Affected by GO-2024-3071 and 1 other vulnerabilities

GO-2024-3071: Gateway API route matching order contradicts specification in github.com/cilium/cilium

GO-2024-3074: Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium

stats

package

v1.16.0 Latest Latest Go to latest Published: Jul 24, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Config
- func (def Config) Flags(flags *pflag.FlagSet)
type Metrics
type NatMapStats
type Stats

Constants ¶

View Source

const (
	TableName = "nat-stats"
)

Variables ¶

View Source

var Cell = cell.Module(
	"nat-stats",
	"Aggregates stats for NAT maps",
	metrics.Metric(newMetrics),
	cell.ProvidePrivate(newTables),
	cell.Provide(
		func(m Metrics) natMetrics {
			return m
		},
		newStats,
		statedb.RWTable[NatMapStats].ToTable,
	),
	cell.Config(Config{

		NATMapStatInterval: 30 * time.Second,

		NatMapStatKStoredEntries: 32,
	}),
	cell.Invoke(func(_ *Stats) {}),
)

Cell exports a module providing functionality for computing NAT map stats. This uses provided pkg/maps/nat.(Cell) maps to efficiently walk the nat map and compute the top-k most used connection tuples. In this context, a "connection tuple" refers to the 4-tuple:

{port, egressIP, remoteEndpointIP, remoteEndpointPort}

Which defines a distinct set of translated connections for which the source IP is the egress IP, who all share the same endpoint address. Egress source ports are allocated by the datapath and, in some cases, can be prone to exhaustion or allocation failures if the connection tuple already has many connections to the same endpoint.

The nat-stats module exposes this data as both prometheus metrics and via a exported statedb.Table[NatMapStats] for other modules to consume.

View Source

var (
	Index = statedb.Index[NatMapStats, string]{
		Name: "byTuple",
		FromObject: func(s NatMapStats) index.KeySet {
			return index.NewKeySet(s.Key())
		},
		FromKey: index.String,
		Unique:  true,
	}
)

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	NATMapStatInterval       time.Duration `mapstructure:"nat-map-stats-interval"`
	NatMapStatKStoredEntries int           `mapstructure:"nat-map-stats-entries"`
}

func (Config) Flags ¶

func (def Config) Flags(flags *pflag.FlagSet)

type Metrics ¶

type Metrics struct {
	LocalPorts metric.Vec[metric.Gauge]
}

type NatMapStats ¶

type NatMapStats struct {
	Type       string
	EgressIP   string
	EndpointIP string
	RemotePort uint16
	Proto      string
	Count      int
	Nth        int
}

NatMapStats is a nat-map table entry key/value. This contains a count of connection 3-tuple utilization.

func (NatMapStats) Key ¶

func (s NatMapStats) Key() index.Key

func (NatMapStats) TableHeader ¶

func (NatMapStats) TableHeader() []string

func (NatMapStats) TableRow ¶

func (s NatMapStats) TableRow() []string

type Stats ¶

type Stats struct {
	// contains filtered or unexported fields
}

Stats provides a implementation of performing nat map stats counting.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL