Documentation
¶
Index ¶
- Constants
- func MaskToPrefix(mask uint16) uint
- type Key
- func (k Key) BitValueAt(i uint) uint8
- func (k Key) CommonPrefix(b Key) uint
- func (k Key) EndPort() uint16
- func (k Key) IsEgress() bool
- func (k Key) IsIngress() bool
- func (k Key) PortIsBroader(c Key) bool
- func (k Key) PortIsEqual(c Key) bool
- func (k Key) PortMask() uint16
- func (k Key) PortProtoIsBroader(c Key) bool
- func (k Key) PortProtoIsEqual(c Key) bool
- func (k Key) PrefixLength() uint
- func (k Key) String() string
- func (k Key) Value() Key
- type Keys
Constants ¶
const MapStatePrefixLen = uint(32)
MapStatePrefixLen is the length, in bits, of the Key when converted to binary minus the sizeof the identity field (which is not indexed).
Variables ¶
This section is empty.
Functions ¶
func MaskToPrefix ¶
MaskToPrefix returns the amount by which a mask should negate a full prefix.
Types ¶
type Key ¶
type Key struct {
// Identity is the numeric identity to / from which traffic is allowed.
Identity uint32
// DestPort is the port at L4 to / from which traffic is allowed, in
// host-byte order.
DestPort uint16
// InvertedPortMask is the mask that should be applied to the DestPort to
// define a range of ports for the policy-key, encoded as the bitwise inverse
// of its true/useful value. This is done so that the default value of the
// Key is a full port mask (that is, "0" represents 0xffff), as that is
// the most likely value to be used. InvertedPortMask is also, conveniently,
// the number or ports on top of DestPort that define that range. That is
// the end port is equal to the DestPort added to the InvertedPortMask.
//
// It is **not** the prefix that is applied for the BPF key entries.
// That value is calculated in the maps/policymap package.
//
// For example:
// range 2-3 would be DestPort:2 and InvertedPortMask:0x1 (i.e 0xfffe)
// range 32768-49151 would be DestPort:32768 and InvertedPortMask:0x3fff (i.e. 0xc000)
InvertedPortMask uint16
// NextHdr is the protocol which is allowed.
Nexthdr uint8
// TrafficDirection indicates in which direction Identity is allowed
// communication (egress or ingress).
TrafficDirection uint8
}
Key is the userspace representation of a policy key in BPF. It is intentionally duplicated from pkg/maps/policymap to avoid pulling in the BPF dependency to this package.
func (Key) BitValueAt ¶
BitValueAt implements the BitValueAt method for the bitlpm.Key interface.
func (Key) CommonPrefix ¶
CommonPrefix implements the CommonPrefix method for the bitlpm.Key interface. Identity is not indexed and is instead, saved as a simple map per TrafficDirection-Protocol-Port index key.
func (Key) PortIsBroader ¶
PortIsBroader returns true if the receiver Key's port range covers the argument Key's port range, but returns false if they are equal.
func (Key) PortIsEqual ¶
PortIsEqual returns true if the port ranges between the two keys are exactly equal.
func (Key) PortProtoIsBroader ¶
PortProtoIsBroader returns true if the receiver Key has broader port-protocol than the argument Key. That is a port-protocol that covers the argument Key's port-protocol and is larger. An equal port-protocol will return false.
func (Key) PortProtoIsEqual ¶
PortProtoIsEqual returns true if the port-protocols of the two keys are exactly equal.
func (Key) PrefixLength ¶
PrefixLength returns the prefix lenth of the key for indexing it for the userspace cache (not the BPF map or datapath).
Source Files