Documentation
¶
Index ¶
- func PrintDisjointExplanations(allowed, denied []*DetailedConnection)
- type ConnMap
- func (c ConnMap) Add(src, dst topology.Endpoint, conn *DetailedConnection)
- func (c ConnMap) GenConnectivityOutput(params common.OutputParameters) (res string, err error)
- func (c ConnMap) GetDisjointConnecionSetsPerExplanationsForEndpoints(srcVM, dstVM string) []*netset.TransportSet
- func (c ConnMap) GetDisjointExplanationsPerEndpoints(srcVM, dstVM string) (allowed, denied []*DetailedConnection)
- func (c ConnMap) GetExplanationPerConnection(srcVM, dstVM string, inputConn *netset.TransportSet) (isAllowed bool, ingress, egress []int)
- func (c ConnMap) GroupExternalEP() ConnMap
- func (c ConnMap) InitPairs(initAllow bool, endpoints1, endpoints2 []topology.Endpoint, vmsFilter []string)
- func (c ConnMap) RulesNotEvaluated(allRules []int) []int
- type DetailedConnection
- type Explanation
- type RuleAndConn
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func PrintDisjointExplanations ¶
func PrintDisjointExplanations(allowed, denied []*DetailedConnection)
todo: just for debugging for now
Types ¶
type ConnMap ¶
type ConnMap map[topology.Endpoint]map[topology.Endpoint]*DetailedConnection
ConnMap captures permitted connections between endpoints in the input config
func (ConnMap) Add ¶
func (c ConnMap) Add(src, dst topology.Endpoint, conn *DetailedConnection)
Add func adds a given pair with specified permitted connection
func (ConnMap) GenConnectivityOutput ¶
func (c ConnMap) GenConnectivityOutput(params common.OutputParameters) (res string, err error)
func (ConnMap) GetDisjointConnecionSetsPerExplanationsForEndpoints ¶
func (c ConnMap) GetDisjointConnecionSetsPerExplanationsForEndpoints(srcVM, dstVM string) []*netset.TransportSet
func (ConnMap) GetDisjointExplanationsPerEndpoints ¶
func (c ConnMap) GetDisjointExplanationsPerEndpoints(srcVM, dstVM string) (allowed, denied []*DetailedConnection)
GetDisjointExplanationsPerEndpoints returns the list of connections disjoint by explanations content
func (ConnMap) GetExplanationPerConnection ¶
func (ConnMap) GroupExternalEP ¶
this method is for testing only. grouping the external EPs, to compare maps assuming there is no connection with both external src and dst
func (ConnMap) InitPairs ¶
func (c ConnMap) InitPairs(initAllow bool, endpoints1, endpoints2 []topology.Endpoint, vmsFilter []string)
InitPairs adds all possible pairs from/to endpoints1 to/from endpoints2, with allow-all or deny-all, based on initAllow
func (ConnMap) RulesNotEvaluated ¶
type DetailedConnection ¶
type DetailedConnection struct {
Conn *netset.TransportSet
ExplanationObj *Explanation
}
DetailedConnection holds a connection set of permitted/blocked connections between two endpoints, and explanation object that holds the set of all rules reltaed to these connections
func NewAllDetailedConnection ¶
func NewAllDetailedConnection() *DetailedConnection
func NewDetailedConnection ¶
func NewDetailedConnection(conn *netset.TransportSet, explanations *Explanation) *DetailedConnection
func NewEmptyDetailedConnection ¶
func NewEmptyDetailedConnection() *DetailedConnection
func (*DetailedConnection) DetailedExplanationString ¶
func (d *DetailedConnection) DetailedExplanationString(connSet *netset.TransportSet) string
type Explanation ¶
type Explanation struct {
IngressExplanations []*RuleAndConn
EgressExplanations []*RuleAndConn
NotDeterminedIngress *netset.TransportSet
NotDeterminedEgress *netset.TransportSet
}
Explanation is composed of ingress and egress slices for rules and connections. a connection C from vm1 to vm2 is explained as follows: ingress: all rule IDs in IngressExplanations for which C is contained in the connection set object egress: all rule IDs in EgressExplanations for which C is contained in the connection set object
func (*Explanation) RuleIDs ¶
func (es *Explanation) RuleIDs() (ingress, egress []int)
func (*Explanation) String ¶
func (es *Explanation) String(connSet *netset.TransportSet) string
type RuleAndConn ¶
type RuleAndConn struct {
Conn *netset.TransportSet
RuleID int
Action dfw.RuleAction
}
RuleAndConn contains a set of connections and a rule ID which is directly related to these connections
func FilterExplanation ¶
func FilterExplanation(allExplanations []*RuleAndConn, connSet *netset.TransportSet) []*RuleAndConn
func (*RuleAndConn) String ¶
func (rac *RuleAndConn) String() string
Source Files