types

package
v1.17.0-pre.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2024 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

View Source 
const MapStatePrefixLen = uint(32)

MapStatePrefixLen is the length, in bits, of the Key when converted to binary minus the sizeof the identity field (which is not indexed).

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthRequirement 

type AuthRequirement AuthType

AuthRequirement is a combination of an AuthType with an 'explicit' flag on the highest bit This is defined in order to keep MapStateEntry smaller and to simplify code wiring this to the bpf datapath.

NOTE: This type is part of the bpf policy API.

This type reflects the layout of the 'auth_type' field in the bpf policy map and is used in pkg/maps/policymap. This layout must not be changed! 

const (
	NoAuthRequirement  AuthRequirement = 0
	AuthTypeIsExplicit AuthRequirement = 1 << 7
)

func (AuthRequirement) AsDerived 

func (a AuthRequirement) AsDerived() AuthRequirement

asDerived returns the auth requirement with the 'explicit' flag cleared.

func (AuthRequirement) AuthType 

func (a AuthRequirement) AuthType() AuthType

func (AuthRequirement) IsExplicit 

func (a AuthRequirement) IsExplicit() bool

type AuthType 

type AuthType uint8

AuthType enumerates the supported authentication types in api. Numerically higher type takes precedence in case of conflicting auth types. 

const (
	// AuthTypeDisabled means no authentication required
	AuthTypeDisabled AuthType = iota
	// AuthTypeSpire is a mutual auth type that uses SPIFFE identities with a SPIRE server
	AuthTypeSpire
	// AuthTypeAlwaysFail is a simple auth type that always denies the request
	AuthTypeAlwaysFail
)

func (AuthType) AsDerivedRequirement 

func (a AuthType) AsDerivedRequirement() AuthRequirement

func (AuthType) AsExplicitRequirement 

func (a AuthType) AsExplicitRequirement() AuthRequirement

func (AuthType) String 

func (a AuthType) String() string

String returns AuthType as a string. This must return the strings accepted for api.AuthType

func (AuthType) Uint8 

func (a AuthType) Uint8() uint8

Uint8 returns AuthType as a uint8

type AuthTypes 

type AuthTypes map[AuthType]struct{}

AuthTypes is a set of AuthTypes, usually nil if empty

type CachedSelectionUser 

type CachedSelectionUser interface {
	// The caller is responsible for making sure the same identity is not
	// present in both 'added' and 'deleted'.
	IdentitySelectionUpdated(selector CachedSelector, added, deleted []identity.NumericIdentity)

	// IdentitySelectionCommit tells the user that all IdentitySelectionUpdated calls relating
	// to a specific added or removed identity have been made.
	IdentitySelectionCommit(*versioned.Tx)

	// IsPeerSelector returns true if the selector is used by the policy
	// engine for selecting traffic for remote peers. False if used for
	// selecting policy subjects.
	IsPeerSelector() bool
}

CachedSelectionUser inserts selectors into the cache and gets update callbacks whenever the set of selected numeric identities change for the CachedSelectors pushed by it. Callbacks are executed from a separate goroutine that does not take the selector cache lock, so the implemenations generally may call back to the selector cache.

type CachedSelector 

type CachedSelector interface {
	// GetSelections returns the cached set of numeric identities
	// selected by the CachedSelector.  The retuned slice must NOT
	// be modified, as it is shared among multiple users.
	GetSelections(*versioned.VersionHandle) identity.NumericIdentitySlice

	// GetMetadataLabels returns metadata labels for additional context
	// surrounding the selector. These are typically the labels associated with
	// Cilium rules.
	GetMetadataLabels() labels.LabelArray

	// Selects return 'true' if the CachedSelector selects the given
	// numeric identity.
	Selects(*versioned.VersionHandle, identity.NumericIdentity) bool

	// IsWildcard returns true if the endpoint selector selects
	// all endpoints.
	IsWildcard() bool

	// IsNone returns true if the selector never selects anything
	IsNone() bool

	// String returns the string representation of this selector.
	// Used as a map key.
	String() string
}

CachedSelector represents an identity selector owned by the selector cache

type CachedSelectorSlice 

type CachedSelectorSlice []CachedSelector

CachedSelectorSlice is a slice of CachedSelectors that can be sorted.

func (CachedSelectorSlice) Len 

func (s CachedSelectorSlice) Len() int

func (CachedSelectorSlice) Less 

func (s CachedSelectorSlice) Less(i, j int) bool

func (CachedSelectorSlice) MarshalJSON 

func (s CachedSelectorSlice) MarshalJSON() ([]byte, error)

MarshalJSON returns the CachedSelectors as JSON formatted buffer

func (CachedSelectorSlice) SelectsAllEndpoints 

func (s CachedSelectorSlice) SelectsAllEndpoints() bool

SelectsAllEndpoints returns whether the CachedSelectorSlice selects all endpoints, which is true if the wildcard endpoint selector is present in the slice.

func (CachedSelectorSlice) Swap 

func (s CachedSelectorSlice) Swap(i, j int)

type Key 

type Key struct {
	LPMKey
	// Identity is the numeric identity to / from which traffic is allowed.
	Identity identity.NumericIdentity
}

func EgressKey 

func EgressKey() Key

func IngressKey 

func IngressKey() Key

func KeyForDirection 

func KeyForDirection(direction trafficdirection.TrafficDirection) Key

func (Key) PortProtoIsBroader 

func (k Key) PortProtoIsBroader(c Key) bool

PortProtoIsBroader returns true if the receiver Key has broader port-protocol than the argument Key. That is a port-protocol that covers the argument Key's port-protocol and is larger. An equal port-protocol will return false.

func (Key) String 

func (k Key) String() string

String returns a string representation of the Key

func (Key) WithIdentity 

func (k Key) WithIdentity(nid identity.NumericIdentity) Key

func (Key) WithPort 

func (k Key) WithPort(port uint16) Key

func (Key) WithPortPrefix 

func (k Key) WithPortPrefix(port uint16, prefixLen uint8) Key

func (Key) WithPortProto 

func (k Key) WithPortProto(proto u8proto.U8proto, port uint16) Key

func (Key) WithPortProtoPrefix 

func (k Key) WithPortProtoPrefix(proto u8proto.U8proto, port uint16, prefixLen uint8) Key

func (Key) WithProto 

func (k Key) WithProto(proto u8proto.U8proto) Key

func (Key) WithSCTPPort 

func (k Key) WithSCTPPort(port uint16) Key

func (Key) WithSCTPPortPrefix 

func (k Key) WithSCTPPortPrefix(port uint16, prefixLen uint8) Key

func (Key) WithTCPPort 

func (k Key) WithTCPPort(port uint16) Key

func (Key) WithTCPPortPrefix 

func (k Key) WithTCPPortPrefix(port uint16, prefixLen uint8) Key

func (Key) WithUDPPort 

func (k Key) WithUDPPort(port uint16) Key

func (Key) WithUDPPortPrefix 

func (k Key) WithUDPPortPrefix(port uint16, prefixLen uint8) Key

type Keys 

type Keys map[Key]struct{}

type LPMKey 

type LPMKey struct {

	// NextHdr is the protocol which is allowed.
	Nexthdr u8proto.U8proto
	// DestPort is the port at L4 to / from which traffic is allowed, in
	// host-byte order.
	DestPort uint16
	// contains filtered or unexported fields
}

Key is the userspace representation of a policy key in BPF. It is intentionally duplicated from pkg/maps/policymap to avoid pulling in the BPF dependency to this package.

func (LPMKey) BitValueAt 

func (k LPMKey) BitValueAt(i uint) uint8

BitValueAt implements the BitValueAt method for the bitlpm.Key interface.

func (LPMKey) CommonPrefix 

func (k LPMKey) CommonPrefix(b LPMKey) uint

CommonPrefix implements the CommonPrefix method for the bitlpm.Key interface. Identity is not indexed and is instead, saved as a simple map per TrafficDirection-Protocol-Port index key.

func (LPMKey) EndPort 

func (k LPMKey) EndPort() uint16

EndPort returns the end-port of the Key based on the Mask.

func (LPMKey) HasPortWildcard 

func (k LPMKey) HasPortWildcard() bool

func (LPMKey) IsEgress 

func (k LPMKey) IsEgress() bool

IsEgress returns true if the key refers to an egress policy key

func (LPMKey) IsIngress 

func (k LPMKey) IsIngress() bool

IsIngress returns true if the key refers to an ingress policy key

func (LPMKey) PortIsBroader 

func (k LPMKey) PortIsBroader(c Key) bool

PortIsBroader returns true if the receiver Key's port range covers the argument Key's port range, but returns false if they are equal.

func (LPMKey) PortIsEqual 

func (k LPMKey) PortIsEqual(c Key) bool

PortIsEqual returns true if the port ranges between the two keys are exactly equal.

func (LPMKey) PortPrefixLen 

func (k LPMKey) PortPrefixLen() uint8

PortPrefixLen returns the length of the bitwise mask that should be applied to the DestPort.

func (LPMKey) PortProtoIsEqual 

func (k LPMKey) PortProtoIsEqual(c Key) bool

PortProtoIsEqual returns true if the port-protocols of the two keys are exactly equal.

func (LPMKey) PrefixLength 

func (k LPMKey) PrefixLength() uint

PrefixLength returns the prefix lenth of the key for indexing it for the userspace cache (not the BPF map or datapath).

func (LPMKey) TrafficDirection 

func (k LPMKey) TrafficDirection() trafficdirection.TrafficDirection

TrafficDirection() returns the direction of the Key, 0 == ingress, 1 == egress

func (LPMKey) Value 

func (k LPMKey) Value() LPMKey

Value implements the Value method for the bitlpm.Key interface.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.