return the pu type

func (*PUContext) UDPPorts 

func (p *PUContext) UDPPorts() []string

UDPPorts returns the PU UDP ports

func (*PUContext) UpdateApplicationACLs 

func (p *PUContext) UpdateApplicationACLs(rules policy.IPRuleList) error

UpdateApplicationACLs updates the application ACL policy

func (*PUContext) UpdateCachedTokenAndServiceContext 

func (p *PUContext) UpdateCachedTokenAndServiceContext(token []byte, serviceContext []byte)

UpdateCachedTokenAndServiceContext updates the local cached token

func (*PUContext) UpdateJWT 

func (p *PUContext) UpdateJWT(jwt string, expiration time.Time)

UpdateJWT updates the JWT and provides a new expiration date.

func (*PUContext) UpdateNetworkACLs 

func (p *PUContext) UpdateNetworkACLs(rules policy.IPRuleList) error

UpdateNetworkACLs updates the network ACL policy

func (*PUContext) UpdateSynServiceContext 

func (p *PUContext) UpdateSynServiceContext(synServiceContext []byte)

UpdateSynServiceContext updates the synServiceContext

func (*PUContext) Username 

func (p *PUContext) Username() string

Username returns the ID of the PU

type PuErrors 

type PuErrors struct {
	// contains filtered or unexported fields
}

PuErrors holds the string,integer for each error

func (PuErrors) Error 

func (e PuErrors) Error() string

Error implemented to satisfy the error interface

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.