Documentation
¶
Overview ¶
Package auth represents the BPF map used to keep track of authentication state between security identities. +groupName=maps
Index ¶
Constants ¶
const (
MapName = "cilium_auth_map"
)
Variables ¶
var Cell = cell.Module( "auth-map", "eBPF map which manages authenticated connections between identities", cell.Provide(newAuthMap), )
Cell provides the auth.Map which contains the authentication state between Cilium security identities. Datapath checks the map for a valid authentication entry whenever authentication is demanded by a policy. If no or an expired entry is found the packet gets dropped and an authentication gets requested via auth.Manager.
Functions ¶
This section is empty.
Types ¶
type AuthInfo ¶
AuthInfo implements the bpf.MapValue interface.
Must be in sync with struct auth_info in <bpf/lib/common.h> +k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapValue
func (*AuthInfo) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthInfo.
func (*AuthInfo) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthInfo) DeepCopyMapValue ¶
DeepCopyMapValue is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapValue.
func (*AuthInfo) GetValuePtr ¶
GetValuePtr returns the unsafe pointer to the BPF value.
type AuthKey ¶
type AuthKey struct {
LocalIdentity uint32 `align:"local_sec_label"`
RemoteIdentity uint32 `align:"remote_sec_label"`
RemoteNodeID uint16 `align:"remote_node_id"`
AuthType uint8 `align:"auth_type"`
Pad uint8 `align:"pad"`
}
AuthKey implements the bpf.MapKey interface.
Must be in sync with struct auth_key in <bpf/lib/common.h> +k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapKey
func (*AuthKey) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthKey.
func (*AuthKey) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AuthKey) DeepCopyMapKey ¶
DeepCopyMapKey is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapKey.
type IterateCallback ¶
IterateCallback represents the signature of the callback function expected by the IterateWithCallback method, which in turn is used to iterate all the keys/values of an auth map.
type Map ¶
type Map interface {
// Lookup returns the auth map object associated with the provided
// (local identity, remote identity, remote host id, auth type) quadruple.
Lookup(localIdentity identity.NumericIdentity, remoteIdentity identity.NumericIdentity, remoteNodeID uint16, authType policy.AuthType) (*AuthInfo, error)
// Update inserts or updates the auth map object associated with the provided
// (local identity, remote identity, remote host id, auth type) quadruple.
Update(localIdentity identity.NumericIdentity, remoteIdentity identity.NumericIdentity, remoteNodeID uint16, authType policy.AuthType, expiration utime.UTime) error
// Delete deletes the auth map object associated with the provided
// (local identity, remote identity, remote host id, auth type) quadruple.
Delete(localIdentity identity.NumericIdentity, remoteIdentity identity.NumericIdentity, remoteNodeID uint16, authType policy.AuthType) error
// IterateWithCallback iterates through all the keys/values of an auth map,
// passing each key/value pair to the cb callback.
IterateWithCallback(cb IterateCallback) error
}
Map provides access to the eBPF map auth.
func LoadAuthMap ¶
LoadAuthMap loads the pre-initialized auth map for access. This should only be used from components which aren't capable of using hive - mainly the Cilium CLI. It needs to initialized beforehand via the Cilium Agent.
Source Files
Directories