-
Notifications
You must be signed in to change notification settings - Fork 51
/
utils.go
95 lines (78 loc) · 2.86 KB
/
utils.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
package nfqdatapath
import (
"github.com/aporeto-inc/trireme-lib/collector"
"github.com/aporeto-inc/trireme-lib/controller/pkg/connection"
"github.com/aporeto-inc/trireme-lib/controller/pkg/packet"
"github.com/aporeto-inc/trireme-lib/controller/pkg/pucontext"
"github.com/aporeto-inc/trireme-lib/policy"
)
func (d *Datapath) reportAcceptedFlow(p *packet.Packet, conn *connection.TCPConnection, sourceID string, destID string, context *pucontext.PUContext, report *policy.FlowPolicy, packet *policy.FlowPolicy) {
if conn != nil {
conn.SetReported(connection.AcceptReported)
}
d.reportFlow(p, conn, sourceID, destID, context, "", report, packet)
}
func (d *Datapath) reportRejectedFlow(p *packet.Packet, conn *connection.TCPConnection, sourceID string, destID string, context *pucontext.PUContext, mode string, report *policy.FlowPolicy, packet *policy.FlowPolicy) {
if conn != nil && mode == collector.PolicyDrop {
conn.SetReported(connection.RejectReported)
}
if report == nil {
report = &policy.FlowPolicy{
Action: policy.Reject,
PolicyID: "",
}
}
if packet == nil {
packet = report
}
d.reportFlow(p, conn, sourceID, destID, context, mode, report, packet)
}
func (d *Datapath) reportExternalServiceFlowCommon(context *pucontext.PUContext, report *policy.FlowPolicy, packet *policy.FlowPolicy, app bool, p *packet.Packet, src, dst *collector.EndPoint) {
if app {
src.ID = context.ManagementID()
src.Type = collector.PU
dst.ID = report.ServiceID
dst.Type = collector.Address
} else {
src.ID = report.ServiceID
src.Type = collector.Address
dst.ID = context.ManagementID()
dst.Type = collector.PU
}
record := &collector.FlowRecord{
ContextID: context.ID(),
Source: src,
Destination: dst,
DropReason: collector.PolicyDrop,
Action: report.Action,
Tags: context.Annotations(),
PolicyID: report.PolicyID,
}
if report.ObserveAction.Observed() {
record.ObservedAction = packet.Action
record.ObservedPolicyID = packet.PolicyID
}
d.collector.CollectFlowEvent(record)
}
func (d *Datapath) reportExternalServiceFlow(context *pucontext.PUContext, report *policy.FlowPolicy, packet *policy.FlowPolicy, app bool, p *packet.Packet) {
src := &collector.EndPoint{
IP: p.SourceAddress.String(),
Port: p.SourcePort,
}
dst := &collector.EndPoint{
IP: p.DestinationAddress.String(),
Port: p.DestinationPort,
}
d.reportExternalServiceFlowCommon(context, report, packet, app, p, src, dst)
}
func (d *Datapath) reportReverseExternalServiceFlow(context *pucontext.PUContext, report *policy.FlowPolicy, packet *policy.FlowPolicy, app bool, p *packet.Packet) {
src := &collector.EndPoint{
IP: p.DestinationAddress.String(),
Port: p.DestinationPort,
}
dst := &collector.EndPoint{
IP: p.SourceAddress.String(),
Port: p.SourcePort,
}
d.reportExternalServiceFlowCommon(context, report, packet, app, p, src, dst)
}