hcnproxyctrl

package

v0.0.0-...-58a12be Latest Latest Go to latest Published: Nov 17, 2021 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Microsoft/hcnproxyctrl

Links

Open Source Insights

Documentation ¶

Overview ¶

Package hcnproxyctrl implements a high-level library that allows users to program layer-4 proxy policies on Windows through the Host Networking Service (HNS).

Index ¶

Constants
func AddPolicy(hnsEndpointID string, policy Policy) error
func ClearPolicies(hnsEndpointID string) (numRemoved int, err error)
func GetEndpointFromContainer(containerID string, runtimeEndpoint string) (hnsEndpointID string, err error)
type Policy
- func ListPolicies(hnsEndpointID string) ([]Policy, error)

Constants ¶

View Source

const LocalSystemSID = "S-1-5-18"

LocalSystemSID defines the SID of the permission set known in Windows as "Local System". In a sidecar proxy deployment, users will typically run the proxy container under that SID, and assign it to the UserSID field of the Policy struct, to signify to HNS that traffic originating from that SID should not be forwarded to the proxy -- which would create a loop, since traffic originating from the proxy would be forwarded back to the proxy.

Variables ¶

This section is empty.

Functions ¶

func AddPolicy ¶

func AddPolicy(hnsEndpointID string, policy Policy) error

AddPolicy adds a layer-4 proxy policy to HNS. The endpointID refers to the ID of the endpoint as defined by HNS (eg. the GUID output by hnsdiag). An error is returned if the policy passed in argument is invalid, or if it could not be applied for any reason.

func ClearPolicies ¶

func ClearPolicies(hnsEndpointID string) (numRemoved int, err error)

ClearPolicies removes all the proxy policies from the specified endpoint. It returns the number of policies that were removed, which will be zero if an error occurred or if the endpoint did not have any active proxy policies.

func GetEndpointFromContainer ¶

func GetEndpointFromContainer(containerID string, runtimeEndpoint string) (hnsEndpointID string, err error)

GetEndpointFromContainer takes a container ID as argument and returns the ID of the HNS endpoint to which it is attached. It returns an error if the specified container is not attached to any endpoint. Note: there is no verification that the ID passed as argument belongs to an actual container.

Types ¶

type Policy ¶

type Policy struct {
	// The port the proxy is listening on. (Required)
	ProxyPort string

	// Ignore traffic originating from the specified user SID. (Optional)
	UserSID string

	// Only proxy traffic originating from the specified address. (Optional)
	LocalAddresses string

	// Only proxy traffic destinated to the specified address. (Optional)
	RemoteAddresses string

	// Only proxy traffic originating from the specified port or port range. (Optional)
	LocalPorts string

	// Only proxy traffic destinated to the specified port or port range. (Optional)
	RemotePorts string

	// The priority of this policy. (Optional)
	// For more info, see https://docs.microsoft.com/en-us/windows/win32/fwp/filter-weight-assignment.
	Priority uint16

	// Only proxy traffic using this protocol. TCP is the only supported
	// protocol for now, and this field defaults to that if left blank. (Optional)
	// Ex: 6 = TCP
	Protocol string
}

Policy specifies the proxy and the kind of traffic that will be intercepted by the proxy.

func ListPolicies ¶

func ListPolicies(hnsEndpointID string) ([]Policy, error)

ListPolicies returns the proxy policies that are currently active on the given endpoint.

Source Files ¶

View all Source files

hcnproxyctl.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL