Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( TC_INGRESS_BINARY = "tc.v4ingress.bpf.o" TC_EGRESS_BINARY = "tc.v4egress.bpf.o" TC_V6_INGRESS_BINARY = "tc.v6ingress.bpf.o" TC_V6_EGRESS_BINARY = "tc.v6egress.bpf.o" EVENTS_BINARY = "v4events.bpf.o" EVENTS_V6_BINARY = "v6events.bpf.o" TC_INGRESS_PROG = "handle_ingress" TC_EGRESS_PROG = "handle_egress" TC_INGRESS_MAP = "ingress_map" TC_EGRESS_MAP = "egress_map" AWS_CONNTRACK_MAP = "aws_conntrack_map" AWS_EVENTS_MAP = "policy_events" EKS_CLI_BINARY = "aws-eks-na-cli" EKS_V6_CLI_BINARY = "aws-eks-na-cli-v6" IPv4_HOST_MASK = "/32" IPv6_HOST_MASK = "/128" CONNTRACK_MAP_PIN_PATH = "/sys/fs/bpf/globals/aws/maps/global_aws_conntrack_map" POLICY_EVENTS_MAP_PIN_PATH = "/sys/fs/bpf/globals/aws/maps/global_policy_events" CATCH_ALL_PROTOCOL corev1.Protocol = "ANY_IP_PROTOCOL" POD_VETH_PREFIX = "eni" )
Functions ¶
Types ¶
type BPFContext ¶
type BPFContext struct {
// contains filtered or unexported fields
}
type BpfClient ¶
type BpfClient interface { AttacheBPFProbes(pod types.NamespacedName, policyEndpoint string, ingress bool, egress bool) error DetacheBPFProbes(pod types.NamespacedName, ingress bool, egress bool, deletePinPath bool) error UpdateEbpfMaps(podIdentifier string, ingressFirewallRules []EbpfFirewallRules, egressFirewallRules []EbpfFirewallRules) error IsEBPFProbeAttached(podName string, podNamespace string) (bool, bool) }
type EbpfFirewallRules ¶
type EbpfFirewallRules struct { IPCidr v1alpha1.NetworkAddress Except []v1alpha1.NetworkAddress L4Info []v1alpha1.Port }
Click to show internal directories.
Click to hide internal directories.