firewall

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 7, 2026 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Firewall 

type Firewall interface {
	// SetDefaultAction sets the default allow/deny action for unmatched packets
	SetDefaultAction(action config.Action) error

	// SetAuditMode enables or disables audit mode (log without blocking)
	SetAuditMode(enabled bool) error

	// UpdateAllowlistTC updates the eBPF LPM trie and port maps for firewall rules
	UpdateAllowlistTC(configMgr *config.Manager) error

	// AddIP adds a single IP to the BPF maps with the specified action and ports
	// Returns (wasAdded bool, error) - wasAdded is true if the IP was newly added, false if it was a duplicate
	AddIP(ip net.IP, action config.Action, ports []config.Port) (bool, error)

	// RemoveIP removes a single IP from the BPF maps
	RemoveIP(ip net.IP) error
}

Firewall defines the interface for managing eBPF-based network filtering

func NewFirewall 

func NewFirewall(cidrsMap, portsMap, cidrsV6Map, portsV6Map, defaultActionMap, auditModeMap *ebpf.Map, logger *slog.Logger) Firewall

NewFirewall creates a new firewall instance that owns the eBPF maps

type FirewallImpl 

type FirewallImpl struct {
	// contains filtered or unexported fields
}

FirewallImpl manages the eBPF maps for network filtering

func (*FirewallImpl) AddIP 

func (f *FirewallImpl) AddIP(ip net.IP, action config.Action, ports []config.Port) (bool, error)

AddIP adds a single IP to the BPF maps with the specified action and ports Returns (wasAdded bool, error) - wasAdded is true if the IP was newly added, false if it was a duplicate

func (*FirewallImpl) RemoveIP 

func (f *FirewallImpl) RemoveIP(ip net.IP) error

RemoveIP removes a single IP from the BPF maps

func (*FirewallImpl) SetAuditMode 

func (f *FirewallImpl) SetAuditMode(enabled bool) error

SetAuditMode enables or disables audit mode (log without blocking)

func (*FirewallImpl) SetDefaultAction 

func (f *FirewallImpl) SetDefaultAction(action config.Action) error

SetDefaultAction sets the default allow/deny action for unmatched packets

func (*FirewallImpl) UpdateAllowlistTC 

func (f *FirewallImpl) UpdateAllowlistTC(configMgr *config.Manager) error

UpdateAllowlistTC updates the eBPF LPM trie and port maps for firewall rules. NOTE: This is add-only — it does not remove stale entries from previous calls. Callers should be aware that entries accumulate across invocations.

type MockFirewall 

type MockFirewall struct {
	mock.Mock
}

MockFirewall is an autogenerated mock type for the Firewall type

func NewMockFirewall 

func NewMockFirewall(t interface {
	mock.TestingT
	Cleanup(func())
}) *MockFirewall

NewMockFirewall creates a new instance of MockFirewall. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. The first argument is typically a *testing.T value.

func (*MockFirewall) AddIP 

func (_m *MockFirewall) AddIP(ip net.IP, action config.Action, ports []config.Port) (bool, error)

AddIP provides a mock function with given fields: ip, action, ports

func (*MockFirewall) EXPECT 

func (_m *MockFirewall) EXPECT() *MockFirewall_Expecter

func (*MockFirewall) RemoveIP 

func (_m *MockFirewall) RemoveIP(ip net.IP) error

RemoveIP provides a mock function with given fields: ip

func (*MockFirewall) SetAuditMode 

func (_m *MockFirewall) SetAuditMode(enabled bool) error

SetAuditMode provides a mock function with given fields: enabled

func (*MockFirewall) SetDefaultAction 

func (_m *MockFirewall) SetDefaultAction(action config.Action) error

SetDefaultAction provides a mock function with given fields: action

func (*MockFirewall) UpdateAllowlistTC 

func (_m *MockFirewall) UpdateAllowlistTC(configMgr *config.Manager) error

UpdateAllowlistTC provides a mock function with given fields: configMgr

type MockFirewall_AddIP_Call 

type MockFirewall_AddIP_Call struct {
	*mock.Call
}

MockFirewall_AddIP_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'AddIP'

func (*MockFirewall_AddIP_Call) Return 

func (_c *MockFirewall_AddIP_Call) Return(_a0 bool, _a1 error) *MockFirewall_AddIP_Call

func (*MockFirewall_AddIP_Call) Run 

func (_c *MockFirewall_AddIP_Call) Run(run func(ip net.IP, action config.Action, ports []config.Port)) *MockFirewall_AddIP_Call

func (*MockFirewall_AddIP_Call) RunAndReturn 

func (_c *MockFirewall_AddIP_Call) RunAndReturn(run func(net.IP, config.Action, []config.Port) (bool, error)) *MockFirewall_AddIP_Call

type MockFirewall_Expecter 

type MockFirewall_Expecter struct {
	// contains filtered or unexported fields
}

func (*MockFirewall_Expecter) AddIP 

func (_e *MockFirewall_Expecter) AddIP(ip interface{}, action interface{}, ports interface{}) *MockFirewall_AddIP_Call

AddIP is a helper method to define mock.On call

  • ip net.IP
  • action config.Action
  • ports []config.Port

func (*MockFirewall_Expecter) RemoveIP 

func (_e *MockFirewall_Expecter) RemoveIP(ip interface{}) *MockFirewall_RemoveIP_Call

RemoveIP is a helper method to define mock.On call

  • ip net.IP

func (*MockFirewall_Expecter) SetAuditMode 

func (_e *MockFirewall_Expecter) SetAuditMode(enabled interface{}) *MockFirewall_SetAuditMode_Call

SetAuditMode is a helper method to define mock.On call

  • enabled bool

func (*MockFirewall_Expecter) SetDefaultAction 

func (_e *MockFirewall_Expecter) SetDefaultAction(action interface{}) *MockFirewall_SetDefaultAction_Call

SetDefaultAction is a helper method to define mock.On call

  • action config.Action

func (*MockFirewall_Expecter) UpdateAllowlistTC 

func (_e *MockFirewall_Expecter) UpdateAllowlistTC(configMgr interface{}) *MockFirewall_UpdateAllowlistTC_Call

UpdateAllowlistTC is a helper method to define mock.On call

  • configMgr *config.Manager

type MockFirewall_RemoveIP_Call 

type MockFirewall_RemoveIP_Call struct {
	*mock.Call
}

MockFirewall_RemoveIP_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RemoveIP'

func (*MockFirewall_RemoveIP_Call) Return 

func (_c *MockFirewall_RemoveIP_Call) Return(_a0 error) *MockFirewall_RemoveIP_Call

func (*MockFirewall_RemoveIP_Call) Run 

func (_c *MockFirewall_RemoveIP_Call) Run(run func(ip net.IP)) *MockFirewall_RemoveIP_Call

func (*MockFirewall_RemoveIP_Call) RunAndReturn 

func (_c *MockFirewall_RemoveIP_Call) RunAndReturn(run func(net.IP) error) *MockFirewall_RemoveIP_Call

type MockFirewall_SetAuditMode_Call 

type MockFirewall_SetAuditMode_Call struct {
	*mock.Call
}

MockFirewall_SetAuditMode_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'SetAuditMode'

func (*MockFirewall_SetAuditMode_Call) Return 

func (_c *MockFirewall_SetAuditMode_Call) Return(_a0 error) *MockFirewall_SetAuditMode_Call

func (*MockFirewall_SetAuditMode_Call) Run 

func (_c *MockFirewall_SetAuditMode_Call) Run(run func(enabled bool)) *MockFirewall_SetAuditMode_Call

func (*MockFirewall_SetAuditMode_Call) RunAndReturn 

func (_c *MockFirewall_SetAuditMode_Call) RunAndReturn(run func(bool) error) *MockFirewall_SetAuditMode_Call

type MockFirewall_SetDefaultAction_Call 

type MockFirewall_SetDefaultAction_Call struct {
	*mock.Call
}

MockFirewall_SetDefaultAction_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'SetDefaultAction'

func (*MockFirewall_SetDefaultAction_Call) Return 

func (_c *MockFirewall_SetDefaultAction_Call) Return(_a0 error) *MockFirewall_SetDefaultAction_Call

func (*MockFirewall_SetDefaultAction_Call) Run 

func (_c *MockFirewall_SetDefaultAction_Call) Run(run func(action config.Action)) *MockFirewall_SetDefaultAction_Call

func (*MockFirewall_SetDefaultAction_Call) RunAndReturn 

func (_c *MockFirewall_SetDefaultAction_Call) RunAndReturn(run func(config.Action) error) *MockFirewall_SetDefaultAction_Call

type MockFirewall_UpdateAllowlistTC_Call 

type MockFirewall_UpdateAllowlistTC_Call struct {
	*mock.Call
}

MockFirewall_UpdateAllowlistTC_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'UpdateAllowlistTC'

func (*MockFirewall_UpdateAllowlistTC_Call) Return 

func (_c *MockFirewall_UpdateAllowlistTC_Call) Return(_a0 error) *MockFirewall_UpdateAllowlistTC_Call

func (*MockFirewall_UpdateAllowlistTC_Call) Run 

func (_c *MockFirewall_UpdateAllowlistTC_Call) Run(run func(configMgr *config.Manager)) *MockFirewall_UpdateAllowlistTC_Call

func (*MockFirewall_UpdateAllowlistTC_Call) RunAndReturn 

func (_c *MockFirewall_UpdateAllowlistTC_Call) RunAndReturn(run func(*config.Manager) error) *MockFirewall_UpdateAllowlistTC_Call

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.