sangfor

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 1, 2026 License: MIT Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AclIterator

type AclIterator struct {
	*firewall.BaseIterator
}

AclIterator 实现 Sangfor 没有独立的 ACL 概念,策略名称可以作为 ACL 名称

type NatRule

type NatRule struct {
	// contains filtered or unexported fields
}

func (*NatRule) Cli

func (nr *NatRule) Cli() string

func (*NatRule) Extended

func (nr *NatRule) Extended() map[string]interface{}

func (*NatRule) Name

func (nr *NatRule) Name() string

func (*NatRule) Original

func (nr *NatRule) Original() policyutil.PolicyEntryInf

func (*NatRule) Translate

func (nr *NatRule) Translate() policyutil.PolicyEntryInf

type Nats

type Nats struct {
	// contains filtered or unexported fields
}

func NewSangforNats

func NewSangforNats(node *SangforNode) *Nats

NewSangforNats 创建 Sangfor NAT 集合

func (*Nats) GetPoolByNetworkGroup

func (n *Nats) GetPoolByNetworkGroup(ng *network.NetworkGroup, natType firewall.NatType) (firewall.FirewallNetworkObject, bool)

func (*Nats) HasNatName

func (n *Nats) HasNatName(name string) bool

func (*Nats) HasPoolName

func (n *Nats) HasPoolName(name string) bool

type NetworkIterator

type NetworkIterator struct {
	*firewall.BaseIterator
	// contains filtered or unexported fields
}

NetworkIterator 实现

type Policy

type Policy struct {
	// contains filtered or unexported fields
}

func (*Policy) Action

func (p *Policy) Action() firewall.Action

func (*Policy) Cli

func (p *Policy) Cli() string

func (*Policy) Description

func (p *Policy) Description() string

func (*Policy) Extended

func (p *Policy) Extended() map[string]interface{}

func (*Policy) FromPorts

func (p *Policy) FromPorts() []api.Port

func (*Policy) FromZones

func (p *Policy) FromZones() []string

func (*Policy) GetDestinationAddressObject

func (p *Policy) GetDestinationAddressObject() (firewall.FirewallNetworkObject, bool)

GetDestinationAddressObject 获取策略使用的目标地址对象

func (*Policy) GetServiceObject

func (p *Policy) GetServiceObject() (firewall.FirewallServiceObject, bool)

GetServiceObject 获取策略使用的服务对象

func (*Policy) GetSourceAddressObject

func (p *Policy) GetSourceAddressObject() (firewall.FirewallNetworkObject, bool)

GetSourceAddressObject 获取策略使用的源地址对象

func (*Policy) ID

func (p *Policy) ID() string

func (*Policy) Name

func (p *Policy) Name() string

func (*Policy) PolicyEntry

func (p *Policy) PolicyEntry() policyutil.PolicyEntryInf

func (*Policy) ToPorts

func (p *Policy) ToPorts() []api.Port

func (*Policy) ToZones

func (p *Policy) ToZones() []string

type PolicyIterator

type PolicyIterator struct {
	*firewall.BaseIterator
	// contains filtered or unexported fields
}

PolicyIterator 实现

type PolicySet

type PolicySet struct {
	// contains filtered or unexported fields
}

func (*PolicySet) HasPolicyName

func (ps *PolicySet) HasPolicyName(name string) bool

func (*PolicySet) Match

Match 匹配策略,参考 FortiGate 的实现 策略按 position 排序后匹配,position 越小越优先 注意:Sangfor 的接口和 zone 没有关联关系,策略匹配时不使用 zone 信息 参数 from 和 to 是接口名称,仅用于日志记录,不参与匹配逻辑

func (*PolicySet) Policies

func (ps *PolicySet) Policies() []firewall.FirewallPolicy

type SangforAcl

type SangforAcl struct {
	// contains filtered or unexported fields
}

SangforAcl 是一个简单的 ACL 名称包装器

func (*SangforAcl) Name

func (a *SangforAcl) Name() string

type SangforNatPoolNetworkObject

type SangforNatPoolNetworkObject struct {
	// contains filtered or unexported fields
}

SangforNatPoolNetworkObject 表示 NAT 池的网络对象

func (*SangforNatPoolNetworkObject) Cli

func (*SangforNatPoolNetworkObject) MarshalJSON

func (p *SangforNatPoolNetworkObject) MarshalJSON() ([]byte, error)

func (*SangforNatPoolNetworkObject) Name

func (*SangforNatPoolNetworkObject) Network

func (*SangforNatPoolNetworkObject) Type

func (*SangforNatPoolNetworkObject) TypeName

func (p *SangforNatPoolNetworkObject) TypeName() string

func (*SangforNatPoolNetworkObject) UnmarshalJSON

func (p *SangforNatPoolNetworkObject) UnmarshalJSON(data []byte) error

type SangforNatPoolWrapper

type SangforNatPoolWrapper struct {
	// contains filtered or unexported fields
}

SangforNatPoolWrapper 将 NatRule 包装为 NatPool

func (*SangforNatPoolWrapper) Cli

func (p *SangforNatPoolWrapper) Cli() string

func (*SangforNatPoolWrapper) ID

func (p *SangforNatPoolWrapper) ID() string

func (*SangforNatPoolWrapper) MatchNetworkGroup

func (p *SangforNatPoolWrapper) MatchNetworkGroup(ng *network.NetworkGroup) bool

func (*SangforNatPoolWrapper) Name

func (p *SangforNatPoolWrapper) Name() string

func (*SangforNatPoolWrapper) Network

type SangforNetworkObject

type SangforNetworkObject struct {
	// contains filtered or unexported fields
}

func (*SangforNetworkObject) Cli

func (sno *SangforNetworkObject) Cli() string

func (*SangforNetworkObject) MarshalJSON

func (sno *SangforNetworkObject) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*SangforNetworkObject) Name

func (sno *SangforNetworkObject) Name() string

func (*SangforNetworkObject) Network

func (*SangforNetworkObject) Type

func (*SangforNetworkObject) TypeName

func (sno *SangforNetworkObject) TypeName() string

TypeName 实现 TypedInterface 接口

func (*SangforNetworkObject) UnmarshalJSON

func (sno *SangforNetworkObject) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

type SangforNetworkObjectPoolWrapper

type SangforNetworkObjectPoolWrapper struct {
	// contains filtered or unexported fields
}

SangforNetworkObjectPoolWrapper 将 SangforNetworkObject (OBJECT_POOL) 包装为 NatPool

func (*SangforNetworkObjectPoolWrapper) Cli

func (*SangforNetworkObjectPoolWrapper) ID

func (*SangforNetworkObjectPoolWrapper) MatchNetworkGroup

func (p *SangforNetworkObjectPoolWrapper) MatchNetworkGroup(ng *network.NetworkGroup) bool

func (*SangforNetworkObjectPoolWrapper) Name

func (*SangforNetworkObjectPoolWrapper) Network

type SangforNode

type SangforNode struct {
	*node.DeviceNode
	// contains filtered or unexported fields
}

func (*SangforNode) AclIterator

func (node *SangforNode) AclIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

func (*SangforNode) DefaultStep

func (sangfor *SangforNode) DefaultStep(fp *firewall.FirewallProcess)

func (*SangforNode) DetermineNatObjectType

func (sangfor *SangforNode) DetermineNatObjectType(natType string, metaData map[string]interface{}) (firewall.NatObjectType, bool)

determineNatObjectType 根据natType和metaData确定NAT对象类型 所有选择都必须基于设备支持作为前提 对于DNAT和SNAT,一定会命中一种防火墙支持的对象类型清单,同时结合metaData中的配置,最终选择一种对象类型

func (*SangforNode) DnatIterator

func (node *SangforNode) DnatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

DnatIterator 实现

func (*SangforNode) ExtraInit

func (sangfor *SangforNode) ExtraInit(adapter api.Adapter, deviceConfig *config.DeviceConfig)

func (*SangforNode) FlyConfig

func (sangfor *SangforNode) FlyConfig(cli interface{})

func (*SangforNode) FlyObjectToFlattenCli

func (sangfor *SangforNode) FlyObjectToFlattenCli(flyObject interface{}, ctx *firewall.PolicyContext) string

func (*SangforNode) GenerateVipMipSnatPoolName

func (sangfor *SangforNode) GenerateVipMipSnatPoolName(objectType string, intent *policyutil.Intent, metaData map[string]interface{}) string

GenerateVipMipSnatPoolName 自动生成VIP/MIP/SNAT_POOL对象名称(可选) Sangfor: 不提供自动命名,返回空字符串使用配置模板

func (*SangforNode) GetObjectByNetworkGroup

func (sangfor *SangforNode) GetObjectByNetworkGroup(ng *network.NetworkGroup, searchType firewall.ObjectSearchType, port api.Port) (firewall.FirewallNetworkObject, bool)

func (*SangforNode) GetObjectByService

func (sangfor *SangforNode) GetObjectByService(sg *service.Service, searchType firewall.ObjectSearchType) (firewall.FirewallServiceObject, bool)

func (*SangforNode) GetObjectByVipMipSnatPool

func (sangfor *SangforNode) GetObjectByVipMipSnatPool(objectType string, intent *policyutil.Intent) (firewall.FirewallNetworkObject, bool)

GetObjectByVipMipSnatPool 检查VIP/MIP/SNAT_POOL对象是否已存在(复用检查) Sangfor: 不支持VIP/MIP/SNAT_POOL对象,返回false

func (*SangforNode) GetPolicyName

func (sangfor *SangforNode) GetPolicyName(ctx *firewall.PolicyContext) (string, error)

GetPolicyName 获取策略名称(Sangfor使用命名模板,返回空字符串)

func (*SangforNode) GetPoolByNetworkGroup

func (sangfor *SangforNode) GetPoolByNetworkGroup(ng *network.NetworkGroup, natType firewall.NatType) (firewall.FirewallNetworkObject, bool)

func (*SangforNode) GetReuseNatObject

func (sangfor *SangforNode) GetReuseNatObject(natType string, intent *policyutil.Intent, metaData map[string]interface{}) (name string, reused bool)

GetReuseNatObject 获取可重用的NAT对象名称 Sangfor: DNAT使用NETWORK_OBJECT(地址对象),SNAT根据配置可能使用NETWORK_OBJECT、INTERFACE或INLINE 通过natType和metaData配置来决定objectType,然后进行复用查询

func (*SangforNode) GetSupportedNatObjectTypes

func (sangfor *SangforNode) GetSupportedNatObjectTypes(natType string) []firewall.NatObjectType

GetSupportedNatObjectTypes 获取该防火墙支持的NAT对象类型 Sangfor: DNAT支持MIP(NetworkObject),SNAT不支持SNAT_POOL

func (*SangforNode) HasNatName

func (sangfor *SangforNode) HasNatName(name string) bool

func (*SangforNode) HasObjectName

func (sangfor *SangforNode) HasObjectName(name string) bool

func (*SangforNode) HasPolicyName

func (sangfor *SangforNode) HasPolicyName(name string) bool

func (*SangforNode) HasPoolName

func (sangfor *SangforNode) HasPoolName(name string) bool

func (*SangforNode) InPacket

func (sangfor *SangforNode) InPacket(from, to api.Port, entry policy.PolicyEntryInf) (firewall.Action, firewall.FirewallPolicy)

func (*SangforNode) InputNat

func (sangfor *SangforNode) InputNat(intent *policyutil.Intent, inPort api.Port) processor.AbstractMatchResult

func (*SangforNode) InputNatTargetCheck

func (sangfor *SangforNode) InputNatTargetCheck(intent *policyutil.Intent, inPort, outPort api.Port) (bool, firewall.FirewallNatRule)

func (*SangforNode) InputPolicy

func (sangfor *SangforNode) InputPolicy(intent *policyutil.Intent, inPort, outPort api.Port) processor.AbstractMatchResult

func (*SangforNode) L4Port

func (sangfor *SangforNode) L4Port(name string) (*service.L4Port, bool)

func (*SangforNode) MakeDynamicNatCli

func (sangfor *SangforNode) MakeDynamicNatCli(from, out api.Port, intent *policyutil.Intent, ctx *firewall.PolicyContext) (flyObject interface{}, cmdList command.CmdList)

func (*SangforNode) MakeInputPolicyCli

func (sangfor *SangforNode) MakeInputPolicyCli(from, out api.Port, intent *policyutil.Intent, ctx *firewall.PolicyContext) (flyObject interface{}, cmdList command.CmdList, moveRule []string)

func (*SangforNode) MakeOutputPolicyCli

func (sangfor *SangforNode) MakeOutputPolicyCli(from, out api.Port, intent *policyutil.Intent, ctx *firewall.PolicyContext) (flyObject interface{}, cmdList command.CmdList)

func (*SangforNode) MakeStaticNatCli

func (sangfor *SangforNode) MakeStaticNatCli(from, out api.Port, intent *policyutil.Intent, ctx *firewall.PolicyContext) (flyObject interface{}, cmdList command.CmdList)

FirewallTemplates 接口实现

func (*SangforNode) MarshalJSON

func (sangfor *SangforNode) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*SangforNode) NatIterator

func (node *SangforNode) NatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

NatIterator 实现

func (*SangforNode) NatPoolIterator

func (node *SangforNode) NatPoolIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

NatPoolIterator 实现

func (*SangforNode) Network

func (sangfor *SangforNode) Network(zone, name string) (*network.NetworkGroup, bool)

func (*SangforNode) NetworkIterator

func (node *SangforNode) NetworkIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

func (*SangforNode) NextPoolId

func (sangfor *SangforNode) NextPoolId(id string) string

NextPoolId 返回下一个可用的 IP Pool ID Sangfor 使用名称而不是数字 ID,所以返回一个基于名称的 ID

func (*SangforNode) OutPacket

func (sangfor *SangforNode) OutPacket(from, to api.Port, entry policy.PolicyEntryInf) (firewall.Action, firewall.FirewallPolicy)

func (*SangforNode) OutputNat

func (sangfor *SangforNode) OutputNat(intent *policyutil.Intent, inPort, outPort api.Port) processor.AbstractMatchResult

func (*SangforNode) OutputPolicy

func (sangfor *SangforNode) OutputPolicy(intent *policyutil.Intent, inPort, outPort api.Port) processor.AbstractMatchResult

func (*SangforNode) Policies

func (sangfor *SangforNode) Policies() []firewall.FirewallPolicy

func (*SangforNode) PolicyIterator

func (node *SangforNode) PolicyIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

func (*SangforNode) Service

func (sangfor *SangforNode) Service(name string) (*service.Service, bool)

func (*SangforNode) ServiceIterator

func (node *SangforNode) ServiceIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

func (*SangforNode) SnatIterator

func (node *SangforNode) SnatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

SnatIterator 实现

func (*SangforNode) StaticNatIterator

func (node *SangforNode) StaticNatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

StaticNatIterator 实现

func (*SangforNode) Type

func (sangfor *SangforNode) Type() terminalmode.DeviceType

func (*SangforNode) TypeName

func (sangfor *SangforNode) TypeName() string

TypeName 实现 TypeInterface 接口

func (*SangforNode) UnmarshalJSON

func (sangfor *SangforNode) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

func (*SangforNode) UpdateSnatStep

func (sangfor *SangforNode) UpdateSnatStep(from, to api.Port, intent *policyutil.Intent, fp *firewall.FirewallProcess)

type SangforObjectSet

type SangforObjectSet struct {
	// contains filtered or unexported fields
}

func NewSangforObjectSet

func NewSangforObjectSet(node *SangforNode) *SangforObjectSet

func (*SangforObjectSet) GetObjectByNetworkGroup

func (sos *SangforObjectSet) GetObjectByNetworkGroup(ng *network.NetworkGroup, searchType firewall.ObjectSearchType, port api.Port) (firewall.FirewallNetworkObject, bool)

func (*SangforObjectSet) GetObjectByService

func (sos *SangforObjectSet) GetObjectByService(sg *service.Service, searchType firewall.ObjectSearchType) (firewall.FirewallServiceObject, bool)

func (*SangforObjectSet) HasObjectName

func (sos *SangforObjectSet) HasObjectName(name string) bool

func (*SangforObjectSet) L4Port

func (sos *SangforObjectSet) L4Port(name string) (*service.L4Port, bool)

func (*SangforObjectSet) Network

func (sos *SangforObjectSet) Network(zone, name string) (*network.NetworkGroup, bool)

func (*SangforObjectSet) Service

func (sos *SangforObjectSet) Service(name string) (*service.Service, bool)

type SangforPort

type SangforPort struct {
	node.NodePort
}

func NewSangforPort

func NewSangforPort(name, tenant string, ip_list map[network.IPFamily][]string, members []api.Member) *SangforPort

func NewSangforPortFromNodePort

func NewSangforPortFromNodePort(p *node.NodePort) *SangforPort

func (*SangforPort) TypeName

func (sp *SangforPort) TypeName() string

func (*SangforPort) WithZone

func (sp *SangforPort) WithZone(name string) *SangforPort

func (*SangforPort) Zone

func (sp *SangforPort) Zone() string

type SangforServiceObject

type SangforServiceObject struct {
	// contains filtered or unexported fields
}

func (*SangforServiceObject) Cli

func (sso *SangforServiceObject) Cli() string

func (*SangforServiceObject) MarshalJSON

func (sso *SangforServiceObject) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*SangforServiceObject) Name

func (sso *SangforServiceObject) Name() string

func (*SangforServiceObject) Service

func (*SangforServiceObject) Type

func (*SangforServiceObject) TypeName

func (sso *SangforServiceObject) TypeName() string

TypeName 实现 TypedInterface 接口

func (*SangforServiceObject) UnmarshalJSON

func (sso *SangforServiceObject) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

type ServiceIterator

type ServiceIterator struct {
	*firewall.BaseIterator
	// contains filtered or unexported fields
}

ServiceIterator 实现

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL