secpath

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 1, 2026 License: MIT Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RetryMethodNext   = "next"
	RetryMethodSuffix = "suffix"
)
View Source 
const (
	StaticOutbound    = "static_outbound"
	StaticInbound     = "static_inbound"
	StaticInOut       = "static_inout"
	DynamicOutbound   = "dynamic_outbound"
	PolicyBaseSnat    = "policy_base_snat"
	PolicyBaseDnat    = "policy_base_dnat"
	ServiceObject     = "service_object"
	SourceObject      = "source_object"
	DestinationObject = "destination_object"
)

Variables

View Source 
var SECPATH_ICMP6_N2P = map[int]string{
	128: "pingv6",
}
View Source 
var SECPATH_ICMP6_P2N = map[string]int{
	"pingv6": 128,
}
View Source 
var SECPATH_ICMP_N2P = map[int]string{
	17: "icmp-address-mask",
	3:  "icmp-dest-unreachable",
	11: "icmp-time-exceeded",
	12: "icmp-parameter-problem",
	5:  "icmp-redirect",
	4:  "icmp-source-quench",
	13: "icmp-timestamp",
	30: "icmp-traceroute",
	8:  "ping",
	15: "icmp-info",
}
View Source 
var SECPATH_ICMP_P2N = map[string]int{
	"icmp-address-mask":        17,
	"icmp-dest-unreachable":    3,
	"icmp-fragment-needed":     3,
	"icmp-fragment-reassembly": 11,
	"icmp-host-unreachable":    3,
	"icmp-info":                15,
	"icmp-parameter-problem":   12,
	"icmp-port-unreachable":    3,
	"icmp-protocol-unreach":    3,
	"icmp-redirect":            5,
	"icmp-redirect-host":       5,
	"icmp-redirect-tos-host":   5,
	"icmp-redirect-tos-net":    5,
	"icmp-source-quench":       4,
	"icmp-source-route-fail":   3,
	"icmp-time-exceeded":       11,
	"icmp-timestamp":           13,
	"icmp-traceroute":          30,
	"ping":                     8,
}
View Source 
var SECPATH_ICMP_TYPE_CODE = map[string]struct {
	Type int
	Code int
}{
	"echo":                 {Type: 8, Code: 0},
	"echo-reply":           {Type: 0, Code: 0},
	"fragmentneed-DFset":   {Type: 3, Code: 4},
	"host-redirect":        {Type: 5, Code: 1},
	"host-tos-redirect":    {Type: 5, Code: 3},
	"host-unreachable":     {Type: 3, Code: 1},
	"information-reply":    {Type: 16, Code: 0},
	"information-request":  {Type: 15, Code: 0},
	"net-redirect":         {Type: 5, Code: 0},
	"net-tos-redirect":     {Type: 5, Code: 2},
	"net-unreachable":      {Type: 3, Code: 0},
	"parameter-problem":    {Type: 12, Code: 0},
	"port-unreachable":     {Type: 3, Code: 3},
	"protocol-unreachable": {Type: 3, Code: 2},
	"reassembly-timeout":   {Type: 11, Code: 1},
	"source-quench":        {Type: 4, Code: 0},
	"source-route-failed":  {Type: 3, Code: 5},
	"timestamp-reply":      {Type: 14, Code: 0},
	"timestamp-request":    {Type: 13, Code: 0},
	"ttl-exceeded":         {Type: 11, Code: 0},
}
View Source 
var SECPATH_NumToProtocol = map[int]string{
	51:  "ah",
	88:  "eigrp",
	58:  "icmp6",
	50:  "esp",
	47:  "gre",
	1:   "icmp",
	2:   "igmp",
	9:   "igrp",
	255: "ip",
	4:   "ipinip",
	94:  "nos",
	89:  "ospf",
	108: "pcp",
	109: "snp",
	6:   "tcp",
	132: "sctp",
	17:  "udp",
	103: "pim",
	256: "tcp-udp",
}
View Source 
var SECPATH_ProtocolToNum = map[string]int{
	"ah":      51,
	"icmp6":   58,
	"eigrp":   88,
	"esp":     50,
	"gre":     47,
	"icmp":    1,
	"igmp":    2,
	"igrp":    9,
	"ip":      255,
	"ipinip":  4,
	"nos":     94,
	"ospf":    89,
	"pcp":     108,
	"sctp":    132,
	"snp":     109,
	"tcp":     6,
	"udp":     17,
	"pim":     103,
	"ipsec":   50,
	"pptp":    47,
	"tcp-udp": 256,
}
View Source 
var SECPATH_TCP_N2P = map[int]string{
	2095: "3com-nbx",
	2727: "audio-call-control",
	179:  "bgp",
	19:   "chargen",
	514:  "cmd",
	13:   "daytime",
	9:    "discard_tcp",
	53:   "dns-tcp",
	79:   "finger",
	21:   "ftp",
	70:   "gopher",
	1720: "h323",
	80:   "http",
	443:  "https",
	194:  "irc",
	88:   "kerberos-tcp",
	389:  "ldap-tcp",
	1352: "lotus-notes-domino",
	515:  "lpr",
	139:  "netbios-tcp",
	2049: "nfsd-tcp",
	119:  "nntp",
	110:  "pop3",
	111:  "portmapper-tcp",
	1723: "pptp",
	512:  "rexec",
	513:  "rlogin",
	554:  "rtsp",
	5060: "sip-tcp",
	445:  "smb",
	25:   "smtp",
	1521: "sql-net-v1",
	1526: "sql-net-v2",
	22:   "ssh",
	517:  "talk",
	23:   "telnet",
	540:  "uucp",
	5900: "vnc",
	210:  "wais",
	1494: "winframe",
	6000: "x-windows",
}
View Source 
var SECPATH_TCP_P2N = map[string]int{
	"3com-nbx":           2095,
	"audio-call-control": 2727,
	"bgp":                179,
	"chargen":            19,
	"cmd":                514,
	"daytime":            13,
	"discard_tcp":        9,
	"dns-tcp":            53,
	"finger":             79,
	"ftp":                21,
	"gopher":             70,
	"h323":               1720,
	"http":               80,
	"https":              443,
	"irc":                194,
	"kerberos-tcp":       88,
	"ldap-tcp":           389,
	"lotus-notes-domino": 1352,
	"lpr":                515,
	"netbios-tcp":        139,
	"netmeeting":         1720,
	"nfsd-tcp":           2049,
	"nntp":               119,
	"pop3":               110,
	"portmapper-tcp":     111,
	"pptp":               1723,
	"rexec":              512,
	"rlogin":             513,
	"rsh":                514,
	"rtsp":               554,
	"sip-tcp":            5060,
	"smb":                445,
	"smtp":               25,
	"sql-net-v1":         1521,
	"sql-net-v2":         1526,
	"ssh":                22,
	"talk":               517,
	"telnet":             23,
	"uucp":               540,
	"vnc":                5900,
	"wais":               210,
	"winframe":           1494,
	"x-windows":          6000,
}
View Source 
var SECPATH_TCP_UDP_P2N = map[string]int{
	"dns-tcp":        53,
	"dns-udp":        53,
	"kerberos-tcp":   88,
	"kerberos-udp":   88,
	"ldap-tcp":       389,
	"ldap-udp":       389,
	"nfsd-tcp":       2049,
	"nfsd-udp":       2049,
	"portmapper-tcp": 111,
	"portmapper-udp": 111,
	"sip-tcp":        5060,
	"sip-udp":        5060,
}
View Source 
var SECPATH_UDP_N2P = map[int]string{
	3784: "bfd-control",
	4784: "bfd-control-multihop",
	3785: "bfd-echo",
	68:   "dhcp-client",
	67:   "dhcp-relay",
	53:   "dns-udp",
	47:   "gre",
	500:  "ike",
	143:  "imap",
	220:  "imapv3",
	88:   "kerberos-udp",
	1701: "l2tp",
	389:  "ldap-udp",
	4500: "nat-t-ipsec",
	137:  "nbname",
	138:  "netbios-udp",
	2049: "nfsd-udp",
	123:  "ntp",
	8:    "ping",
	128:  "pingv6",
	111:  "portmapper-udp",
	1813: "radius-accounting",
	1812: "radius-auth",
	520:  "rip",
	5060: "sip-udp",
	162:  "sms-trap",
	161:  "snmp-request",
	514:  "syslog",
	69:   "tftp",
	7000: "vdo-live",
	112:  "vrrp",
}
View Source 
var SECPATH_UDP_P2N = map[string]int{
	"bfd-control":          3784,
	"bfd-control-multihop": 4784,
	"bfd-echo":             3785,
	"dhcp-client":          68,
	"dhcp-relay":           67,
	"dhcp-server":          67,
	"dns-udp":              53,
	"gre":                  47,
	"ike":                  500,
	"imap":                 143,
	"imapv3":               220,
	"kerberos-udp":         88,
	"l2tp":                 1701,
	"ldap-udp":             389,
	"nat-t-ipsec":          4500,
	"nbname":               137,
	"netbios-udp":          138,
	"nfsd-udp":             2049,
	"ntp":                  123,
	"portmapper-udp":       111,
	"radius-accounting":    1813,
	"radius-auth":          1812,
	"rip":                  520,
	"sip-udp":              5060,
	"sms-trap":             162,
	"snmp-request":         161,
	"snmp-trap":            162,
	"syslog":               514,
	"tftp":                 69,
	"vdo-live":             7000,
	"vrrp":                 112,
}

Functions

func SECPATHICMPServiceFromString 

func SECPATHICMPServiceFromString(name string) (*service.Service, error)

func SECPATHIcmp6Parse 

func SECPATHIcmp6Parse(name string) (int, error)

func SECPATHIcmpParse 

func SECPATHIcmpParse(name string) (int, error)

func SECPATHNameToService 

func SECPATHNameToService(name string) (*service.Service, error)

func SECPATHParseProtocol 

func SECPATHParseProtocol(s string) (int, error)

func SECPATHPortParse 

func SECPATHPortParse(port string, protocol string) (int, error)

func SECPATHTcpPortParse 

func SECPATHTcpPortParse(s string) (int, error)

func SECPATHTcpUdpPortParse 

func SECPATHTcpUdpPortParse(s string) (int, error)

func SECPATHUdpPortParse 

func SECPATHUdpPortParse(s string) (int, error)

func XmlAddrGroupMemberStructToAddressGroup 

func XmlAddrGroupMemberStructToAddressGroup(xag *model.XmlAddrGroupMemberStruct) *model.AddressGroup

Types

type ACL 

type ACL struct {
	Entries []ACLEntry
	// contains filtered or unexported fields
}

func (ACL) IsPermit 

func (acl ACL) IsPermit(pe policy.PolicyEntryInf) bool

func (*ACL) MarshalJSON 

func (acl *ACL) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (ACL) Match 

func (acl ACL) Match(pe policy.PolicyEntryInf) bool

func (ACL) Name 

func (acl ACL) Name() string

func (*ACL) TypeName 

func (acl *ACL) TypeName() string

实现 TypeInterface 接口

func (*ACL) UnmarshalJSON 

func (acl *ACL) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

type ACLEntry 

type ACLEntry struct {
	// Name        string
	Comment     string
	Cli         string
	ID          int
	Action      firewall.Action
	Vrf         string
	PolicyEntry policy.PolicyEntryInf
}

func (*ACLEntry) MarshalJSON 

func (ae *ACLEntry) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (ACLEntry) Match 

func (ae ACLEntry) Match(pe policy.PolicyEntryInf) bool

func (*ACLEntry) TypeName 

func (ae *ACLEntry) TypeName() string

实现 TypeInterface 接口

func (*ACLEntry) UnmarshalJSON 

func (ae *ACLEntry) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

type ACLSet 

type ACLSet struct {

	// Sets    map[string]ACL
	Sets []*ACL
	// contains filtered or unexported fields
}

func (*ACLSet) GetACL 

func (as *ACLSet) GetACL(name string) *ACL

func (*ACLSet) MarshalJSON 

func (as *ACLSet) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*ACLSet) TypeName 

func (as *ACLSet) TypeName() string

实现 TypeInterface 接口

func (*ACLSet) UnmarshalJSON 

func (as *ACLSet) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

type AclIterator 

type AclIterator struct {
	*firewall.BaseIterator
}

type FilterType 

type FilterType int
const (
	FilterTypeInputContainPolicy FilterType = iota
	FilterTypeInputSameWithPolicy
	FilterTypePolicyContainInput
	FilterTypePolicySameWithInput
)

type NatIterator 

type NatIterator struct {
	*firewall.BaseIterator
	// contains filtered or unexported fields
}

实现 NatPoolIterator

type NatPoolIterator 

type NatPoolIterator struct {
	*firewall.BaseIterator
}

type NatRule 

type NatRule struct {
	// contains filtered or unexported fields
}

func XmlNatPolicyStructToNatRule 

func XmlNatPolicyStructToNatRule(xps *model.XmlNatPolicyStruct, node *SecPathNode, objects *SecPathObjectSet, nats *Nats) *NatRule

func XmlOutboundDynamicStructToNatRule 

func XmlOutboundDynamicStructToNatRule(xos *model.XmlOutboundDynamicStruct, node *SecPathNode, objects *SecPathObjectSet, nats *Nats) *NatRule

func XmlOutboundStaticStructToNatRule 

func XmlOutboundStaticStructToNatRule(xos *model.XmlOutboundStaticStruct, node *SecPathNode, objects *SecPathObjectSet, nats *Nats) *NatRule

func XmlServerOnInterfaceStructToNatRule 

func XmlServerOnInterfaceStructToNatRule(xso *model.XmlServerOnInterfaceStruct, node *SecPathNode, objects *SecPathObjectSet, nats *Nats) *NatRule

1. A single public address with no or a single public port 2. A single public address with consecutive public ports 3. Consecutive public addresses with no public port 4. Consecutive public addresses with one single public port 5. Load sharing NAT server mapping 6. ACL-based NAT server mapping

func (*NatRule) Cli 

func (rule *NatRule) Cli() string

func (*NatRule) Extended 

func (rule *NatRule) Extended() map[string]interface{}

func (*NatRule) MarshalJSON 

func (nr *NatRule) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*NatRule) Name 

func (rule *NatRule) Name() string

func (*NatRule) Original 

func (rule *NatRule) Original() policy.PolicyEntryInf

func (*NatRule) Translate 

func (rule *NatRule) Translate() policy.PolicyEntryInf

func (*NatRule) TypeName 

func (nr *NatRule) TypeName() string

TypeName 实现 TypeInterface 接口

func (*NatRule) UnmarshalJSON 

func (nr *NatRule) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

type Nats 

type Nats struct {
	// contains filtered or unexported fields
}

func (*Nats) MarshalJSON 

func (n *Nats) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*Nats) TypeName 

func (n *Nats) TypeName() string

TypeName 实现 TypeInterface 接口

func (*Nats) UnmarshalJSON 

func (n *Nats) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

type NetworkIterator 

type NetworkIterator struct {
	*firewall.BaseIterator
	// contains filtered or unexported fields
}

实现 NetworkIterator

type Policy 

type Policy struct {
	// contains filtered or unexported fields
}

func XmlIPv4AdvanceAclStructToPolicy 

func XmlIPv4AdvanceAclStructToPolicy(xas *model.XmlIPv4AdvanceAclStruct, node *SecPathNode, objects *SecPathObjectSet) *Policy

func XmlSecurityPolicyStructToPolicy 

func XmlSecurityPolicyStructToPolicy(xps *model.XmlSecurityPolicyStruct, node *SecPathNode, objects *SecPathObjectSet) *Policy

func (*Policy) Action 

func (plc *Policy) Action() firewall.Action

func (*Policy) Cli 

func (plc *Policy) Cli() string

func (*Policy) Description 

func (plc *Policy) Description() string

func (*Policy) Extended 

func (plc *Policy) Extended() map[string]interface{}

func (*Policy) FromPorts 

func (plc *Policy) FromPorts() []api.Port

func (*Policy) FromZones 

func (plc *Policy) FromZones() []string

func (*Policy) GetDestinationAddressObject 

func (plc *Policy) GetDestinationAddressObject() (firewall.FirewallNetworkObject, bool)

GetDestinationAddressObject 获取策略使用的目标地址对象

func (*Policy) GetServiceObject 

func (plc *Policy) GetServiceObject() (firewall.FirewallServiceObject, bool)

GetServiceObject 获取策略使用的服务对象

func (*Policy) GetSourceAddressObject 

func (plc *Policy) GetSourceAddressObject() (firewall.FirewallNetworkObject, bool)

GetSourceAddressObject 获取策略使用的源地址对象

func (*Policy) ID 

func (plc *Policy) ID() string

func (*Policy) MarshalJSON 

func (p *Policy) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*Policy) Match 

func (plc *Policy) Match(pe policy.PolicyEntryInf) bool

func (*Policy) Name 

func (plc *Policy) Name() string

func (*Policy) PolicyEntry 

func (plc *Policy) PolicyEntry() policy.PolicyEntryInf

func (*Policy) ToPorts 

func (plc *Policy) ToPorts() []api.Port

func (*Policy) ToZones 

func (plc *Policy) ToZones() []string

func (*Policy) TypeName 

func (p *Policy) TypeName() string

TypeName 实现 TypeInterface 接口

func (*Policy) UnmarshalJSON 

func (p *Policy) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

type PolicyGroup 

type PolicyGroup struct {
	// contains filtered or unexported fields
}

type PolicyIterator 

type PolicyIterator struct {
	*firewall.BaseIterator
	// contains filtered or unexported fields
}

PolicyIterator 现在嵌入 BaseIterator

type PolicyQuery 

type PolicyQuery struct {
	// contains filtered or unexported fields
}

func NewPolicyQuery 

func NewPolicyQuery(policySet *PolicySet) *PolicyQuery

func (*PolicyQuery) All 

func (pq *PolicyQuery) All() []*Policy

func (*PolicyQuery) DstAddress 

func (pq *PolicyQuery) DstAddress(addr *network.NetworkGroup) *PolicyQuery

func (*PolicyQuery) Exclude 

func (pq *PolicyQuery) Exclude() *PolicyQuery

func (*PolicyQuery) First 

func (pq *PolicyQuery) First() *Policy

func (*PolicyQuery) FromZone 

func (pq *PolicyQuery) FromZone(zone string) *PolicyQuery

func (*PolicyQuery) Last 

func (pq *PolicyQuery) Last() *Policy

func (*PolicyQuery) Service 

func (pq *PolicyQuery) Service(svc *service.Service) *PolicyQuery

func (*PolicyQuery) SrcAddress 

func (pq *PolicyQuery) SrcAddress(addr *network.NetworkGroup) *PolicyQuery

func (*PolicyQuery) ToZone 

func (pq *PolicyQuery) ToZone(zone string) *PolicyQuery

func (*PolicyQuery) UseInputContainPolicy 

func (pq *PolicyQuery) UseInputContainPolicy() *PolicyQuery

func (*PolicyQuery) UseInputSameWithPolicy 

func (pq *PolicyQuery) UseInputSameWithPolicy() *PolicyQuery

func (*PolicyQuery) UsePolicyContainInput 

func (pq *PolicyQuery) UsePolicyContainInput() *PolicyQuery

func (*PolicyQuery) UsePolicySameWithInput 

func (pq *PolicyQuery) UsePolicySameWithInput() *PolicyQuery

type PolicySet 

type PolicySet struct {
	// contains filtered or unexported fields
}

func (*PolicySet) MarshalJSON 

func (ps *PolicySet) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*PolicySet) Match 

func (ps *PolicySet) Match(from, to string, pe policy.PolicyEntryInf) (bool, firewall.FirewallPolicy)

func (*PolicySet) TypeName 

func (ps *PolicySet) TypeName() string

TypeName 实现 TypeInterface 接口

func (*PolicySet) UnmarshalJSON 

func (ps *PolicySet) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

type PolicySorucePortParser 

type PolicySorucePortParser string

func (PolicySorucePortParser) Service 

func (s PolicySorucePortParser) Service() *service.Service

type SecPathNode 

type SecPathNode struct {
	*node.DeviceNode
	AclSet         *ACLSet                  `json:"acl_set"`
	ObjectSet      *SecPathObjectSet        `json:"object_set"`
	PolicySet      *PolicySet               `json:"policy_set"`
	Nats           *Nats                    `json:"nats"`
	SnatDesignInfo []*config.SnatDesignInfo `json:"snat_design_info"`
	NatPreference  map[string]string        `json:"nat_preference"`
}

func (*SecPathNode) AclIterator 

func (node *SecPathNode) AclIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

func (*SecPathNode) AclToDb 

func (secpath *SecPathNode) AclToDb(db *gorm.DB, task_id uint)

func (*SecPathNode) AddressGroupToDb 

func (secpath *SecPathNode) AddressGroupToDb(db *gorm.DB, task_id uint)

func (*SecPathNode) DefaultStep 

func (secpath *SecPathNode) DefaultStep(fp *firewall.FirewallProcess)

func (*SecPathNode) DetermineNatObjectType 

func (secpath *SecPathNode) DetermineNatObjectType(natType string, metaData map[string]interface{}) (firewall.NatObjectType, bool)

determineNatObjectType 根据natType和metaData确定NAT对象类型 所有选择都必须基于设备支持作为前提 对于DNAT和SNAT,一定会命中一种防火墙支持的对象类型清单,同时结合metaData中的配置,最终选择一种对象类型

func (*SecPathNode) DnatIterator 

func (node *SecPathNode) DnatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

func (*SecPathNode) ExtraInit 

func (secpath *SecPathNode) ExtraInit(adapter api.Adapter, deviceConfig *config.DeviceConfig)

func (*SecPathNode) ExtraToDb 

func (secpath *SecPathNode) ExtraToDb(db *gorm.DB, task_id uint)

func (*SecPathNode) FirstPolicyRuleId 

func (secpath *SecPathNode) FirstPolicyRuleId(ipType network.IPFamily) string

func (*SecPathNode) FlyConfig 

func (secpath *SecPathNode) FlyConfig(cli interface{})

func (*SecPathNode) FlyConfigXml 

func (secpath *SecPathNode) FlyConfigXml(cli interface{})

func (*SecPathNode) FlyObjectToFlattenCli 

func (secpath *SecPathNode) FlyObjectToFlattenCli(flyObject interface{}, ctx *firewall.PolicyContext) string

func (*SecPathNode) GenerateVipMipSnatPoolName 

func (secpath *SecPathNode) GenerateVipMipSnatPoolName(objectType string, intent *policy.Intent, metaData map[string]interface{}) string

GenerateVipMipSnatPoolName 自动生成VIP/MIP/SNAT_POOL对象名称(可选) SecPath: 不提供自动命名,返回空字符串使用配置模板

func (*SecPathNode) GetObjectByNetworkGroup 

func (secpath *SecPathNode) GetObjectByNetworkGroup(ng *network.NetworkGroup, searchType firewall.ObjectSearchType, port api.Port) (firewall.FirewallNetworkObject, bool)

func (*SecPathNode) GetObjectByService 

func (secpath *SecPathNode) GetObjectByService(s *service.Service, searchType firewall.ObjectSearchType) (firewall.FirewallServiceObject, bool)

func (*SecPathNode) GetObjectByVipMipSnatPool 

func (secpath *SecPathNode) GetObjectByVipMipSnatPool(objectType string, intent *policy.Intent) (firewall.FirewallNetworkObject, bool)

GetObjectByVipMipSnatPool 检查VIP/MIP/SNAT_POOL对象是否已存在(复用检查) SecPath: 不支持VIP/MIP,SNAT_POOL通过GetPoolByNetworkGroup查找

func (*SecPathNode) GetPolicyName 

func (secpath *SecPathNode) GetPolicyName(ctx *firewall.PolicyContext) (string, error)

GetPolicyName 获取策略名称(SecPath使用命名模板,返回空字符串)

func (*SecPathNode) GetPoolByNetworkGroup 

func (secpath *SecPathNode) GetPoolByNetworkGroup(ng *network.NetworkGroup, natType firewall.NatType) (firewall.FirewallNetworkObject, bool)

func (*SecPathNode) GetReuseNatObject 

func (secpath *SecPathNode) GetReuseNatObject(natType string, intent *policy.Intent, metaData map[string]interface{}) (name string, reused bool)

GetReuseNatObject 获取可重用的NAT对象名称 SecPath:

  • DNAT: 根据dnat_object_type配置,可能使用NETWORK_OBJECT或INLINE
  • SNAT: 根据snat_object_type配置,可能使用SNAT_POOL、NETWORK_OBJECT、INTERFACE或INLINE

通过natType和metaData配置来决定objectType,然后进行复用查询

func (*SecPathNode) GetSupportedNatObjectTypes 

func (secpath *SecPathNode) GetSupportedNatObjectTypes(natType string) []firewall.NatObjectType

GetSupportedNatObjectTypes 获取该防火墙支持的NAT对象类型 SecPath: DNAT不支持VIP/MIP,SNAT支持SNAT_POOL(通过address-group,即NetworkObject)

func (*SecPathNode) HasNatName 

func (secpath *SecPathNode) HasNatName(name string) bool

func (*SecPathNode) HasObjectName 

func (secpath *SecPathNode) HasObjectName(name string) bool

func (*SecPathNode) HasPolicyName 

func (secpath *SecPathNode) HasPolicyName(name string) bool

func (*SecPathNode) HasPoolName 

func (secpath *SecPathNode) HasPoolName(name string) bool

func (*SecPathNode) InPacket 

func (secpath *SecPathNode) InPacket(from, to api.Port, entry policy.PolicyEntryInf) (firewall.Action, firewall.FirewallPolicy)

func (*SecPathNode) InputNat 

func (secpath *SecPathNode) InputNat(intent *policy.Intent, inPort api.Port) processor.AbstractMatchResult

func (*SecPathNode) InputNatTargetCheck 

func (secpath *SecPathNode) InputNatTargetCheck(intent *policy.Intent, inPort, outPort api.Port) (bool, firewall.FirewallNatRule)

func (*SecPathNode) InputPolicy 

func (secpath *SecPathNode) InputPolicy(intent *policy.Intent, inPort, outPort api.Port) processor.AbstractMatchResult

func (*SecPathNode) L4Port 

func (secpath *SecPathNode) L4Port(name string) (*service.L4Port, bool)

func (*SecPathNode) MakeDynamicNatCli 

func (secpath *SecPathNode) MakeDynamicNatCli(from, out api.Port, intent *policy.Intent, ctx *firewall.PolicyContext) (flyObject interface{}, cmdList command.CmdList)

func (*SecPathNode) MakeInputPolicyCli 

func (secpath *SecPathNode) MakeInputPolicyCli(from, out api.Port, intent *policy.Intent, ctx *firewall.PolicyContext) (flyObject interface{}, cmdList command.CmdList, moveRule []string)

func (*SecPathNode) MakeOutputPolicyCli 

func (secpath *SecPathNode) MakeOutputPolicyCli(from, out api.Port, intent *policy.Intent, ctx *firewall.PolicyContext) (flyObject interface{}, cmdList command.CmdList)

func (*SecPathNode) MakeStaticNatCli 

func (secpath *SecPathNode) MakeStaticNatCli(from, out api.Port, intent *policy.Intent, ctx *firewall.PolicyContext) (flyObject interface{}, cmdList command.CmdList)

func (*SecPathNode) MarshalJSON 

func (spn *SecPathNode) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*SecPathNode) NatIterator 

func (node *SecPathNode) NatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

func (*SecPathNode) NatPoolIterator 

func (node *SecPathNode) NatPoolIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

func (*SecPathNode) NatsToDb 

func (secpath *SecPathNode) NatsToDb(db *gorm.DB, task_id uint)

func (*SecPathNode) Network 

func (secpath *SecPathNode) Network(zone, name string) (*network.NetworkGroup, bool)

func (*SecPathNode) NetworkIterator 

func (node *SecPathNode) NetworkIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

func (*SecPathNode) NetworkObjectToDb 

func (secpath *SecPathNode) NetworkObjectToDb(db *gorm.DB, task_id uint)

func (*SecPathNode) NextPolicyId 

func (secpath *SecPathNode) NextPolicyId(ipType network.IPFamily) int

func (*SecPathNode) NextPoolId 

func (secpath *SecPathNode) NextPoolId(id string) string

func (*SecPathNode) ObjectConsistencyCheck 

func (secpath *SecPathNode) ObjectConsistencyCheck(objectType string, name string, input interface{}) (bool, string, error)

ObjectConsistencyCheck 进行对象一致性检查

func (*SecPathNode) OutputNat 

func (secpath *SecPathNode) OutputNat(intent *policy.Intent, inPort, outPort api.Port) processor.AbstractMatchResult

func (*SecPathNode) OutputPolicy 

func (secpath *SecPathNode) OutputPolicy(intent *policy.Intent, inPort, outPort api.Port) processor.AbstractMatchResult

func (*SecPathNode) Policies 

func (secppath *SecPathNode) Policies() []firewall.FirewallPolicy

func (*SecPathNode) PolicyIterator 

func (node *SecPathNode) PolicyIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

func (*SecPathNode) PolicyToDb 

func (secpath *SecPathNode) PolicyToDb(db *gorm.DB, task_id uint)

func (*SecPathNode) Service 

func (secpath *SecPathNode) Service(name string) (*service.Service, bool)

func (*SecPathNode) ServiceIterator 

func (node *SecPathNode) ServiceIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

func (*SecPathNode) ServiceObjectToDb 

func (secpath *SecPathNode) ServiceObjectToDb(db *gorm.DB, task_id uint)

func (*SecPathNode) SetNATPreference 

func (secpath *SecPathNode) SetNATPreference(natType, preference string)

func (*SecPathNode) SnatIterator 

func (node *SecPathNode) SnatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

辅助方法

func (*SecPathNode) StaticNatIterator 

func (node *SecPathNode) StaticNatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

func (*SecPathNode) Type 

func (secpath *SecPathNode) Type() terminalmode.DeviceType

func (*SecPathNode) TypeName 

func (spn *SecPathNode) TypeName() string

TypeName 实现 TypeInterface 接口

func (*SecPathNode) UnmarshalJSON 

func (spn *SecPathNode) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

func (*SecPathNode) UpdateSnatStep 

func (secpath *SecPathNode) UpdateSnatStep(in, out api.Port, intent *policy.Intent, fp *firewall.FirewallProcess)

type SecPathObjectSet 

type SecPathObjectSet struct {

	// services       []firewall.FirewallServiceObject
	ServiceMap     map[string]firewall.FirewallServiceObject
	ZoneNetworkMap map[ZoneName]map[string]firewall.FirewallNetworkObject
	// networks []firewall.FirewallNetworkObject
	// ipv6Networks []firewall.FirewallServiceObject
	// zoneNetworkMap map[string]map[string]firewall.FirewallNetworkObject
	// serviceMap map[string]firewall.FirewallServiceObject
	// poolMap    map[firewall.NatType]map[string]firewall.FirewallNetworkObject
	PortObjectMap map[string]*secpathPortObject
	// contains filtered or unexported fields
}

func NewSecPathObjectSet 

func NewSecPathObjectSet(node *SecPathNode) *SecPathObjectSet

func (*SecPathObjectSet) GetObjectByNetworkGroup 

func (secpath *SecPathObjectSet) GetObjectByNetworkGroup(ng *network.NetworkGroup, searchType firewall.ObjectSearchType, port api.Port) (firewall.FirewallNetworkObject, bool)

func (*SecPathObjectSet) GetObjectByService 

func (secpath *SecPathObjectSet) GetObjectByService(s *service.Service, searchType firewall.ObjectSearchType) (firewall.FirewallServiceObject, bool)

func (*SecPathObjectSet) MarshalJSON 

func (spos *SecPathObjectSet) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*SecPathObjectSet) Network 

func (sec *SecPathObjectSet) Network(zone, name string) (*network.NetworkGroup, string, bool)

func (sec *SecPathObjectSet) GetPoolByNetworkGroup(ng *network.NetworkGroup, natType firewall.NatType) (firewall.FirewallNetworkObject, bool) { }

func (*SecPathObjectSet) Service 

func (sec *SecPathObjectSet) Service(name string) (*service.Service, string, bool)

func (*SecPathObjectSet) TypeName 

func (spos *SecPathObjectSet) TypeName() string

实现 TypeInterface 接口

func (*SecPathObjectSet) UnmarshalJSON 

func (spos *SecPathObjectSet) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

type SecPathPort 

type SecPathPort struct {
	node.NodePort
}

func NewSecPathPort 

func NewSecPathPort(name, tenant string, ip_list map[network.IPFamily][]string, members []api.Member) *SecPathPort

func (*SecPathPort) MainIpv4 

func (secPath *SecPathPort) MainIpv4() string

func (*SecPathPort) MainIpv6 

func (secPath *SecPathPort) MainIpv6() string

func (*SecPathPort) TypeName 

func (secpath *SecPathPort) TypeName() string

func (*SecPathPort) WithMainIpv4 

func (secPath *SecPathPort) WithMainIpv4(ip string) *SecPathPort

func (*SecPathPort) WithMainIpv6 

func (secPath *SecPathPort) WithMainIpv6(ip string) *SecPathPort

func (*SecPathPort) WithZone 

func (secPath *SecPathPort) WithZone(name string) *SecPathPort

func (*SecPathPort) Zone 

func (secPath *SecPathPort) Zone() string

type ServiceIterator 

type ServiceIterator struct {
	*firewall.BaseIterator
	// contains filtered or unexported fields
}

实现 ServiceIterator

type ZoneName 

type ZoneName string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.