eppolicymap

package
v1.5.0-rc3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 8, 2019 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Overview

Package eppolicymap represents the map from an endpoint ID to its policy map. This map is of type BPF_MAP_TYPES_HASH_OF_MAPS where as noted above the key is the endpoint ID. It is used to lookup the policy from the socket context where unlike in the L2/L3 context, where the program has a direct lookup of the policy because each program is attached to an endpoint, socket programs run on all sockets regardless of endpoint.

Index

Constants

View Source
const (
	// MaxEntries represents the maximum number of endpoints in the map
	MaxEntries = 65535
)

Variables

View Source
var (
	EpPolicyMap = bpf.NewMap(MapName,
		bpf.MapTypeHashOfMaps,
		int(unsafe.Sizeof(EndpointKey{})),
		int(unsafe.Sizeof(EPPolicyValue{})),
		MaxEntries,
		0,
		0,
		func(key []byte, value []byte) (bpf.MapKey, bpf.MapValue, error) {
			k := EndpointKey{}
			v := EPPolicyValue{}

			if err := bpf.ConvertKeyValue(key, value, &k, &v); err != nil {
				return nil, nil, err
			}

			return &k, &v, nil
		},
	).WithCache()
)
View Source
var (
	MapName = "cilium_ep_to_policy"
)

Functions

func CreateEPPolicyMap

func CreateEPPolicyMap()

CreateEPPolicyMap will create both the innerMap (needed for map in map types) and then after BPFFS is mounted create the epPolicyMap. We only create the innerFd once to avoid having multiple inner maps.

func WriteEndpoint

func WriteEndpoint(keys []*lxcmap.EndpointKey, pm *policymap.PolicyMap) error

WriteEndpoint writes the policy map file descriptor into the map so that the datapath side can do a lookup from EndpointKey->PolicyMap. Locking is handled in the usual way via Map lock. If sockops is disabled this will be a nop.

Types

type EPPolicyValue

type EPPolicyValue struct{ Fd uint32 }

func (EPPolicyValue) GetValuePtr

func (v EPPolicyValue) GetValuePtr() unsafe.Pointer

GetValuePtr returns the unsafe value pointer to the Endpoint Policy fd

func (EPPolicyValue) String

func (v EPPolicyValue) String() string

type EndpointKey

type EndpointKey struct{ bpf.EndpointKey }

func (EndpointKey) NewValue

func (k EndpointKey) NewValue() bpf.MapValue

NewValue returns a new empty instance of the Endpoint Policy fd

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL