github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/internal/enforcer/nfqdatapath/datapath_icmp.go

github.com/aporeto-inc/trireme-lib@v10.358.0+incompatible/controller/internal/enforcer/nfqdatapath/datapath_icmp.go (about)

     1  // +build linux
     2  
     3  package nfqdatapath
     4  
     5  import (
     6  	"go.aporeto.io/enforcerd/trireme-lib/collector"
     7  	"go.aporeto.io/enforcerd/trireme-lib/controller/pkg/packet"
     8  	"go.aporeto.io/enforcerd/trireme-lib/controller/pkg/pucontext"
     9  )
    10  
    11  type icmpActionType int
    12  
    13  const (
    14  	icmpAccept icmpActionType = iota
    15  	icmpDrop
    16  )
    17  
    18  func (d *Datapath) processNetworkICMPPacket(context *pucontext.PUContext, packet *packet.Packet, icmpType int8, icmpCode int8) icmpActionType {
    19  
    20  	srcAddr := packet.SourceAddress()
    21  	dstAddr := packet.DestinationAddress()
    22  
    23  	report, pkt, err := context.NetworkICMPACLPolicy(srcAddr, icmpType, icmpCode)
    24  
    25  	d.reportExternalServiceFlowCommon(context, report, pkt, false, packet, &collector.EndPoint{IP: srcAddr.String()}, &collector.EndPoint{IP: dstAddr.String()})
    26  	if err != nil || pkt.Action.Rejected() {
    27  		return icmpDrop
    28  	}
    29  
    30  	return icmpAccept
    31  }
    32  
    33  func (d *Datapath) processApplicationICMPPacket(context *pucontext.PUContext, packet *packet.Packet, icmpType int8, icmpCode int8) icmpActionType {
    34  
    35  	srcAddr := packet.SourceAddress()
    36  	dstAddr := packet.DestinationAddress()
    37  
    38  	report, pkt, err := context.ApplicationICMPACLPolicy(dstAddr, icmpType, icmpCode)
    39  
    40  	d.reportExternalServiceFlowCommon(context, report, pkt, true, packet, &collector.EndPoint{IP: srcAddr.String()}, &collector.EndPoint{IP: dstAddr.String()})
    41  
    42  	if err != nil || pkt.Action.Rejected() {
    43  		return icmpDrop
    44  	}
    45  
    46  	return icmpAccept
    47  }