nat

package
v1.15.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 13, 2024 License: Apache-2.0 Imports: 18 Imported by: 14

Documentation

Overview

Package nat implements the BPF NAT map interaction code. +groupName=maps

Index

Constants

View Source
const (
	// MapNameSnat4Global represents global IPv4 NAT table.
	MapNameSnat4Global = "cilium_snat_v4_external"
	// MapNameSnat6Global represents global IPv6 NAT table.
	MapNameSnat6Global = "cilium_snat_v6_external"

	// MinPortSnatDefault represents default min port from range.
	MinPortSnatDefault = 1024
	// MaxPortSnatDefault represents default max port from range.
	MaxPortSnatDefault = 65535
)
View Source
const (
	// IPv4 represents the IPv4 IP family.
	IPv4 = IPFamily(true)
	// IPv6 represents the IPv6 IP family.
	IPv6 = IPFamily(false)
)
View Source
const SizeofNatEntry6 = int(unsafe.Sizeof(NatEntry6{}))

SizeofNatEntry6 is the size of the NatEntry6 type in bytes.

View Source
const SizeofNatKey4 = int(unsafe.Sizeof(NatKey4{}))

SizeofNatKey4 is the size of the NatKey4 type in bytes.

View Source
const SizeofNatKey6 = int(unsafe.Sizeof(NatKey6{}))

SizeofNatKey6 is the size of the NatKey6 type in bytes.

Variables

View Source
var ClusterOuterMapName = clusterOuterMapName

ClusterOuterMapName returns the name of the outer per-cluster NAT map for the given IP family. It can be overwritten for testing purposes.

Functions

func CleanupPerClusterNATMaps

func CleanupPerClusterNATMaps(ipv4, ipv6 bool) error

CleanupPerClusterNATMaps deletes the per-cluster NAT maps, including the inner ones.

func ClusterInnerMapName

func ClusterInnerMapName(family IPFamily, clusterID uint32) string

ClusterInnerMapName returns the name of the inner per-cluster NAT map for the given IP family and cluster ID.

func ClusterOuterMapNameTestOverride

func ClusterOuterMapNameTestOverride(prefix string)

func DeleteMapping4 added in v1.13.9

func DeleteMapping4(m *Map, ctKey *tuple.TupleKey4Global) error

func DeleteMapping6 added in v1.13.9

func DeleteMapping6(m *Map, ctKey *tuple.TupleKey6Global) error

func DeleteSwappedMapping4 added in v1.13.9

func DeleteSwappedMapping4(m *Map, ctKey *tuple.TupleKey4Global) error

Expects ingress tuple

func DeleteSwappedMapping6 added in v1.13.9

func DeleteSwappedMapping6(m *Map, ctKey *tuple.TupleKey6Global) error

Expects ingress tuple

func DoDumpEntries

func DoDumpEntries(m NatMap) (string, error)

DoDumpEntries iterates through Map m and writes the values of the nat entries in m to a string.

func DumpEntriesWithTimeDiff added in v1.14.5

func DumpEntriesWithTimeDiff(m NatMap, clockSource *models.ClockSource) (string, error)

DumpEntriesWithTimeDiff iterates through Map m and writes the values of the nat entries in m to a string. If clockSource is not nil, it uses it to compute the time difference of each entry from now and prints that too.

func NewPerClusterNATMaps

func NewPerClusterNATMaps(ipv4, ipv6 bool) *perClusterNATMaps

NewPerClusterNATMaps returns a new instance of the per-cluster NAT maps manager.

Types

type IPFamily

type IPFamily bool

IPFamily represents an IP family (i.e., either IPv4 or IPv6).

func (IPFamily) String

func (family IPFamily) String() string

type Map

type Map struct {
	bpf.Map
	// contains filtered or unexported fields
}

Map represents a NAT map. It also implements the NatMap interface.

func ClusterMaps

func ClusterMaps(clusterID uint32, ipv4, ipv6 bool) (ipv4Map, ipv6Map *Map, err error)

ClusterMaps returns all NAT maps for given clusters

func GetClusterNATMap

func GetClusterNATMap(clusterID uint32, family IPFamily) (*Map, error)

GetClusterNATMap returns the per-cluster map for the given cluster ID. The returned map needs to be opened by the caller, and it is not guaranteed to exist.

func GlobalMaps

func GlobalMaps(ipv4, ipv6, nodeport bool) (ipv4Map, ipv6Map *Map)

GlobalMaps returns all global NAT maps.

func NewMap

func NewMap(name string, family IPFamily, entries int) *Map

NewMap instantiates a Map.

func (*Map) Delete

func (m *Map) Delete(k bpf.MapKey) (deleted bool, err error)

func (*Map) DumpEntries

func (m *Map) DumpEntries() (string, error)

DumpEntries iterates through Map m and writes the values of the nat entries in m to a string.

func (*Map) DumpReliablyWithCallback

func (m *Map) DumpReliablyWithCallback(cb bpf.DumpCallback, stats *bpf.DumpStats) error

func (*Map) DumpStats

func (m *Map) DumpStats() *bpf.DumpStats

func (*Map) Flush

func (m *Map) Flush() int

Flush deletes all NAT mappings from the given table.

type NatEntry

type NatEntry interface {
	bpf.MapValue

	// ToHost converts fields to host byte order.
	ToHost() NatEntry

	// Dumps the Nat entry as string.
	Dump(key NatKey, toDeltaSecs func(uint64) string) string
}

NatEntry is the interface describing values to the NAT map.

type NatEntry4

type NatEntry4 struct {
	Created uint64     `align:"created"`
	NeedsCT uint64     `align:"needs_ct"`
	Pad1    uint64     `align:"pad1"`
	Pad2    uint64     `align:"pad2"`
	Addr    types.IPv4 `align:"to_saddr"`
	Port    uint16     `align:"to_sport"`
	// contains filtered or unexported fields
}

NatEntry4 represents an IPv4 entry in the NAT table.

func (*NatEntry4) Dump

func (n *NatEntry4) Dump(key NatKey, toDeltaSecs func(uint64) string) string

Dump dumps NAT entry to string.

func (*NatEntry4) New

func (n *NatEntry4) New() bpf.MapValue

func (*NatEntry4) String

func (n *NatEntry4) String() string

String returns the readable format.

func (*NatEntry4) ToHost

func (n *NatEntry4) ToHost() NatEntry

ToHost converts NatEntry4 ports to host byte order.

type NatEntry6

type NatEntry6 struct {
	Created uint64     `align:"created"`
	NeedsCT uint64     `align:"needs_ct"`
	Pad1    uint64     `align:"pad1"`
	Pad2    uint64     `align:"pad2"`
	Addr    types.IPv6 `align:"to_saddr"`
	Port    uint16     `align:"to_sport"`
	// contains filtered or unexported fields
}

NatEntry6 represents an IPv6 entry in the NAT table.

func (*NatEntry6) Dump

func (n *NatEntry6) Dump(key NatKey, toDeltaSecs func(uint64) string) string

Dump dumps NAT entry to string.

func (*NatEntry6) New

func (n *NatEntry6) New() bpf.MapValue

func (*NatEntry6) String

func (n *NatEntry6) String() string

String returns the readable format.

func (*NatEntry6) ToHost

func (n *NatEntry6) ToHost() NatEntry

ToHost converts NatEntry4 ports to host byte order.

type NatKey

type NatKey interface {
	bpf.MapKey

	// ToNetwork converts fields to network byte order.
	ToNetwork() NatKey

	// ToHost converts fields to host byte order.
	ToHost() NatKey

	// Dump contents of key to sb. Returns true if successful.
	Dump(sb *strings.Builder, reverse bool) bool

	// GetFlags flags containing the direction of the TupleKey.
	GetFlags() uint8

	// GetNextHeader returns the proto of the NatKey
	GetNextHeader() u8proto.U8proto
}

type NatKey4

type NatKey4 struct {
	tuple.TupleKey4Global
}

NatKey4 is needed to provide NatEntry type to Lookup values

func (*NatKey4) GetNextHeader

func (k *NatKey4) GetNextHeader() u8proto.U8proto

func (*NatKey4) New

func (k *NatKey4) New() bpf.MapKey

func (*NatKey4) ToHost

func (k *NatKey4) ToHost() NatKey

ToHost converts ports to host byte order.

This is necessary to prevent callers from implicitly converting the NatKey4 type here into a local key type in the nested TupleKey4Global field.

func (*NatKey4) ToNetwork

func (k *NatKey4) ToNetwork() NatKey

ToNetwork converts ports to network byte order.

This is necessary to prevent callers from implicitly converting the NatKey4 type here into a local key type in the nested TupleKey4Global field.

type NatKey6

type NatKey6 struct {
	tuple.TupleKey6Global
}

NatKey6 is needed to provide NatEntry type to Lookup values

func (*NatKey6) GetNextHeader

func (k *NatKey6) GetNextHeader() u8proto.U8proto

func (*NatKey6) New

func (k *NatKey6) New() bpf.MapKey

func (*NatKey6) ToHost

func (k *NatKey6) ToHost() NatKey

ToHost converts ports to host byte order.

This is necessary to prevent callers from implicitly converting the NatKey6 type here into a local key type in the nested TupleKey6Global field.

func (*NatKey6) ToNetwork

func (k *NatKey6) ToNetwork() NatKey

ToNetwork converts ports to network byte order.

This is necessary to prevent callers from implicitly converting the NatKey6 type here into a local key type in the nested TupleKey6Global field.

type NatMap

type NatMap interface {
	Open() error
	Close() error
	Path() (string, error)
	DumpEntries() (string, error)
	DumpWithCallback(bpf.DumpCallback) error
}

NatMap interface represents a NAT map, and can be reused to implement mock maps for unit tests.

type NatMapRecord

type NatMapRecord struct {
	Key   NatKey
	Value NatEntry
}

A "Record" designates a map entry (key + value), but avoid "entry" because of possible confusion with "NatEntry" (actually the value part). This type is used for JSON dump and mock maps.

type PerClusterNATMapKey

type PerClusterNATMapKey struct {
	ClusterID uint32
}

func (*PerClusterNATMapKey) New

func (n *PerClusterNATMapKey) New() bpf.MapKey

func (*PerClusterNATMapKey) String

func (k *PerClusterNATMapKey) String() string

type PerClusterNATMapVal

type PerClusterNATMapVal struct {
	Fd uint32
}

func (*PerClusterNATMapVal) New

func (n *PerClusterNATMapVal) New() bpf.MapValue

func (*PerClusterNATMapVal) String

func (v *PerClusterNATMapVal) String() string

type PerClusterNATMapper

type PerClusterNATMapper interface {
	// Create enforces the presence of the outer per-cluster NAT maps.
	OpenOrCreate() error
	// Close closes the outer per-cluster NAT maps handlers.
	Close() error

	// CreateClusterNATMaps enforces the presence of the inner maps for
	// the given cluster ID. It must be called after that OpenOrCreate()
	// has returned successfully.
	CreateClusterNATMaps(clusterID uint32) error
	// DeleteClusterNATMaps deletes the inner maps for the given cluster ID.
	// It must be called after that OpenOrCreate() has returned successfully.
	DeleteClusterNATMaps(clusterID uint32) error
}

An interface to manage the per-cluster NAT maps.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL