eppolicymap

package

v1.5.0 Latest Latest Go to latest Published: Apr 26, 2019 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/christarazi/cilium

Links

Open Source Insights

Documentation ¶

Overview ¶

Package eppolicymap represents the map from an endpoint ID to its policy map. This map is of type BPF_MAP_TYPES_HASH_OF_MAPS where as noted above the key is the endpoint ID. It is used to lookup the policy from the socket context where unlike in the L2/L3 context, where the program has a direct lookup of the policy because each program is attached to an endpoint, socket programs run on all sockets regardless of endpoint.

Index ¶

Constants
Variables
func CreateEPPolicyMap()
func WriteEndpoint(keys []*lxcmap.EndpointKey, pm *policymap.PolicyMap) error
type EPPolicyValue
- func (v EPPolicyValue) GetValuePtr() unsafe.Pointer
- func (v EPPolicyValue) String() string
type EndpointKey
- func (k EndpointKey) NewValue() bpf.MapValue

Constants ¶

View Source

const (
	// MaxEntries represents the maximum number of endpoints in the map
	MaxEntries = 65535
)

Variables ¶

View Source

var (
	EpPolicyMap = bpf.NewMap(MapName,
		bpf.MapTypeHashOfMaps,
		int(unsafe.Sizeof(EndpointKey{})),
		int(unsafe.Sizeof(EPPolicyValue{})),
		MaxEntries,
		0,
		0,
		func(key []byte, value []byte) (bpf.MapKey, bpf.MapValue, error) {
			k := EndpointKey{}
			v := EPPolicyValue{}

			if err := bpf.ConvertKeyValue(key, value, &k, &v); err != nil {
				return nil, nil, err
			}

			return &k, &v, nil
		},
	).WithCache()
)

View Source

var (
	MapName = "cilium_ep_to_policy"
)

Functions ¶

func CreateEPPolicyMap ¶

func CreateEPPolicyMap()

CreateEPPolicyMap will create both the innerMap (needed for map in map types) and then after BPFFS is mounted create the epPolicyMap. We only create the innerFd once to avoid having multiple inner maps.

func WriteEndpoint ¶

func WriteEndpoint(keys []*lxcmap.EndpointKey, pm *policymap.PolicyMap) error

WriteEndpoint writes the policy map file descriptor into the map so that the datapath side can do a lookup from EndpointKey->PolicyMap. Locking is handled in the usual way via Map lock. If sockops is disabled this will be a nop.

Types ¶

type EPPolicyValue ¶

type EPPolicyValue struct{ Fd uint32 }

func (EPPolicyValue) GetValuePtr ¶

func (v EPPolicyValue) GetValuePtr() unsafe.Pointer

GetValuePtr returns the unsafe value pointer to the Endpoint Policy fd

func (EPPolicyValue) String ¶

func (v EPPolicyValue) String() string

type EndpointKey ¶

type EndpointKey struct{ bpf.EndpointKey }

func (EndpointKey) NewValue ¶

func (k EndpointKey) NewValue() bpf.MapValue

NewValue returns a new empty instance of the Endpoint Policy fd

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL