descriptor

package
v3.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 6, 2023 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// IPSecSPDDescriptorName is the name of the descriptor for VPP IPSec SPD
	// configurations.
	IPSecSPDDescriptorName = "vpp-ipsec-spd"
)
View Source 
const (
	// SADescriptorName is the name of the descriptor for VPP security associations.
	SADescriptorName = "vpp-ipsec-sa"
)
View Source 
const (
	// SPDInterfaceDescriptorName is the name of the descriptor for bindings between
	// VPP IPSec security policy database and interfaces.
	SPDInterfaceDescriptorName = "vpp-spd-interface"
)
View Source 
const (
	// SPDescriptorName is the name of the descriptor for configuring VPP IPSec security policies.
	SPDescriptorName = "vpp-ipsec-sp"
)
View Source 
const (
	// TunProtectDescriptorName is the name of the descriptor for VPP tunnel protection.
	TunProtectDescriptorName = "vpp-tun-protect"
)

Variables

View Source 
var (
	// ErrSAWithoutIndex is returned when VPP security association was defined
	// without index.
	ErrSAWithoutIndex = errors.New("VPP security association defined without index")

	// ErrSAInvalidIndex is returned when VPP security association was defined
	// with non-numerical index.
	ErrSAInvalidIndex = errors.New("VPP security association defined with invalid index")
)

A list of non-retriable errors:

View Source 
var (
	// ErrTunProtectNoInterface is returned when VPP tunnel protection was defined without an interface.
	ErrTunProtectNoInterface = errors.New("VPP tunnel protection defined without interface")
	// ErrTunProtectNoSaOut is returned when VPP tunnel protection was defined without outbound SAs.
	ErrTunProtectNoSaOut = errors.New("VPP tunnel protection defined without outbound SAs")
	// ErrTunProtectNoSaIn is returned when VPP tunnel protection was defined without inbound SAs.
	ErrTunProtectNoSaIn = errors.New("VPP tunnel protection defined without inbound SAs")
	// ErrTunProtectUpdateIfMismatch is returned if old and new tunnel interface names are not matching by update operation.
	ErrTunProtectUpdateIfMismatch = errors.New("old/new tunnel interface mismatch")
)

A list of non-retriable errors:

View Source 
var (
	// ErrDeprecatedSPDPolicies is returned when the deprecated SecurityPolicyDatabase.PolicyEntries is used.
	ErrDeprecatedSPDPolicies = errors.New(
		"it is deprecated and no longer supported to define SPs inside SPD model (use SecurityPolicy model instead)")
)

A list of non-retriable errors:

Functions

func NewIPSecSPDescriptor added in v3.2.0 

func NewIPSecSPDescriptor(ipSecHandler vppcalls.IPSecVppAPI, log logging.PluginLogger) *kvs.KVDescriptor

NewIPSecSPDescriptor creates a new instance of the SP descriptor.

Types

type IPSecSADescriptor 

type IPSecSADescriptor struct {
	// contains filtered or unexported fields
}

IPSecSADescriptor teaches KVScheduler how to configure VPP IPSec security associations.

func NewIPSecSADescriptor 

func NewIPSecSADescriptor(ipSecHandler vppcalls.IPSecVppAPI, log logging.PluginLogger) *IPSecSADescriptor

NewIPSecSADescriptor creates a new instance of the IPSec SA descriptor.

func (*IPSecSADescriptor) Create 

func (d *IPSecSADescriptor) Create(key string, sa *ipsec.SecurityAssociation) (metadata interface{}, err error)

Create adds a new security association pair.

func (*IPSecSADescriptor) Delete 

func (d *IPSecSADescriptor) Delete(key string, sa *ipsec.SecurityAssociation, metadata interface{}) error

Delete removes VPP security association.

func (*IPSecSADescriptor) EquivalentIPSecSAs 

func (d *IPSecSADescriptor) EquivalentIPSecSAs(key string, oldSA, newSA *ipsec.SecurityAssociation) bool

EquivalentIPSecSAs is case-insensitive comparison function for ipsec.SecurityAssociation

func (*IPSecSADescriptor) GetDescriptor 

func (d *IPSecSADescriptor) GetDescriptor() *adapter.SADescriptor

GetDescriptor returns descriptor suitable for registration (via adapter) with the KVScheduler.

func (*IPSecSADescriptor) Retrieve 

func (d *IPSecSADescriptor) Retrieve(correlate []adapter.SAKVWithMetadata) (dump []adapter.SAKVWithMetadata, err error)

Retrieve returns all configured VPP security associations.

type IPSecSPDDescriptor 

type IPSecSPDDescriptor struct {
	// contains filtered or unexported fields
}

IPSecSPDDescriptor teaches KVScheduler how to configure IPSec SPD in VPP.

func NewIPSecSPDDescriptor 

func NewIPSecSPDDescriptor(ipSecHandler vppcalls.IPSecVppAPI, log logging.PluginLogger) *IPSecSPDDescriptor

NewIPSecSPDDescriptor creates a new instance of the IPSec SPD descriptor.

func (*IPSecSPDDescriptor) Create 

func (d *IPSecSPDDescriptor) Create(key string, spd *ipsec.SecurityPolicyDatabase) (metadata interface{}, err error)

Create adds a new IPSec security policy database.

func (*IPSecSPDDescriptor) Delete 

func (d *IPSecSPDDescriptor) Delete(key string, spd *ipsec.SecurityPolicyDatabase, metadata interface{}) error

Delete removes VPP IPSec security policy database.

func (*IPSecSPDDescriptor) DerivedValues 

func (d *IPSecSPDDescriptor) DerivedValues(key string, spd *ipsec.SecurityPolicyDatabase) (derValues []kvs.KeyValuePair)

DerivedValues derives ipsec.SecurityPolicyDatabase_Interface for every interface assigned to the SPD.

func (*IPSecSPDDescriptor) EquivalentIPSecSPDs 

func (d *IPSecSPDDescriptor) EquivalentIPSecSPDs(key string, oldSPD, newSPD *ipsec.SecurityPolicyDatabase) bool

EquivalentIPSecSPDs always returns true because all non-key attributes are derived out.

func (*IPSecSPDDescriptor) GetDescriptor 

func (d *IPSecSPDDescriptor) GetDescriptor() *adapter.SPDDescriptor

GetDescriptor returns descriptor suitable for registration (via adapter) with the KVScheduler.

func (*IPSecSPDDescriptor) Retrieve 

func (d *IPSecSPDDescriptor) Retrieve(correlate []adapter.SPDKVWithMetadata) (dump []adapter.SPDKVWithMetadata, err error)

Retrieve returns all configured VPP security policy databases.

func (*IPSecSPDDescriptor) Validate 

func (d *IPSecSPDDescriptor) Validate(key string, spd *ipsec.SecurityPolicyDatabase) (err error)

Validate validates IPSec SPD configuration.

type IPSecSPDescriptor added in v3.2.0 

type IPSecSPDescriptor struct {
	// contains filtered or unexported fields
}

IPSecSPDescriptor teaches KVScheduler how to configure VPP IPSec Security Policies.

func (*IPSecSPDescriptor) Create added in v3.2.0 

func (d *IPSecSPDescriptor) Create(key string, policy *ipsec.SecurityPolicy) (metadata interface{}, err error)

Create puts policy into security policy database.

func (*IPSecSPDescriptor) Delete added in v3.2.0 

func (d *IPSecSPDescriptor) Delete(key string, policy *ipsec.SecurityPolicy, metadata interface{}) (err error)

Delete removes policy from security policy database.

func (*IPSecSPDescriptor) Dependencies added in v3.2.0 

func (d *IPSecSPDescriptor) Dependencies(key string, value *ipsec.SecurityPolicy) []kvs.Dependency

Dependencies lists the associated security association and SPD as the dependencies of the policy.

func (*IPSecSPDescriptor) EquivalentSPs added in v3.2.0 

func (d *IPSecSPDescriptor) EquivalentSPs(key string, oldValue, newValue *ipsec.SecurityPolicy) bool

EquivalentSPs compares two SPs for equivalency.

func (*IPSecSPDescriptor) Retrieve added in v3.2.0 

func (d *IPSecSPDescriptor) Retrieve(correlate []adapter.SPKVWithMetadata) (dump []adapter.SPKVWithMetadata, err error)

Retrieve returns all configured VPP IPSec Security Policies.

type SPDInterfaceDescriptor 

type SPDInterfaceDescriptor struct {
	// contains filtered or unexported fields
}

SPDInterfaceDescriptor teaches KVScheduler how to put interface into VPP security policy database

func NewSPDInterfaceDescriptor 

func NewSPDInterfaceDescriptor(ipSecHandler vppcalls.IPSecVppAPI, log logging.PluginLogger) *SPDInterfaceDescriptor

NewSPDInterfaceDescriptor creates a new instance of the SPDInterface descriptor.

func (*SPDInterfaceDescriptor) Create 

func (d *SPDInterfaceDescriptor) Create(key string, spdIf *ipsec.SecurityPolicyDatabase_Interface) (metadata interface{}, err error)

Create puts interface into security policy database.

func (*SPDInterfaceDescriptor) Delete 

func (d *SPDInterfaceDescriptor) Delete(key string, spdIf *ipsec.SecurityPolicyDatabase_Interface, metadata interface{}) (err error)

Delete removes interface from security policy database.

func (*SPDInterfaceDescriptor) Dependencies 

func (d *SPDInterfaceDescriptor) Dependencies(key string, value *ipsec.SecurityPolicyDatabase_Interface) []kvs.Dependency

Dependencies lists the interface as the only dependency for the binding.

func (*SPDInterfaceDescriptor) GetDescriptor 

func (d *SPDInterfaceDescriptor) GetDescriptor() *adapter.SPDInterfaceDescriptor

GetDescriptor returns descriptor suitable for registration (via adapter) with the KVScheduler.

func (*SPDInterfaceDescriptor) IsSPDInterfaceKey 

func (d *SPDInterfaceDescriptor) IsSPDInterfaceKey(key string) bool

IsSPDInterfaceKey returns true if the key is identifying binding between VPP security policy database and interface.

type TunnelProtectDescriptor added in v3.1.0 

type TunnelProtectDescriptor struct {
	// contains filtered or unexported fields
}

TunnelProtectDescriptor teaches KVScheduler how to configure VPP IPSec tunnel protections.

func NewTunnelProtectDescriptor added in v3.1.0 

func NewTunnelProtectDescriptor(ipSecHandler vppcalls.IPSecVppAPI, log logging.PluginLogger) *TunnelProtectDescriptor

NewTunnelProtectDescriptor creates a new instance of the IPSec tunnel protect descriptor.

func (*TunnelProtectDescriptor) Create added in v3.1.0 

func (d *TunnelProtectDescriptor) Create(key string, tp *ipsec.TunnelProtection) (metadata interface{}, err error)

Create adds a new IPSec tunnel protection.

func (*TunnelProtectDescriptor) Delete added in v3.1.0 

func (d *TunnelProtectDescriptor) Delete(key string, tp *ipsec.TunnelProtection, metadata interface{}) error

Delete removes an IPSec tunnel protection.

func (*TunnelProtectDescriptor) Dependencies added in v3.1.0 

func (d *TunnelProtectDescriptor) Dependencies(key string, value *ipsec.TunnelProtection) []kvs.Dependency

Dependencies lists the interface and SAs as the dependencies for the binding.

func (*TunnelProtectDescriptor) GetDescriptor added in v3.1.0 

func (d *TunnelProtectDescriptor) GetDescriptor() *adapter.TunProtectDescriptor

GetDescriptor returns a new tunnel protect descriptor suitable for registration with the KVScheduler.

func (*TunnelProtectDescriptor) Retrieve added in v3.1.0 

func (d *TunnelProtectDescriptor) Retrieve(correlate []adapter.TunProtectKVWithMetadata) (dump []adapter.TunProtectKVWithMetadata, err error)

Retrieve returns all configured IPSec tunnel protections.

func (*TunnelProtectDescriptor) Update added in v3.1.0 

func (d *TunnelProtectDescriptor) Update(key string, oldTp, newTp *ipsec.TunnelProtection, oldMeta interface{}) (
	metadata interface{}, err error)

Update updates an existing IPSec tunnel protection.

func (*TunnelProtectDescriptor) Validate added in v3.1.0 

func (d *TunnelProtectDescriptor) Validate(key string, tp *ipsec.TunnelProtection) error

Validate validates VPP tunnel protect configuration.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.