mirror of
https://github.com/k3s-io/k3s.git
synced 2024-06-07 19:41:36 +00:00
330 lines
10 KiB
Go
330 lines
10 KiB
Go
package hcn
|
|
|
|
import (
|
|
"encoding/json"
|
|
)
|
|
|
|
// EndpointPolicyType are the potential Policies that apply to Endpoints.
|
|
type EndpointPolicyType string
|
|
|
|
// EndpointPolicyType const
|
|
const (
|
|
PortMapping EndpointPolicyType = "PortMapping"
|
|
ACL EndpointPolicyType = "ACL"
|
|
QOS EndpointPolicyType = "QOS"
|
|
L2Driver EndpointPolicyType = "L2Driver"
|
|
OutBoundNAT EndpointPolicyType = "OutBoundNAT"
|
|
SDNRoute EndpointPolicyType = "SDNRoute"
|
|
L4Proxy EndpointPolicyType = "L4Proxy"
|
|
L4WFPPROXY EndpointPolicyType = "L4WFPPROXY"
|
|
PortName EndpointPolicyType = "PortName"
|
|
EncapOverhead EndpointPolicyType = "EncapOverhead"
|
|
IOV EndpointPolicyType = "Iov"
|
|
// Endpoint and Network have InterfaceConstraint and ProviderAddress
|
|
NetworkProviderAddress EndpointPolicyType = "ProviderAddress"
|
|
NetworkInterfaceConstraint EndpointPolicyType = "InterfaceConstraint"
|
|
TierAcl EndpointPolicyType = "TierAcl"
|
|
)
|
|
|
|
// EndpointPolicy is a collection of Policy settings for an Endpoint.
|
|
type EndpointPolicy struct {
|
|
Type EndpointPolicyType `json:""`
|
|
Settings json.RawMessage `json:",omitempty"`
|
|
}
|
|
|
|
// NetworkPolicyType are the potential Policies that apply to Networks.
|
|
type NetworkPolicyType string
|
|
|
|
// NetworkPolicyType const
|
|
const (
|
|
SourceMacAddress NetworkPolicyType = "SourceMacAddress"
|
|
NetAdapterName NetworkPolicyType = "NetAdapterName"
|
|
VSwitchExtension NetworkPolicyType = "VSwitchExtension"
|
|
DrMacAddress NetworkPolicyType = "DrMacAddress"
|
|
AutomaticDNS NetworkPolicyType = "AutomaticDNS"
|
|
InterfaceConstraint NetworkPolicyType = "InterfaceConstraint"
|
|
ProviderAddress NetworkPolicyType = "ProviderAddress"
|
|
RemoteSubnetRoute NetworkPolicyType = "RemoteSubnetRoute"
|
|
VxlanPort NetworkPolicyType = "VxlanPort"
|
|
HostRoute NetworkPolicyType = "HostRoute"
|
|
SetPolicy NetworkPolicyType = "SetPolicy"
|
|
NetworkL4Proxy NetworkPolicyType = "L4Proxy"
|
|
LayerConstraint NetworkPolicyType = "LayerConstraint"
|
|
)
|
|
|
|
// NetworkPolicy is a collection of Policy settings for a Network.
|
|
type NetworkPolicy struct {
|
|
Type NetworkPolicyType `json:""`
|
|
Settings json.RawMessage `json:",omitempty"`
|
|
}
|
|
|
|
// SubnetPolicyType are the potential Policies that apply to Subnets.
|
|
type SubnetPolicyType string
|
|
|
|
// SubnetPolicyType const
|
|
const (
|
|
VLAN SubnetPolicyType = "VLAN"
|
|
VSID SubnetPolicyType = "VSID"
|
|
)
|
|
|
|
// SubnetPolicy is a collection of Policy settings for a Subnet.
|
|
type SubnetPolicy struct {
|
|
Type SubnetPolicyType `json:""`
|
|
Settings json.RawMessage `json:",omitempty"`
|
|
}
|
|
|
|
// NatFlags are flags for portmappings.
|
|
type NatFlags uint32
|
|
|
|
const (
|
|
NatFlagsNone NatFlags = iota
|
|
NatFlagsLocalRoutedVip
|
|
NatFlagsIPv6
|
|
)
|
|
|
|
/// Endpoint Policy objects
|
|
|
|
// PortMappingPolicySetting defines Port Mapping (NAT)
|
|
type PortMappingPolicySetting struct {
|
|
Protocol uint32 `json:",omitempty"` // EX: TCP = 6, UDP = 17
|
|
InternalPort uint16 `json:",omitempty"`
|
|
ExternalPort uint16 `json:",omitempty"`
|
|
VIP string `json:",omitempty"`
|
|
Flags NatFlags `json:",omitempty"`
|
|
}
|
|
|
|
// ActionType associated with ACLs. Value is either Allow or Block.
|
|
type ActionType string
|
|
|
|
// DirectionType associated with ACLs. Value is either In or Out.
|
|
type DirectionType string
|
|
|
|
// RuleType associated with ACLs. Value is either Host (WFP) or Switch (VFP).
|
|
type RuleType string
|
|
|
|
const (
|
|
// Allow traffic
|
|
ActionTypeAllow ActionType = "Allow"
|
|
// Block traffic
|
|
ActionTypeBlock ActionType = "Block"
|
|
// Pass traffic
|
|
ActionTypePass ActionType = "Pass"
|
|
|
|
// In is traffic coming to the Endpoint
|
|
DirectionTypeIn DirectionType = "In"
|
|
// Out is traffic leaving the Endpoint
|
|
DirectionTypeOut DirectionType = "Out"
|
|
|
|
// Host creates WFP (Windows Firewall) rules
|
|
RuleTypeHost RuleType = "Host"
|
|
// Switch creates VFP (Virtual Filter Platform) rules
|
|
RuleTypeSwitch RuleType = "Switch"
|
|
)
|
|
|
|
// AclPolicySetting creates firewall rules on an endpoint
|
|
type AclPolicySetting struct {
|
|
Protocols string `json:",omitempty"` // EX: 6 (TCP), 17 (UDP), 1 (ICMPv4), 58 (ICMPv6), 2 (IGMP)
|
|
Action ActionType `json:","`
|
|
Direction DirectionType `json:","`
|
|
LocalAddresses string `json:",omitempty"`
|
|
RemoteAddresses string `json:",omitempty"`
|
|
LocalPorts string `json:",omitempty"`
|
|
RemotePorts string `json:",omitempty"`
|
|
RuleType RuleType `json:",omitempty"`
|
|
Priority uint16 `json:",omitempty"`
|
|
}
|
|
|
|
// QosPolicySetting sets Quality of Service bandwidth caps on an Endpoint.
|
|
type QosPolicySetting struct {
|
|
MaximumOutgoingBandwidthInBytes uint64
|
|
}
|
|
|
|
// OutboundNatPolicySetting sets outbound Network Address Translation on an Endpoint.
|
|
type OutboundNatPolicySetting struct {
|
|
VirtualIP string `json:",omitempty"`
|
|
Exceptions []string `json:",omitempty"`
|
|
Destinations []string `json:",omitempty"`
|
|
Flags NatFlags `json:",omitempty"`
|
|
}
|
|
|
|
// SDNRoutePolicySetting sets SDN Route on an Endpoint.
|
|
type SDNRoutePolicySetting struct {
|
|
DestinationPrefix string `json:",omitempty"`
|
|
NextHop string `json:",omitempty"`
|
|
NeedEncap bool `json:",omitempty"`
|
|
}
|
|
|
|
// FiveTuple is nested in L4ProxyPolicySetting for WFP support.
|
|
type FiveTuple struct {
|
|
Protocols string `json:",omitempty"`
|
|
LocalAddresses string `json:",omitempty"`
|
|
RemoteAddresses string `json:",omitempty"`
|
|
LocalPorts string `json:",omitempty"`
|
|
RemotePorts string `json:",omitempty"`
|
|
Priority uint16 `json:",omitempty"`
|
|
}
|
|
|
|
// ProxyExceptions exempts traffic to IpAddresses and Ports
|
|
type ProxyExceptions struct {
|
|
IpAddressExceptions []string `json:",omitempty"`
|
|
PortExceptions []string `json:",omitempty"`
|
|
}
|
|
|
|
// L4WfpProxyPolicySetting sets Layer-4 Proxy on an endpoint.
|
|
type L4WfpProxyPolicySetting struct {
|
|
InboundProxyPort string `json:",omitempty"`
|
|
OutboundProxyPort string `json:",omitempty"`
|
|
FilterTuple FiveTuple `json:",omitempty"`
|
|
UserSID string `json:",omitempty"`
|
|
InboundExceptions ProxyExceptions `json:",omitempty"`
|
|
OutboundExceptions ProxyExceptions `json:",omitempty"`
|
|
}
|
|
|
|
// PortnameEndpointPolicySetting sets the port name for an endpoint.
|
|
type PortnameEndpointPolicySetting struct {
|
|
Name string `json:",omitempty"`
|
|
}
|
|
|
|
// EncapOverheadEndpointPolicySetting sets the encap overhead for an endpoint.
|
|
type EncapOverheadEndpointPolicySetting struct {
|
|
Overhead uint16 `json:",omitempty"`
|
|
}
|
|
|
|
// IovPolicySetting sets the Iov settings for an endpoint.
|
|
type IovPolicySetting struct {
|
|
IovOffloadWeight uint32 `json:",omitempty"`
|
|
QueuePairsRequested uint32 `json:",omitempty"`
|
|
InterruptModeration uint32 `json:",omitempty"`
|
|
}
|
|
|
|
/// Endpoint and Network Policy objects
|
|
|
|
// ProviderAddressEndpointPolicySetting sets the PA for an endpoint.
|
|
type ProviderAddressEndpointPolicySetting struct {
|
|
ProviderAddress string `json:",omitempty"`
|
|
}
|
|
|
|
// InterfaceConstraintPolicySetting limits an Endpoint or Network to a specific Nic.
|
|
type InterfaceConstraintPolicySetting struct {
|
|
InterfaceGuid string `json:",omitempty"`
|
|
InterfaceLuid uint64 `json:",omitempty"`
|
|
InterfaceIndex uint32 `json:",omitempty"`
|
|
InterfaceMediaType uint32 `json:",omitempty"`
|
|
InterfaceAlias string `json:",omitempty"`
|
|
InterfaceDescription string `json:",omitempty"`
|
|
}
|
|
|
|
/// Network Policy objects
|
|
|
|
// SourceMacAddressNetworkPolicySetting sets source MAC for a network.
|
|
type SourceMacAddressNetworkPolicySetting struct {
|
|
SourceMacAddress string `json:",omitempty"`
|
|
}
|
|
|
|
// NetAdapterNameNetworkPolicySetting sets network adapter of a network.
|
|
type NetAdapterNameNetworkPolicySetting struct {
|
|
NetworkAdapterName string `json:",omitempty"`
|
|
}
|
|
|
|
// VSwitchExtensionNetworkPolicySetting enables/disabled VSwitch extensions for a network.
|
|
type VSwitchExtensionNetworkPolicySetting struct {
|
|
ExtensionID string `json:",omitempty"`
|
|
Enable bool `json:",omitempty"`
|
|
}
|
|
|
|
// DrMacAddressNetworkPolicySetting sets the DR MAC for a network.
|
|
type DrMacAddressNetworkPolicySetting struct {
|
|
Address string `json:",omitempty"`
|
|
}
|
|
|
|
// AutomaticDNSNetworkPolicySetting enables/disables automatic DNS on a network.
|
|
type AutomaticDNSNetworkPolicySetting struct {
|
|
Enable bool `json:",omitempty"`
|
|
}
|
|
|
|
type LayerConstraintNetworkPolicySetting struct {
|
|
LayerId string `json:",omitempty"`
|
|
}
|
|
|
|
/// Subnet Policy objects
|
|
|
|
// VlanPolicySetting isolates a subnet with VLAN tagging.
|
|
type VlanPolicySetting struct {
|
|
IsolationId uint32 `json:","`
|
|
}
|
|
|
|
// VsidPolicySetting isolates a subnet with VSID tagging.
|
|
type VsidPolicySetting struct {
|
|
IsolationId uint32 `json:","`
|
|
}
|
|
|
|
// RemoteSubnetRoutePolicySetting creates remote subnet route rules on a network
|
|
type RemoteSubnetRoutePolicySetting struct {
|
|
DestinationPrefix string
|
|
IsolationId uint16
|
|
ProviderAddress string
|
|
DistributedRouterMacAddress string
|
|
}
|
|
|
|
// SetPolicyTypes associated with SetPolicy. Value is IPSET.
|
|
type SetPolicyType string
|
|
|
|
const (
|
|
SetPolicyTypeIpSet SetPolicyType = "IPSET"
|
|
)
|
|
|
|
// SetPolicySetting creates IPSets on network
|
|
type SetPolicySetting struct {
|
|
Id string
|
|
Name string
|
|
Type SetPolicyType
|
|
Values string
|
|
}
|
|
|
|
// VxlanPortPolicySetting allows configuring the VXLAN TCP port
|
|
type VxlanPortPolicySetting struct {
|
|
Port uint16
|
|
}
|
|
|
|
// ProtocolType associated with L4ProxyPolicy
|
|
type ProtocolType uint32
|
|
|
|
const (
|
|
ProtocolTypeUnknown ProtocolType = 0
|
|
ProtocolTypeICMPv4 ProtocolType = 1
|
|
ProtocolTypeIGMP ProtocolType = 2
|
|
ProtocolTypeTCP ProtocolType = 6
|
|
ProtocolTypeUDP ProtocolType = 17
|
|
ProtocolTypeICMPv6 ProtocolType = 58
|
|
)
|
|
|
|
//L4ProxyPolicySetting applies proxy policy on network/endpoint
|
|
type L4ProxyPolicySetting struct {
|
|
IP string `json:",omitempty"`
|
|
Port string `json:",omitempty"`
|
|
Protocol ProtocolType `json:",omitempty"`
|
|
Exceptions []string `json:",omitempty"`
|
|
Destination string
|
|
OutboundNAT bool `json:",omitempty"`
|
|
}
|
|
|
|
// TierAclRule represents an ACL within TierAclPolicySetting
|
|
type TierAclRule struct {
|
|
Id string `json:",omitempty"`
|
|
Protocols string `json:",omitempty"`
|
|
TierAclRuleAction ActionType `json:","`
|
|
LocalAddresses string `json:",omitempty"`
|
|
RemoteAddresses string `json:",omitempty"`
|
|
LocalPorts string `json:",omitempty"`
|
|
RemotePorts string `json:",omitempty"`
|
|
Priority uint16 `json:",omitempty"`
|
|
}
|
|
|
|
// TierAclPolicySetting represents a Tier containing ACLs
|
|
type TierAclPolicySetting struct {
|
|
Name string `json:","`
|
|
Direction DirectionType `json:","`
|
|
Order uint16 `json:""`
|
|
TierAclRules []TierAclRule `json:",omitempty"`
|
|
}
|