README
¶
Core Packages
This directory contains the core packages of the router/firewall distribution:
Directory Structure
network/- Network functionality (routing, interfaces, VLANs)security/- Security components (firewall, IDS, VPN)dns/- DNS service components (CoreDNS integration, AdGuard)dhcp/- DHCP service components (Kea integration, RADVD)
Package Design Principles
- Interface-based design - Use interfaces for dependency injection and testing
- Clear boundaries - Packages should have well-defined responsibilities
- Minimal dependencies - Avoid unnecessary dependencies between packages
- Comprehensive testing - Each package should have thorough unit tests
- Documentation - All exported types and functions should have documentation
Adding New Packages
When adding a new package:
- Create a clear README that explains the package's purpose
- Create appropriate interfaces before implementations
- Ensure proper error handling and logging
- Add comprehensive unit tests
- Update any related documentation
Directories
¶
| Path | Synopsis |
|---|---|
|
Package api implements the REST management API for the fos1 router/firewall.
|
Package api implements the REST management API for the fos1 router/firewall. |
|
apis
|
|
|
network/v1alpha1
Package v1alpha1 hosts the network.fos1.io/v1alpha1 typed API surface.
|
Package v1alpha1 hosts the network.fos1.io/v1alpha1 typed API surface. |
|
client
|
|
|
common
|
|
|
socket
Package socket provides a shared JSON-over-Unix-socket client used by daemon integrations (Suricata, Kea DHCP, etc.).
|
Package socket provides a shared JSON-over-Unix-socket client used by daemon integrations (Suricata, Kea DHCP, etc.). |
|
Package controllers hosts the QoS reconciler for QoSProfile CRs.
|
Package controllers hosts the QoS reconciler for QoSProfile CRs. |
|
status
Package status provides shared helpers for writing CRD status subresource updates with retry-on-conflict semantics.
|
Package status provides shared helpers for writing CRD status subresource updates with retry-on-conflict semantics. |
|
Package dhcp provides DHCP functionality for the system This file contains type aliases for backward compatibility with the new types package
|
Package dhcp provides DHCP functionality for the system This file contains type aliases for backward compatibility with the new types package |
|
kea
Package kea provides a client for the Kea DHCP control socket API.
|
Package kea provides a client for the Kea DHCP control socket API. |
|
dns
|
|
|
Package hardware provides hardware integration for the router/firewall system.
|
Package hardware provides hardware integration for the router/firewall system. |
|
capture
Package capture provides functionality for packet capture management.
|
Package capture provides functionality for packet capture management. |
|
ebpf
Package ebpf provides functionality for managing eBPF programs and maps.
|
Package ebpf provides functionality for managing eBPF programs and maps. |
|
nic
Package nic provides functionality for managing network interfaces.
|
Package nic provides functionality for managing network interfaces. |
|
offload
Package offload provides functionality for managing hardware offloading features.
|
Package offload provides functionality for managing hardware offloading features. |
|
types
Package types defines the types used by the hardware package
|
Package types defines the types used by the hardware package |
|
wan
Package wan provides functionality for managing WAN interfaces.
|
Package wan provides functionality for managing WAN interfaces. |
|
Package leaderelection wraps k8s.io/client-go/tools/leaderelection so the repository's controller mains can opt in to active/standby HA without each pulling controller-runtime in just for the manager-level toggle.
|
Package leaderelection wraps k8s.io/client-go/tools/leaderelection so the repository's controller mains can opt in to active/standby HA without each pulling controller-runtime in just for the manager-level toggle. |
|
Package network provides unified network management for the FOS1 router/firewall.
|
Package network provides unified network management for the FOS1 router/firewall. |
|
events
Package events provides a typed event bus for cross-component notifications in the network stack.
|
Package events provides a typed event bus for cross-component notifications in the network stack. |
|
cmd
command
|
|
|
security
|
|
|
certificates
Package certificates: internal_ca.go documents the trust-anchor model for inter-controller TLS introduced in Sprint 31 / Ticket 49.
|
Package certificates: internal_ca.go documents the trust-anchor model for inter-controller TLS introduced in Sprint 31 / Ticket 49. |
|
dpi
Package dpi provides deep packet inspection functionality
|
Package dpi provides deep packet inspection functionality |
|
ids/suricata
Package suricata provides a client for interacting with the Suricata IDS/IPS engine via its Unix domain socket control interface.
|
Package suricata provides a client for interacting with the Suricata IDS/IPS engine via its Unix domain socket control interface. |
|
ids/zeek
Package zeek provides integration with Zeek network analysis framework.
|
Package zeek provides integration with Zeek network analysis framework. |
|
policy
Package policy register.go provides Kubernetes scheme registration for FilterPolicy and related types so the controller-runtime client used by the REST management API (cmd/api-server) can serialize them as runtime.Objects.
|
Package policy register.go provides Kubernetes scheme registration for FilterPolicy and related types so the controller-runtime client used by the REST management API (cmd/api-server) can serialize them as runtime.Objects. |
|
qos
Package qos provides QoS enforcement translators.
|
Package qos provides QoS enforcement translators. |
|
threatintel
Package threatintel implements the Sprint-30 Ticket-44 v0 threat-intelligence feed ingester: fetch a blocklist on an interval, translate indicators into Cilium deny policies, and expire them on a max-age timer.
|
Package threatintel implements the Sprint-30 Ticket-44 v0 threat-intelligence feed ingester: fetch a blocklist on an interval, translate indicators into Cilium deny policies, and expire them on a max-age timer. |
|
Package vpn provides VPN functionality for the router/firewall system
|
Package vpn provides VPN functionality for the router/firewall system |
Click to show internal directories.
Click to hide internal directories.