address

package

v0.0.11 Latest Latest Go to latest Published: Aug 9, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/m-lab/access

Links

Open Source Insights

Documentation ¶

Overview ¶

Package address supports managing access for a small pool of IP subnets using iptables.

Index ¶

Variables
type IPManager
- func NewIPManager(max int64) *IPManager
type Manager
type NullManager

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrMaxConcurrent = errors.New("max concurrent reached")

ErrMaxConcurrent is returned when the max concurrent grants has already been reached.

Functions ¶

This section is empty.

Types ¶

type IPManager ¶

type IPManager struct {
	*semaphore.Weighted
	// contains filtered or unexported fields
}

IPManager supports granting IP subnet access using iptables or ip6tables.

func NewIPManager ¶

func NewIPManager(max int64) *IPManager

NewIPManager creates a new instance that will allow granting up to max IP subnets concurrently. Due to overhead in iptable processing and the impact that could have on measurements, max should be small.

func (*IPManager) Grant ¶

func (r *IPManager) Grant(ip net.IP) error

Grant adds an iptables/ip6tables rule to allow packets from a subnet containing the given IP on the INPUT chain. On success, the caller must call Revoke to allow a new Grants in the future.

func (*IPManager) Revoke ¶

func (r *IPManager) Revoke(ip net.IP) error

Revoke removes the iptables/ip6tables rule previously granted for the same IP.

func (*IPManager) Start ¶

func (r *IPManager) Start(port, device string) error

Start initializes iptables with rules for managing device, while the envelope service runs on port.

Current iptables rules are saved, removed, and replaced by rules fully managed by the IPManager. To restore the original iptables rules, call Stop() during shutdown.

func (*IPManager) Stop ¶

func (r *IPManager) Stop() ([]byte, error)

Stop restores the iptables rules originally found before running Start().

type Manager ¶

type Manager interface {
	Start(port, device string) error
	Grant(ip net.IP) error
	Revoke(ip net.IP) error
	Stop() ([]byte, error)
}

Manager manages access to a device by IP and port.

type NullManager ¶

type NullManager struct{}

NullManager implements the address.Manager interface while doing nothing.

func (*NullManager) Grant ¶

func (r *NullManager) Grant(ip net.IP) error

Grant does nothing with the given ip.

func (*NullManager) Revoke ¶

func (r *NullManager) Revoke(ip net.IP) error

Revoke does nothing with the given ip.

func (*NullManager) Start ¶

func (r *NullManager) Start(port, device string) error

Start does nothing to the given port or device.

func (*NullManager) Stop ¶

func (r *NullManager) Stop() ([]byte, error)

Stop does nothing.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL