cs

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2022 License: Apache-2.0 Imports: 50 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func InitTracer 

func InitTracer(tracing env.Tracing, id string) (io.Closer, error)

InitTracer initializes the global tracer.

func LoadCorePolicies 

func LoadCorePolicies(cfg config.Policies) (beacon.CorePolicies, error)

LoadCorePolicies loads the policies for beaconing in a core CS.

func LoadNonCorePolicies 

func LoadNonCorePolicies(cfg config.Policies) (beacon.Policies, error)

LoadNonCorePolicies loads the policies for beaconing in a non-core CS.

func LoadTrustMaterial 

func LoadTrustMaterial(ctx context.Context, configDir string, db trust.DB) error

LoadTrustMaterial loads the trust material from disk. The logger must not be nil.

func MACGenFactory 

func MACGenFactory(configDir string) (func() hash.Hash, error)

MACGenFactory creates a MAC factory

func NewChainBuilder 

func NewChainBuilder(cfg ChainBuilderConfig) renewal.ChainBuilder

NewChainBuilder creates a renewing chain builder.

func NewSigner 

func NewSigner(ia addr.IA, db trust.DB, cfgDir string) (cstrust.RenewingSigner, error)

NewSigner creates a renewing signer backed by a certificate chain.

func RegisterHTTPEndpoints added in v0.7.0 

func RegisterHTTPEndpoints(
	elemId string,
	cfg config.Config,
	signer cstrust.RenewingSigner,
	ca renewal.ChainBuilder,
	topo *topology.Loader,
) error

RegisterHTTPEndpoints starts the HTTP endpoints that expose the metrics and additional information.

Types

type ChainBuilderConfig added in v0.7.0 

type ChainBuilderConfig struct {
	IA          addr.IA
	DB          trust.DB
	MaxValidity time.Duration
	ConfigDir   string

	// ForceECDSAWithSHA512 forces the CA policy to use ECDSAWithSHA512 as the
	// signature algorithm for signing the issued certificate. This field
	// forces the old behavior extending the acceptable signature algorithms
	// in https://github.com/scionproto/scion/commit/df8565dc97cb6ef7c7925c26f23f3e9954ab2a97.
	//
	// Experimental: This field is experimental and will be subject to change.
	ForceECDSAWithSHA512 bool
}

type HiddenPathConfigurator added in v0.7.0 

type HiddenPathConfigurator struct {
	LocalIA           addr.IA
	Verifier          infra.Verifier
	Signer            hpgrpc.Signer
	PathDB            pathdb.DB
	Dialer            libgrpc.Dialer
	FetcherConfig     segreq.FetcherConfig
	IntraASTCPServer  *grpc.Server
	InterASQUICServer *grpc.Server
}

HiddenPathConfigurator can be used to configure the hidden path servers.

func (HiddenPathConfigurator) Setup added in v0.7.0 

func (c HiddenPathConfigurator) Setup(location string) (*HiddenPathRegistrationCfg, error)

Setup sets up the hidden paths servers using the configuration at the given location. An empty location will not enable any hidden path behavior. It returns the configuration for the hidden segment writer. The return value can be nil if this AS isn't a writer.

type HiddenPathRegistrationCfg added in v0.7.0 

type HiddenPathRegistrationCfg struct {
	Policy     hiddenpath.RegistrationPolicy
	Router     snet.Router
	Discoverer hiddenpath.Discoverer
	RPC        hiddenpath.Register
}

HiddenPathRegistrationCfg contains the required options to configure hidden paths down segment registration.

type Metrics 

type Metrics struct {
	BeaconDBQueriesTotal                   *prometheus.CounterVec
	BeaconingOriginatedTotal               *prometheus.CounterVec
	BeaconingPropagatedTotal               *prometheus.CounterVec
	BeaconingPropagatorInternalErrorsTotal *prometheus.CounterVec
	BeaconingReceivedTotal                 *prometheus.CounterVec
	BeaconingRegisteredTotal               *prometheus.CounterVec
	BeaconingRegistrarInternalErrorsTotal  *prometheus.CounterVec
	DiscoveryRequestsTotal                 *prometheus.CounterVec
	PathDBQueriesTotal                     *prometheus.CounterVec
	RenewalServerRequestsTotal             *prometheus.CounterVec
	RenewalHandledRequestsTotal            *prometheus.CounterVec
	RenewalRegisteredHandlers              *prometheus.GaugeVec
	SegmentLookupRequestsTotal             *prometheus.CounterVec
	SegmentLookupSegmentsSentTotal         *prometheus.CounterVec
	SegmentRegistrationsTotal              *prometheus.CounterVec
	TrustDBQueriesTotal                    *prometheus.CounterVec
	TrustLatestTRCNotBefore                prometheus.Gauge
	TrustLatestTRCNotAfter                 prometheus.Gauge
	TrustLatestTRCSerial                   prometheus.Gauge
	TrustTRCFileWritesTotal                *prometheus.CounterVec
	SCIONNetworkMetrics                    snet.SCIONNetworkMetrics
	SCIONPacketConnMetrics                 snet.SCIONPacketConnMetrics
	SCMPErrors                             metrics.Counter
	TopoLoader                             topology.LoaderMetrics
}

Metrics defines the metrics exposed by the control server.

XXX(roosd): Currently, most counters are created in the packages. The will eventually be moved here.

func NewMetrics 

func NewMetrics() *Metrics

type RevocationHandler 

type RevocationHandler struct {
	RevCache revcache.RevCache
}

RevocationHandler handles raw revocations from the snet stack and inserts them into the

func (RevocationHandler) Revoke added in v0.7.0 

func (h RevocationHandler) Revoke(ctx context.Context, revInfo *path_mgmt.RevInfo) error

type Store 

type Store interface {
	// PreFilter indicates whether the beacon will be filtered on insert by
	// returning an error with the reason. This allows the caller to drop
	// ignored beacons.
	PreFilter(beacon beacon.Beacon) error
	// BeaconsToPropagate returns an error and an empty slice if an error (e.g., connection or
	// parsing error) occurs; otherwise, it returns a slice containing the beacons (which
	// potentially could be empty when no beacon is found) and no error.
	// The selection is based on the configured propagation policy.
	BeaconsToPropagate(ctx context.Context) ([]beacon.Beacon, error)
	// SegmentsToRegister returns an error and an empty slice if an error (e.g., connection or
	// parsing error) occurs; otherwise, it returns a slice containing the beacons (which
	// potentially could be empty when no beacon is found) and no error.
	// The selections is based on the configured propagation policy for the requested segment type.
	SegmentsToRegister(ctx context.Context, segType seg.Type) ([]beacon.Beacon, error)
	// InsertBeacon adds a verified beacon to the store, ignoring revocations.
	InsertBeacon(ctx context.Context, beacon beacon.Beacon) (beacon.InsertStats, error)
	// UpdatePolicy updates the policy. Beacons that are filtered by all
	// policies after the update are removed.
	UpdatePolicy(ctx context.Context, policy beacon.Policy) error
	// MaxExpTime returns the segment maximum expiration time for the given policy.
	MaxExpTime(policyType beacon.PolicyType) uint8
}

Store is the interface to interact with the beacon store.

type Tasks 

type Tasks struct {
	Originator *periodic.Runner
	Propagator *periodic.Runner
	Registrars []*periodic.Runner

	PathCleaner *periodic.Runner
}

Tasks keeps track of the running tasks.

func StartTasks 

func StartTasks(cfg TasksConfig) (*Tasks, error)

func (*Tasks) Kill 

func (t *Tasks) Kill()

Kill stops all running tasks immediately.

type TasksConfig 

type TasksConfig struct {
	Core       bool
	IA         addr.IA
	MTU        uint16
	NextHopper interface {
		UnderlayNextHop(uint16) *net.UDPAddr
	}
	Public                *net.UDPAddr
	AllInterfaces         *ifstate.Interfaces
	PropagationInterfaces func() []*ifstate.Interface
	OriginationInterfaces func() []*ifstate.Interface
	TrustDB               trust.DB
	PathDB                pathdb.DB
	RevCache              revcache.RevCache
	BeaconSenderFactory   beaconing.SenderFactory
	SegmentRegister       beaconing.RPC
	BeaconStore           Store
	Signer                seg.Signer
	Inspector             trust.Inspector
	Metrics               *Metrics

	MACGen     func() hash.Hash
	StaticInfo func() *beaconing.StaticInfoCfg

	OriginationInterval  time.Duration
	PropagationInterval  time.Duration
	RegistrationInterval time.Duration
	// HiddenPathRegistrationCfg contains the required options to configure
	// hidden paths down segment registration. If it is nil, normal path
	// registration is used instead.
	HiddenPathRegistrationCfg *HiddenPathRegistrationCfg

	AllowIsdLoop bool

	EPIC bool
}

TasksConfig holds the necessary configuration to start the periodic tasks a CS is expected to run.

func (*TasksConfig) Originator 

func (t *TasksConfig) Originator() *periodic.Runner

Originator starts a periodic beacon origination task. For non-core ASes, no periodic runner is started.

func (*TasksConfig) Propagator 

func (t *TasksConfig) Propagator() *periodic.Runner

Propagator starts a periodic beacon propagation task.

func (*TasksConfig) SegmentWriters 

func (t *TasksConfig) SegmentWriters() []*periodic.Runner

SegmentWriters starts periodic segment registration tasks.

Source Files

View all Source files

Directories

Path Synopsis
api
Package api provides primitives to interact with the openapi HTTP API.
 Package api provides primitives to interact with the openapi HTTP API.
mock_api
Package mock_api is a generated GoMock package.
 Package mock_api is a generated GoMock package.
grpc
metrics
mock_trust
Package mock_trust is a generated GoMock package.
 Package mock_trust is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.