endpoint

package
v0.8.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2017 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	OptionAllowToHost         = "AllowToHost"
	OptionAllowToWorld        = "AllowToWorld"
	OptionConntrackAccounting = "ConntrackAccounting"
	OptionConntrack           = "Conntrack"
	OptionDebug               = "Debug"
	OptionDropNotify          = "DropNotification"
	OptionNAT46               = "NAT46"
	OptionPolicy              = "Policy"
)
View Source 
const (
	StateCreating           = string(models.EndpointStateCreating)
	StateDisconnected       = string(models.EndpointStateDisconnected)
	StateWaitingForIdentity = string(models.EndpointStateWaitingForIdentity)
	StateReady              = string(models.EndpointStateReady)
)
View Source 
const (
	CiliumLocalIdPrefix  PrefixType = "cilium-local"
	CiliumGlobalIdPrefix            = "cilium-global"
	ContainerIdPrefix               = "container-id"
	DockerEndpointPrefix            = "docker-endpoint"
)
View Source 
const (
	ProxyMaxElements = 1024
)

Variables

View Source 
var (
	OptionSpecAllowToHost = option.Option{
		Define:      "ALLOW_TO_HOST",
		Immutable:   true,
		Description: "Allow all traffic to local host",
	}

	OptionSpecAllowToWorld = option.Option{
		Define:      "ALLOW_TO_WORLD",
		Immutable:   true,
		Description: "Allow all traffic to outside world",
	}

	OptionSpecConntrackAccounting = option.Option{
		Define:      "CONNTRACK_ACCOUNTING",
		Description: "Enable per flow (conntrack) statistics",
		Requires:    []string{OptionConntrack},
	}

	OptionSpecConntrack = option.Option{
		Define:      "CONNTRACK",
		Description: "Enable stateful connection tracking",
	}

	OptionSpecDebug = option.Option{
		Define:      "DEBUG",
		Description: "Enable debugging trace statements",
	}

	OptionSpecDropNotify = option.Option{
		Define:      "DROP_NOTIFY",
		Description: "Enable drop notifications",
	}

	OptionSpecNAT46 = option.Option{
		Define:      "ENABLE_NAT46",
		Description: "Enable automatic NAT46 translation",
		Requires:    []string{OptionConntrack},
		Verify: func(key string, val bool) error {
			if !IPv4Enabled {
				return fmt.Errorf("NAT46 requires IPv4 to be enabled")
			} else {
				return nil
			}
		},
	}

	OptionSpecPolicy = option.Option{
		Define:      "POLICY_ENFORCEMENT",
		Description: "Enable policy enforcement",
	}

	EndpointMutableOptionLibrary = option.OptionLibrary{
		OptionConntrackAccounting: &OptionSpecConntrackAccounting,
		OptionConntrack:           &OptionSpecConntrack,
		OptionDebug:               &OptionSpecDebug,
		OptionDropNotify:          &OptionSpecDropNotify,
		OptionNAT46:               &OptionSpecNAT46,
		OptionPolicy:              &OptionSpecPolicy,
	}

	EndpointOptionLibrary = option.OptionLibrary{
		OptionAllowToHost:  &OptionSpecAllowToHost,
		OptionAllowToWorld: &OptionSpecAllowToWorld,
	}
)
View Source 
var (
	//IPv4Enabled can be set to false to indicate IPv6 only operation
	IPv4Enabled = true
)

Functions

func Ct4MapPath 

func Ct4MapPath(id int) string

func Ct6MapPath 

func Ct6MapPath(id int) string

func FilterEPDir 

func FilterEPDir(dirFiles []os.FileInfo) []string

FilterEPDir returns a list of directories' names that possible belong to an endpoint.

func NewCiliumID 

func NewCiliumID(id int64) string

func NewID 

func NewID(prefix PrefixType, id string) string

func OptionChanged 

func OptionChanged(key string, value bool, data interface{})

func OrderEndpointAsc 

func OrderEndpointAsc(eps []*models.Endpoint)

OrderEndpointAsc orders the slice of Endpoint in ascending ID order.

func ParseBase64ToEndpoint 

func ParseBase64ToEndpoint(str string, ep *Endpoint) error

ParseBase64ToEndpoint parses the endpoint stored in the given base64 string.

func ParseCiliumID 

func ParseCiliumID(id string) (int64, error)

ParseCiliumID parses id as cilium endpoint id and returns numeric portion.

func PolicyMapPath 

func PolicyMapPath(id int) string

PolicyMapPath returns the path to policy map for endpoint ID.

Types

type Endpoint 

type Endpoint struct {
	ID               uint16                // Endpoint ID.
	DockerID         string                // Docker ID.
	DockerNetworkID  string                // Docker network ID.
	DockerEndpointID string                // Docker endpoint ID.
	IfName           string                // Container's interface name.
	LXCMAC           mac.MAC               // Container MAC address.
	IPv6             addressing.CiliumIPv6 // Container IPv6 address.
	IPv4             addressing.CiliumIPv4 // Container IPv4 address.
	IfIndex          int                   // Host's interface index.
	NodeMAC          mac.MAC               // Node MAC address.
	NodeIP           net.IP                // Node IPv6 address.
	SecLabel         *policy.Identity      // Security Label  set to this endpoint.
	PortMap          []PortMap             // Port mapping used for this endpoint.
	Consumable       *policy.Consumable
	PolicyMap        *policymap.PolicyMap
	Opts             *option.BoolOptions // Endpoint bpf options.
	Status           *EndpointStatus
	State            string
	// PolicyCalculated is true as soon as the policy has been calculated
	// for the first time
	PolicyCalculated bool
}

Endpoint contains all the details for a particular LXC and the host interface to where is connected to.

func NewEndpointFromChangeModel 

func NewEndpointFromChangeModel(base *models.EndpointChangeRequest) (*Endpoint, error)

func ParseEndpoint 

func ParseEndpoint(strEp string) (*Endpoint, error)

ParseEndpoint parses the given strEp which is in the form of: common.CiliumCHeaderPrefix + common.Version + ":" + endpointBase64

func (*Endpoint) Allows 

func (e *Endpoint) Allows(id policy.NumericIdentity) bool

func (*Endpoint) ApplyOpts 

func (e *Endpoint) ApplyOpts(opts map[string]string) bool

func (Endpoint) Base64 

func (e Endpoint) Base64() (string, error)

Base64 returns the endpoint in a base64 format.

func (*Endpoint) CreateDirectory 

func (e *Endpoint) CreateDirectory() error

func (*Endpoint) Ct4MapPath 

func (e *Endpoint) Ct4MapPath() string

Ct4MapPath returns the path to IPv4 connection tracking map of endpoint.

func (*Endpoint) Ct6MapPath 

func (e *Endpoint) Ct6MapPath() string

Ct6MapPath returns the path to IPv6 connection tracking map of endpoint.

func (*Endpoint) DeepCopy 

func (e *Endpoint) DeepCopy() *Endpoint

func (*Endpoint) DirectoryPath 

func (e *Endpoint) DirectoryPath() string

func (*Endpoint) GetIdentity 

func (e *Endpoint) GetIdentity() policy.NumericIdentity

func (*Endpoint) GetModel 

func (e *Endpoint) GetModel() *models.Endpoint

func (*Endpoint) InvalidatePolicy 

func (e *Endpoint) InvalidatePolicy()

func (*Endpoint) Leave 

func (e *Endpoint) Leave(owner Owner)

func (*Endpoint) LogStatus 

func (e *Endpoint) LogStatus(typ StatusType, code StatusCode, msg string)

func (*Endpoint) LogStatusOK 

func (e *Endpoint) LogStatusOK(typ StatusType, msg string)

func (*Endpoint) PolicyMapPath 

func (e *Endpoint) PolicyMapPath() string

PolicyMapPath returns the path to policy map of endpoint.

func (*Endpoint) Regenerate 

func (e *Endpoint) Regenerate(owner Owner) error

Regenerate forces the regeneration of endpoint programs & policy.

func (*Endpoint) RegenerateIfReady 

func (e *Endpoint) RegenerateIfReady(owner Owner) error

func (*Endpoint) RemoveDirectory 

func (e *Endpoint) RemoveDirectory()

func (*Endpoint) SetDefaultOpts 

func (e *Endpoint) SetDefaultOpts(opts *option.BoolOptions)

func (*Endpoint) SetID 

func (e *Endpoint) SetID()

SetID sets the endpoint's host local unique ID.

func (*Endpoint) SetIdentity 

func (e *Endpoint) SetIdentity(owner Owner, id *policy.Identity)

func (Endpoint) String 

func (e Endpoint) String() string

String returns endpoint on a JSON format.

func (*Endpoint) StringID 

func (e *Endpoint) StringID() string

func (*Endpoint) TriggerPolicyUpdates 

func (e *Endpoint) TriggerPolicyUpdates(owner Owner) error

TriggerPolicyUpdates indicates that a policy change is likely to affect this endpoint. Will update all required endpoint configuration and state to reflect new policy and regenerate programs if required.

func (*Endpoint) Update 

func (e *Endpoint) Update(owner Owner, opts models.ConfigurationMap) error

Update modifies the endpoint options and regenerates the program.

type EndpointStatus 

type EndpointStatus struct {
	// CurrentStatuses is the last status of a given priority.
	CurrentStatuses componentStatus `json:"current-status,omitempty"`
	// Contains the last maxLogs messages for this endpoint.
	Log statusLog `json:"log,omitempty"`
	// Index is the index in the statusLog, is used to keep track the next
	// available position to write a new log message.
	Index int `json:"index"`
	// contains filtered or unexported fields
}

EndpointStatus represents the endpoint status.

func NewEndpointStatus 

func NewEndpointStatus() *EndpointStatus

func (*EndpointStatus) CurrentStatus 

func (e *EndpointStatus) CurrentStatus() StatusCode

func (*EndpointStatus) DeepCopy 

func (e *EndpointStatus) DeepCopy() *EndpointStatus

func (*EndpointStatus) GetModel 

func (e *EndpointStatus) GetModel() []*models.EndpointStatusChange

func (*EndpointStatus) String 

func (e *EndpointStatus) String() string

type Owner 

type Owner interface {
	// Must return true if tracing of the policy resolution is to be enabled
	TracingEnabled() bool

	// Must return true if dry mode is enabled
	DryModeEnabled() bool

	// PolicyEnabled returns true if policy enforcement has been enabled
	PolicyEnabled() bool

	// Must return an instance of a ConsumableCache
	GetConsumableCache() *policy.ConsumableCache

	// Must resolve label id to an identiy
	GetCachedLabelList(ID policy.NumericIdentity) ([]labels.Label, error)

	// Must return the policy tree object
	GetPolicyTree() *policy.Tree

	// Return the next available global identity
	GetMaxLabelID() (policy.NumericIdentity, error)

	// Must return proxy object
	GetProxy() *proxy.Proxy

	// Must synchronize endpoint object with datapath
	WriteEndpoint(ep *Endpoint) error

	// GetStateDir must return path to the state directory
	GetStateDir() string

	// Must return path to BPF template files directory
	GetBpfDir() string
}

Owner is the interface defines the requirements for anybody owning policies.

type PortMap 

type PortMap struct {
	From  uint16 `json:"from"`
	To    uint16 `json:"to"`
	Proto uint8  `json:"proto"`
}

PortMap is the port mapping representation for a particular endpoint.

type PrefixType 

type PrefixType string

func ParseID 

func ParseID(id string) (PrefixType, string, error)

ParseID parses specified id and returns normalized id as string.

func SplitID 

func SplitID(id string) (PrefixType, string)

SplitID splits ID into prefix and id. No validation is performed on prefix.

func ValidateID 

func ValidateID(id string) (PrefixType, string, error)

ValidateID parses specified id and returns normalized id as string.

func (PrefixType) String 

func (s PrefixType) String() string

type Status 

type Status struct {
	Code StatusCode `json:"code"`
	Msg  string     `json:"msg"`
	Type StatusType `json:"status-type"`
}

func NewStatusOK 

func NewStatusOK(typ StatusType, info string) Status

func (Status) String 

func (s Status) String() string

type StatusCode 

type StatusCode int
const (
	OK       StatusCode = 0
	Warning  StatusCode = -1
	Failure  StatusCode = -2
	Disabled StatusCode = -3
)

func (StatusCode) ColorString 

func (sc StatusCode) ColorString() string

func (StatusCode) String 

func (sc StatusCode) String() string

type StatusResponse 

type StatusResponse struct {
	KVStore    Status              `json:"kvstore"`
	Docker     Status              `json:"docker"`
	Kubernetes Status              `json:"kubernetes"`
	Logstash   Status              `json:"logstash"`
	Cilium     Status              `json:"cilium"`
	IPAMStatus map[string][]string `json:",omitempty"`
}

type StatusType 

type StatusType int

StatusType represents the type for the given status, higher the value, higher the priority. 

const (
	BPF    StatusType = 200
	Policy StatusType = 100
	Other  StatusType = 0
)

type UpdateCompilationError 

type UpdateCompilationError struct {
	// contains filtered or unexported fields
}

func (UpdateCompilationError) Error 

func (e UpdateCompilationError) Error() string

type UpdateValidationError 

type UpdateValidationError struct {
	// contains filtered or unexported fields
}

func (UpdateValidationError) Error 

func (e UpdateValidationError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.