policy

package
v0.0.0-test Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 11, 2024 License: Apache-2.0 Imports: 19 Imported by: 4

Documentation

Index

Constants

View Source 
const APPFREQ1 int = 12
View Source 
const APPFREQ2 int = 13
View Source 
const APPFREQ3 int = 14
View Source 
const ENODEMAX int = 80 //number of nodes

test a large number of ip rules being deployed in a single ep

View Source 
const EWLPERNODEMAX int = 250 //number of wl per node
View Source 
const EXT_IP_TRY_COUNT uint8 = 2
View Source 
const FQDNFREQ1 int = 15
View Source 
const FQDNFREQ2 int = 35
View Source 
const FQDNFREQ3 int = 45
View Source 
const HOST_IP_TRY_COUNT uint8 = 3
View Source 
const POL_VER_CHG_MAX = time.Duration(time.Second * 60)
View Source 
const SIMULATEFREQ int = 3 //every SIMULATEFREQ wl, add large number of ip rules
View Source 
const UDPFREQ int = 25
View Source 
const UNKN_IP_CACHE_TIMEOUT = time.Duration(time.Second * 600)
View Source 
const UNKN_IP_TRY_COUNT uint8 = 10

Variables

View Source 
var SpecialSubnets map[string]share.CLUSSpecSubnet = make(map[string]share.CLUSSpecSubnet)
View Source 
var ToggleIcmpPolicy bool = false

Functions

func MatchProfileProcess 

func MatchProfileProcess(entry *share.CLUSProcessProfileEntry, proc *share.CLUSProcessProfileEntry) bool

Types

type DlpBuildInfo 

type DlpBuildInfo struct {
	DlpRulesInfo []*dp.DPDlpRuleEntry
	DlpDpMacs    utils.Set
	ApplyDir     int
}

type Engine 

type Engine struct {
	NetworkPolicy  map[string]*WorkloadIPPolicyInfo
	ProcessPolicy  map[string]*share.CLUSProcessProfile
	DlpWlRulesInfo map[string]*dp.DPWorkloadDlpRule
	DlpBldInfo     *DlpBuildInfo
	HostID         string
	HostIPs        utils.Set
	TunnelIP       []net.IPNet
	Mutex          sync.Mutex

	PolicyAddrMap     map[string]share.CLUSSubnet
	HostPolicyAddrMap map[string]share.CLUSSubnet
	PolTimerWheel     *utils.TimerWheel
	PolDomNBEMap      map[string]bool
	// contains filtered or unexported fields
}

func (*Engine) DeleteNetworkPolicy 

func (e *Engine) DeleteNetworkPolicy(id string)

func (*Engine) DeleteProcessPolicy 

func (e *Engine) DeleteProcessPolicy(name string)

func (*Engine) GetHostPolicyAddrMap 

func (e *Engine) GetHostPolicyAddrMap() map[string]share.CLUSSubnet

func (*Engine) GetNetworkDlpBuildInfo 

func (e *Engine) GetNetworkDlpBuildInfo() *DlpBuildInfo

func (*Engine) GetNetworkDlpWorkloadRulesInfo 

func (e *Engine) GetNetworkDlpWorkloadRulesInfo() map[string]*dp.DPWorkloadDlpRule

dlp

func (*Engine) GetNetworkPolicy 

func (e *Engine) GetNetworkPolicy() map[string]*WorkloadIPPolicyInfo

func (*Engine) GetPolDomNBEMap 

func (e *Engine) GetPolDomNBEMap() map[string]bool

func (*Engine) GetPolicyAddrMap 

func (e *Engine) GetPolicyAddrMap() map[string]share.CLUSSubnet

func (*Engine) HostNetworkPolicyLookup 

func (e *Engine) HostNetworkPolicyLookup(wl string, conn *dp.Connection) (uint32, uint8, bool)

func (*Engine) Init 

func (e *Engine) Init(HostID string, HostIPs utils.Set, TunnelIP []net.IPNet, cb GroupProcPolicyCallback, pad int)

func (*Engine) InsertNeuvectorProcessProfilePolicy 

func (e *Engine) InsertNeuvectorProcessProfilePolicy(group, role string)

/

func (*Engine) IsAllowedByParentApp 

func (e *Engine) IsAllowedByParentApp(service, id, name, pname, ppath string, pgid int) bool

allowed by parent process name The program logic is located at faccess_linux.go: isAllowedByParentApp()

func (*Engine) IsAllowedSuspiciousApp 

func (e *Engine) IsAllowedSuspiciousApp(service, id, name string) bool

matching the process name: suspicious process is defined by name only

func (*Engine) IsK8sGroupWithProbe 

func (e *Engine) IsK8sGroupWithProbe(name string) bool

func (*Engine) ObtainProcessPolicy 

func (e *Engine) ObtainProcessPolicy(name, id string) (*share.CLUSProcessProfile, bool)

func (*Engine) ProcessPolicyLookup 

func (e *Engine) ProcessPolicyLookup(name, id string, proc *share.CLUSProcessProfileEntry, pid int) (string, string, string, error)

func (*Engine) PushFqdnInfoToDP 

func (e *Engine) PushFqdnInfoToDP()

func (*Engine) PushNetworkDlpToDP 

func (e *Engine) PushNetworkDlpToDP()

func (*Engine) PushNetworkPolicyToDP 

func (e *Engine) PushNetworkPolicyToDP()

func (*Engine) SetTimerWheel 

func (e *Engine) SetTimerWheel(aTimerWheel *utils.TimerWheel)

func (*Engine) UpdateNetworkPolicy 

func (e *Engine) UpdateNetworkPolicy(ps []share.CLUSGroupIPPolicy,
	newPolicy map[string]*WorkloadIPPolicyInfo) utils.Set

func (*Engine) UpdateProcessPolicy 

func (e *Engine) UpdateProcessPolicy(name string, profile *share.CLUSProcessProfile) (bool, *share.CLUSProcessProfile)

type GroupProcPolicyCallback 

type GroupProcPolicyCallback func(id string) (*share.CLUSProcessProfile, bool)

type ProcProfileBrief 

type ProcProfileBrief struct {
	// contains filtered or unexported fields
}

type WorkloadIPPolicyInfo 

type WorkloadIPPolicyInfo struct {
	RuleMap    map[string]*dp.DPPolicyIPRule
	Policy     dp.DPWorkloadIPPolicy
	Configured bool
	SkipPush   bool
	HostMode   bool
	CapIntcp   bool
	PolVer     uint16
	Nbe        bool
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.