Back to

Package nfqdatapath

Latest Go to latest

The latest major version is .

Published: Feb 11, 2020 | License: GPL3 | Module:



const DefaultExternalIPTimeout = "500ms"

DefaultExternalIPTimeout is the default used for the cache for External IPTimeout.


var GetUDPRawSocket = afinetrawsocket.CreateSocket

GetUDPRawSocket is placeholder for createSocket function. It is useful to mock tcp unit tests.

func MyCounterMatcher

func MyCounterMatcher(x interface{}) gomock.Matcher

MyCounterMatcher custom matcher for counter record

func MyMatcher

func MyMatcher(x interface{}) gomock.Matcher

MyMatcher returns gomock matcher

func PacketEventMatcher

func PacketEventMatcher(x interface{}) gomock.Matcher

PacketEventMatcher return gomock matcher

type Accessor

type Accessor interface {

Accessor is an interface for datapth to access contexts/rules/tokens

type ContextProcessor

type ContextProcessor interface {
	DoesContextExist(contextID string) bool
	IsContextServer(contextID string, backendip string) bool

ContextProcessor is an interface to provide context checks

type Datapath

type Datapath struct {

	// CacheTimeout used for Trireme auto-detecion
	ExternalIPCacheTimeout time.Duration
	// contains filtered or unexported fields

Datapath is the structure holding all information about a connection filter

func New

func New(
	mutualAuth bool,
	filterQueue *fqconfig.FilterQueue,
	collector collector.EventCollector,
	serverID string,
	validity time.Duration,
	service packetprocessor.PacketProcessor,
	secrets secrets.Secrets,
	mode constants.ModeType,
	procMountPoint string,
	ExternalIPCacheTimeout time.Duration,
	packetLogs bool,
	tokenaccessor tokenaccessor.TokenAccessor,
	puFromContextID cache.DataStore,
	cfg *runtime.Configuration,
	aclmanager ipsetmanager.ACLManager,
) *Datapath

New will create a new data path structure. It instantiates the data stores needed to track sessions. The data path is started with a different call. Only required parameters must be provided. Rest a pre-populated with defaults.

func NewWithDefaults

func NewWithDefaults(
	serverID string,
	collector collector.EventCollector,
	service packetprocessor.PacketProcessor,
	secrets secrets.Secrets,
	mode constants.ModeType,
	procMountPoint string,
	targetNetworks []string,
	aclmanager ipsetmanager.ACLManager,
) *Datapath

NewWithDefaults create a new data path with most things used by default

func (*Datapath) CleanUp

func (d *Datapath) CleanUp() error

CleanUp implements the cleanup interface.

func (*Datapath) EnableDatapathPacketTracing

func (d *Datapath) EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error

EnableDatapathPacketTracing enable nfq datapath packet tracing

func (*Datapath) EnableIPTablesPacketTracing

func (d *Datapath) EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error

EnableIPTablesPacketTracing enable iptables -j trace for the particular pu and is much wider packet stream.

func (*Datapath) Enforce

func (d *Datapath) Enforce(contextID string, puInfo *policy.PUInfo) error

Enforce implements the Enforce interface method and configures the data path for a new PU

func (*Datapath) GetFilterQueue

func (d *Datapath) GetFilterQueue() *fqconfig.FilterQueue

GetFilterQueue returns the filter queues used by the data path

func (*Datapath) PacketLogsEnabled

func (d *Datapath) PacketLogsEnabled() bool

PacketLogsEnabled returns true if the packet logs are enabled.

func (*Datapath) ProcessApplicationUDPPacket

func (d *Datapath) ProcessApplicationUDPPacket(p *packet.Packet) (conn *connection.UDPConnection, err error)

ProcessApplicationUDPPacket processes packets arriving from an application and are destined to the network

func (*Datapath) ProcessNetworkUDPPacket

func (d *Datapath) ProcessNetworkUDPPacket(p *packet.Packet) (conn *connection.UDPConnection, err error)

ProcessNetworkUDPPacket processes packets arriving from network and are destined to the application.

func (*Datapath) Run

func (d *Datapath) Run(ctx context.Context) error

Run starts the application and network interceptors

func (*Datapath) SetLogLevel

func (d *Datapath) SetLogLevel(level constants.LogLevel) error

SetLogLevel sets log level.

func (*Datapath) SetTargetNetworks

func (d *Datapath) SetTargetNetworks(cfg *runtime.Configuration) error

SetTargetNetworks sets new target networks used by datapath

func (*Datapath) Unenforce

func (d *Datapath) Unenforce(contextID string) error

Unenforce removes the configuration for the given PU

func (*Datapath) UpdateSecrets

func (d *Datapath) UpdateSecrets(token secrets.Secrets) error

UpdateSecrets updates the secrets used for signing communication between trireme instances

type RuleProcessor

type RuleProcessor interface {
	CheckRejectRecvRules(contextID string) (int, bool)
	CheckAcceptRecvRules(contextID string) (int, bool)
	CheckRejectTxRules(contextID string) (int, bool)
	CheckAcceptTxRules(contextID string) (int, bool)

RuleProcessor is an interface to access rules

Package Files

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier