authmap

package

v1.16.1 Latest Latest Go to latest Published: Aug 13, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth represents the BPF map used to keep track of authentication state between security identities. +groupName=maps

Index ¶

Constants
Variables
type AuthInfo
- func (r *AuthInfo) String() string
type AuthKey
- func (r *AuthKey) New() bpf.MapKey
- func (r *AuthKey) String() string
type IterateCallback
type Map
- func LoadAuthMap() (Map, error)

Constants ¶

View Source

const (
	MapName = "cilium_auth_map"
)

Variables ¶

View Source

var Cell = cell.Module(
	"auth-map",
	"eBPF map which manages authenticated connections between identities",

	cell.Provide(newAuthMap),
)

Cell provides the auth.Map which contains the authentication state between Cilium security identities. Datapath checks the map for a valid authentication entry whenever authentication is demanded by a policy. If no or an expired entry is found the packet gets dropped and an authentication gets requested via auth.Manager.

Functions ¶

This section is empty.

Types ¶

type AuthInfo ¶

type AuthInfo struct {
	Expiration utime.UTime `align:"expiration"`
}

AuthInfo implements the bpf.MapValue interface.

Must be in sync with struct auth_info in <bpf/lib/common.h>

func (*AuthInfo) String ¶

func (r *AuthInfo) String() string

type AuthKey ¶

type AuthKey struct {
	LocalIdentity  uint32 `align:"local_sec_label"`
	RemoteIdentity uint32 `align:"remote_sec_label"`
	RemoteNodeID   uint16 `align:"remote_node_id"`
	AuthType       uint8  `align:"auth_type"`
	Pad            uint8  `align:"pad"`
}

AuthKey implements the bpf.MapKey interface.

Must be in sync with struct auth_key in <bpf/lib/common.h>

func (*AuthKey) New ¶

func (r *AuthKey) New() bpf.MapKey

func (*AuthKey) String ¶

func (r *AuthKey) String() string

type IterateCallback ¶

type IterateCallback func(*AuthKey, *AuthInfo)

IterateCallback represents the signature of the callback function expected by the IterateWithCallback method, which in turn is used to iterate all the keys/values of an auth map.

type Map ¶

type Map interface {
	// Lookup returns the auth map object associated with the provided
	// (local identity, remote identity, remote host id, auth type) quadruple.
	Lookup(key AuthKey) (AuthInfo, error)

	// Update inserts or updates the auth map object associated with the provided
	// (local identity, remote identity, remote host id, auth type) quadruple.
	Update(key AuthKey, expiration utime.UTime) error

	// Delete deletes the auth map object associated with the provided
	// (local identity, remote identity, remote host id, auth type) quadruple.
	Delete(key AuthKey) error

	// IterateWithCallback iterates through all the keys/values of an auth map,
	// passing each key/value pair to the cb callback.
	IterateWithCallback(cb IterateCallback) error

	// MaxEntries returns the maximum number of entries the auth map can hold.
	MaxEntries() uint32
}

Map provides access to the eBPF map auth.

func LoadAuthMap ¶

func LoadAuthMap() (Map, error)

LoadAuthMap loads the pre-initialized auth map for access. This should only be used from components which aren't capable of using hive - mainly the Cilium CLI. It needs to initialized beforehand via the Cilium Agent.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
fake

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL