|
| 1 | +// Copyright (c) 2026 Zededa, Inc. |
| 2 | +// SPDX-License-Identifier: Apache-2.0 |
| 3 | + |
| 4 | +package types |
| 5 | + |
| 6 | +import ( |
| 7 | + "time" |
| 8 | + |
| 9 | + eveconfig "github.com/lf-edge/eve-api/go/config" |
| 10 | + eveinfo "github.com/lf-edge/eve-api/go/info" |
| 11 | +) |
| 12 | + |
| 13 | +// PNACConfig : configuration for Port-based Network Access Control (PNAC). |
| 14 | +type PNACConfig struct { |
| 15 | + // Indicates whether 802.1X authentication is enabled on the given port. |
| 16 | + Enabled bool |
| 17 | + |
| 18 | + // EAP identity (optional). |
| 19 | + // Even when certificate-based authentication is used (e.g., EAP-TLS), |
| 20 | + // an explicit EAP identity may be configured and does not need to match |
| 21 | + // the certificate’s DN or SAN attributes. |
| 22 | + // If no EAP identity is configured and a certificate-based EAP method |
| 23 | + // is used, EVE will derive the identity from the enrolled certificate, |
| 24 | + // preferring the subject common name (CN), or the SAN URI if CN is absent. |
| 25 | + EAPIdentity string `json:",omitempty"` |
| 26 | + |
| 27 | + // EAP method to use for authentication. |
| 28 | + // Currently, only EAP-TLS is supported; additional methods may be added in the future. |
| 29 | + EAPMethod eveconfig.EAPMethod `json:",omitempty"` |
| 30 | + |
| 31 | + // Certificate enrollment profile to use for authentication. |
| 32 | + // Relevant only when the selected EAP method requires a certificate (e.g., EAP-TLS). |
| 33 | + // |
| 34 | + // This field references the ProfileName of a certificate enrollment profile defined |
| 35 | + // in EdgeDevConfig (currently SCEP profiles only, see EdgeDevConfig.ScepProfiles). |
| 36 | + // While SCEP is the only supported enrollment protocol today, this field is |
| 37 | + // intended to reference any supported enrollment profile in the future. |
| 38 | + CertEnrollmentProfileName string `json:",omitempty"` |
| 39 | +} |
| 40 | + |
| 41 | +// PNACStatus : device-reported status of Port-Based Network Access Control (PNAC) |
| 42 | +// using IEEE 802.1X on a specific network port. |
| 43 | +type PNACStatus struct { |
| 44 | + // Indicates whether 802.1X authentication is enabled on the given port. |
| 45 | + Enabled bool |
| 46 | + |
| 47 | + // Current supplicant state as reported by the 802.1X client. |
| 48 | + State eveinfo.SupplicantState |
| 49 | + |
| 50 | + // Timestamp of the most recent successful 802.1X authentication. |
| 51 | + // Unset if authentication has not yet completed successfully. |
| 52 | + LastAuthTimestamp time.Time |
| 53 | + |
| 54 | + // Error reported by the supplicant during authentication. |
| 55 | + // May include authentication failures, certificate validation errors, |
| 56 | + // or timeouts. |
| 57 | + Error ErrorDescription |
| 58 | +} |
| 59 | + |
| 60 | +// PNACMetrics : IEEE 802.1X Port-Based Network Access Control (PNAC) metrics reported |
| 61 | +// by the device for the given port. |
| 62 | +type PNACMetrics struct { |
| 63 | + // Logical label identifying the network port associated with these metrics. |
| 64 | + LogicalLabel string |
| 65 | + // Total number of EAPOL frames received from the authenticator. |
| 66 | + EAPOLFramesRx uint64 |
| 67 | + // Total number of EAPOL frames transmitted to the authenticator. |
| 68 | + EAPOLFramesTx uint64 |
| 69 | + // Number of EAPOL-Start frames transmitted to initiate authentication. |
| 70 | + EAPOLStartFramesTx uint64 |
| 71 | + // Number of EAPOL-Logoff frames transmitted to terminate authentication. |
| 72 | + EAPOLLogoffFramesTx uint64 |
| 73 | + // Number of EAP-Response frames transmitted in response to authentication requests. |
| 74 | + EAPOLRespFramesTx uint64 |
| 75 | + // Number of EAP-Request Identity frames received from the authenticator. |
| 76 | + EAPOLReqIdFramesRx uint64 |
| 77 | + // Total number of other EAP-Request frames received from the authenticator. |
| 78 | + EAPOLReqFramesRx uint64 |
| 79 | + // Number of invalid or malformed EAPOL frames received. |
| 80 | + EAPOLInvalidFramesRx uint64 |
| 81 | + // Number of received EAPOL frames with incorrect length or truncated payload. |
| 82 | + EAPLengthErrorFramesRx uint64 |
| 83 | +} |
0 commit comments