Documentation

Index

Constants

This section is empty.

Variables

View Source
var CounterNames = []string{
	ErrUnknownError:                 "UNKNOWNERROR",
	ErrInvalidNetState:              "INVALIDNETSTATE",
	ErrNonPUTraffic:                 "NONPUTRAFFIC",
	ErrNetSynNotSeen:                "SYNNOTSEEN",
	ErrNoConnFound:                  "CONNECTIONNOTFOUND",
	ErrRejectPacket:                 "REJECTEDPACKET",
	ErrTCPAuthNotFound:              "TCPAUTHENTICATIONOPTIONNOTFOUND",
	ErrInvalidConnState:             "INVALIDCONNECTIONSTATE",
	ErrMarkNotFound:                 "MARKNOTFOUND",
	ErrPortNotFound:                 "PORTNOTFOUND",
	ErrContextIDNotFound:            "CONTEXTNOTFOUND",
	ErrInvalidProtocol:              "INVALIDPROTOCOL",
	ErrServicePreprocessorFailed:    "PREPROCESSINGFAILED",
	ErrServicePostprocessorFailed:   "POSTPROCESSINGFAILED",
	ErrDroppedExternalService:       "ACLSYNDROPPED",
	ErrSynDroppedNoClaims:           "SYNDROPPEDNOCLAIMS",
	ErrSynDroppedInvalidToken:       "SYNDROPPEDINVALIDTOKEN",
	ErrSynDroppedTCPOption:          "SYNDROPPEDAUTHOPTIONNOTFOUND",
	ErrSynDroppedInvalidFormat:      "SYNDROPPEDINVALIDFORMAT",
	ErrSynRejectPacket:              "SYNDROPPEDPOLICY",
	ErrOutOfOrderSynAck:             "UNEXPECTEDSYNACK",
	ErrInvalidSynAck:                "DEADPUSYNACK",
	ErrSynAckMissingToken:           "SYNACKDROPPEDINVALIDTOKEN",
	ErrSynAckBadClaims:              "SYNACKDROPPEDBADCLAIMS",
	ErrSynAckMissingClaims:          "SYNACKDROPPEDNOCLAIMS",
	ErrSynAckNoTCPAuthOption:        "SYNACKAUTHOPTIONNOTFOUND",
	ErrSynAckInvalidFormat:          "SYNACKDROPPEDINVALIDFORMAT",
	ErrSynAckClaimsMisMatch:         "SYNACKDROPPEDCLAIMSMISMATCH",
	ErrSynAckRejected:               "SYNACKDROPPEDPOLICY",
	ErrSynAckDroppedExternalService: "ERRSYNACKDROPPEDEXTERNALSERVICE",
	ErrAckRejected:                  "ACKDROPPEDPOLICY",
	ErrAckTCPNoTCPAuthOption:        "ACKDROPPEDAUTHOPTIONNOTFOUND",
	ErrAckSigValidationFailed:       "ACKDROPPEDSIGVALIDATIONFAILED",
	ErrAckInvalidFormat:             "ACKDROPPEDINVALIDFORMAT",
	ErrAckInUnknownState:            "ACKDROPPEDUNKNOWNCONNSTATE",
	ErrSynUnexpectedPacket:          "SYNUNEXPECTEDPACKET",
	ErrConnectionsProcessed:         "CONNECTIONSPROCESSED",
	ErrEncrConnectionsProcessed:     "ENCRCONNECTIONSPROCESSED",
	ErrUDPInvalidNetState:           "UDPINVALIDNETSTATE",
	ErrUDPDropSynAck:                "UDPDROPSYNACK",
	ErrUDPDropFin:                   "UDPDROPFIN",
	ErrUDPDropPacket:                "UDPDROPPACKET",
	ErrUDPPreProcessingFailed:       "UDPPREPROCESSINGFAILED",
	ErrUDPRejected:                  "UDPREJECTED",
	ErrUDPPostProcessingFailed:      "UDPPOSTPROCESSINGFAILED",
	ErrUDPNoConnection:              "UDPDROPNOCONNECTION",
	ErrUDPSynInvalidToken:           "UDPSYNINVALIDTOKEN",
	ErrUDPSynMissingClaims:          "UDPSYNMISSINGCLAIMS",
	ErrUDPSynDroppedPolicy:          "UDPSYNDROPPEDPOLICY",
	ErrUDPSynAckBadClaims:           "UDPSYNACKBADCLAIMS",
	ErrUDPSynAckMissingClaims:       "UDPSYNACKMISSINGCLAIMS",
	ErrUDPSynAckPolicy:              "UDPSYNACKPOLICY",
	ErrUDPInvalidSignature:          "UDPACKINVALIDSIGNATURE",
	ErrUDPConnectionsProcessed:      "UDPCONNECTIONSPROCESSED",
	ErrUDPContextIDNotFound:         "UDPCONTEXTIDNOTFOUND",
	ErrUDPDropQueueFull:             "UDPDROPQUEUEFULL",
	ErrUDPDropInNfQueue:             "UDPDROPINNFQUEUE",
	ErrUDPSynDropped:                "UDPSYNDROPPED",
}

    CounterNames is the name for each error reported to the collector

    Functions

    func GetErrorCounters

    func GetErrorCounters() []collector.Counters

      GetErrorCounters returns the counters for packets whose PU is not known

      func PuContextError

      func PuContextError(err ErrorType, logMsg string) error

        PuContextError increments a global unknown PU counter and returns an error

        func ToError

        func ToError(errType ErrorType) error

          ToError returns converts error from ErrorType

          Types

          type ErrorType

          type ErrorType int

            ErrorType custom counter error type

            const (
            	ErrUnknownError ErrorType = iota
            	ErrInvalidNetState
            	ErrNonPUTraffic
            	ErrNetSynNotSeen
            	ErrNoConnFound
            	ErrRejectPacket
            	ErrTCPAuthNotFound
            	ErrInvalidConnState
            	ErrMarkNotFound
            	ErrPortNotFound
            	ErrContextIDNotFound
            	ErrInvalidProtocol
            	ErrServicePreprocessorFailed
            	ErrServicePostprocessorFailed
            	ErrDroppedExternalService
            	ErrSynDroppedNoClaims
            	ErrSynDroppedInvalidToken
            	ErrSynDroppedTCPOption
            	ErrSynDroppedInvalidFormat
            	ErrSynRejectPacket
            	ErrOutOfOrderSynAck
            	ErrInvalidSynAck
            	ErrSynAckMissingToken
            	ErrSynAckBadClaims
            	ErrSynAckMissingClaims
            	ErrSynAckNoTCPAuthOption
            	ErrSynAckInvalidFormat
            	ErrSynAckClaimsMisMatch
            	ErrSynAckRejected
            	ErrSynAckDroppedExternalService
            	ErrAckRejected
            	ErrAckTCPNoTCPAuthOption
            	ErrAckSigValidationFailed
            	ErrAckInvalidFormat
            	ErrAckInUnknownState
            	ErrSynUnexpectedPacket
            	ErrConnectionsProcessed
            	ErrEncrConnectionsProcessed
            	ErrUDPInvalidNetState
            	ErrUDPDropSynAck
            	ErrUDPDropFin
            	ErrUDPDropPacket
            	ErrUDPPreProcessingFailed
            	ErrUDPRejected
            	ErrUDPPostProcessingFailed
            	ErrUDPNoConnection
            	ErrUDPSynInvalidToken
            	ErrUDPSynMissingClaims
            	ErrUDPSynDroppedPolicy
            	ErrUDPSynAckBadClaims
            	ErrUDPSynAckMissingClaims
            	ErrUDPSynAckPolicy
            	ErrUDPInvalidSignature
            	ErrUDPConnectionsProcessed
            	ErrUDPContextIDNotFound
            	ErrUDPDropQueueFull
            	ErrUDPDropInNfQueue
            	ErrUDPSynDropped
            )

              Error Constants

              func GetError

              func GetError(err error) ErrorType

                GetError gives the errortype for an error

                type PUContext

                type PUContext struct {
                	ApplicationACLs *acls.ACLCache
                
                	DNSACLs      policy.DNSRuleList
                	DNSProxyPort string
                
                	Extension interface{}
                
                	sync.RWMutex
                	// contains filtered or unexported fields
                }

                  PUContext holds data indexed by the PU ID

                  func NewPU

                  func NewPU(contextID string, puInfo *policy.PUInfo, timeout time.Duration) (*PUContext, error)

                    NewPU creates a new PU context

                    func (*PUContext) Annotations

                    func (p *PUContext) Annotations() *policy.TagStore

                      Annotations returns the annotations

                      func (*PUContext) ApplicationACLPolicyFromAddr

                      func (p *PUContext) ApplicationACLPolicyFromAddr(addr net.IP, port uint16) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)

                        ApplicationACLPolicyFromAddr retrieve the policy given an address and port.

                        func (*PUContext) Autoport

                        func (p *PUContext) Autoport() bool

                          Autoport returns if auto port feature is set on the PU

                          func (*PUContext) CacheExternalFlowPolicy

                          func (p *PUContext) CacheExternalFlowPolicy(packet *packet.Packet, plc interface{})

                            CacheExternalFlowPolicy will cache an external flow

                            func (*PUContext) CompressedTags

                            func (p *PUContext) CompressedTags() *policy.TagStore

                              CompressedTags returns the compressed tags.

                              func (*PUContext) CreateRcvRules

                              func (p *PUContext) CreateRcvRules(policyRules policy.TagSelectorList)

                                CreateRcvRules create receive rules for this PU based on the update of the policy.

                                func (*PUContext) CreateTxtRules

                                func (p *PUContext) CreateTxtRules(policyRules policy.TagSelectorList)

                                  CreateTxtRules create receive rules for this PU based on the update of the policy.

                                  func (*PUContext) GetCachedTokenAndServiceContext

                                  func (p *PUContext) GetCachedTokenAndServiceContext() ([]byte, []byte, error)

                                    GetCachedTokenAndServiceContext returns the cached syn packet token

                                    func (*PUContext) GetErrorCounters

                                    func (p *PUContext) GetErrorCounters() []collector.Counters

                                      GetErrorCounters returns the error counters and resets the counters to zero

                                      func (*PUContext) GetJWT

                                      func (p *PUContext) GetJWT() (string, error)

                                        GetJWT retrieves the JWT if it exists in the cache. Returns error otherwise.

                                        func (*PUContext) GetPolicyFromFQDN

                                        func (p *PUContext) GetPolicyFromFQDN(fqdn string) ([]policy.PortProtocolPolicy, error)

                                          GetPolicyFromFQDN gets the list of policies that are mapped with the hostname

                                          func (*PUContext) GetProcessKeys

                                          func (p *PUContext) GetProcessKeys() (string, []string, []string)

                                            GetProcessKeys returns the cache keys for a process

                                            func (*PUContext) HashID

                                            func (p *PUContext) HashID() string

                                              HashID returns the hash of the ID of the PU

                                              func (*PUContext) ID

                                              func (p *PUContext) ID() string

                                                ID returns the ID of the PU

                                                func (*PUContext) Identity

                                                func (p *PUContext) Identity() *policy.TagStore

                                                  Identity returns the indentity

                                                  func (*PUContext) ManagementID

                                                  func (p *PUContext) ManagementID() string

                                                    ManagementID returns the management ID

                                                    func (*PUContext) ManagementNamespace

                                                    func (p *PUContext) ManagementNamespace() string

                                                      ManagementNamespace returns the management namespace

                                                      func (*PUContext) Mark

                                                      func (p *PUContext) Mark() string

                                                        Mark returns the PU mark

                                                        func (*PUContext) NetworkACLPolicy

                                                        func (p *PUContext) NetworkACLPolicy(packet *packet.Packet) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)

                                                          NetworkACLPolicy retrieves the policy based on ACLs

                                                          func (*PUContext) NetworkACLPolicyFromAddr

                                                          func (p *PUContext) NetworkACLPolicyFromAddr(addr net.IP, port uint16) (report *policy.FlowPolicy, action *policy.FlowPolicy, err error)

                                                            NetworkACLPolicyFromAddr retrieve the policy given an address and port.

                                                            func (*PUContext) PuContextError

                                                            func (p *PUContext) PuContextError(err ErrorType, logMsg string) error

                                                              PuContextError increments the error counter and returns an error

                                                              func (*PUContext) RemoveApplicationACL

                                                              func (p *PUContext) RemoveApplicationACL(addr net.IP, mask int)

                                                                RemoveApplicationACL removes the application ACLs which are indexed with (ip, mask) key

                                                                func (*PUContext) RetrieveCachedExternalFlowPolicy

                                                                func (p *PUContext) RetrieveCachedExternalFlowPolicy(id string) (interface{}, error)

                                                                  RetrieveCachedExternalFlowPolicy returns the policy for an external IP

                                                                  func (*PUContext) Scopes

                                                                  func (p *PUContext) Scopes() []string

                                                                    Scopes returns the scopes.

                                                                    func (*PUContext) SearchRcvRules

                                                                    func (p *PUContext) SearchRcvRules(
                                                                    	tags *policy.TagStore,
                                                                    ) (report *policy.FlowPolicy, packet *policy.FlowPolicy)

                                                                      SearchRcvRules searches both receive and observed receive rules and returns the index and action

                                                                      func (*PUContext) SearchTxtRules

                                                                      func (p *PUContext) SearchTxtRules(
                                                                      	tags *policy.TagStore,
                                                                      	skipRejectPolicies bool,
                                                                      ) (report *policy.FlowPolicy, packet *policy.FlowPolicy)

                                                                        SearchTxtRules searches both receive and observed transmit rules and returns the index and action

                                                                        func (*PUContext) SynServiceContext

                                                                        func (p *PUContext) SynServiceContext() []byte

                                                                          SynServiceContext returns synServiceContext

                                                                          func (*PUContext) TCPPorts

                                                                          func (p *PUContext) TCPPorts() []string

                                                                            TCPPorts returns the PU TCP ports

                                                                            func (*PUContext) Type

                                                                            func (p *PUContext) Type() common.PUType

                                                                              Type return the pu type

                                                                              func (*PUContext) UDPPorts

                                                                              func (p *PUContext) UDPPorts() []string

                                                                                UDPPorts returns the PU UDP ports

                                                                                func (*PUContext) UpdateApplicationACLs

                                                                                func (p *PUContext) UpdateApplicationACLs(rules policy.IPRuleList) error

                                                                                  UpdateApplicationACLs updates the application ACL policy

                                                                                  func (*PUContext) UpdateCachedTokenAndServiceContext

                                                                                  func (p *PUContext) UpdateCachedTokenAndServiceContext(token []byte, serviceContext []byte)

                                                                                    UpdateCachedTokenAndServiceContext updates the local cached token

                                                                                    func (*PUContext) UpdateJWT

                                                                                    func (p *PUContext) UpdateJWT(jwt string, expiration time.Time)

                                                                                      UpdateJWT updates the JWT and provides a new expiration date.

                                                                                      func (*PUContext) UpdateNetworkACLs

                                                                                      func (p *PUContext) UpdateNetworkACLs(rules policy.IPRuleList) error

                                                                                        UpdateNetworkACLs updates the network ACL policy

                                                                                        func (*PUContext) UpdateSynServiceContext

                                                                                        func (p *PUContext) UpdateSynServiceContext(synServiceContext []byte)

                                                                                          UpdateSynServiceContext updates the synServiceContext

                                                                                          func (*PUContext) Username

                                                                                          func (p *PUContext) Username() string

                                                                                            Username returns the ID of the PU

                                                                                            type PuErrors

                                                                                            type PuErrors struct {
                                                                                            	// contains filtered or unexported fields
                                                                                            }

                                                                                              PuErrors holds the string,integer for each error

                                                                                              func (PuErrors) Error

                                                                                              func (e PuErrors) Error() string

                                                                                                Error implemented to satisfy the error interface