1package hcn
2
3import (
4	"encoding/json"
5)
6
7// EndpointPolicyType are the potential Policies that apply to Endpoints.
8type EndpointPolicyType string
9
10// EndpointPolicyType const
11const (
12	PortMapping   EndpointPolicyType = "PortMapping"
13	ACL           EndpointPolicyType = "ACL"
14	QOS           EndpointPolicyType = "QOS"
15	L2Driver      EndpointPolicyType = "L2Driver"
16	OutBoundNAT   EndpointPolicyType = "OutBoundNAT"
17	SDNRoute      EndpointPolicyType = "SDNRoute"
18	L4Proxy       EndpointPolicyType = "L4Proxy"
19	L4WFPPROXY    EndpointPolicyType = "L4WFPPROXY"
20	PortName      EndpointPolicyType = "PortName"
21	EncapOverhead EndpointPolicyType = "EncapOverhead"
22	// Endpoint and Network have InterfaceConstraint and ProviderAddress
23	NetworkProviderAddress     EndpointPolicyType = "ProviderAddress"
24	NetworkInterfaceConstraint EndpointPolicyType = "InterfaceConstraint"
25)
26
27// EndpointPolicy is a collection of Policy settings for an Endpoint.
28type EndpointPolicy struct {
29	Type     EndpointPolicyType `json:""`
30	Settings json.RawMessage    `json:",omitempty"`
31}
32
33// NetworkPolicyType are the potential Policies that apply to Networks.
34type NetworkPolicyType string
35
36// NetworkPolicyType const
37const (
38	SourceMacAddress    NetworkPolicyType = "SourceMacAddress"
39	NetAdapterName      NetworkPolicyType = "NetAdapterName"
40	VSwitchExtension    NetworkPolicyType = "VSwitchExtension"
41	DrMacAddress        NetworkPolicyType = "DrMacAddress"
42	AutomaticDNS        NetworkPolicyType = "AutomaticDNS"
43	InterfaceConstraint NetworkPolicyType = "InterfaceConstraint"
44	ProviderAddress     NetworkPolicyType = "ProviderAddress"
45	RemoteSubnetRoute   NetworkPolicyType = "RemoteSubnetRoute"
46	VxlanPort           NetworkPolicyType = "VxlanPort"
47	HostRoute           NetworkPolicyType = "HostRoute"
48	SetPolicy           NetworkPolicyType = "SetPolicy"
49	NetworkL4Proxy      NetworkPolicyType = "L4Proxy"
50)
51
52// NetworkPolicy is a collection of Policy settings for a Network.
53type NetworkPolicy struct {
54	Type     NetworkPolicyType `json:""`
55	Settings json.RawMessage   `json:",omitempty"`
56}
57
58// SubnetPolicyType are the potential Policies that apply to Subnets.
59type SubnetPolicyType string
60
61// SubnetPolicyType const
62const (
63	VLAN SubnetPolicyType = "VLAN"
64	VSID SubnetPolicyType = "VSID"
65)
66
67// SubnetPolicy is a collection of Policy settings for a Subnet.
68type SubnetPolicy struct {
69	Type     SubnetPolicyType `json:""`
70	Settings json.RawMessage  `json:",omitempty"`
71}
72
73// NatFlags are flags for portmappings.
74type NatFlags uint32
75
76/// Endpoint Policy objects
77
78// PortMappingPolicySetting defines Port Mapping (NAT)
79type PortMappingPolicySetting struct {
80	Protocol     uint32   `json:",omitempty"` // EX: TCP = 6, UDP = 17
81	InternalPort uint16   `json:",omitempty"`
82	ExternalPort uint16   `json:",omitempty"`
83	VIP          string   `json:",omitempty"`
84	Flags        NatFlags `json:",omitempty"`
85}
86
87// ActionType associated with ACLs. Value is either Allow or Block.
88type ActionType string
89
90// DirectionType associated with ACLs. Value is either In or Out.
91type DirectionType string
92
93// RuleType associated with ACLs. Value is either Host (WFP) or Switch (VFP).
94type RuleType string
95
96const (
97	// Allow traffic
98	ActionTypeAllow ActionType = "Allow"
99	// Block traffic
100	ActionTypeBlock ActionType = "Block"
101
102	// In is traffic coming to the Endpoint
103	DirectionTypeIn DirectionType = "In"
104	// Out is traffic leaving the Endpoint
105	DirectionTypeOut DirectionType = "Out"
106
107	// Host creates WFP (Windows Firewall) rules
108	RuleTypeHost RuleType = "Host"
109	// Switch creates VFP (Virtual Filter Platform) rules
110	RuleTypeSwitch RuleType = "Switch"
111)
112
113// AclPolicySetting creates firewall rules on an endpoint
114type AclPolicySetting struct {
115	Protocols       string        `json:",omitempty"` // EX: 6 (TCP), 17 (UDP), 1 (ICMPv4), 58 (ICMPv6), 2 (IGMP)
116	Action          ActionType    `json:","`
117	Direction       DirectionType `json:","`
118	LocalAddresses  string        `json:",omitempty"`
119	RemoteAddresses string        `json:",omitempty"`
120	LocalPorts      string        `json:",omitempty"`
121	RemotePorts     string        `json:",omitempty"`
122	RuleType        RuleType      `json:",omitempty"`
123	Priority        uint16        `json:",omitempty"`
124}
125
126// QosPolicySetting sets Quality of Service bandwidth caps on an Endpoint.
127type QosPolicySetting struct {
128	MaximumOutgoingBandwidthInBytes uint64
129}
130
131// OutboundNatPolicySetting sets outbound Network Address Translation on an Endpoint.
132type OutboundNatPolicySetting struct {
133	VirtualIP    string   `json:",omitempty"`
134	Exceptions   []string `json:",omitempty"`
135	Destinations []string `json:",omitempty"`
136}
137
138// SDNRoutePolicySetting sets SDN Route on an Endpoint.
139type SDNRoutePolicySetting struct {
140	DestinationPrefix string `json:",omitempty"`
141	NextHop           string `json:",omitempty"`
142	NeedEncap         bool   `json:",omitempty"`
143}
144
145// FiveTuple is nested in L4ProxyPolicySetting  for WFP support.
146type FiveTuple struct {
147	Protocols       string `json:",omitempty"`
148	LocalAddresses  string `json:",omitempty"`
149	RemoteAddresses string `json:",omitempty"`
150	LocalPorts      string `json:",omitempty"`
151	RemotePorts     string `json:",omitempty"`
152	Priority        uint16 `json:",omitempty"`
153}
154
155// L4WfpProxyPolicySetting sets Layer-4 Proxy on an endpoint.
156type L4WfpProxyPolicySetting struct {
157	Port        string    `json:",omitempty"`
158	FilterTuple FiveTuple `json:",omitempty"`
159	UserSID     string    `json:",omitempty"`
160}
161
162// PortnameEndpointPolicySetting sets the port name for an endpoint.
163type PortnameEndpointPolicySetting struct {
164	Name string `json:",omitempty"`
165}
166
167// EncapOverheadEndpointPolicySetting sets the encap overhead for an endpoint.
168type EncapOverheadEndpointPolicySetting struct {
169	Overhead uint16 `json:",omitempty"`
170}
171
172/// Endpoint and Network Policy objects
173
174// ProviderAddressEndpointPolicySetting sets the PA for an endpoint.
175type ProviderAddressEndpointPolicySetting struct {
176	ProviderAddress string `json:",omitempty"`
177}
178
179// InterfaceConstraintPolicySetting limits an Endpoint or Network to a specific Nic.
180type InterfaceConstraintPolicySetting struct {
181	InterfaceGuid        string `json:",omitempty"`
182	InterfaceLuid        uint64 `json:",omitempty"`
183	InterfaceIndex       uint32 `json:",omitempty"`
184	InterfaceMediaType   uint32 `json:",omitempty"`
185	InterfaceAlias       string `json:",omitempty"`
186	InterfaceDescription string `json:",omitempty"`
187}
188
189/// Network Policy objects
190
191// SourceMacAddressNetworkPolicySetting sets source MAC for a network.
192type SourceMacAddressNetworkPolicySetting struct {
193	SourceMacAddress string `json:",omitempty"`
194}
195
196// NetAdapterNameNetworkPolicySetting sets network adapter of a network.
197type NetAdapterNameNetworkPolicySetting struct {
198	NetworkAdapterName string `json:",omitempty"`
199}
200
201// VSwitchExtensionNetworkPolicySetting enables/disabled VSwitch extensions for a network.
202type VSwitchExtensionNetworkPolicySetting struct {
203	ExtensionID string `json:",omitempty"`
204	Enable      bool   `json:",omitempty"`
205}
206
207// DrMacAddressNetworkPolicySetting sets the DR MAC for a network.
208type DrMacAddressNetworkPolicySetting struct {
209	Address string `json:",omitempty"`
210}
211
212// AutomaticDNSNetworkPolicySetting enables/disables automatic DNS on a network.
213type AutomaticDNSNetworkPolicySetting struct {
214	Enable bool `json:",omitempty"`
215}
216
217/// Subnet Policy objects
218
219// VlanPolicySetting isolates a subnet with VLAN tagging.
220type VlanPolicySetting struct {
221	IsolationId uint32 `json:","`
222}
223
224// VsidPolicySetting isolates a subnet with VSID tagging.
225type VsidPolicySetting struct {
226	IsolationId uint32 `json:","`
227}
228
229// RemoteSubnetRoutePolicySetting creates remote subnet route rules on a network
230type RemoteSubnetRoutePolicySetting struct {
231	DestinationPrefix           string
232	IsolationId                 uint16
233	ProviderAddress             string
234	DistributedRouterMacAddress string
235}
236
237// SetPolicyTypes associated with SetPolicy. Value is IPSET.
238type SetPolicyType string
239
240const (
241	SetPolicyTypeIpSet SetPolicyType = "IPSET"
242)
243
244// SetPolicySetting creates IPSets on network
245type SetPolicySetting struct {
246	Id     string
247	Name   string
248	Type   SetPolicyType
249	Values string
250}
251
252// VxlanPortPolicySetting allows configuring the VXLAN TCP port
253type VxlanPortPolicySetting struct {
254	Port uint16
255}
256
257// ProtocolType associated with L4ProxyPolicy
258type ProtocolType uint32
259
260const (
261	ProtocolTypeUnknown ProtocolType = 0
262	ProtocolTypeICMPv4  ProtocolType = 1
263	ProtocolTypeIGMP    ProtocolType = 2
264	ProtocolTypeTCP     ProtocolType = 6
265	ProtocolTypeUDP     ProtocolType = 17
266	ProtocolTypeICMPv6  ProtocolType = 58
267)
268
269//L4ProxyPolicySetting applies proxy policy on network/endpoint
270type L4ProxyPolicySetting struct {
271	IP          string       `json:",omitempty"`
272	Port        string       `json:",omitempty"`
273	Protocol    ProtocolType `json:",omitempty"`
274	Exceptions  []string     `json:",omitempty"`
275	Destination string
276	OutboundNAT bool `json:",omitempty"`
277}
278