Documentation ¶
Overview ¶
+groupName=maps
Index ¶
- Constants
- func CloseLocalMaps(mapname string)
- func DeleteIfUpgradeNeeded(e CtEndpoint)
- func Exists(e CtEndpoint, ipv4, ipv6 bool) bool
- func GC(m *Map, filter *GCFilter) int
- func GetInterval(mapType bpf.MapType, maxDeleteRatio float64) (interval time.Duration)
- func InitMapInfo(tcpMaxEntries, anyMaxEntries int, v4, v6 bool)
- func NameIsGlobal(filename string) bool
- func WriteBPFMacros(fw io.Writer, e CtEndpoint)
- type CtEndpoint
- type CtEntry
- type CtKey
- type CtKey4
- func (in *CtKey4) DeepCopy() *CtKey4
- func (in *CtKey4) DeepCopyInto(out *CtKey4)
- func (in *CtKey4) DeepCopyMapKey() bpf.MapKey
- func (k *CtKey4) Dump(buffer *bytes.Buffer, reverse bool) bool
- func (k *CtKey4) GetFlags() uint8
- func (k *CtKey4) GetKeyPtr() unsafe.Pointer
- func (k *CtKey4) GetTupleKey() tuple.TupleKey
- func (k *CtKey4) NewValue() bpf.MapValue
- func (k *CtKey4) String() string
- func (k *CtKey4) ToHost() CtKey
- func (k *CtKey4) ToNetwork() CtKey
- type CtKey4Global
- func (in *CtKey4Global) DeepCopy() *CtKey4Global
- func (in *CtKey4Global) DeepCopyInto(out *CtKey4Global)
- func (in *CtKey4Global) DeepCopyMapKey() bpf.MapKey
- func (k *CtKey4Global) Dump(buffer *bytes.Buffer, reverse bool) bool
- func (k *CtKey4Global) GetFlags() uint8
- func (k *CtKey4Global) GetKeyPtr() unsafe.Pointer
- func (k *CtKey4Global) GetTupleKey() tuple.TupleKey
- func (k *CtKey4Global) NewValue() bpf.MapValue
- func (k *CtKey4Global) String() string
- func (k *CtKey4Global) ToHost() CtKey
- func (k *CtKey4Global) ToNetwork() CtKey
- type CtKey6
- func (in *CtKey6) DeepCopy() *CtKey6
- func (in *CtKey6) DeepCopyInto(out *CtKey6)
- func (in *CtKey6) DeepCopyMapKey() bpf.MapKey
- func (k *CtKey6) Dump(buffer *bytes.Buffer, reverse bool) bool
- func (k *CtKey6) GetFlags() uint8
- func (k *CtKey6) GetKeyPtr() unsafe.Pointer
- func (k *CtKey6) GetTupleKey() tuple.TupleKey
- func (k *CtKey6) NewValue() bpf.MapValue
- func (k *CtKey6) String() string
- func (k *CtKey6) ToHost() CtKey
- func (k *CtKey6) ToNetwork() CtKey
- type CtKey6Global
- func (in *CtKey6Global) DeepCopy() *CtKey6Global
- func (in *CtKey6Global) DeepCopyInto(out *CtKey6Global)
- func (in *CtKey6Global) DeepCopyMapKey() bpf.MapKey
- func (k *CtKey6Global) Dump(buffer *bytes.Buffer, reverse bool) bool
- func (k *CtKey6Global) GetFlags() uint8
- func (k *CtKey6Global) GetKeyPtr() unsafe.Pointer
- func (k *CtKey6Global) GetTupleKey() tuple.TupleKey
- func (k *CtKey6Global) NewValue() bpf.MapValue
- func (k *CtKey6Global) String() string
- func (k *CtKey6Global) ToHost() CtKey
- func (k *CtKey6Global) ToNetwork() CtKey
- type CtMap
- type CtMapRecord
- type CtMockMap
- type EmitCTEntryCBFunc
- type GCFilter
- type Map
- type NatMap
Constants ¶
const ( // Map names for TCP CT tables are retained from Cilium 1.0 naming // scheme to minimize disruption of ongoing connections during upgrade. MapNamePrefix = "cilium_ct" MapNameTCP6 = MapNamePrefix + "6_" MapNameTCP4 = MapNamePrefix + "4_" MapNameTCP6Global = MapNameTCP6 + "global" MapNameTCP4Global = MapNameTCP4 + "global" // Map names for "any" protocols indicate CT for non-TCP protocols. MapNameAny6 = MapNamePrefix + "_any6_" MapNameAny4 = MapNamePrefix + "_any4_" MapNameAny6Global = MapNameAny6 + "global" MapNameAny4Global = MapNameAny4 + "global" TUPLE_F_OUT = 0 TUPLE_F_IN = 1 TUPLE_F_RELATED = 2 TUPLE_F_SERVICE = 4 // MaxTime specifies the last possible time for GCFilter.Time MaxTime = math.MaxUint32 )
const ( RxClosing = 1 << iota TxClosing Nat64 LBLoopback SeenNonSyn NodePort ProxyRedirect DSR MaxFlags )
const SizeofCtEntry = int(unsafe.Sizeof(CtEntry{}))
const SizeofCtKey6Global = int(unsafe.Sizeof(CtKey6Global{}))
Variables ¶
This section is empty.
Functions ¶
func CloseLocalMaps ¶ added in v0.15.7
func CloseLocalMaps(mapname string)
CloseLocalMaps closes all local conntrack maps opened previously for lookup with the given 'mapname'.
func DeleteIfUpgradeNeeded ¶ added in v0.15.7
func DeleteIfUpgradeNeeded(e CtEndpoint)
DeleteIfUpgradeNeeded attempts to open the conntrack maps associated with the specified endpoint, and delete the maps from the filesystem if any properties do not match the properties defined in this package.
The typical trigger for this is when, for example, the CT entry size changes from one version of Cilium to the next. When Cilium restarts, it may opt to restore endpoints from the prior life. Existing endpoints that use the old map style are incompatible with the new version, so the CT map must be destroyed and recreated during upgrade. By removing the old map location from the filesystem, we ensure that the next time that the endpoint is regenerated, it will recreate a new CT map with the new properties.
Note that if an existing BPF program refers to the map at the canonical paths (as fetched via the getMapPathsToKeySize() call below), then that BPF program will continue to operate on the old map, even once the map is removed from the filesystem. The old map will only be completely cleaned up once all referenced to the map are cleared - that is, all BPF programs which refer to the old map and removed/reloaded.
func Exists ¶ added in v0.15.7
func Exists(e CtEndpoint, ipv4, ipv6 bool) bool
Exists returns false if the CT maps for the specified endpoint (or global maps if nil) are not pinned to the filesystem, or true if they exist or an internal error occurs.
func GC ¶ added in v0.9.0
GC runs garbage collection for map m with name mapType with the given filter. It returns how many items were deleted from m.
func GetInterval ¶ added in v0.15.7
GetInterval returns the interval adjusted based on the deletion ratio of the last run
func InitMapInfo ¶ added in v0.15.7
InitMapInfo builds the information about different CT maps for the combination of L3/L4 protocols, using the specified limits on TCP vs non-TCP maps.
func NameIsGlobal ¶ added in v0.15.7
NameIsGlobal returns true if the specified filename (basename) denotes a global conntrack map.
func WriteBPFMacros ¶ added in v0.15.7
func WriteBPFMacros(fw io.Writer, e CtEndpoint)
WriteBPFMacros writes the map names for conntrack maps into the specified writer, defining usage of the global map or local maps depending on whether the specified CtEndpoint is nil.
Types ¶
type CtEndpoint ¶ added in v0.15.7
type CtEndpoint interface {
GetID() uint64
}
CtEndpoint represents an endpoint for the functions required to manage conntrack maps for the endpoint.
type CtEntry ¶
type CtEntry struct { RxPackets uint64 `align:"rx_packets"` RxBytes uint64 `align:"rx_bytes"` TxPackets uint64 `align:"tx_packets"` TxBytes uint64 `align:"tx_bytes"` Lifetime uint32 `align:"lifetime"` Flags uint16 `align:"rx_closing"` // RevNAT is in network byte order RevNAT uint16 `align:"rev_nat_index"` IfIndex uint16 `align:"ifindex"` TxFlagsSeen uint8 `align:"tx_flags_seen"` RxFlagsSeen uint8 `align:"rx_flags_seen"` SourceSecurityID uint32 `align:"src_sec_id"` LastTxReport uint32 `align:"last_tx_report"` LastRxReport uint32 `align:"last_rx_report"` }
CtEntry represents an entry in the connection tracking table. +k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapValue
func Lookup ¶ added in v0.15.7
func Lookup(epname string, remoteAddr, localAddr string, proto u8proto.U8proto, ingress bool) (*CtEntry, error)
Lookup opens a conntrack map if necessary, and does a lookup on it with a key constructed from the parameters 'epname' is a 5-digit representation of the endpoint ID if local maps are to be used, or "global" if global maps should be used.
func (*CtEntry) DeepCopy ¶ added in v1.5.1
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CtEntry.
func (*CtEntry) DeepCopyInto ¶ added in v1.5.1
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CtEntry) DeepCopyMapValue ¶ added in v1.5.1
DeepCopyMapValue is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapValue.
func (*CtEntry) GetValuePtr ¶ added in v0.9.0
GetValuePtr returns the unsafe.Pointer for s.
type CtKey ¶
type CtKey interface { bpf.MapKey // ToNetwork converts fields to network byte order. ToNetwork() CtKey // ToHost converts fields to host byte order. ToHost() CtKey // Dump contents of key to buffer. Returns true if successful. Dump(buffer *bytes.Buffer, reverse bool) bool // GetFlags flags containing the direction of the CtKey. GetFlags() uint8 GetTupleKey() tuple.TupleKey }
type CtKey4 ¶
CtKey4 is needed to provide CtEntry type to Lookup values +k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapKey
func (*CtKey4) DeepCopy ¶ added in v1.6.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CtKey4.
func (*CtKey4) DeepCopyInto ¶ added in v1.6.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CtKey4) DeepCopyMapKey ¶ added in v1.6.0
DeepCopyMapKey is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapKey.
func (*CtKey4) Dump ¶
Dump writes the contents of key to buffer and returns true if the value for next header in the key is nonzero.
func (*CtKey4) GetTupleKey ¶ added in v0.15.7
type CtKey4Global ¶ added in v0.9.0
type CtKey4Global struct {
tuple.TupleKey4Global
}
CtKey4Global is needed to provide CtEntry type to Lookup values +k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapKey
func (*CtKey4Global) DeepCopy ¶ added in v1.6.0
func (in *CtKey4Global) DeepCopy() *CtKey4Global
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CtKey4Global.
func (*CtKey4Global) DeepCopyInto ¶ added in v1.6.0
func (in *CtKey4Global) DeepCopyInto(out *CtKey4Global)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CtKey4Global) DeepCopyMapKey ¶ added in v1.6.0
func (in *CtKey4Global) DeepCopyMapKey() bpf.MapKey
DeepCopyMapKey is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapKey.
func (*CtKey4Global) Dump ¶ added in v0.9.0
func (k *CtKey4Global) Dump(buffer *bytes.Buffer, reverse bool) bool
Dump writes the contents of key to buffer and returns true if the value for next header in the key is nonzero.
func (*CtKey4Global) GetFlags ¶ added in v0.15.7
func (k *CtKey4Global) GetFlags() uint8
GetFlags returns the tuple's flags.
func (*CtKey4Global) GetKeyPtr ¶ added in v0.9.0
func (k *CtKey4Global) GetKeyPtr() unsafe.Pointer
GetKeyPtr returns the unsafe.Pointer for k.
func (*CtKey4Global) GetTupleKey ¶ added in v0.15.7
func (k *CtKey4Global) GetTupleKey() tuple.TupleKey
func (*CtKey4Global) NewValue ¶ added in v0.9.0
func (k *CtKey4Global) NewValue() bpf.MapValue
NewValue creates a new bpf.MapValue.
func (*CtKey4Global) String ¶ added in v0.9.0
func (k *CtKey4Global) String() string
func (*CtKey4Global) ToHost ¶ added in v0.10.0
func (k *CtKey4Global) ToHost() CtKey
ToHost converts ports to host byte order.
This is necessary to prevent callers from implicitly converting the CtKey4Global type here into a local key type in the nested TupleKey4Global field.
func (*CtKey4Global) ToNetwork ¶ added in v0.10.0
func (k *CtKey4Global) ToNetwork() CtKey
ToNetwork converts ports to network byte order.
This is necessary to prevent callers from implicitly converting the CtKey4Global type here into a local key type in the nested TupleKey4Global field.
type CtKey6 ¶
CtKey6 is needed to provide CtEntry type to Lookup values +k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapKey
func (*CtKey6) DeepCopy ¶ added in v1.6.0
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CtKey6.
func (*CtKey6) DeepCopyInto ¶ added in v1.6.0
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CtKey6) DeepCopyMapKey ¶ added in v1.6.0
DeepCopyMapKey is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapKey.
func (*CtKey6) Dump ¶
Dump writes the contents of key to buffer and returns true if the value for next header in the key is nonzero.
func (*CtKey6) GetTupleKey ¶ added in v0.15.7
type CtKey6Global ¶ added in v0.9.0
type CtKey6Global struct {
tuple.TupleKey6Global
}
CtKey6Global is needed to provide CtEntry type to Lookup values +k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapKey
func (*CtKey6Global) DeepCopy ¶ added in v1.6.0
func (in *CtKey6Global) DeepCopy() *CtKey6Global
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CtKey6Global.
func (*CtKey6Global) DeepCopyInto ¶ added in v1.6.0
func (in *CtKey6Global) DeepCopyInto(out *CtKey6Global)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CtKey6Global) DeepCopyMapKey ¶ added in v1.6.0
func (in *CtKey6Global) DeepCopyMapKey() bpf.MapKey
DeepCopyMapKey is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapKey.
func (*CtKey6Global) Dump ¶ added in v0.9.0
func (k *CtKey6Global) Dump(buffer *bytes.Buffer, reverse bool) bool
Dump writes the contents of key to buffer and returns true if the value for next header in the key is nonzero.
func (*CtKey6Global) GetFlags ¶ added in v0.15.7
func (k *CtKey6Global) GetFlags() uint8
GetFlags returns the tuple's flags.
func (*CtKey6Global) GetKeyPtr ¶ added in v0.9.0
func (k *CtKey6Global) GetKeyPtr() unsafe.Pointer
GetKeyPtr returns the unsafe.Pointer for k.
func (*CtKey6Global) GetTupleKey ¶ added in v0.15.7
func (k *CtKey6Global) GetTupleKey() tuple.TupleKey
func (*CtKey6Global) NewValue ¶ added in v0.9.0
func (k *CtKey6Global) NewValue() bpf.MapValue
NewValue creates a new bpf.MapValue.
func (*CtKey6Global) String ¶ added in v0.9.0
func (k *CtKey6Global) String() string
func (*CtKey6Global) ToHost ¶ added in v0.10.0
func (k *CtKey6Global) ToHost() CtKey
ToHost converts ports to host byte order.
This is necessary to prevent callers from implicitly converting the CtKey6Global type here into a local key type in the nested TupleKey6Global field.
func (*CtKey6Global) ToNetwork ¶ added in v0.10.0
func (k *CtKey6Global) ToNetwork() CtKey
ToNetwork converts ports to network byte order.
This is necessary to prevent callers from implicitly converting the CtKey6Global type here into a local key type in the nested TupleKey6Global field.
type CtMap ¶
type CtMap interface { Open() error Close() error Path() (string, error) DumpEntries() (string, error) DumpWithCallback(bpf.DumpCallback) error }
CtMap interface represents a CT map, and can be reused to implement mock maps for unit tests.
type CtMapRecord ¶ added in v0.15.7
A "Record" designates a map entry (key + value), but avoid "entry" because of possible confusion with "CtEntry" (actually the value part). This type is used for JSON dump and mock maps.
type CtMockMap ¶ added in v1.8.0
type CtMockMap struct {
Entries []CtMapRecord
}
CtMockMap implements the CtMap interface and can be used for unit tests.
func NewCtMockMap ¶ added in v1.8.0
func NewCtMockMap(records []CtMapRecord) *CtMockMap
NewCtMockMap is a constructor for a CtMockMap.
func (*CtMockMap) DumpEntries ¶ added in v1.8.0
DumpEntries iterates through Map m and writes the values of the ct entries in m to a string.
func (*CtMockMap) DumpWithCallback ¶ added in v1.8.0
func (m *CtMockMap) DumpWithCallback(cb bpf.DumpCallback) error
DumpWithCallback runs the callback on each entry of the mock map.
type EmitCTEntryCBFunc ¶ added in v0.15.7
type EmitCTEntryCBFunc func(srcIP, dstIP net.IP, srcPort, dstPort uint16, nextHdr, flags uint8, entry *CtEntry)
EmitCTEntryCBFunc is the type used for the EmitCTEntryCB callback in GCFilter
type GCFilter ¶ added in v0.10.0
type GCFilter struct { // RemoveExpired enables removal of all entries that have expired RemoveExpired bool // Time is the reference timestamp to remove expired entries. If // RemoveExpired is true and lifetime is lesser than Time, the entry is // removed Time uint32 // ValidIPs is the list of valid IPs to scrub all entries for which the // source or destination IP is *not* matching one of the valid IPs. // The key is the IP in string form: net.IP.String() ValidIPs map[string]struct{} // MatchIPs is the list of IPs to remove from the conntrack table MatchIPs map[string]struct{} // EmitCTEntry is called, when non-nil, if filtering by ValidIPs and MatchIPs // passes. It has no impact on CT GC, but can be used to iterate over valid // CT entries. EmitCTEntryCB EmitCTEntryCBFunc }
GCFilter contains the necessary fields to filter the CT maps. Filtering by endpoint requires both EndpointID to be > 0 and EndpointIP to be not nil.
type Map ¶ added in v0.15.7
Map represents an instance of a BPF connection tracking map. It also implements the CtMap interface.
func GlobalMaps ¶ added in v0.15.7
GlobalMaps returns a slice of CT maps that are used globally by all endpoints that are not otherwise configured to use their own local maps. If ipv4 or ipv6 are false, the maps for that protocol will not be returned.
The returned maps are not yet opened.
func LocalMaps ¶ added in v0.15.7
func LocalMaps(e CtEndpoint, ipv4, ipv6 bool) []*Map
LocalMaps returns a slice of CT maps for the endpoint, which are local to the endpoint and not shared with other endpoints. If ipv4 or ipv6 are false, the maps for that protocol will not be returned.
The returned maps are not yet opened.
func (*Map) DumpEntries ¶ added in v0.15.7
DumpEntries iterates through Map m and writes the values of the ct entries in m to a string.