-
Notifications
You must be signed in to change notification settings - Fork 51
/
utils.go
55 lines (47 loc) · 1.74 KB
/
utils.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package enforcer
import (
"github.com/aporeto-inc/trireme/collector"
"github.com/aporeto-inc/trireme/enforcer/lookup"
"github.com/aporeto-inc/trireme/enforcer/utils/packet"
"github.com/aporeto-inc/trireme/policy"
)
func (d *Datapath) reportFlow(p *packet.Packet, connection *TCPConnection, sourceID string, destID string, context *PUContext, action string, mode string) {
d.collector.CollectFlowEvent(&collector.FlowRecord{
ContextID: context.ID,
DestinationID: destID,
SourceID: sourceID,
Tags: context.Annotations,
Action: action,
Mode: mode,
SourceIP: p.SourceAddress.String(),
DestinationIP: p.DestinationAddress.String(),
DestinationPort: p.DestinationPort,
})
}
func (d *Datapath) reportAcceptedFlow(p *packet.Packet, conn *TCPConnection, sourceID string, destID string, context *PUContext) {
if conn != nil {
conn.SetReported(RejectReported)
}
d.reportFlow(p, conn, sourceID, destID, context, collector.FlowAccept, "NA")
}
func (d *Datapath) reportRejectedFlow(p *packet.Packet, conn *TCPConnection, sourceID string, destID string, context *PUContext, mode string) {
if conn != nil {
conn.SetReported(AcceptReported)
}
d.reportFlow(p, conn, sourceID, destID, context, collector.FlowReject, mode)
}
// createRuleDBs creates the database of rules from the policy
func createRuleDBs(policyRules policy.TagSelectorList) (*lookup.PolicyDB, *lookup.PolicyDB) {
acceptRules := lookup.NewPolicyDB()
rejectRules := lookup.NewPolicyDB()
for _, rule := range policyRules {
if rule.Action&policy.Accept != 0 {
acceptRules.AddPolicy(rule)
} else if rule.Action&policy.Reject != 0 {
rejectRules.AddPolicy(rule)
} else {
continue
}
}
return acceptRules, rejectRules
}