in cni/cni.go [267:304]
func getInACLRule(mapping *PortMapping, aclPriority uint16) (*network.Policy, error) {
var err error
// protocol can be passed either as a number or a name
protocolInt, err := network.GetPortEnumValue(mapping.Protocol)
if err != nil {
return nil, err
}
in := hcn.AclPolicySetting{
Protocols: strconv.Itoa(int(protocolInt)),
Action: hcn.ActionTypeAllow,
Direction: hcn.DirectionTypeIn,
LocalPorts: strconv.Itoa(mapping.ContainerPort),
Priority: aclPriority,
}
rawJSON, err := json.Marshal(in)
if err != nil {
return nil, fmt.Errorf("failed marshalling acl: %v", err)
}
inPol := hcn.EndpointPolicy{
Type: hcn.ACL,
Settings: rawJSON,
}
rawData, err := json.Marshal(inPol)
inPolicy := network.Policy{
Type: network.EndpointPolicy,
Data: rawData}
if err != nil {
return nil, fmt.Errorf("failed marshalling acl: %v", err)
}
return &inPolicy, nil
}