endpoint

package
v0.0.0-...-a5bca4c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2017 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	OptionAllowToHost         = "AllowToHost"
	OptionAllowToWorld        = "AllowToWorld"
	OptionConntrackAccounting = "ConntrackAccounting"
	OptionConntrack           = "Conntrack"
	OptionDebug               = "Debug"
	OptionDropNotify          = "DropNotification"
	OptionNAT46               = "NAT46"
	OptionPolicy              = "Policy"
)
View Source 
const (
	StateCreating           = string(models.EndpointStateCreating)
	StateDisconnected       = string(models.EndpointStateDisconnected)
	StateWaitingForIdentity = string(models.EndpointStateWaitingForIdentity)
	StateReady              = string(models.EndpointStateReady)
)
View Source 
const (
	CiliumLocalIdPrefix  PrefixType = "cilium-local"
	CiliumGlobalIdPrefix            = "cilium-global"
	ContainerIdPrefix               = "container-id"
	DockerEndpointPrefix            = "docker-endpoint"
)
View Source 
const (
	ProxyMaxElements = 1024
)

Variables

View Source 
var (
	OptionSpecAllowToHost = option.Option{
		Define:      "ALLOW_TO_HOST",
		Immutable:   true,
		Description: "Allow all traffic to local host",
	}

	OptionSpecAllowToWorld = option.Option{
		Define:      "ALLOW_TO_WORLD",
		Immutable:   true,
		Description: "Allow all traffic to outside world",
	}

	OptionSpecConntrackAccounting = option.Option{
		Define:      "CONNTRACK_ACCOUNTING",
		Description: "Enable per flow (conntrack) statistics",
	}

	OptionSpecConntrack = option.Option{
		Define:      "CONNTRACK",
		Description: "Enable stateful connection tracking",
	}

	OptionSpecDebug = option.Option{
		Define:      "DEBUG",
		Description: "Enable debugging trace statements",
	}

	OptionSpecDropNotify = option.Option{
		Define:      "DROP_NOTIFY",
		Description: "Enable drop notifications",
	}

	OptionSpecNAT46 = option.Option{
		Define:      "ENABLE_NAT46",
		Description: "Enable automatic NAT46 translation",
	}

	OptionSpecPolicy = option.Option{
		Define:      "POLICY_ENFORCEMENT",
		Description: "Enable policy enforcement",
	}

	EndpointMutableOptionLibrary = option.OptionLibrary{
		OptionConntrackAccounting: &OptionSpecConntrackAccounting,
		OptionConntrack:           &OptionSpecConntrack,
		OptionDebug:               &OptionSpecDebug,
		OptionDropNotify:          &OptionSpecDropNotify,
		OptionNAT46:               &OptionSpecNAT46,
		OptionPolicy:              &OptionSpecPolicy,
	}

	EndpointOptionLibrary = option.OptionLibrary{
		OptionAllowToHost:  &OptionSpecAllowToHost,
		OptionAllowToWorld: &OptionSpecAllowToWorld,
	}
)

Functions

func Ct4MapPath 

func Ct4MapPath(id int) string

func Ct6MapPath 

func Ct6MapPath(id int) string

func FilterEPDir 

func FilterEPDir(dirFiles []os.FileInfo) []string

FilterEPDir returns a list of directories' names that possible belong to an endpoint.

func NewCiliumID 

func NewCiliumID(id int64) string

func NewID 

func NewID(prefix PrefixType, id string) string

func OptionChanged 

func OptionChanged(key string, value bool, data interface{})

func OrderEndpointAsc 

func OrderEndpointAsc(eps []Endpoint)

OrderEndpointAsc orders the slice of Endpoint in ascending ID order.

func ParseBase64ToEndpoint 

func ParseBase64ToEndpoint(str string, ep *Endpoint) error

ParseBase64ToEndpoint parses the endpoint stored in the given base64 string.

func ParseCiliumID 

func ParseCiliumID(id string) (int64, error)

Parses id as cilium endpoint id and returns numeric portion

func PolicyMapPath 

func PolicyMapPath(id int) string

Return path to policy map for endpoint ID

Types

type Endpoint 

type Endpoint struct {
	ID               uint16                // Endpoint ID.
	DockerID         string                // Docker ID.
	DockerNetworkID  string                // Docker network ID.
	DockerEndpointID string                // Docker endpoint ID.
	IfName           string                // Container's interface name.
	LXCMAC           mac.MAC               // Container MAC address.
	IPv6             addressing.CiliumIPv6 // Container IPv6 address.
	IPv4             addressing.CiliumIPv4 // Container IPv4 address.
	IfIndex          int                   // Host's interface index.
	NodeMAC          mac.MAC               // Node MAC address.
	NodeIP           net.IP                // Node IPv6 address.
	SecLabel         *policy.Identity      // Security Label  set to this endpoint.
	PortMap          []PortMap             // Port mapping used for this endpoint.
	Consumable       *policy.Consumable
	PolicyMap        *policymap.PolicyMap
	Opts             *option.BoolOptions // Endpoint bpf options.
	Status           *EndpointStatus
	State            string
}

Endpoint contains all the details for a particular LXC and the host interface to where is connected to.

func NewEndpointFromChangeModel 

func NewEndpointFromChangeModel(base *models.EndpointChangeRequest) (*Endpoint, error)

func ParseEndpoint 

func ParseEndpoint(strEp string) (*Endpoint, error)

ParseEndpoint parses the given strEp which is in the form of: common.CiliumCHeaderPrefix + common.Version + ":" + endpointBase64

func (*Endpoint) Allows 

func (e *Endpoint) Allows(id policy.NumericIdentity) bool

func (*Endpoint) ApplyOpts 

func (e *Endpoint) ApplyOpts(opts map[string]string) bool

func (Endpoint) Base64 

func (ep Endpoint) Base64() (string, error)

Base64 returns the endpoint in a base64 format.

func (*Endpoint) CreateDirectory 

func (e *Endpoint) CreateDirectory() error

func (*Endpoint) Ct4MapPath 

func (e *Endpoint) Ct4MapPath() string

Return path to IPv4 connection tracking map of endpoint

func (*Endpoint) Ct6MapPath 

func (e *Endpoint) Ct6MapPath() string

Return path to IPv6 connection tracking map of endpoint

func (*Endpoint) DeepCopy 

func (e *Endpoint) DeepCopy() *Endpoint

func (*Endpoint) DirectoryPath 

func (e *Endpoint) DirectoryPath() string

func (*Endpoint) GetModel 

func (e *Endpoint) GetModel() *models.Endpoint

func (*Endpoint) InvalidatePolicy 

func (e *Endpoint) InvalidatePolicy()

func (*Endpoint) Leave 

func (e *Endpoint) Leave(owner Owner)

func (*Endpoint) LogStatus 

func (e *Endpoint) LogStatus(code StatusCode, msg string)

func (*Endpoint) LogStatusOK 

func (e *Endpoint) LogStatusOK(msg string)

func (*Endpoint) PolicyMapPath 

func (e *Endpoint) PolicyMapPath() string

Return path to policy map of endpoint

func (*Endpoint) Regenerate 

func (e *Endpoint) Regenerate(owner Owner) error

Force regeneration of endpoint programs & policy

func (*Endpoint) RegenerateIfReady 

func (e *Endpoint) RegenerateIfReady(owner Owner) error

func (*Endpoint) RemoveDirectory 

func (e *Endpoint) RemoveDirectory()

func (*Endpoint) SetDefaultOpts 

func (ep *Endpoint) SetDefaultOpts(opts *option.BoolOptions)

func (*Endpoint) SetID 

func (e *Endpoint) SetID()

SetID sets the endpoint's host local unique ID.

func (*Endpoint) SetIdentity 

func (e *Endpoint) SetIdentity(owner Owner, id *policy.Identity)

func (Endpoint) String 

func (e Endpoint) String() string

String returns endpoint on a JSON format.

func (*Endpoint) StringID 

func (e *Endpoint) StringID() string

func (*Endpoint) TriggerPolicyUpdates 

func (e *Endpoint) TriggerPolicyUpdates(owner Owner) error

Called to indicate that a policy change is likely to affect this endpoint. Will update all required endpoint configuration and state to reflect new policy and regenerate programs if required.

func (*Endpoint) Update 

func (e *Endpoint) Update(owner Owner, opts models.ConfigurationMap) error

Updates the endpoint options and regenerates the program

type EndpointStatus 

type EndpointStatus struct {
	Log   []*statusLog `json:"log,omitempty"`
	Index int          `json:"index"`
	// contains filtered or unexported fields
}

func (*EndpointStatus) DeepCopy 

func (es *EndpointStatus) DeepCopy() *EndpointStatus

func (*EndpointStatus) GetModel 

func (e *EndpointStatus) GetModel() []*models.EndpointStatusChange

func (*EndpointStatus) String 

func (e *EndpointStatus) String() string

type Owner 

type Owner interface {
	// Must return true if tracing of the policy resolution is to be enabled
	TracingEnabled() bool

	// Must return true if dry mode is enabled
	DryModeEnabled() bool

	// Must return an instance of a ConsumableCache
	GetConsumableCache() *policy.ConsumableCache

	// Must resolve label id to an identiy
	GetCachedLabelList(ID policy.NumericIdentity) ([]labels.Label, error)

	// Must return the policy tree object
	GetPolicyTree() *policy.Tree

	// Return the next available global identity
	GetMaxLabelID() (policy.NumericIdentity, error)

	// Must synchronize endpoint object with datapath
	WriteEndpoint(ep *Endpoint) error

	// Must return path to runtime directory
	GetRuntimeDir() string

	// Must return path to library directory
	GetLibraryDir() string
}

This interface defines the requirements for anybody owning policies

type PortMap 

type PortMap struct {
	From  uint16 `json:"from"`
	To    uint16 `json:"to"`
	Proto uint8  `json:"proto"`
}

PortMap is the port mapping representation for a particular endpoint.

type PrefixType 

type PrefixType string

func ParseID 

func ParseID(id string) (PrefixType, string, error)

Parses specified id and returns normalized id as string

func SplitID 

func SplitID(id string) (PrefixType, string)

Splits ID into prefix and id. No validation is performed on prefix

func ValidateID 

func ValidateID(id string) (PrefixType, string, error)

Parses specified id and returns normalized id as string

func (PrefixType) String 

func (s PrefixType) String() string

type Status 

type Status struct {
	Code StatusCode `json:"code"`
	Msg  string     `json:"msg"`
}

func NewStatusOK 

func NewStatusOK(info string) Status

func (Status) String 

func (s Status) String() string

type StatusCode 

type StatusCode int
const (
	OK       StatusCode = 0
	Warning  StatusCode = -1
	Failure  StatusCode = -2
	Disabled StatusCode = -3
)

func (StatusCode) String 

func (sc StatusCode) String() string

type StatusResponse 

type StatusResponse struct {
	KVStore    Status              `json:"kvstore"`
	Docker     Status              `json:"docker"`
	Kubernetes Status              `json:"kubernetes"`
	Logstash   Status              `json:"logstash"`
	Cilium     Status              `json:"cilium"`
	IPAMStatus map[string][]string `json:",omitempty"`
}

type UpdateCompilationError 

type UpdateCompilationError struct {
	// contains filtered or unexported fields
}

func (UpdateCompilationError) Error 

func (e UpdateCompilationError) Error() string

type UpdateValidationError 

type UpdateValidationError struct {
	// contains filtered or unexported fields
}

func (UpdateValidationError) Error 

func (e UpdateValidationError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.