From 7299e2e4fa03df8981e3a18cd5ea43d709f8342d Mon Sep 17 00:00:00 2001 From: Erik Frimodig Date: Tue, 4 May 2021 16:10:09 -0700 Subject: [PATCH] Adding proxy exceptions to L4WFP Proxy Policy Signed-off-by: Erik Frimodig --- hcn/hcnpolicy.go | 18 +++++++++++++----- hcn/hcnutils_test.go | 10 +++++++++- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/hcn/hcnpolicy.go b/hcn/hcnpolicy.go index 562c7d80e3..3bd96104e7 100644 --- a/hcn/hcnpolicy.go +++ b/hcn/hcnpolicy.go @@ -76,7 +76,7 @@ type SubnetPolicy struct { type NatFlags uint32 const ( - NatFlagsNone NatFlags = iota + NatFlagsNone NatFlags = iota NatFlagsLocalRoutedVip NatFlagsIPv6 ) @@ -161,12 +161,20 @@ type FiveTuple struct { Priority uint16 `json:",omitempty"` } +// ProxyExceptions exempts traffic to IpAddresses and Ports +type ProxyExceptions struct { + IpAddressExceptions []string `json:",omitempty"` + PortExceptions []string `json:",omitempty"` +} + // L4WfpProxyPolicySetting sets Layer-4 Proxy on an endpoint. type L4WfpProxyPolicySetting struct { - InboundProxyPort string `json:",omitempty"` - OutboundProxyPort string `json:",omitempty"` - FilterTuple FiveTuple `json:",omitempty"` - UserSID string `json:",omitempty"` + InboundProxyPort string `json:",omitempty"` + OutboundProxyPort string `json:",omitempty"` + FilterTuple FiveTuple `json:",omitempty"` + UserSID string `json:",omitempty"` + InboundExceptions ProxyExceptions `json:",omitempty"` + OutboundExceptions ProxyExceptions `json:",omitempty"` } // PortnameEndpointPolicySetting sets the port name for an endpoint. diff --git a/hcn/hcnutils_test.go b/hcn/hcnutils_test.go index c27b98c8fa..09d603d7f5 100644 --- a/hcn/hcnutils_test.go +++ b/hcn/hcnutils_test.go @@ -236,12 +236,20 @@ func HcnCreateAcls() (*PolicyEndpointRequest, error) { func HcnCreateWfpProxyPolicyRequest() (*PolicyEndpointRequest, error) { policySetting := L4WfpProxyPolicySetting{ InboundProxyPort: "80", - OutboundProxyPort: "80", + OutboundProxyPort: "81", FilterTuple: FiveTuple{ Protocols: "6", RemoteAddresses: "10.0.0.4", Priority: 8, }, + OutboundExceptions: ProxyExceptions{ + IpAddressExceptions: []string{"10.0.1.12"}, + PortExceptions: []string{"81"}, + }, + InboundExceptions: ProxyExceptions{ + IpAddressExceptions: []string{"12.0.1.12"}, + PortExceptions: []string{"8181"}, + }, } policyJSON, err := json.Marshal(policySetting)