Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DebugInfo

type DebugInfo interface {
	//  EnableDatapathPacketTracing will enable tracing of packets received by the datapath for a particular PU. Setting Disabled as tracing direction will stop tracing for the contextID
	EnableDatapathPacketTracing(ctx context.Context, contextID string, direction packettracing.TracingDirection, interval time.Duration) error

	// EnablePacketTracing enable iptables -j trace for the particular pu and is much wider packet stream.
	EnableIPTablesPacketTracing(ctx context.Context, contextID string, interval time.Duration) error

	// Ping runs ping based on the given config.
	Ping(ctx context.Context, contextID string, pingConfig *policy.PingConfig) error
}

DebugInfo is interface to implement methods to configure datapath packet tracing in the nfqdatapath

type Enforcer

type Enforcer interface {

	// Enforce starts enforcing policies for the given policy.PUInfo.
	Enforce(contextID string, puInfo *policy.PUInfo) error

	// Unenforce stops enforcing policy for the given IP.
	Unenforce(contextID string) error

	// GetFilterQueue returns the current FilterQueueConfig.
	GetFilterQueue() *fqconfig.FilterQueue

	// GetBPFObject returns the bpf pobject
	GetBPFObject() ebpf.BPFModule

	// Run starts the PolicyEnforcer.
	Run(ctx context.Context) error

	// UpdateSecrets -- updates the secrets of running enforcers managed by trireme. Remote enforcers will get the secret updates with the next policy push
	UpdateSecrets(secrets secrets.Secrets) error

	// SetTargetNetworks sets the target network configuration of the controllers.
	SetTargetNetworks(cfg *runtime.Configuration) error

	// SetLogLevel sets log level.
	SetLogLevel(level constants.LogLevel) error

	// Cleanup request a clean up of the controllers.
	CleanUp() error

	DebugInfo
}

A Enforcer is an implementation of the enforcer datapath. The interface can be implemented by one or multiple datapaths.

func New

func New(
	mutualAuthorization bool,
	fqConfig *fqconfig.FilterQueue,
	collector collector.EventCollector,
	service packetprocessor.PacketProcessor,
	secrets secrets.Secrets,
	serverID string,
	validity time.Duration,
	mode constants.ModeType,
	procMountPoint string,
	externalIPCacheTimeout time.Duration,
	packetLogs bool,
	cfg *runtime.Configuration,
	tokenIssuer common.ServiceTokenIssuer,
	binaryTokens bool,
	aclmanager ipsetmanager.ACLManager,
	isBPFEnabled bool,
	agentVersion semver.Version,
) (Enforcer, error)

New returns a new policy enforcer that implements both the data paths.

func NewWithDefaults

func NewWithDefaults(
	serverID string,
	collector collector.EventCollector,
	service packetprocessor.PacketProcessor,
	secrets secrets.Secrets,
	mode constants.ModeType,
	procMountPoint string,
	targetNetworks []string,
	aclmanager ipsetmanager.ACLManager,
) Enforcer

NewWithDefaults create a new data path with most things used by default

Source Files

Directories

Path Synopsis
acls
apiauth
applicationproxy
applicationproxy/common
applicationproxy/http
applicationproxy/markedconn
applicationproxy/protomux
applicationproxy/servicecache
applicationproxy/serviceregistry
applicationproxy/tcp
constants
dnsproxy
envoyauthorizer
envoyauthorizer/envoyproxy
flowstats
lookup
metadata
mockenforcer Package mockenforcer is a generated GoMock package.
nfqdatapath
nfqdatapath/afinetrawsocket
nfqdatapath/nflog
nfqdatapath/tokenaccessor
nfqdatapath/tokenaccessor/mocktokenaccessor Package mocktokenaccessor is a generated GoMock package.
proxy Package enforcerproxy :: This is the implementation of the RPC client It implements the interface of Trireme Enforcer and forwards these requests to the actual remote enforcer instead of implementing locally
secretsproxy
utils/nsenter
utils/packetgen Package packetgen "PacketGen" is a Packet Generator library Current version: V1.0, Updates are coming soon
utils/rpcwrapper
utils/rpcwrapper/mockrpcwrapper Package mockrpcwrapper is a generated GoMock package.