Documentation
¶
Overview ¶
Package access contains structures for access control management.
Index ¶
- type Blocker
- type DefaultProfile
- type EmptyBlocker
- type EmptyProfile
- type EmptyProfileMetrics
- type EmptyStandard
- type Global
- type Interface
- type Profile
- type ProfileConfig
- type ProfileConstructor
- type ProfileConstructorConfig
- type ProfileMetrics
- type StandardBlocker
- type StandardBlockerConfig
- type StandardSetter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Blocker ¶
type Blocker interface {
// IsBlocked returns true if the req should be blocked. req must not be
// nil, and req.Question must have one item.
IsBlocked(
ctx context.Context,
req *dns.Msg,
rAddr netip.AddrPort,
l *geoip.Location,
) (isBlocked bool)
}
Blocker is the interface to control DNS resolution access.
type DefaultProfile ¶
type DefaultProfile struct {
// contains filtered or unexported fields
}
DefaultProfile controls profile specific IP and client blocking that take place before all other processing. DefaultProfile is safe for concurrent use.
func (*DefaultProfile) Config ¶
func (p *DefaultProfile) Config() (conf *ProfileConfig)
Config implements the Profile interface for *DefaultProfile.
type EmptyBlocker ¶
type EmptyBlocker struct{}
EmptyBlocker is an empty Blocker implementation that does nothing.
type EmptyProfile ¶
type EmptyProfile struct {
EmptyBlocker
}
EmptyProfile is an empty Profile implementation that does nothing.
func (EmptyProfile) Config ¶
func (EmptyProfile) Config() (conf *ProfileConfig)
Config implements the Profile interface for EmptyProfile. It always returns nil.
type EmptyProfileMetrics ¶
type EmptyProfileMetrics struct{}
EmptyProfileMetrics is the implementation of the ProfileMetrics interface that does nothing.
func (EmptyProfileMetrics) ObserveProfileInit ¶
func (EmptyProfileMetrics) ObserveProfileInit(_ context.Context, _ time.Duration)
ObserveProfileInit implements the ProfileMetrics interface for EmptyProfileMetrics.
type EmptyStandard ¶
type EmptyStandard struct{}
EmptyStandard is an empty StandardSetter implementation that does nothing.
func (EmptyStandard) SetConfig ¶
func (EmptyStandard) SetConfig(_ *StandardBlockerConfig)
SetConfig implements the StandardSetter interface for EmptyStandard. It always returns false.
type Global ¶
type Global struct {
// contains filtered or unexported fields
}
Global controls IP and client blocking that takes place before all other processing. Global is safe for concurrent use.
func (*Global) IsBlockedHost ¶
IsBlockedHost implements the Interface interface for *Global.
type Interface ¶
type Interface interface {
// IsBlockedHost returns true if host should be blocked.
IsBlockedHost(host string, qt uint16) (blocked bool)
// IsBlockedIP returns the status of the IP address blocking as well as the
// rule that blocked it.
IsBlockedIP(ip netip.Addr) (blocked bool)
}
Interface is the access manager interface.
type Profile ¶
type Profile interface {
// Config returns the profile access configuration.
Config() (conf *ProfileConfig)
Blocker
}
Profile is the profile access manager interface.
type ProfileConfig ¶
type ProfileConfig struct {
// AllowedNets is slice of CIDRs to be allowed.
AllowedNets []netip.Prefix
// BlockedNets is slice of CIDRs to be blocked.
BlockedNets []netip.Prefix
// AllowedNets is slice of location ASNs to be allowed.
AllowedASN []geoip.ASN
// BlockedASN is slice of location ASNs to be blocked.
BlockedASN []geoip.ASN
// BlocklistDomainRules is slice of rules to match requests.
BlocklistDomainRules []string
// StandardEnabled controls whether the profile should also apply standard
// access settings.
StandardEnabled bool
}
ProfileConfig is a profile specific access configuration.
NOTE: Do not change fields of this structure without incrementing internal/profiledb/internal.FileCacheVersion.
type ProfileConstructor ¶
type ProfileConstructor struct {
// contains filtered or unexported fields
}
ProfileConstructor creates default access managers for profiles.
func NewProfileConstructor ¶
func NewProfileConstructor(conf *ProfileConstructorConfig) (c *ProfileConstructor)
NewProfileConstructor returns a properly initialized *ProfileConstructor. conf must not be nil.
func (*ProfileConstructor) New ¶
func (c *ProfileConstructor) New(conf *ProfileConfig) (p *DefaultProfile)
New creates a new access manager for a profile based on the configuration. conf must not be nil and must be valid.
type ProfileConstructorConfig ¶
type ProfileConstructorConfig struct {
// Metrics is used for the collection of the statistics of profile access
// managers. It must not be nil.
Metrics ProfileMetrics
// Standard is the standard blocker for all profiles which have enabled this
// feature. It must not be nil.
Standard Blocker
}
ProfileConstructorConfig is the configuration for the ProfileConstructor.
type ProfileMetrics ¶
type ProfileMetrics interface {
// ObserveProfileInit records the duration taken for the initialization of
// the profile access engine.
ObserveProfileInit(ctx context.Context, dur time.Duration)
}
ProfileMetrics is an interface used for collecting statistics related to the profile access engine.
type StandardBlocker ¶
type StandardBlocker struct {
// contains filtered or unexported fields
}
StandardBlocker is the dynamic Blocker implementation with standard access settings.
func NewStandardBlocker ¶
func NewStandardBlocker(conf *StandardBlockerConfig) (s *StandardBlocker)
NewStandardBlocker creates a new StandardBlocker instance. conf must not be nil.
func (*StandardBlocker) IsBlocked ¶
func (b *StandardBlocker) IsBlocked( _ context.Context, req *dns.Msg, rAddr netip.AddrPort, l *geoip.Location, ) (blocked bool)
IsBlocked implements the Blocker interface for *StandardBlocker.
func (*StandardBlocker) SetConfig ¶
func (b *StandardBlocker) SetConfig(c *StandardBlockerConfig)
SetConfig implements the StandardSetter interface for *StandardBlocker.
type StandardBlockerConfig ¶
type StandardBlockerConfig struct {
// AllowedNets are the networks allowed for DNS resolution. If empty or
// nil, all networks are allowed, except those blocked by BlockedNets.
AllowedNets []netip.Prefix
// BlockedNets are the networks blocked for DNS resolution. If empty or
// nil, all networks are allowed, except those allowed by AllowedNets.
BlockedNets []netip.Prefix
// AllowedASN are the ASNs allowed for DNS resolution. If empty or nil, all
// ASNs are allowed, except those blocked by BlockedASN.
AllowedASN []geoip.ASN
// BlockedASN are the ASNs blocked for DNS resolution. If empty or nil, all
// ASNs are allowed, except those allowed by AllowedASN.
BlockedASN []geoip.ASN
// BlocklistDomainRules are the rules blocking the domains. If empty or
// nil, no domains are blocked.
BlocklistDomainRules []string
}
StandardBlockerConfig is the configuration structure for the standard access blocker.
func (*StandardBlockerConfig) Equal ¶
func (c *StandardBlockerConfig) Equal(other *StandardBlockerConfig) (ok bool)
Equal returns true if c and other are equal. nil is only equal to other nil.
type StandardSetter ¶
type StandardSetter interface {
// SetConfig sets the configuration for the standard access blocker. conf
// must not be nil. Fields of conf must not be modified after calling this
// method. It must be safe for concurrent use.
SetConfig(conf *StandardBlockerConfig)
}
StandardSetter is the interface for setting the standard access blocker configuration.
Source Files