Documentation ¶
Overview ¶
Package eppolicymap represents the map from an endpoint ID to its policy map. This map is of type BPF_MAP_TYPES_HASH_OF_MAPS where as noted above the key is the endpoint ID. It is used to lookup the policy from the socket context where unlike in the L2/L3 context, where the program has a direct lookup of the policy because each program is attached to an endpoint, socket programs run on all sockets regardless of endpoint. +groupName=maps
Index ¶
Constants ¶
const (
// MaxEntries represents the maximum number of endpoints in the map
MaxEntries = 65535
)
Variables ¶
var ( EpPolicyMap = bpf.NewMap(MapName, bpf.MapTypeHashOfMaps, &EndpointKey{}, int(unsafe.Sizeof(EndpointKey{})), &EPPolicyValue{}, int(unsafe.Sizeof(EPPolicyValue{})), MaxEntries, 0, 0, bpf.ConvertKeyValue, ).WithCache() )
var (
MapName = "cilium_ep_to_policy"
)
Functions ¶
func CreateEPPolicyMap ¶
func CreateEPPolicyMap()
CreateEPPolicyMap will create both the innerMap (needed for map in map types) and then after BPFFS is mounted create the epPolicyMap. We only create the innerFd once to avoid having multiple inner maps.
func WriteEndpoint ¶
func WriteEndpoint(keys []*lxcmap.EndpointKey, pm *policymap.PolicyMap) error
WriteEndpoint writes the policy map file descriptor into the map so that the datapath side can do a lookup from EndpointKey->PolicyMap. Locking is handled in the usual way via Map lock. If sockops is disabled this will be a nop.
Types ¶
type EPPolicyValue ¶
type EPPolicyValue struct{ Fd uint32 }
+k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapValue
func (*EPPolicyValue) DeepCopy ¶ added in v1.5.1
func (in *EPPolicyValue) DeepCopy() *EPPolicyValue
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EPPolicyValue.
func (*EPPolicyValue) DeepCopyInto ¶ added in v1.5.1
func (in *EPPolicyValue) DeepCopyInto(out *EPPolicyValue)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EPPolicyValue) DeepCopyMapValue ¶ added in v1.5.1
func (in *EPPolicyValue) DeepCopyMapValue() bpf.MapValue
DeepCopyMapValue is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapValue.
func (EPPolicyValue) GetValuePtr ¶
func (v EPPolicyValue) GetValuePtr() unsafe.Pointer
GetValuePtr returns the unsafe value pointer to the Endpoint Policy fd
func (EPPolicyValue) String ¶
func (v EPPolicyValue) String() string
type EndpointKey ¶
type EndpointKey struct{ bpf.EndpointKey }
+k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapKey
func (*EndpointKey) DeepCopy ¶ added in v1.5.1
func (in *EndpointKey) DeepCopy() *EndpointKey
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointKey.
func (*EndpointKey) DeepCopyInto ¶ added in v1.5.1
func (in *EndpointKey) DeepCopyInto(out *EndpointKey)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*EndpointKey) DeepCopyMapKey ¶ added in v1.5.1
func (in *EndpointKey) DeepCopyMapKey() bpf.MapKey
DeepCopyMapKey is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapKey.
func (EndpointKey) NewValue ¶
func (k EndpointKey) NewValue() bpf.MapValue
NewValue returns a new empty instance of the Endpoint Policy fd