srx

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 1, 2026 License: MIT Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var SRX_ICMP6_N2P = map[int]string{
	128: "echo-request",
	129: "echo-reply",
	130: "membership-query",
	132: "membership-termination",
	131: "membership-report",
	136: "neighbor-advertisement",
	137: "neighbor-redirect",
	135: "neighbor-solicit",
	2:   "packet-too-big",
	4:   "parameter-problem",
	134: "router-advertisement",
	138: "router-renumbering",
	133: "router-solicit",
	140: "node-information-reply",
	139: "node-information-request",
	3:   "time-exceeded",
	1:   "destination-unreachable",
}
View Source 
var SRX_ICMP6_P2N = map[string]int{
	"echo-request":             128,
	"echo-reply":               129,
	"membership-query":         130,
	"membership-termination":   132,
	"membership-report":        131,
	"neighbor-advertisement":   136,
	"neighbor-redirect":        137,
	"neighbor-solicit":         135,
	"packet-too-big":           2,
	"parameter-problem":        4,
	"router-advertisement":     134,
	"router-renumbering":       138,
	"node-information-reply":   140,
	"node-information-request": 139,
	"router-solicit":           133,
	"time-exceeded":            3,
	"destination-unreachable":  1,
}
View Source 
var SRX_ICMP_N2P = map[int]string{
	8:  "echo-request",
	0:  "echo-reply",
	16: "info-reply",
	15: "info-request",
	18: "mask-reply",
	17: "mask-request",
	32: "mobile-redirect",
	12: "parameter-problem",
	5:  "redirect",
	9:  "router-advertisement",
	10: "router-solicit",
	4:  "source-quench",
	11: "time-exceeded",
	14: "timestamp-reply",
	13: "timestamp",
	3:  "unreachable",
}
View Source 
var SRX_ICMP_P2N = map[string]int{
	"echo-request":         8,
	"echo-reply":           0,
	"info-reply":           16,
	"info-request":         15,
	"mask-reply":           18,
	"mask-request":         17,
	"mobile-redirect":      32,
	"parameter-problem":    12,
	"redirect":             5,
	"router-advertisement": 9,
	"router-solicit":       10,
	"source-quench":        4,
	"time-exceeded":        11,
	"timestamp-reply":      14,
	"timestamp":            13,
	"unreachable":          3,
}
View Source 
var SRX_NumToProtocol = map[int]string{
	51:  "ah",
	88:  "eigrp",
	58:  "icmp6",
	50:  "esp",
	47:  "gre",
	1:   "icmp",
	2:   "igmp",
	9:   "igrp",
	255: "ip",
	4:   "ipinip",
	94:  "nos",
	89:  "ospf",
	108: "pcp",
	109: "snp",
	6:   "tcp",
	132: "sctp",
	17:  "udp",
	103: "pim",

	256: "tcp-udp",
}
View Source 
var SRX_ProtocolToNum = map[string]int{
	"ah":      51,
	"icmp6":   58,
	"eigrp":   88,
	"esp":     50,
	"gre":     47,
	"icmp":    1,
	"igmp":    2,
	"igrp":    9,
	"ip":      255,
	"ipinip":  4,
	"nos":     94,
	"ospf":    89,
	"pcp":     108,
	"sctp":    132,
	"snp":     109,
	"tcp":     6,
	"udp":     17,
	"pim":     103,
	"ipsec":   50,
	"pptp":    47,
	"tcp-udp": 256,
}
View Source 
var SRX_TCP_N2P = map[int]string{
	1483: "afs",
	179:  "bgp",
	68:   "bootpc",
	2401: "cvspserver",
	67:   "dhcp",
	53:   "domain",
	2105: "eklogin",
	2106: "ekshell",
	512:  "excc",
	79:   "finger",
	21:   "ftp",
	20:   "ftp-data",
	80:   "http",
	443:  "https",
	113:  "ident",
	143:  "imap",
	88:   "kerberos-sec",
	543:  "klogin",
	761:  "kpasswd",
	754:  "krb-prop",
	760:  "krbupdate",
	544:  "kshell",
	389:  "ldap",
	646:  "ldp",
	434:  "mobileip-agent",
	435:  "mobilip-mn",
	639:  "msdp",
	138:  "netbios-dgm",
	137:  "netbios-ns",
	139:  "netbios-ssn",
	2049: "nfsd",
	119:  "nntp",
	518:  "ntalk",
	123:  "ntp",
	110:  "pop3",
	1723: "pptp",
	515:  "printer",
	1813: "radacct",
	1812: "radius",
	520:  "rip",
	2108: "rkinit",
	25:   "smtp",
	161:  "snmp",
	162:  "snmp-trap",
	444:  "snpp",
	1080: "socks",
	22:   "ssh",
	111:  "sunrpc",
	514:  "syslog",
	49:   "tacacs",
	65:   "tacacs-ds",
	517:  "talk",
	23:   "telnet",
	69:   "tftp",
	525:  "timed",
	513:  "who",
	177:  "xdmcp",
	2103: "Zephyr-clt",
	2104: "Zephyr-hm",
	2102: "Zephyr-srv",
}
View Source 
var SRX_TCP_P2N = map[string]int{
	"afs":            1483,
	"bgp":            179,
	"biffh":          512,
	"bootpc":         68,
	"bootps":         67,
	"cmd":            514,
	"cvspserver":     2401,
	"dhcp":           67,
	"domain":         53,
	"eklogin":        2105,
	"ekshell":        2106,
	"excc":           512,
	"finger":         79,
	"ftp":            21,
	"ftp-data":       20,
	"http":           80,
	"https":          443,
	"ident":          113,
	"imap":           143,
	"kerberos-sec":   88,
	"klogin":         543,
	"kpasswd":        761,
	"krb-prop":       754,
	"krbupdate":      760,
	"kshell":         544,
	"ldap":           389,
	"ldp":            646,
	"login":          513,
	"mobileip-agent": 434,
	"mobilip-mn":     435,
	"msdp":           639,
	"netbios-dgm":    138,
	"netbios-ns":     137,
	"netbios-ssn":    139,
	"nfsd":           2049,
	"nntp":           119,
	"ntalk":          518,
	"ntp":            123,
	"pop3":           110,
	"pptp":           1723,
	"printer":        515,
	"radacct":        1813,
	"radius":         1812,
	"rip":            520,
	"rkinit":         2108,
	"smtp":           25,
	"snmp":           161,
	"snmp-trap":      162,
	"snpp":           444,
	"socks":          1080,
	"ssh":            22,
	"sunrpc":         111,
	"syslog":         514,
	"tacacs":         49,
	"tacacs-ds":      65,
	"talk":           517,
	"telnet":         23,
	"tftp":           69,
	"timed":          525,
	"who":            513,
	"xdmcp":          177,
	"Zephyr-clt":     2103,
	"Zephyr-hm":      2104,
	"Zephyr-srv":     2102,
}

https://github.com/xmin0s/SRX-Session-Analyzer/blob/master/port_list.txt https://www.juniper.net/documentation/us/en/software/junos/security-policies/topics/ref/statement/applications-edit-destination-port.html

View Source 
var SRX_UDP_N2P = map[int]string{
	512:  "biff",
	68:   "bootpc",
	67:   "bootps",
	3020: "cifs",
	9:    "discard",
	90:   "dnsix",
	53:   "domain",
	7:    "echo",

	500:  "isakmp",
	750:  "kerberos",
	434:  "mobile-ip",
	42:   "nameserver",
	138:  "netbios-dgm",
	137:  "netbios-ns",
	2049: "nfs",
	123:  "ntp",
	5632: "pcanywhere-status",
	496:  "pim-auto-rp",
	1645: "radius",
	1646: "radius-acct",
	520:  "rip",
	5510: "secureid-udp",
	5060: "sip",
	161:  "snmp",
	162:  "snmptrap",
	111:  "sunrpc",
	514:  "syslog",
	49:   "tacacs",
	517:  "talk",
	69:   "tftp",
	37:   "time",
	513:  "who",
	43:   "whois",
	80:   "www",
	177:  "xdmcp",
}
View Source 
var SRX_UDP_P2N = map[string]int{
	"biff":              512,
	"bootpc":            68,
	"bootps":            67,
	"cifs":              3020,
	"discard":           9,
	"dnsix":             90,
	"domain":            53,
	"echo":              7,
	"http":              80,
	"isakmp":            500,
	"kerberos":          750,
	"mobile-ip":         434,
	"nameserver":        42,
	"netbios-dgm":       138,
	"netbios-ns":        137,
	"nfs":               2049,
	"ntp":               123,
	"pcanywhere-status": 5632,
	"pim-auto-rp":       496,
	"radius":            1645,
	"radius-acct":       1646,
	"rip":               520,
	"secureid-udp":      5510,
	"sip":               5060,
	"snmp":              161,
	"snmptrap":          162,
	"sunrpc":            111,
	"syslog":            514,
	"tacacs":            49,
	"talk":              517,
	"tftp":              69,
	"time":              37,
	"who":               513,
	"whois":             43,
	"www":               80,
	"xdmcp":             177,
}
View Source 
var TCP_UDP_P2N = map[string]int{
	"cifs":        3020,
	"discard":     9,
	"domain":      53,
	"echo":        7,
	"http":        80,
	"kerberos":    88,
	"nfs":         2049,
	"pim-auto-rp": 496,
	"sip":         5060,
	"sunrpc":      111,
	"tacacs":      49,
	"talk":        517,
	"www":         80,
}

Functions

func SRXIcmp6Parse 

func SRXIcmp6Parse(name string) (int, error)

func SRXIcmpParse 

func SRXIcmpParse(name string) (int, error)

func SRXParseProtocol 

func SRXParseProtocol(s string) (int, error)

func SRXPortParse 

func SRXPortParse(port string, protocol string) (int, error)

func SRXTcpPortParse 

func SRXTcpPortParse(s string) (int, error)

func SRXTcpUdpPortParse 

func SRXTcpUdpPortParse(s string) (int, error)

func SRXUdpPortParse 

func SRXUdpPortParse(s string) (int, error)

func StringToNatType 

func StringToNatType(natType string) firewall.NatType

Types

type AddressBook 

type AddressBook struct {
	// contains filtered or unexported fields
}

func (*AddressBook) Count 

func (ab *AddressBook) Count() int

type NatPool 

type NatPool struct {
	// contains filtered or unexported fields
}

func (*NatPool) Cli 

func (pool *NatPool) Cli() string

Cli() string Name() string Network(map[string]FirewallNetworkObject) *network.NetworkGroup Type() FirewallObjectType

func (*NatPool) ID 

func (pool *NatPool) ID() string

func (*NatPool) L4Port 

func (pool *NatPool) L4Port() *service.L4Port

func (*NatPool) MarshalJSON 

func (np *NatPool) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*NatPool) MatchNetworkGroup 

func (pool *NatPool) MatchNetworkGroup(ng *network.NetworkGroup) bool

func (*NatPool) Name 

func (pool *NatPool) Name() string

func (*NatPool) NatType 

func (pool *NatPool) NatType() firewall.NatType

func (*NatPool) Network 

func (pool *NatPool) Network(_ firewall.FirewallNode) *network.NetworkGroup

func (*NatPool) Type 

func (pool *NatPool) Type() firewall.FirewallObjectType

func (*NatPool) TypeName 

func (np *NatPool) TypeName() string

实现 TypeInterface 接口

func (*NatPool) UnmarshalJSON 

func (np *NatPool) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

type NatRule 

type NatRule struct {
	// contains filtered or unexported fields
}

func (*NatRule) Cli 

func (rule *NatRule) Cli() string

func (*NatRule) Extended 

func (rule *NatRule) Extended() map[string]interface{}

func (*NatRule) MarshalJSON 

func (nr *NatRule) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*NatRule) Name 

func (rule *NatRule) Name() string

func (*NatRule) Original 

func (rule *NatRule) Original() policy.PolicyEntryInf

func (*NatRule) Translate 

func (rule *NatRule) Translate() policy.PolicyEntryInf

func (*NatRule) TypeName 

func (nr *NatRule) TypeName() string

TypeName 实现 TypeInterface 接口

func (*NatRule) UnmarshalJSON 

func (nr *NatRule) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

type NatRuleSet 

type NatRuleSet struct {
	// contains filtered or unexported fields
}

func (*NatRuleSet) Name 

func (ns *NatRuleSet) Name() string

func (*NatRuleSet) NatRule 

func (ns *NatRuleSet) NatRule(name string) (*NatRule, bool)

type Nats 

type Nats struct {
	// contains filtered or unexported fields
}

func (*Nats) FindRuleSet 

func (nats *Nats) FindRuleSet(inPort, outPort api.Port, natType firewall.NatType) *NatRuleSet

func (*Nats) GetNatRuleSet 

func (nat *Nats) GetNatRuleSet(natType firewall.NatType, name string) (*NatRuleSet, bool)

func (*Nats) MarshalJSON 

func (n *Nats) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*Nats) NatRule 

func (nat *Nats) NatRule(natType firewall.NatType, ruleSetName, name string) (*NatRule, bool)

func (*Nats) TypeName 

func (n *Nats) TypeName() string

TypeName 实现 TypeInterface 接口

func (*Nats) UnmarshalJSON 

func (n *Nats) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

type Policy 

type Policy struct {
	// contains filtered or unexported fields
}

func (*Policy) Action 

func (plc *Policy) Action() firewall.Action

func (*Policy) Cli 

func (plc *Policy) Cli() string

func (*Policy) Description 

func (plc *Policy) Description() string

func (*Policy) Extended 

func (plc *Policy) Extended() map[string]interface{}

func (*Policy) FromPorts 

func (plc *Policy) FromPorts() []api.Port

func (*Policy) FromZones 

func (plc *Policy) FromZones() []string

func (*Policy) GetDestinationAddressObject 

func (plc *Policy) GetDestinationAddressObject() (firewall.FirewallNetworkObject, bool)

GetDestinationAddressObject 获取策略使用的目标地址对象

func (*Policy) GetServiceObject 

func (plc *Policy) GetServiceObject() (firewall.FirewallServiceObject, bool)

GetServiceObject 获取策略使用的服务对象

func (*Policy) GetSourceAddressObject 

func (plc *Policy) GetSourceAddressObject() (firewall.FirewallNetworkObject, bool)

GetSourceAddressObject 获取策略使用的源地址对象

func (*Policy) ID 

func (plc *Policy) ID() string

func (*Policy) MarshalJSON 

func (p *Policy) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*Policy) Match 

func (plc *Policy) Match(pe policy.PolicyEntryInf) bool

func (*Policy) Name 

func (plc *Policy) Name() string

func (*Policy) PolicyEntry 

func (plc *Policy) PolicyEntry() policy.PolicyEntryInf

func (*Policy) ToPorts 

func (plc *Policy) ToPorts() []api.Port

func (*Policy) ToZones 

func (plc *Policy) ToZones() []string

func (*Policy) TypeName 

func (p *Policy) TypeName() string

TypeName 实现 TypeInterface 接口

func (*Policy) UnmarshalJSON 

func (p *Policy) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

type PolicySet 

type PolicySet struct {
	// contains filtered or unexported fields
}

func (*PolicySet) MarshalJSON 

func (ps *PolicySet) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*PolicySet) Match 

func (ps *PolicySet) Match(from, to string, pe policy.PolicyEntryInf) (bool, firewall.FirewallPolicy)

func (*PolicySet) TypeName 

func (ps *PolicySet) TypeName() string

TypeName 实现 TypeInterface 接口

func (*PolicySet) UnmarshalJSON 

func (ps *PolicySet) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

type SRXNode 

type SRXNode struct {
	*node.DeviceNode
	// contains filtered or unexported fields
}

func (*SRXNode) AclIterator 

func (srx *SRXNode) AclIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

AclIterator 实现ACL迭代器 SRX没有独立的ACL概念,策略本身就是类似ACL的规则

func (*SRXNode) AclToDb 

func (srx *SRXNode) AclToDb(db *gorm.DB, task_id uint)

func (*SRXNode) AddressGroupToDb 

func (srx *SRXNode) AddressGroupToDb(db *gorm.DB, task_id uint)

func (*SRXNode) DefaultStep 

func (srx *SRXNode) DefaultStep(fp *firewall.FirewallProcess)

func (*SRXNode) DetermineNatObjectType 

func (srx *SRXNode) DetermineNatObjectType(natType string, metaData map[string]interface{}) (firewall.NatObjectType, bool)

determineNatObjectType 根据natType和metaData确定NAT对象类型 所有选择都必须基于设备支持作为前提 对于DNAT和SNAT,一定会命中一种防火墙支持的对象类型清单,同时结合metaData中的配置,最终选择一种对象类型

func (*SRXNode) DnatIterator 

func (srx *SRXNode) DnatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

DnatIterator 实现DNAT迭代器

func (*SRXNode) ExtraInit 

func (srx *SRXNode) ExtraInit(adapter api.Adapter, deviceConfig *config.DeviceConfig)

func (*SRXNode) ExtraToDb 

func (srx *SRXNode) ExtraToDb(db *gorm.DB, task_id uint)

func (*SRXNode) FlyConfig 

func (srx *SRXNode) FlyConfig(cli interface{})

func (*SRXNode) FlyObjectToFlattenCli 

func (srx *SRXNode) FlyObjectToFlattenCli(flyObject interface{}, ctx *context.Context) string

func (*SRXNode) GenerateVipMipSnatPoolName 

func (srx *SRXNode) GenerateVipMipSnatPoolName(objectType string, intent *policy.Intent, metaData map[string]interface{}) string

GenerateVipMipSnatPoolName 自动生成VIP/MIP/SNAT_POOL对象名称(可选) SRX: 不提供自动命名,返回空字符串使用配置模板

func (*SRXNode) GetObjectByNetworkGroup 

func (srx *SRXNode) GetObjectByNetworkGroup(ng *network.NetworkGroup, searchType firewall.ObjectSearchType, port api.Port) (firewall.FirewallNetworkObject, bool)

func (*SRXNode) GetObjectByService 

func (srx *SRXNode) GetObjectByService(s *service.Service, searchType firewall.ObjectSearchType) (firewall.FirewallServiceObject, bool)

func (*SRXNode) GetObjectByVipMipSnatPool 

func (srx *SRXNode) GetObjectByVipMipSnatPool(objectType string, intent *policy.Intent) (firewall.FirewallNetworkObject, bool)

GetObjectByVipMipSnatPool 检查VIP/MIP/SNAT_POOL对象是否已存在(复用检查) SRX: 支持VIP和SNAT_POOL,都使用pool对象

func (*SRXNode) GetPolicyName 

func (srx *SRXNode) GetPolicyName(ctx *firewall.PolicyContext) (string, error)

GetPolicyName 获取策略名称(SRX使用命名模板,返回空字符串)

func (*SRXNode) GetPoolByNetworkGroup 

func (srx *SRXNode) GetPoolByNetworkGroup(ng *network.NetworkGroup, natType firewall.NatType) (firewall.FirewallNetworkObject, bool)

func (*SRXNode) GetReuseNatObject 

func (srx *SRXNode) GetReuseNatObject(natType string, intent *policy.Intent, metaData map[string]interface{}) (name string, reused bool)

GetReuseNatObject 获取可重用的NAT对象名称 SRX: 支持VIP(destination pool)和SNAT_POOL(dynamic pool),不支持MIP

通过natType和metaData配置来决定objectType,然后进行复用查询

func (*SRXNode) GetSupportedNatObjectTypes 

func (srx *SRXNode) GetSupportedNatObjectTypes(natType string) []firewall.NatObjectType

GetSupportedNatObjectTypes 获取该防火墙支持的NAT对象类型 SRX: DNAT支持VIP(特殊语法pool),SNAT支持SNAT_POOL(特殊语法pool)

func (*SRXNode) HasNatName 

func (srx *SRXNode) HasNatName(name string) bool

func (*SRXNode) HasObjectName 

func (srx *SRXNode) HasObjectName(name string) bool

func (*SRXNode) HasPolicyName 

func (srx *SRXNode) HasPolicyName(name string) bool

func (*SRXNode) HasPoolName 

func (srx *SRXNode) HasPoolName(name string) bool

func (*SRXNode) InPacket 

func (srx *SRXNode) InPacket(from, to api.Port, entry policy.PolicyEntryInf) (firewall.Action, firewall.FirewallPolicy)

func (*SRXNode) InputNat 

func (srx *SRXNode) InputNat(intent *policy.Intent, inPort api.Port) processor.AbstractMatchResult

func (*SRXNode) InputNatTargetCheck 

func (srx *SRXNode) InputNatTargetCheck(intent *policy.Intent, inPort, outPort api.Port) (bool, firewall.FirewallNatRule)

func (*SRXNode) InputPolicy 

func (srx *SRXNode) InputPolicy(intent *policy.Intent, inPort, outPort api.Port) processor.AbstractMatchResult

func (*SRXNode) L4Port 

func (srx *SRXNode) L4Port(name string) (*service.L4Port, bool)

func (*SRXNode) MakeDynamicNatCli 

func (srx *SRXNode) MakeDynamicNatCli(from, out api.Port, intent *policy.Intent, ctx *firewall.PolicyContext) (flyObject interface{}, cmdList command.CmdList)

func (*SRXNode) MakeInputPolicyCli 

func (srx *SRXNode) MakeInputPolicyCli(from, out api.Port, intent *policy.Intent, ctx *firewall.PolicyContext) (flyObject interface{}, cmdList command.CmdList, moveRule []string)

func (*SRXNode) MakeOutputPolicyCli 

func (srx *SRXNode) MakeOutputPolicyCli(from, out api.Port, intent *policy.Intent, ctx *firewall.PolicyContext) (flyObject interface{}, cmdList command.CmdList)

func (*SRXNode) MakeStaticNatCli 

func (srx *SRXNode) MakeStaticNatCli(from, out api.Port, intent *policy.Intent, ctx *firewall.PolicyContext) (flyObject interface{}, cmdList command.CmdList)

func (*SRXNode) MarshalJSON 

func (srx *SRXNode) MarshalJSON() ([]byte, error)

MarshalJSON 实现 JSON 序列化

func (*SRXNode) NatIterator 

func (srx *SRXNode) NatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

NatIterator 实现NAT规则迭代器

func (*SRXNode) NatPoolIterator 

func (srx *SRXNode) NatPoolIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

NatPoolIterator 实现NAT池迭代器

func (*SRXNode) NatsToDb 

func (srx *SRXNode) NatsToDb(db *gorm.DB, task_id uint)

func (*SRXNode) Network 

func (srx *SRXNode) Network(zone, name string) (*network.NetworkGroup, bool)

func (*SRXNode) NetworkIterator 

func (srx *SRXNode) NetworkIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

NetworkIterator 实现网络对象迭代器

func (*SRXNode) NetworkObjectToDb 

func (srx *SRXNode) NetworkObjectToDb(db *gorm.DB, task_id uint)

func (*SRXNode) OutPacket 

func (srx *SRXNode) OutPacket(from, to api.Port, entry policy.PolicyEntryInf) (firewall.Action, firewall.FirewallPolicy)

func (*SRXNode) OutputNat 

func (srx *SRXNode) OutputNat(intent *policy.Intent, inPort, outPort api.Port) processor.AbstractMatchResult

func (*SRXNode) OutputPolicy 

func (srx *SRXNode) OutputPolicy(intent *policy.Intent, inPort, outPort api.Port) processor.AbstractMatchResult

func (*SRXNode) Policies 

func (srx *SRXNode) Policies() []firewall.FirewallPolicy

func (*SRXNode) PolicyIterator 

func (srx *SRXNode) PolicyIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

PolicyIterator 实现策略迭代器

func (*SRXNode) PolicyToDb 

func (srx *SRXNode) PolicyToDb(db *gorm.DB, task_id uint)

func (*SRXNode) Service 

func (srx *SRXNode) Service(name string) (*service.Service, bool)

func (*SRXNode) ServiceIterator 

func (srx *SRXNode) ServiceIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

ServiceIterator 实现服务对象迭代器

func (*SRXNode) ServiceObjectToDb 

func (srx *SRXNode) ServiceObjectToDb(db *gorm.DB, task_id uint)

func (*SRXNode) SnatIterator 

func (srx *SRXNode) SnatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

SnatIterator 实现SNAT迭代器

func (*SRXNode) StaticNatIterator 

func (srx *SRXNode) StaticNatIterator(opts ...firewall.IteratorOption) firewall.NamerIterator

StaticNatIterator 实现静态NAT迭代器

func (*SRXNode) Type 

func (srx *SRXNode) Type() terminalmode.DeviceType

func (*SRXNode) TypeName 

func (srx *SRXNode) TypeName() string

TypeName 实现 TypeInterface 接口

func (*SRXNode) UnmarshalJSON 

func (srx *SRXNode) UnmarshalJSON(data []byte) error

UnmarshalJSON 实现 JSON 反序列化

func (*SRXNode) UpdateSnatStep 

func (srx *SRXNode) UpdateSnatStep(in, out api.Port, intent *policy.Intent, fp *firewall.FirewallProcess)

type SRXObjectSet 

type SRXObjectSet struct {
	// contains filtered or unexported fields
}

func NewSRXObjectSet 

func NewSRXObjectSet(node *SRXNode) *SRXObjectSet

func (*SRXObjectSet) GetObjectByNetworkGroup 

func (srx *SRXObjectSet) GetObjectByNetworkGroup(ng *network.NetworkGroup, searchType firewall.ObjectSearchType, port api.Port) (firewall.FirewallNetworkObject, bool)

func (*SRXObjectSet) GetObjectByService 

func (srx *SRXObjectSet) GetObjectByService(s *service.Service, searchType firewall.ObjectSearchType) (firewall.FirewallServiceObject, bool)

func (*SRXObjectSet) GetPoolByeNetworkGroup 

func (srx *SRXObjectSet) GetPoolByeNetworkGroup(ng *network.NetworkGroup, natType firewall.NatType) (firewall.FirewallNetworkObject, bool)

func (*SRXObjectSet) L4Port 

func (srx *SRXObjectSet) L4Port(name string) (*service.L4Port, bool)

func (*SRXObjectSet) Network 

func (srx *SRXObjectSet) Network(zone, name string) (*network.NetworkGroup, bool)

func (*SRXObjectSet) Pool 

func (srx *SRXObjectSet) Pool(name string, objectType firewall.NatType) (firewall.FirewallNetworkObject, bool)

func (*SRXObjectSet) Service 

func (srx *SRXObjectSet) Service(name string) (*service.Service, bool)

type SRXPort 

type SRXPort struct {
	node.NodePort
}

func NewSRXPort 

func NewSRXPort(name, tenant string, ip_list map[network.IPFamily][]string, members []api.Member) *SRXPort

func (*SRXPort) TypeName 

func (srx *SRXPort) TypeName() string

func (*SRXPort) WithZone 

func (srx *SRXPort) WithZone(name string) *SRXPort

func (*SRXPort) Zone 

func (srx *SRXPort) Zone() string

type SrxNatMatchState 

type SrxNatMatchState int
const (
	// NONE表示未进行实质匹配,比如NatRule的内容为空
	SRX_NAT_MATCH_NONE SrxNatMatchState = iota
	SRX_NAT_MATCH_OK
	// NOT_OK表示未命中策略
	SRX_NAT_MATCH_NOT_OK
)

type SrxNatStatus 

type SrxNatStatus int
const (
	SRX_NAT_INACTIVE SrxNatStatus = iota
	SRX_NAT_ACTIVE
)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.