pucontext

package
v10.276.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 19, 2020 License: Apache-2.0 Imports: 17 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source
var CounterNames = []string{
	ErrUnknownError:                 "UNKNOWNERROR",
	ErrInvalidNetState:              "INVALIDNETSTATE",
	ErrNonPUTraffic:                 "NONPUTRAFFIC",
	ErrNetSynNotSeen:                "SYNNOTSEEN",
	ErrNoConnFound:                  "CONNECTIONNOTFOUND",
	ErrRejectPacket:                 "REJECTEDPACKET",
	ErrTCPAuthNotFound:              "TCPAUTHENTICATIONOPTIONNOTFOUND",
	ErrInvalidConnState:             "INVALIDCONNECTIONSTATE",
	ErrMarkNotFound:                 "MARKNOTFOUND",
	ErrPortNotFound:                 "PORTNOTFOUND",
	ErrContextIDNotFound:            "CONTEXTNOTFOUND",
	ErrInvalidProtocol:              "INVALIDPROTOCOL",
	ErrServicePreprocessorFailed:    "PREPROCESSINGFAILED",
	ErrServicePostprocessorFailed:   "POSTPROCESSINGFAILED",
	ErrDroppedExternalService:       "ACLSYNDROPPED",
	ErrSynDroppedNoClaims:           "SYNDROPPEDNOCLAIMS",
	ErrSynDroppedInvalidToken:       "SYNDROPPEDINVALIDTOKEN",
	ErrSynDroppedTCPOption:          "SYNDROPPEDAUTHOPTIONNOTFOUND",
	ErrSynDroppedInvalidFormat:      "SYNDROPPEDINVALIDFORMAT",
	ErrSynRejectPacket:              "SYNDROPPEDPOLICY",
	ErrOutOfOrderSynAck:             "UNEXPECTEDSYNACK",
	ErrInvalidSynAck:                "DEADPUSYNACK",
	ErrSynAckMissingToken:           "SYNACKDROPPEDINVALIDTOKEN",
	ErrSynAckBadClaims:              "SYNACKDROPPEDBADCLAIMS",
	ErrSynAckMissingClaims:          "SYNACKDROPPEDNOCLAIMS",
	ErrSynAckNoTCPAuthOption:        "SYNACKAUTHOPTIONNOTFOUND",
	ErrSynAckInvalidFormat:          "SYNACKDROPPEDINVALIDFORMAT",
	ErrSynAckClaimsMisMatch:         "SYNACKDROPPEDCLAIMSMISMATCH",
	ErrSynAckRejected:               "SYNACKDROPPEDPOLICY",
	ErrSynAckDroppedExternalService: "ERRSYNACKDROPPEDEXTERNALSERVICE",
	ErrAckRejected:                  "ACKDROPPEDPOLICY",
	ErrAckTCPNoTCPAuthOption:        "ACKDROPPEDAUTHOPTIONNOTFOUND",
	ErrAckSigValidationFailed:       "ACKDROPPEDSIGVALIDATIONFAILED",
	ErrAckInvalidFormat:             "ACKDROPPEDINVALIDFORMAT",
	ErrAckInUnknownState:            "ACKDROPPEDUNKNOWNCONNSTATE",
	ErrSynUnexpectedPacket:          "SYNUNEXPECTEDPACKET",
	ErrConnectionsProcessed:         "CONNECTIONSPROCESSED",
	ErrEncrConnectionsProcessed:     "ENCRCONNECTIONSPROCESSED",
	ErrUDPInvalidNetState:           "UDPINVALIDNETSTATE",
	ErrUDPDropSynAck:                "UDPDROPSYNACK",
	ErrUDPDropFin:                   "UDPDROPFIN",
	ErrUDPDropPacket:                "UDPDROPPACKET",
	ErrUDPPreProcessingFailed:       "UDPPREPROCESSINGFAILED",
	ErrUDPRejected:                  "UDPREJECTED",
	ErrUDPPostProcessingFailed:      "UDPPOSTPROCESSINGFAILED",
	ErrUDPNoConnection:              "UDPDROPNOCONNECTION",
	ErrUDPSynInvalidToken:           "UDPSYNINVALIDTOKEN",
	ErrUDPSynMissingClaims:          "UDPSYNMISSINGCLAIMS",
	ErrUDPSynDroppedPolicy:          "UDPSYNDROPPEDPOLICY",
	ErrUDPSynAckBadClaims:           "UDPSYNACKBADCLAIMS",
	ErrUDPSynAckMissingClaims:       "UDPSYNACKMISSINGCLAIMS",
	ErrUDPSynAckPolicy:              "UDPSYNACKPOLICY",
	ErrUDPInvalidSignature:          "UDPACKINVALIDSIGNATURE",
	ErrUDPConnectionsProcessed:      "UDPCONNECTIONSPROCESSED",
	ErrUDPContextIDNotFound:         "UDPCONTEXTIDNOTFOUND",
	ErrUDPDropQueueFull:             "UDPDROPQUEUEFULL",
	ErrUDPDropInNfQueue:             "UDPDROPINNFQUEUE",
	ErrUDPSynDropped:                "UDPSYNDROPPED",
	ErrDuplicateHandshakeAckDrop:    "DUPLICATEHANDSHAKEACKDROP",
}

CounterNames is the name for each error reported to the collector

Functions

func GetErrorCounters

func GetErrorCounters() []collector.Counters

GetErrorCounters returns the counters for packets whose PU is not known

func PuContextError

func PuContextError(err ErrorType, logMsg string) error

PuContextError increments a global unknown PU counter and returns an error

func ToError

func ToError(errType ErrorType) error

ToError returns converts error from ErrorType

Types

type ErrorType

type ErrorType int

ErrorType custom counter error type

const (
	ErrUnknownError ErrorType = iota
	ErrInvalidNetState
	ErrNonPUTraffic
	ErrNetSynNotSeen
	ErrNoConnFound
	ErrRejectPacket
	ErrTCPAuthNotFound
	ErrInvalidConnState
	ErrMarkNotFound
	ErrPortNotFound
	ErrContextIDNotFound
	ErrInvalidProtocol
	ErrServicePreprocessorFailed
	ErrServicePostprocessorFailed
	ErrDroppedExternalService
	ErrSynDroppedNoClaims
	ErrSynDroppedInvalidToken
	ErrSynDroppedTCPOption
	ErrSynDroppedInvalidFormat
	ErrSynRejectPacket
	ErrOutOfOrderSynAck
	ErrInvalidSynAck
	ErrSynAckMissingToken
	ErrSynAckBadClaims
	ErrSynAckMissingClaims
	ErrSynAckNoTCPAuthOption
	ErrSynAckInvalidFormat
	ErrSynAckClaimsMisMatch
	ErrSynAckRejected
	ErrSynAckDroppedExternalService
	ErrAckRejected
	ErrAckTCPNoTCPAuthOption
	ErrAckSigValidationFailed
	ErrAckInvalidFormat
	ErrAckInUnknownState
	ErrSynUnexpectedPacket
	ErrConnectionsProcessed
	ErrEncrConnectionsProcessed
	ErrUDPInvalidNetState
	ErrUDPDropSynAck
	ErrUDPDropFin
	ErrUDPDropPacket
	ErrUDPPreProcessingFailed
	ErrUDPRejected
	ErrUDPPostProcessingFailed
	ErrUDPNoConnection
	ErrUDPSynInvalidToken
	ErrUDPSynMissingClaims
	ErrUDPSynDroppedPolicy
	ErrUDPSynAckBadClaims
	ErrUDPSynAckMissingClaims
	ErrUDPSynAckPolicy
	ErrUDPInvalidSignature
	ErrUDPConnectionsProcessed
	ErrUDPContextIDNotFound
	ErrUDPDropQueueFull
	ErrUDPDropInNfQueue
	ErrUDPSynDropped
	ErrDuplicateHandshakeAckDrop
)

Error Constants

func GetError

func GetError(err error) ErrorType

GetError gives the errortype for an error

type PUContext

type PUContext struct {
	ApplicationACLs *acls.ACLCache

	DNSACLs      policy.DNSRuleList
	DNSProxyPort string

	Extension interface{}

	sync.RWMutex
	// contains filtered or unexported fields
}

PUContext holds data indexed by the PU ID

func NewPU

func NewPU(contextID string, puInfo *policy.PUInfo, timeout time.Duration) (*PUContext, error)

NewPU creates a new PU context

func (*PUContext) Annotations

func (p *PUContext) Annotations() *policy.TagStore

Annotations returns the annotations

func (*PUContext) ApplicationACLPolicyFromAddr

func (p *PUContext) ApplicationACLPolicyFromAddr(addr net.IP, port uint16) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)

ApplicationACLPolicyFromAddr retrieve the policy given an address and port.

func (*PUContext) Autoport

func (p *PUContext) Autoport() bool

Autoport returns if auto port feature is set on the PU

func (*PUContext) CacheExternalFlowPolicy

func (p *PUContext) CacheExternalFlowPolicy(packet *packet.Packet, plc interface{})

CacheExternalFlowPolicy will cache an external flow

func (*PUContext) CompressedTags

func (p *PUContext) CompressedTags() *policy.TagStore

CompressedTags returns the compressed tags.

func (*PUContext) CreateRcvRules

func (p *PUContext) CreateRcvRules(policyRules policy.TagSelectorList)

CreateRcvRules create receive rules for this PU based on the update of the policy.

func (*PUContext) CreateTxtRules

func (p *PUContext) CreateTxtRules(policyRules policy.TagSelectorList)

CreateTxtRules create receive rules for this PU based on the update of the policy.

func (*PUContext) GetCachedTokenAndServiceContext

func (p *PUContext) GetCachedTokenAndServiceContext() ([]byte, []byte, error)

GetCachedTokenAndServiceContext returns the cached syn packet token

func (*PUContext) GetErrorCounters

func (p *PUContext) GetErrorCounters() []collector.Counters

GetErrorCounters returns the error counters and resets the counters to zero

func (*PUContext) GetJWT

func (p *PUContext) GetJWT() (string, error)

GetJWT retrieves the JWT if it exists in the cache. Returns error otherwise.

func (*PUContext) GetPolicyFromFQDN

func (p *PUContext) GetPolicyFromFQDN(fqdn string) ([]policy.PortProtocolPolicy, error)

GetPolicyFromFQDN gets the list of policies that are mapped with the hostname

func (*PUContext) GetProcessKeys

func (p *PUContext) GetProcessKeys() (string, []string, []string)

GetProcessKeys returns the cache keys for a process

func (*PUContext) HashID

func (p *PUContext) HashID() string

HashID returns the hash of the ID of the PU

func (*PUContext) ID

func (p *PUContext) ID() string

ID returns the ID of the PU

func (*PUContext) Identity

func (p *PUContext) Identity() *policy.TagStore

Identity returns the indentity

func (*PUContext) ManagementID

func (p *PUContext) ManagementID() string

ManagementID returns the management ID

func (*PUContext) ManagementNamespace

func (p *PUContext) ManagementNamespace() string

ManagementNamespace returns the management namespace

func (*PUContext) Mark

func (p *PUContext) Mark() string

Mark returns the PU mark

func (*PUContext) NetworkACLPolicy

func (p *PUContext) NetworkACLPolicy(packet *packet.Packet) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)

NetworkACLPolicy retrieves the policy based on ACLs

func (*PUContext) NetworkACLPolicyFromAddr

func (p *PUContext) NetworkACLPolicyFromAddr(addr net.IP, port uint16) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)

NetworkACLPolicyFromAddr retrieve the policy given an address and port.

func (*PUContext) PuContextError

func (p *PUContext) PuContextError(err ErrorType, logMsg string) error

PuContextError increments the error counter and returns an error

func (*PUContext) RemoveApplicationACL

func (p *PUContext) RemoveApplicationACL(addr net.IP, mask int)

RemoveApplicationACL removes the application ACLs which are indexed with (ip, mask) key

func (*PUContext) RetrieveCachedExternalFlowPolicy

func (p *PUContext) RetrieveCachedExternalFlowPolicy(id string) (interface{}, error)

RetrieveCachedExternalFlowPolicy returns the policy for an external IP

func (*PUContext) Scopes

func (p *PUContext) Scopes() []string

Scopes returns the scopes.

func (*PUContext) SearchRcvRules

func (p *PUContext) SearchRcvRules(
	tags *policy.TagStore,
) (report *policy.FlowPolicy, packet *policy.FlowPolicy)

SearchRcvRules searches both receive and observed receive rules and returns the index and action

func (*PUContext) SearchTxtRules

func (p *PUContext) SearchTxtRules(
	tags *policy.TagStore,
	skipRejectPolicies bool,
) (report *policy.FlowPolicy, packet *policy.FlowPolicy)

SearchTxtRules searches both receive and observed transmit rules and returns the index and action

func (*PUContext) SynServiceContext

func (p *PUContext) SynServiceContext() []byte

SynServiceContext returns synServiceContext

func (*PUContext) TCPPorts

func (p *PUContext) TCPPorts() []string

TCPPorts returns the PU TCP ports

func (*PUContext) Type

func (p *PUContext) Type() common.PUType

Type return the pu type

func (*PUContext) UDPPorts

func (p *PUContext) UDPPorts() []string

UDPPorts returns the PU UDP ports

func (*PUContext) UpdateApplicationACLs

func (p *PUContext) UpdateApplicationACLs(rules policy.IPRuleList) error

UpdateApplicationACLs updates the application ACL policy

func (*PUContext) UpdateCachedTokenAndServiceContext

func (p *PUContext) UpdateCachedTokenAndServiceContext(token []byte, serviceContext []byte)

UpdateCachedTokenAndServiceContext updates the local cached token

func (*PUContext) UpdateJWT

func (p *PUContext) UpdateJWT(jwt string, expiration time.Time)

UpdateJWT updates the JWT and provides a new expiration date.

func (*PUContext) UpdateNetworkACLs

func (p *PUContext) UpdateNetworkACLs(rules policy.IPRuleList) error

UpdateNetworkACLs updates the network ACL policy

func (*PUContext) UpdateSynServiceContext

func (p *PUContext) UpdateSynServiceContext(synServiceContext []byte)

UpdateSynServiceContext updates the synServiceContext

func (*PUContext) Username

func (p *PUContext) Username() string

Username returns the ID of the PU

type PuErrors

type PuErrors struct {
	// contains filtered or unexported fields
}

PuErrors holds the string,integer for each error

func (PuErrors) Error

func (e PuErrors) Error() string

Error implemented to satisfy the error interface

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL