pucontext

package
v10.355.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 23, 2021 License: Apache-2.0 Imports: 25 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type PUContext

type PUContext struct {
	ApplicationACLs *acls.ACLCache

	DNSACLs      policy.DNSRuleList
	DNSProxyPort string

	Extension interface{}

	sync.RWMutex
	// contains filtered or unexported fields
}

PUContext holds data indexed by the PU ID

func NewPU

func NewPU(contextID string, puInfo *policy.PUInfo, tokenAccessor tokenaccessor.TokenAccessor, timeout time.Duration) (*PUContext, error)

NewPU creates a new PU context

func (*PUContext) Annotations

func (p *PUContext) Annotations() *policy.TagStore

Annotations returns the annotations

func (*PUContext) ApplicationACLPolicyFromAddr

func (p *PUContext) ApplicationACLPolicyFromAddr(addr net.IP, port uint16, protocol uint8) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)

ApplicationACLPolicyFromAddr retrieve the policy given an address and port.

func (*PUContext) ApplicationICMPACLPolicy

func (p *PUContext) ApplicationICMPACLPolicy(ip net.IP, icmpType, icmpCode int8) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)

ApplicationICMPACLPolicy retrieve the policy for ICMP

func (*PUContext) Autoport

func (p *PUContext) Autoport() bool

Autoport returns if auto port feature is set on the PU

func (*PUContext) CacheExternalFlowPolicy

func (p *PUContext) CacheExternalFlowPolicy(packet *packet.Packet, plc interface{})

CacheExternalFlowPolicy will cache an external flow

func (*PUContext) CompressedTags

func (p *PUContext) CompressedTags() *policy.TagStore

CompressedTags returns the compressed tags.

func (*PUContext) Counters

func (p *PUContext) Counters() *counters.Counters

Counters returns the scopes.

func (*PUContext) CreateRcvRules

func (p *PUContext) CreateRcvRules(policyRules policy.TagSelectorList)

CreateRcvRules create receive rules for this PU based on the update of the policy.

func (*PUContext) CreateTxtRules

func (p *PUContext) CreateTxtRules(policyRules policy.TagSelectorList)

CreateTxtRules create receive rules for this PU based on the update of the policy.

func (*PUContext) DependentServices

func (p *PUContext) DependentServices(fqdn string) []*policy.ApplicationService

DependentServices searches if the PU has a dependent service on this FQDN. If yes, it returns the ports for that service.

func (*PUContext) FlushApplicationACL

func (p *PUContext) FlushApplicationACL(addr net.IP, mask int)

FlushApplicationACL removes the application ACLs which are indexed with (ip, mask) key for all protocols and ports

func (*PUContext) GetJWT

func (p *PUContext) GetJWT() (string, error)

GetJWT retrieves the JWT if it exists in the cache. Returns error otherwise.

func (*PUContext) GetPolicyFromFQDN

func (p *PUContext) GetPolicyFromFQDN(fqdn string) ([]policy.PortProtocolPolicy, string, error)

GetPolicyFromFQDN gets the list of policies that are mapped with the hostname

func (*PUContext) GetProcessKeys

func (p *PUContext) GetProcessKeys() (string, []string, []string)

GetProcessKeys returns the cache keys for a process

func (*PUContext) GetSecrets

func (p *PUContext) GetSecrets() (secrets.Secrets, *ephemeralkeys.PrivateKey, []byte, []byte, []byte, []byte)

GetSecrets returns the datapath secret and ephemeral public and private key

func (*PUContext) GetSynToken

func (p *PUContext) GetSynToken(pingPayload *policy.PingPayload, nonce [16]byte, claimsHeader *claimsheader.ClaimsHeader) (secrets.Secrets, *ephemeralkeys.PrivateKey, []byte)

GetSynToken returns the cached syntoken if the datapath secret has not changed or the ping payload is present.

func (*PUContext) HashID

func (p *PUContext) HashID() string

HashID returns the hash of the ID of the PU

func (*PUContext) ID

func (p *PUContext) ID() string

ID returns the ID of the PU

func (*PUContext) Identity

func (p *PUContext) Identity() *policy.TagStore

Identity returns the indentity

func (*PUContext) LookupLogPrefix

func (p *PUContext) LookupLogPrefix(key string) (string, bool)

LookupLogPrefix lookup the log prefix from the key

func (*PUContext) ManagementID

func (p *PUContext) ManagementID() string

ManagementID returns the management ID

func (*PUContext) ManagementNamespace

func (p *PUContext) ManagementNamespace() string

ManagementNamespace returns the management namespace

func (*PUContext) ManagementNamespaceHash

func (p *PUContext) ManagementNamespaceHash() string

ManagementNamespaceHash returns the management namespace hash

func (*PUContext) Mark

func (p *PUContext) Mark() string

Mark returns the PU mark

func (*PUContext) NetworkACLPolicy

func (p *PUContext) NetworkACLPolicy(packet *packet.Packet) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)

NetworkACLPolicy retrieves the policy based on ACLs

func (*PUContext) NetworkACLPolicyFromAddr

func (p *PUContext) NetworkACLPolicyFromAddr(addr net.IP, port uint16, protocol uint8) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)

NetworkACLPolicyFromAddr retrieve the policy given an address and port.

func (*PUContext) NetworkICMPACLPolicy

func (p *PUContext) NetworkICMPACLPolicy(ip net.IP, icmpType, icmpCode int8) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)

NetworkICMPACLPolicy retrieve the policy for ICMP

func (*PUContext) RemoveApplicationACL

func (p *PUContext) RemoveApplicationACL(ipaddress string, protocols, ports []string, policy *policy.FlowPolicy) error

RemoveApplicationACL removes the application ACLs for a specific IP address for all protocols and ports that match a policy. NOTE: Rules need to be a full port/policy match in order to get removed. Partial port matches in ranges will not get removed.

func (*PUContext) RetrieveCachedExternalFlowPolicy

func (p *PUContext) RetrieveCachedExternalFlowPolicy(id string) (interface{}, error)

RetrieveCachedExternalFlowPolicy returns the policy for an external IP

func (*PUContext) Scopes

func (p *PUContext) Scopes() []string

Scopes returns the scopes.

func (*PUContext) SearchRcvRules

func (p *PUContext) SearchRcvRules(
	tags *policy.TagStore,
) (report *policy.FlowPolicy, packet *policy.FlowPolicy)

SearchRcvRules searches both receive and observed receive rules and returns the index and action

func (*PUContext) SearchTxtRules

func (p *PUContext) SearchTxtRules(
	tags *policy.TagStore,
	skipRejectPolicies bool,
) (report *policy.FlowPolicy, packet *policy.FlowPolicy)

SearchTxtRules searches both receive and observed transmit rules and returns the index and action

func (*PUContext) StopProcessing

func (p *PUContext) StopProcessing()

StopProcessing cancels the context such that all the goroutines can return.

func (*PUContext) TCPPorts

func (p *PUContext) TCPPorts() []string

TCPPorts returns the PU TCP ports

func (*PUContext) Type

func (p *PUContext) Type() common.PUType

Type return the pu type

func (*PUContext) UDPPorts

func (p *PUContext) UDPPorts() []string

UDPPorts returns the PU UDP ports

func (*PUContext) UpdateApplicationACLs

func (p *PUContext) UpdateApplicationACLs(rules policy.IPRuleList) error

UpdateApplicationACLs updates the application ACL policy

func (*PUContext) UpdateJWT

func (p *PUContext) UpdateJWT(jwt string, expiration time.Time)

UpdateJWT updates the JWT and provides a new expiration date.

func (*PUContext) UpdateNetworkACLs

func (p *PUContext) UpdateNetworkACLs(rules policy.IPRuleList) error

UpdateNetworkACLs updates the network ACL policy

func (*PUContext) Username

func (p *PUContext) Username() string

Username returns the ID of the PU

func (*PUContext) UsesFQDN

func (p *PUContext) UsesFQDN() bool

UsesFQDN indicates whether this PU policy has an ACL or Service that uses an FQDN

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL