Documentation

Index

Constants

View Source
const (
	SUCCESS      = 0
	StatsChannel = "/var/run/statschannel.sock"
)

    exported consts from the package

    Variables

    This section is empty.

    Functions

    func RegisterTypes

    func RegisterTypes()

      RegisterTypes registers types that are exchanged between the controller and remoteenforcer

      func TestNewRPCClient

      func TestNewRPCClient(t *testing.T)

        TestNewRPCClient mocks an RPC client test

        Types

        type CaptureType

        type CaptureType int

          CaptureType identifies the type of iptables implementation that should be used

          const (
          	// IPTables forces an IPTables implementation
          	IPTables CaptureType = iota
          	// IPSets forces an IPSet implementation
          	IPSets
          )

          type EnforcePayload

          type EnforcePayload struct {
          	ContextID        string                 `json:",omitempty"`
          	ManagementID     string                 `json:",omitempty"`
          	TriremeAction    policy.PUAction        `json:",omitempty"`
          	ApplicationACLs  policy.IPRuleList      `json:",omitempty"`
          	NetworkACLs      policy.IPRuleList      `json:",omitempty"`
          	Identity         *policy.TagStore       `json:",omitempty"`
          	Annotations      *policy.TagStore       `json:",omitempty"`
          	PolicyIPs        policy.ExtendedMap     `json:",omitempty"`
          	ReceiverRules    policy.TagSelectorList `json:",omitempty"`
          	TransmitterRules policy.TagSelectorList `json:",omitempty"`
          	TriremeNetworks  []string               `json:",omitempty"`
          	ExcludedNetworks []string               `json:",omitempty"`
          }

            EnforcePayload Payload for enforce request

            type EnforceResponsePayload

            type EnforceResponsePayload struct {
            	Status int `json:",omitempty"`
            }

              EnforceResponsePayload exported

              type ExcludeIPRequestPayload

              type ExcludeIPRequestPayload struct {
              	IPs []string `json:",omitempty"`
              }

                ExcludeIPRequestPayload carries the list of excluded ips

                type InitRequestPayload

                type InitRequestPayload struct {
                	FqConfig               *fqconfig.FilterQueue      `json:",omitempty"`
                	MutualAuth             bool                       `json:",omitempty"`
                	Validity               time.Duration              `json:",omitempty"`
                	SecretType             secrets.PrivateSecretsType `json:",omitempty"`
                	ServerID               string                     `json:",omitempty"`
                	CAPEM                  []byte                     `json:",omitempty"`
                	PublicPEM              []byte                     `json:",omitempty"`
                	PrivatePEM             []byte                     `json:",omitempty"`
                	Token                  []byte                     `json:",omitempty"`
                	ExternalIPCacheTimeout time.Duration              `json:",omitempty"`
                }

                  InitRequestPayload Payload for enforcer init request

                  type InitResponsePayload

                  type InitResponsePayload struct {
                  	Status int `json:",omitempty"`
                  }

                    InitResponsePayload Response payload

                    type InitSupervisorPayload

                    type InitSupervisorPayload struct {
                    	TriremeNetworks []string    `json:",omitempty"`
                    	CaptureMethod   CaptureType `json:",omitempty"`
                    }

                      InitSupervisorPayload for supervisor init request

                      type MockRPCHdl

                      type MockRPCHdl struct {
                      	Client  *rpc.Client
                      	Channel string
                      }

                        MockRPCHdl is mock of rpchdl

                        type RPCClient

                        type RPCClient interface {
                        	NewRPCClient(contextID string, channel string, rpcSecret string) error
                        	GetRPCClient(contextID string) (*RPCHdl, error)
                        	RemoteCall(contextID string, methodName string, req *Request, resp *Response) error
                        	DestroyRPCClient(contextID string)
                        	ContextList() []string
                        	CheckValidity(req *Request, secret string) bool
                        }

                          RPCClient is the client interface

                          type RPCHdl

                          type RPCHdl struct {
                          	Client  *rpc.Client
                          	Channel string
                          	Secret  string
                          }

                            RPCHdl is a per client handle

                            type RPCServer

                            type RPCServer interface {
                            	StartServer(protocol string, path string, handler interface{}) error
                            	ProcessMessage(req *Request, secret string) bool
                            	CheckValidity(req *Request, secret string) bool
                            }

                              RPCServer is the server interface

                              func NewRPCServer

                              func NewRPCServer() RPCServer

                                NewRPCServer returns an interface RPCServer

                                type RPCWrapper

                                type RPCWrapper struct {
                                	sync.Mutex
                                	// contains filtered or unexported fields
                                }

                                  RPCWrapper is a struct which holds stats for all rpc sesions

                                  func NewRPCWrapper

                                  func NewRPCWrapper() *RPCWrapper

                                    NewRPCWrapper creates a new rpcwrapper

                                    func (*RPCWrapper) CheckValidity

                                    func (r *RPCWrapper) CheckValidity(req *Request, secret string) bool

                                      CheckValidity checks if the received message is valid

                                      func (*RPCWrapper) ContextList

                                      func (r *RPCWrapper) ContextList() []string

                                        ContextList returns the list of active context managed by the rpcwrapper

                                        func (*RPCWrapper) DestroyRPCClient

                                        func (r *RPCWrapper) DestroyRPCClient(contextID string)

                                          DestroyRPCClient calls close on the rpc and cleans up the connection

                                          func (*RPCWrapper) GetRPCClient

                                          func (r *RPCWrapper) GetRPCClient(contextID string) (*RPCHdl, error)

                                            GetRPCClient gets a handle to the rpc client for the contextID( enforcer in the container)

                                            func (*RPCWrapper) NewRPCClient

                                            func (r *RPCWrapper) NewRPCClient(contextID string, channel string, sharedsecret string) error

                                              NewRPCClient exported

                                              func (*RPCWrapper) ProcessMessage

                                              func (r *RPCWrapper) ProcessMessage(req *Request, secret string) bool

                                                ProcessMessage checks if the given request is valid

                                                func (*RPCWrapper) RemoteCall

                                                func (r *RPCWrapper) RemoteCall(contextID string, methodName string, req *Request, resp *Response) error

                                                  RemoteCall is a wrapper around rpc.Call and also ensure message integrity by adding a hmac

                                                  func (*RPCWrapper) StartServer

                                                  func (r *RPCWrapper) StartServer(protocol string, path string, handler interface{}) error

                                                    StartServer Starts a server and waits for new connections this function never returns

                                                    type Request

                                                    type Request struct {
                                                    	HashAuth []byte
                                                    	Payload  interface{}
                                                    }

                                                      Request exported

                                                      type Response

                                                      type Response struct {
                                                      	Status string
                                                      }

                                                        Response is the response for every RPC call. This is used to carry the status of the actual function call made on the remote end

                                                        type StatsPayload

                                                        type StatsPayload struct {
                                                        	Flows map[string]*collector.FlowRecord `json:",omitempty"`
                                                        }

                                                          StatsPayload is the payload carries by the stats reporting form the remote enforcer

                                                          type SuperviseRequestPayload

                                                          type SuperviseRequestPayload struct {
                                                          	ContextID        string                 `json:",omitempty"`
                                                          	ManagementID     string                 `json:",omitempty"`
                                                          	TriremeAction    policy.PUAction        `json:",omitempty"`
                                                          	ApplicationACLs  policy.IPRuleList      `json:",omitempty"`
                                                          	NetworkACLs      policy.IPRuleList      `json:",omitempty"`
                                                          	PolicyIPs        policy.ExtendedMap     `json:",omitempty"`
                                                          	Identity         *policy.TagStore       `json:",omitempty"`
                                                          	Annotations      *policy.TagStore       `json:",omitempty"`
                                                          	ReceiverRules    policy.TagSelectorList `json:",omitempty"`
                                                          	TransmitterRules policy.TagSelectorList `json:",omitempty"`
                                                          	ExcludedNetworks []string               `json:",omitempty"`
                                                          	TriremeNetworks  []string               `json:",omitempty"`
                                                          }

                                                            SuperviseRequestPayload for Supervise request

                                                            type SuperviseResponsePayload

                                                            type SuperviseResponsePayload struct {
                                                            	Status int `json:",omitempty"`
                                                            }

                                                              SuperviseResponsePayload exported

                                                              type TestRPCClient

                                                              type TestRPCClient interface {
                                                              	RPCClient
                                                              	MockNewRPCClient(t *testing.T, impl func(contextID string, channel string, secret string) error)
                                                              	MockGetRPCClient(t *testing.T, impl func(contextID string) (*RPCHdl, error))
                                                              	MockRemoteCall(t *testing.T, impl func(contextID string, methodName string, req *Request, resp *Response) error)
                                                              	MockDestroyRPCClient(t *testing.T, impl func(contextID string))
                                                              	MockContextList(t *testing.T, impl func() []string)
                                                              	MockCheckValidity(t *testing.T, impl func(req *Request, secret string) bool)
                                                              }

                                                                TestRPCClient is a RPC Client used for test

                                                                func NewTestRPCClient

                                                                func NewTestRPCClient() TestRPCClient

                                                                  NewTestRPCClient is a Test RPC Client

                                                                  type TestRPCServer

                                                                  type TestRPCServer interface {
                                                                  	RPCServer
                                                                  	MockStartServer(t *testing.T, impl func(protocol string, path string, handler interface{}) error)
                                                                  	MockProcessMessage(t *testing.T, impl func(req *Request, secret string) bool)
                                                                  	MockCheckValidity(t *testing.T, impl func(req *Request, secret string) bool)
                                                                  }

                                                                    TestRPCServer is a RPC Server used for test

                                                                    func NewTestRPCServer

                                                                    func NewTestRPCServer() TestRPCServer

                                                                      NewTestRPCServer is a Test RPC Server

                                                                      type UnEnforcePayload

                                                                      type UnEnforcePayload struct {
                                                                      	ContextID string `json:",omitempty"`
                                                                      }

                                                                        UnEnforcePayload payload for unenforce request

                                                                        type UnEnforceResponsePayload

                                                                        type UnEnforceResponsePayload struct {
                                                                        	Status int `json:",omitempty"`
                                                                        }

                                                                          UnEnforceResponsePayload exported

                                                                          type UnSupervisePayload

                                                                          type UnSupervisePayload struct {
                                                                          	ContextID string `json:",omitempty"`
                                                                          }

                                                                            UnSupervisePayload payload for unsupervise request

                                                                            Directories

                                                                            Path Synopsis