ebpf

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 20, 2025 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	TC_INGRESS_BINARY        = "tc.v4ingress.bpf.o"
	TC_EGRESS_BINARY         = "tc.v4egress.bpf.o"
	TC_V6_INGRESS_BINARY     = "tc.v6ingress.bpf.o"
	TC_V6_EGRESS_BINARY      = "tc.v6egress.bpf.o"
	EVENTS_BINARY            = "v4events.bpf.o"
	EVENTS_V6_BINARY         = "v6events.bpf.o"
	TC_INGRESS_PROG          = "handle_ingress"
	TC_EGRESS_PROG           = "handle_egress"
	TC_INGRESS_MAP           = "ingress_map"
	TC_EGRESS_MAP            = "egress_map"
	TC_INGRESS_POD_STATE_MAP = "ingress_pod_state_map"
	TC_EGRESS_POD_STATE_MAP  = "egress_pod_state_map"
	AWS_CONNTRACK_MAP        = "aws_conntrack_map"
	AWS_EVENTS_MAP           = "policy_events"
	EKS_CLI_BINARY           = "aws-eks-na-cli"
	EKS_V6_CLI_BINARY        = "aws-eks-na-cli-v6"

	IPv4_HOST_MASK                             = "/32"
	IPv6_HOST_MASK                             = "/128"
	CONNTRACK_MAP_PIN_PATH                     = "/sys/fs/bpf/globals/aws/maps/global_aws_conntrack_map"
	POLICY_EVENTS_MAP_PIN_PATH                 = "/sys/fs/bpf/globals/aws/maps/global_policy_events"
	CATCH_ALL_PROTOCOL         corev1.Protocol = "ANY_IP_PROTOCOL"
	POD_VETH_PREFIX                            = "eni"
	POLICIES_APPLIED                           = 0
	DEFAULT_ALLOW                              = 1
	DEFAULT_DENY                               = 2
	LOCAL_IPAMD_ADDRESS                        = "127.0.0.1:50051"
	POD_STATE_MAP_KEY                          = 0
	BRANCH_ENI_VETH_PREFIX                     = "vlan"
)

Functions

func NewBpfClient 

func NewBpfClient(policyEndpointeBPFContext *sync.Map, nodeIP string, enablePolicyEventLogs, enableCloudWatchLogs bool,
	enableIPv6 bool, conntrackTTL int, conntrackTableSize int) (*bpfClient, error)

Types

type BPFContext 

type BPFContext struct {
	// contains filtered or unexported fields
}

type BpfClient 

type BpfClient interface {
	AttacheBPFProbes(pod types.NamespacedName, policyEndpoint string) error
	UpdateEbpfMaps(podIdentifier string, ingressFirewallRules []EbpfFirewallRules, egressFirewallRules []EbpfFirewallRules) error
	UpdatePodStateEbpfMaps(podIdentifier string, state int, updateIngress bool, updateEgress bool) error
	IsEBPFProbeAttached(podName string, podNamespace string) (bool, bool)
	IsFirstPodInPodIdentifier(podIdentifier string) bool
	GetIngressPodToProgMap() *sync.Map
	GetEgressPodToProgMap() *sync.Map
	GetIngressProgToPodsMap() *sync.Map
	GetEgressProgToPodsMap() *sync.Map
	DeletePodFromIngressProgPodCaches(podName string, podNamespace string)
	DeletePodFromEgressProgPodCaches(podName string, podNamespace string)
	ReAttachEbpfProbes() error
	DeleteBPFProgramAndMaps(podIdentifier string) error
	GetDeletePodIdentifierLockMap() *sync.Map
}

func NewMockBpfClient added in v1.2.0 

func NewMockBpfClient() BpfClient

NewMockBpfClient is an exported helper for tests that returns a mock implementation of BpfClient. This function is intended for use in tests in other packages.

type EbpfFirewallRules 

type EbpfFirewallRules struct {
	IPCidr v1alpha1.NetworkAddress
	Except []v1alpha1.NetworkAddress
	L4Info []v1alpha1.Port
}

type EvProgram 

type EvProgram struct {
	// contains filtered or unexported fields
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.