Documentation
¶
Index ¶
- Variables
- func ASAIcmp6Parse(name string) (int, error)
- func ASAIcmpParse(name string) (int, error)
- func ASAParseProtocol(s string) (int, error)
- func ASAPortParse(port string, protocol string) (int, error)
- func ASATcpPortParse(s string) (int, error)
- func ASATcpUdpPortParse(s string) (int, error)
- func ASAUdpPortParse(s string) (int, error)
- type ASAAcl
- type ASANatPool
- type ASANatPoolWrapper
- type ASANode
- func (node *ASANode) AclIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
- func (asa *ASANode) DefaultStep(fp *firewall.FirewallProcess)
- func (asa *ASANode) DetermineNatObjectType(natType string, metaData map[string]interface{}) (firewall.NatObjectType, bool)
- func (node *ASANode) DnatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
- func (asa *ASANode) ExtraInit(adapter api.Adapter, deviceConfig *config.DeviceConfig)
- func (asa *ASANode) FlyConfig(cli interface{})
- func (secpath *ASANode) FlyObjectToFlattenCli(flyObject interface{}, ctx *context.Context) string
- func (asa *ASANode) GenerateVipMipSnatPoolName(objectType string, intent *policy.Intent, metaData map[string]interface{}) string
- func (asa *ASANode) GetObjectByNetworkGroup(ng *network.NetworkGroup, searchType firewall.ObjectSearchType, port api.Port) (firewall.FirewallNetworkObject, bool)
- func (asa *ASANode) GetObjectByService(s *service.Service, searchType firewall.ObjectSearchType) (firewall.FirewallServiceObject, bool)
- func (asa *ASANode) GetObjectByVipMipSnatPool(objectType string, intent *policy.Intent) (firewall.FirewallNetworkObject, bool)
- func (asa *ASANode) GetPolicyName(ctx *firewall.PolicyContext) (string, error)
- func (asa *ASANode) GetPoolByNetworkGroup(ng *network.NetworkGroup, natType firewall.NatType) (firewall.FirewallNetworkObject, bool)
- func (asa *ASANode) GetPoolByeNetworkGroup(ng *network.NetworkGroup, natType firewall.NatType) (firewall.FirewallNetworkObject, bool)
- func (asa *ASANode) GetReuseNatObject(natType string, intent *policy.Intent, metaData map[string]interface{}) (name string, reused bool)
- func (asa *ASANode) GetSupportedNatObjectTypes(natType string) []firewall.NatObjectType
- func (asa *ASANode) HasNatName(name string) bool
- func (asa *ASANode) HasObjectName(name string) bool
- func (asa *ASANode) HasPolicyName(name string) bool
- func (asa *ASANode) HasPoolName(name string) bool
- func (asa *ASANode) InputNat(intent *policy.Intent, inPort api.Port) processor.AbstractMatchResult
- func (asa *ASANode) InputNatTargetCheck(intent *policy.Intent, inPort, outPort api.Port) (bool, firewall.FirewallNatRule)
- func (asa *ASANode) InputPolicy(intent *policy.Intent, inPort, outPort api.Port) processor.AbstractMatchResult
- func (asa *ASANode) L4Port(name string) (*service.L4Port, bool)
- func (asa *ASANode) MakeDynamicNatCli(from, out api.Port, intent *policy.Intent, ctx *firewall.PolicyContext) (interface{}, command.CmdList)
- func (asa *ASANode) MakeInputPolicyCli(from, out api.Port, intent *policy.Intent, ctx *firewall.PolicyContext) (interface{}, command.CmdList, []string)
- func (asa *ASANode) MakeOutputPolicyCli(from, out api.Port, intent *policy.Intent, ctx *firewall.PolicyContext) (interface{}, command.CmdList)
- func (asa *ASANode) MakeStaticNatCli(from, out api.Port, intent *policy.Intent, ctx *firewall.PolicyContext) (interface{}, command.CmdList)
- func (asa *ASANode) MarshalJSON() ([]byte, error)
- func (node *ASANode) NatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
- func (node *ASANode) NatPoolIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
- func (asa *ASANode) Network(zone, name string) (*network.NetworkGroup, bool)
- func (node *ASANode) NetworkIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
- func (asa *ASANode) NextPoolId(id string) string
- func (asa *ASANode) OutputNat(intent *policy.Intent, inPort, outPort api.Port) processor.AbstractMatchResult
- func (asa *ASANode) OutputPolicy(intent *policy.Intent, inPort, outPort api.Port) processor.AbstractMatchResult
- func (asa *ASANode) Policies() []firewall.FirewallPolicy
- func (node *ASANode) PolicyIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
- func (asa *ASANode) Service(name string) (*service.Service, bool)
- func (node *ASANode) ServiceIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
- func (node *ASANode) SnatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
- func (node *ASANode) StaticNatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
- func (asa *ASANode) Type() terminalmode.DeviceType
- func (asa *ASANode) TypeName() string
- func (asa *ASANode) UnmarshalJSON(data []byte) error
- func (asa *ASANode) UpdateSnatStep(in, out api.Port, intent *policy.Intent, fp *firewall.FirewallProcess)
- type ASAObjectSet
- func (as *ASAObjectSet) GetObjectByNetworkGroup(ng *network.NetworkGroup, searchType firewall.ObjectSearchType) (firewall.FirewallNetworkObject, bool)
- func (as *ASAObjectSet) GetObjectByService(ng *service.Service, searchType firewall.ObjectSearchType) (firewall.FirewallServiceObject, bool)
- func (as *ASAObjectSet) L4Port(name string) (*service.L4Port, bool)
- func (aos *ASAObjectSet) MarshalJSON() ([]byte, error)
- func (as *ASAObjectSet) Network(zone, name string) (*network.NetworkGroup, string, bool)
- func (as *ASAObjectSet) Service(name string) (*service.Service, string, bool)
- func (aos *ASAObjectSet) TypeName() string
- func (aos *ASAObjectSet) UnmarshalJSON(data []byte) error
- type ASAPoolSet
- type ASAPort
- func (ap *ASAPort) InAcl() string
- func (ap *ASAPort) Level() string
- func (ap *ASAPort) MainIpv4() string
- func (ap *ASAPort) MainIpv6() string
- func (ap *ASAPort) OutAcl() string
- func (ap *ASAPort) TypeName() string
- func (ap *ASAPort) WithInAcl(name string) *ASAPort
- func (ap *ASAPort) WithLevel(level string) *ASAPort
- func (ap *ASAPort) WithMainIpv4(ip string) *ASAPort
- func (ap *ASAPort) WithMainIpv6(ip string) *ASAPort
- func (ap *ASAPort) WithOutAcl(name string) *ASAPort
- func (ap *ASAPort) WithZone(name string) *ASAPort
- func (ap *ASAPort) Zone() string
- type AclIterator
- type AsaNatStatus
- type Matrix
- type NatIterator
- type NatPoolIterator
- type NatRule
- func (rule *NatRule) Cli() string
- func (rule *NatRule) Extended() map[string]interface{}
- func (nr *NatRule) MarshalJSON() ([]byte, error)
- func (rule *NatRule) Name() string
- func (rule *NatRule) Original() policy.PolicyEntryInf
- func (rule *NatRule) Translate() policy.PolicyEntryInf
- func (nr *NatRule) TypeName() string
- func (nr *NatRule) UnmarshalJSON(data []byte) error
- type Nats
- type NetworkIterator
- type Policy
- func (plc *Policy) Action() firewall.Action
- func (plc *Policy) Cli() string
- func (plc *Policy) Description() string
- func (plc *Policy) Extended() map[string]interface{}
- func (plc *Policy) FromPorts() []api.Port
- func (plc *Policy) FromZones() []string
- func (plc *Policy) GetDestinationAddressObject() (firewall.FirewallNetworkObject, bool)
- func (plc *Policy) GetServiceObject() (firewall.FirewallServiceObject, bool)
- func (plc *Policy) GetSourceAddressObject() (firewall.FirewallNetworkObject, bool)
- func (plc *Policy) ID() string
- func (p *Policy) MarshalJSON() ([]byte, error)
- func (plc *Policy) Match(pe policy.PolicyEntryInf) bool
- func (plc *Policy) Name() string
- func (plc *Policy) PolicyEntry() policy.PolicyEntryInf
- func (plc *Policy) ToPorts() []api.Port
- func (plc *Policy) ToZones() []string
- func (p *Policy) TypeName() string
- func (p *Policy) UnmarshalJSON(data []byte) error
- type PolicyIterator
- type PolicySet
- type Pool
- type SameLevelTraffic
- type ServiceIterator
Constants ¶
This section is empty.
Variables ¶
View Source
var ASA_ICMP6_N2P = map[int]string{
128: "echo",
129: "echo-reply",
130: "membership-query",
132: "membership-reduction",
131: "membership-report",
136: "neighbor-advertisement",
137: "neighbor-redirect",
135: "neighbor-solicitation",
2: "packet-too-big",
4: "parameter-problem",
134: "router-advertisement",
138: "router-renumbering",
133: "router-solicitation",
3: "time-exceeded",
1: "unreachable",
}
View Source
var ASA_ICMP6_P2N = map[string]int{
"echo": 128,
"echo-reply": 129,
"membership-query": 130,
"membership-reduction": 132,
"membership-report": 131,
"neighbor-advertisement": 136,
"neighbor-redirect": 137,
"neighbor-solicitation": 135,
"packet-too-big": 2,
"parameter-problem": 4,
"router-advertisement": 134,
"router-renumbering": 138,
"router-solicitation": 133,
"time-exceeded": 3,
"unreachable": 1,
}
View Source
var ASA_ICMP_N2P = map[int]string{
6: "alternate-address",
31: "conversion-error",
8: "echo",
0: "echo-reply",
16: "information-reply",
15: "information-request",
18: "mask-reply",
17: "mask-request",
32: "mobile-redirect",
12: "parameter-problem",
5: "redirect",
9: "router-advertisement",
10: "router-solicitation",
4: "source-quench",
11: "time-exceeded",
14: "timestamp-reply",
13: "timestamp-request",
30: "traceroute",
3: "unreachable",
}
View Source
var ASA_ICMP_P2N = map[string]int{
"alternate-address": 6,
"conversion-error": 31,
"echo": 8,
"echo-reply": 0,
"information-reply": 16,
"information-request": 15,
"mask-reply": 18,
"mask-request": 17,
"mobile-redirect": 32,
"parameter-problem": 12,
"redirect": 5,
"router-advertisement": 9,
"router-solicitation": 10,
"source-quench": 4,
"time-exceeded": 11,
"timestamp-reply": 14,
"timestamp-request": 13,
"traceroute": 30,
"unreachable": 3,
}
View Source
var ASA_NumToProtocol = map[int]string{
51: "ah",
88: "eigrp",
58: "icmp6",
50: "esp",
47: "gre",
1: "icmp",
2: "igmp",
9: "igrp",
255: "ip",
4: "ipinip",
94: "nos",
89: "ospf",
108: "pcp",
109: "snp",
6: "tcp",
132: "sctp",
17: "udp",
103: "pim",
256: "tcp-udp",
}
View Source
var ASA_ProtocolToNum = map[string]int{
"ah": 51,
"icmp6": 58,
"eigrp": 88,
"esp": 50,
"gre": 47,
"icmp": 1,
"igmp": 2,
"igrp": 9,
"ip": 255,
"ipinip": 4,
"nos": 94,
"ospf": 89,
"pcp": 108,
"sctp": 132,
"snp": 109,
"tcp": 6,
"udp": 17,
"pim": 103,
"ipsec": 50,
"pptp": 47,
"tcp-udp": 256,
}
View Source
var ASA_TCP_N2P = map[int]string{
5120: "aol",
179: "bgp",
19: "chargen",
3020: "cifs",
1494: "citrix-ica",
2748: "ctiqbe",
13: "daytime",
9: "discard",
53: "domain",
7: "echo",
512: "exec",
79: "finger",
21: "ftp",
20: "ftp-data",
70: "gopher",
1720: "h323",
101: "hostname",
443: "https",
113: "ident",
143: "imap4",
194: "irc",
88: "kerberos",
543: "klogin",
544: "kshell",
389: "ldap",
636: "ldaps",
513: "login",
1352: "lotusnotes",
515: "lpd",
139: "netbios-ssn",
2049: "nfs",
119: "nntp",
5631: "pcanywhere-data",
496: "pim-auto-rp",
109: "pop2",
110: "pop3",
1723: "pptp",
514: "rsh",
554: "rtsp",
5060: "sip",
25: "smtp",
1521: "sqlnet",
22: "ssh",
111: "sunrpc",
49: "tacacs",
517: "talk",
23: "telnet",
540: "uucp",
43: "whois",
80: "www",
}
View Source
var ASA_TCP_P2N = map[string]int{
"aol": 5120,
"bgp": 179,
"chargen": 19,
"cifs": 3020,
"citrix-ica": 1494,
"cmd": 514,
"ctiqbe": 2748,
"daytime": 13,
"discard": 9,
"domain": 53,
"echo": 7,
"exec": 512,
"finger": 79,
"ftp": 21,
"ftp-data": 20,
"gopher": 70,
"h323": 1720,
"hostname": 101,
"http": 80,
"https": 443,
"ident": 113,
"imap4": 143,
"irc": 194,
"kerberos": 88,
"klogin": 543,
"kshell": 544,
"ldap": 389,
"ldaps": 636,
"login": 513,
"lotusnotes": 1352,
"lpd": 515,
"netbios-ssn": 139,
"nfs": 2049,
"nntp": 119,
"pcanywhere-data": 5631,
"pim-auto-rp": 496,
"pop2": 109,
"pop3": 110,
"pptp": 1723,
"rsh": 514,
"rtsp": 554,
"sip": 5060,
"smtp": 25,
"sqlnet": 1521,
"ssh": 22,
"sunrpc": 111,
"tacacs": 49,
"talk": 517,
"telnet": 23,
"uucp": 540,
"whois": 43,
"www": 80,
}
View Source
var ASA_UDP_N2P = map[int]string{
512: "biff",
68: "bootpc",
67: "bootps",
3020: "cifs",
9: "discard",
90: "dnsix",
53: "domain",
7: "echo",
500: "isakmp",
750: "kerberos",
434: "mobile-ip",
42: "nameserver",
138: "netbios-dgm",
137: "netbios-ns",
2049: "nfs",
123: "ntp",
5632: "pcanywhere-status",
496: "pim-auto-rp",
1645: "radius",
1646: "radius-acct",
520: "rip",
5510: "secureid-udp",
5060: "sip",
161: "snmp",
162: "snmptrap",
111: "sunrpc",
514: "syslog",
49: "tacacs",
517: "talk",
69: "tftp",
37: "time",
513: "who",
43: "whois",
80: "www",
177: "xdmcp",
}
View Source
var ASA_UDP_P2N = map[string]int{
"biff": 512,
"bootpc": 68,
"bootps": 67,
"cifs": 3020,
"discard": 9,
"dnsix": 90,
"domain": 53,
"echo": 7,
"http": 80,
"isakmp": 500,
"kerberos": 750,
"mobile-ip": 434,
"nameserver": 42,
"netbios-dgm": 138,
"netbios-ns": 137,
"nfs": 2049,
"ntp": 123,
"pcanywhere-status": 5632,
"pim-auto-rp": 496,
"radius": 1645,
"radius-acct": 1646,
"rip": 520,
"secureid-udp": 5510,
"sip": 5060,
"snmp": 161,
"snmptrap": 162,
"sunrpc": 111,
"syslog": 514,
"tacacs": 49,
"talk": 517,
"tftp": 69,
"time": 37,
"who": 513,
"whois": 43,
"www": 80,
"xdmcp": 177,
}
View Source
var TCP_UDP_P2N = map[string]int{
"cifs": 3020,
"discard": 9,
"domain": 53,
"echo": 7,
"http": 80,
"kerberos": 88,
"nfs": 2049,
"pim-auto-rp": 496,
"sip": 5060,
"sunrpc": 111,
"tacacs": 49,
"talk": 517,
"www": 80,
}
Functions ¶
func ASAIcmp6Parse ¶
func ASAIcmpParse ¶
func ASAParseProtocol ¶
func ASATcpPortParse ¶
func ASATcpUdpPortParse ¶
func ASAUdpPortParse ¶
Types ¶
type ASAAcl ¶
type ASAAcl struct {
// contains filtered or unexported fields
}
ASAAcl 是一个简单的 ACL 名称包装器
type ASANatPool ¶
type ASANatPool struct {
// contains filtered or unexported fields
}
ASANatPool 实现 firewall.NatPool 接口,用于测试
func NewASANatPool ¶
func NewASANatPool(id, name string, network *network.NetworkGroup, cli string) *ASANatPool
NewASANatPool 创建一个新的 ASA NAT Pool
func (*ASANatPool) MatchNetworkGroup ¶
func (p *ASANatPool) MatchNetworkGroup(ng *network.NetworkGroup) bool
MatchNetworkGroup 实现 firewall.NatPool 接口
func (*ASANatPool) Network ¶
func (p *ASANatPool) Network() *network.NetworkGroup
Network 返回 pool 的网络组(用于测试)
type ASANatPoolWrapper ¶
type ASANatPoolWrapper struct {
// contains filtered or unexported fields
}
ASANatPoolWrapper 包装 ASA 的 mapped object 作为 NAT pool
func (*ASANatPoolWrapper) MatchNetworkGroup ¶
func (p *ASANatPoolWrapper) MatchNetworkGroup(ng *network.NetworkGroup) bool
MatchNetworkGroup 实现 firewall.NatPool 接口
func (*ASANatPoolWrapper) Name ¶
func (p *ASANatPoolWrapper) Name() string
Name 实现 firewall.Namer 接口
func (*ASANatPoolWrapper) Network ¶
func (p *ASANatPoolWrapper) Network(_ firewall.FirewallNode) *network.NetworkGroup
Network 返回 pool 的网络组(用于重叠检测)
type ASANode ¶
type ASANode struct {
// firewall.FirewallNode
// api.Node
*node.DeviceNode
// contains filtered or unexported fields
}
func (*ASANode) AclIterator ¶
func (node *ASANode) AclIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
func (*ASANode) DefaultStep ¶
func (asa *ASANode) DefaultStep(fp *firewall.FirewallProcess)
func (*ASANode) DetermineNatObjectType ¶
func (asa *ASANode) DetermineNatObjectType(natType string, metaData map[string]interface{}) (firewall.NatObjectType, bool)
determineNatObjectType 根据natType和metaData确定NAT对象类型 所有选择都必须基于设备支持作为前提 对于DNAT和SNAT,一定会命中一种防火墙支持的对象类型清单,同时结合metaData中的配置,最终选择一种对象类型 TwiceNat的源转换支持NETWORK_OBJECT和INTERFACE,目标转换支持NETWORK_OBJECT ObjectNat的源转换支持NETWORK_OBJECT和INLINE
func (*ASANode) DnatIterator ¶
func (node *ASANode) DnatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
func (*ASANode) ExtraInit ¶
func (asa *ASANode) ExtraInit(adapter api.Adapter, deviceConfig *config.DeviceConfig)
func (*ASANode) FlyObjectToFlattenCli ¶
func (*ASANode) GenerateVipMipSnatPoolName ¶
func (asa *ASANode) GenerateVipMipSnatPoolName(objectType string, intent *policy.Intent, metaData map[string]interface{}) string
GenerateVipMipSnatPoolName 自动生成VIP/MIP/SNAT_POOL对象名称(可选) ASA: 不提供自动命名,返回空字符串使用配置模板
func (*ASANode) GetObjectByNetworkGroup ¶
func (asa *ASANode) GetObjectByNetworkGroup(ng *network.NetworkGroup, searchType firewall.ObjectSearchType, port api.Port) (firewall.FirewallNetworkObject, bool)
func (*ASANode) GetObjectByService ¶
func (asa *ASANode) GetObjectByService(s *service.Service, searchType firewall.ObjectSearchType) (firewall.FirewallServiceObject, bool)
func (*ASANode) GetObjectByVipMipSnatPool ¶
func (asa *ASANode) GetObjectByVipMipSnatPool(objectType string, intent *policy.Intent) (firewall.FirewallNetworkObject, bool)
GetObjectByVipMipSnatPool 检查VIP/MIP/SNAT_POOL对象是否已存在(复用检查) ASA: 不支持VIP/MIP/SNAT_POOL对象
func (*ASANode) GetPolicyName ¶
func (asa *ASANode) GetPolicyName(ctx *firewall.PolicyContext) (string, error)
GetPolicyName 实现FirewallNode接口,返回策略名称 ASA使用命名模板,所以返回空字符串表示使用模板生成
func (*ASANode) GetPoolByNetworkGroup ¶
func (asa *ASANode) GetPoolByNetworkGroup(ng *network.NetworkGroup, natType firewall.NatType) (firewall.FirewallNetworkObject, bool)
func (*ASANode) GetPoolByeNetworkGroup ¶
func (asa *ASANode) GetPoolByeNetworkGroup(ng *network.NetworkGroup, natType firewall.NatType) (firewall.FirewallNetworkObject, bool)
func (*ASANode) GetReuseNatObject ¶
func (asa *ASANode) GetReuseNatObject(natType string, intent *policy.Intent, metaData map[string]interface{}) (name string, reused bool)
GetReuseNatObject 获取可重用的NAT对象名称 ASA: VIP/MIP/SNAT_POOL都使用network object
通过natType和metaData配置来决定objectType,然后进行复用查询
func (*ASANode) GetSupportedNatObjectTypes ¶
func (asa *ASANode) GetSupportedNatObjectTypes(natType string) []firewall.NatObjectType
GetSupportedNatObjectTypes 获取该防火墙支持的NAT对象类型 ASA: DNAT支持VIP/MIP(NetworkObject),SNAT支持SNAT_POOL(NetworkObject)
func (*ASANode) HasNatName ¶
func (*ASANode) HasObjectName ¶
func (*ASANode) HasPolicyName ¶
func (*ASANode) HasPoolName ¶
func (*ASANode) InputNatTargetCheck ¶
func (*ASANode) InputPolicy ¶
func (*ASANode) MakeDynamicNatCli ¶
func (*ASANode) MakeInputPolicyCli ¶
func (*ASANode) MakeOutputPolicyCli ¶
func (*ASANode) MakeStaticNatCli ¶
func (*ASANode) MarshalJSON ¶
MarshalJSON 实现 JSON 序列化
func (*ASANode) NatIterator ¶
func (node *ASANode) NatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
func (*ASANode) NatPoolIterator ¶
func (node *ASANode) NatPoolIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
ASANode 的 NatPoolIterator 方法实现
func (*ASANode) Network ¶
func (asa *ASANode) Network(zone, name string) (*network.NetworkGroup, bool)
func (*ASANode) NetworkIterator ¶
func (node *ASANode) NetworkIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
func (*ASANode) NextPoolId ¶
func (*ASANode) OutputPolicy ¶
func (*ASANode) Policies ¶
func (asa *ASANode) Policies() []firewall.FirewallPolicy
func (*ASANode) PolicyIterator ¶
func (node *ASANode) PolicyIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
func (*ASANode) ServiceIterator ¶
func (node *ASANode) ServiceIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
func (*ASANode) SnatIterator ¶
func (node *ASANode) SnatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
辅助方法
func (*ASANode) StaticNatIterator ¶
func (node *ASANode) StaticNatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator
func (*ASANode) Type ¶
func (asa *ASANode) Type() terminalmode.DeviceType
func (*ASANode) UnmarshalJSON ¶
UnmarshalJSON 实现 JSON 反序列化
func (*ASANode) UpdateSnatStep ¶
type ASAObjectSet ¶
type ASAObjectSet struct {
// contains filtered or unexported fields
}
func NewASAObjectSet ¶
func NewASAObjectSet(node *ASANode) *ASAObjectSet
func (*ASAObjectSet) GetObjectByNetworkGroup ¶
func (as *ASAObjectSet) GetObjectByNetworkGroup(ng *network.NetworkGroup, searchType firewall.ObjectSearchType) (firewall.FirewallNetworkObject, bool)
func (asa *ASAObjectSet) process() { for name, obj := range asa.serviceMap { fmt.Println(name, obj.Service(asa.serviceMap)) }
for name, obj := range asa.networkMap { fmt.Println(name, obj.Network(asa.networkMap)) }
}
func (*ASAObjectSet) GetObjectByService ¶
func (as *ASAObjectSet) GetObjectByService(ng *service.Service, searchType firewall.ObjectSearchType) (firewall.FirewallServiceObject, bool)
func (*ASAObjectSet) MarshalJSON ¶
func (aos *ASAObjectSet) MarshalJSON() ([]byte, error)
MarshalJSON 实现 JSON 序列化
func (*ASAObjectSet) Network ¶
func (as *ASAObjectSet) Network(zone, name string) (*network.NetworkGroup, string, bool)
func (*ASAObjectSet) UnmarshalJSON ¶
func (aos *ASAObjectSet) UnmarshalJSON(data []byte) error
UnmarshalJSON 实现 JSON 反序列化
type ASAPoolSet ¶
type ASAPoolSet struct{}
type ASAPort ¶
func NewASAPort ¶
func (*ASAPort) WithMainIpv4 ¶
func (*ASAPort) WithMainIpv6 ¶
func (*ASAPort) WithOutAcl ¶
type AsaNatStatus ¶
type AsaNatStatus int
const ( ASA_NAT_ACTIVE AsaNatStatus = iota ASA_NAT_INACTIVE )
type Matrix ¶
type Matrix struct {
// contains filtered or unexported fields
}
func (*Matrix) InPacket ¶
func (matrix *Matrix) InPacket(from, to api.Port, entry policy.PolicyEntryInf) (firewall.Action, firewall.FirewallPolicy)
func (*Matrix) OutPacket ¶
func (matrix *Matrix) OutPacket(from, to api.Port, entry policy.PolicyEntryInf) (firewall.Action, firewall.FirewallPolicy)
func (*Matrix) WithNatControl ¶
func (matrix *Matrix) WithNatControl()
type NatIterator ¶
type NatIterator struct {
*firewall.BaseIterator
// contains filtered or unexported fields
}
NatIterator 实现
type NatRule ¶
type NatRule struct {
// contains filtered or unexported fields
}
func (*NatRule) MarshalJSON ¶
MarshalJSON 实现 JSON 序列化
func (*NatRule) Original ¶
func (rule *NatRule) Original() policy.PolicyEntryInf
func (*NatRule) Translate ¶
func (rule *NatRule) Translate() policy.PolicyEntryInf
func (*NatRule) UnmarshalJSON ¶
UnmarshalJSON 实现 JSON 反序列化
type Nats ¶
type Nats struct {
TwiceNat []*NatRule
ObjectNat []*NatRule
AfterAuto []*NatRule
// contains filtered or unexported fields
}
func (*Nats) UnmarshalJSON ¶
UnmarshalJSON 实现 JSON 反序列化
type NetworkIterator ¶
type NetworkIterator struct {
*firewall.BaseIterator
// contains filtered or unexported fields
}
NetworkIterator 实现
type Policy ¶
type Policy struct {
// contains filtered or unexported fields
}
func (*Policy) Description ¶
func (*Policy) GetDestinationAddressObject ¶
func (plc *Policy) GetDestinationAddressObject() (firewall.FirewallNetworkObject, bool)
GetDestinationAddressObject 获取策略使用的目标地址对象
func (*Policy) GetServiceObject ¶
func (plc *Policy) GetServiceObject() (firewall.FirewallServiceObject, bool)
GetServiceObject 获取策略使用的服务对象
func (*Policy) GetSourceAddressObject ¶
func (plc *Policy) GetSourceAddressObject() (firewall.FirewallNetworkObject, bool)
GetSourceAddressObject 获取策略使用的源地址对象
func (*Policy) PolicyEntry ¶
func (plc *Policy) PolicyEntry() policy.PolicyEntryInf
func (*Policy) UnmarshalJSON ¶
UnmarshalJSON 实现 JSON 反序列化
type PolicyIterator ¶
type PolicyIterator struct {
*firewall.BaseIterator
// contains filtered or unexported fields
}
PolicyIterator 实现
type PolicySet ¶
type PolicySet struct {
// contains filtered or unexported fields
}
func (*PolicySet) MarshalJSON ¶
MarshalJSON 实现 JSON 序列化
func (*PolicySet) Match ¶
func (ps *PolicySet) Match(name string, pe policy.PolicyEntryInf) (bool, firewall.FirewallPolicy)
func (*PolicySet) UnmarshalJSON ¶
UnmarshalJSON 实现 JSON 反序列化
type SameLevelTraffic ¶
type SameLevelTraffic int
const ( NO_SAME_LEVEL_TRAFFIC SameLevelTraffic = iota SAME_INTERFACE DIFFERENT_INTERFACE )
type ServiceIterator ¶
type ServiceIterator struct {
*firewall.BaseIterator
// contains filtered or unexported fields
}
ServiceIterator 实现
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.