proxy

package
v1.5.9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 8, 2019 License: Apache-2.0 Imports: 42 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// MagicMarkHostMask can be used to fetch the host/proxy-relevant magic
	// bits from a mark.
	MagicMarkHostMask int = 0x0F00
	// MagicMarkProxyMask can be used to fetch the proxy-relevant magic
	// bits from a mark.
	MagicMarkProxyMask int = 0x0E00
	// MagicMarkIsProxy can be used in conjunction with MagicMarkProxyMask
	// to determine whether the mark is indicating that traffic is peering
	// with a proxy.
	MagicMarkIsProxy int = 0x0A00

	// MagicMarkIngress determines that the traffic is sourced from the
	// proxy which is applying Ingress policy
	MagicMarkIngress int = 0x0A00
	// MagicMarkEgress determines that the traffic is sourced from the
	// proxy which is applying Egress policy
	MagicMarkEgress int = 0x0B00
	// MagicMarkHost determines that the traffic is sourced from the local
	// host and not from a proxy.
	MagicMarkHost int = 0x0C00
	// MagicMarkK8sMasq determines that the traffic should be masqueraded
	// by kube-proxy in kubernetes environments.
	MagicMarkK8sMasq int = 0x4000
	// MagicMarkK8sDrop determines that the traffic should be dropped in
	// kubernetes environments.
	MagicMarkK8sDrop int = 0x8000
)

The skb mark is used to transmit both identity and special markers to identify traffic from and to proxies. The mark field is being used in the following way:

1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2

+-------------------------------+-------+-------+---------------+ |L L L L L L L L L L L L L L L L|R R R R|M M M M|U U U U U U U U| +-------------------------------+-------+-------+---------------+

identity                        k8s     mark    identity

Identity (24 bits): +-----------------------------------------------+ |U U U U U U U U|L L L L L L L L L L L L L L L L| +-----------------------------------------------+

1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4

Kubernetes Mark (4 bits): R R R R 0 1 0 0 Masquerade 1 0 0 0 Drop

Cilium Mark (4 bits): M M M M 1 0 1 0 Ingress proxy 1 0 1 1 Egress proxy 1 1 0 0 From host

View Source
const ProxyKeepAlivePeriod = time.Duration(5) * time.Minute

ProxyKeepAlivePeriod is the time used for sending periodic keepalives on proxy connections. Cross-reference with datapath PROXY_DEFAULT_LIFETIME.

Variables

View Source
var (
	// DefaultDNSProxy is the global, shared, DNS Proxy singleton.
	DefaultDNSProxy *dnsproxy.DNSProxy
)
View Source
var (
	// DefaultEndpointInfoRegistry is the default instance implementing the
	// EndpointInfoRegistry interface.
	DefaultEndpointInfoRegistry logger.EndpointInfoRegistry = &defaultEndpointInfoRegistry{}
)

Functions

func ChangeLogLevel added in v1.5.0

func ChangeLogLevel(level logrus.Level)

ChangeLogLevel changes proxy log level to correspond to the logrus log level 'level'.

Types

type Proxy

type Proxy struct {
	*envoy.XDSServer
	// contains filtered or unexported fields
}

Proxy maintains state about redirects

func StartProxySupport added in v1.5.0

func StartProxySupport(minPort uint16, maxPort uint16, stateDir string,
	accessLogFile string, accessLogNotifier logger.LogRecordNotifier, accessLogMetadata []string) *Proxy

StartProxySupport starts the servers to support L7 proxies: xDS GRPC server and access log server.

func (*Proxy) CreateOrUpdateRedirect

func (p *Proxy) CreateOrUpdateRedirect(l4 *policy.L4Filter, id string, localEndpoint logger.EndpointUpdater,
	wg *completion.WaitGroup) (redir *Redirect, err error, finalizeFunc revert.FinalizeFunc, revertFunc revert.RevertFunc)

CreateOrUpdateRedirect creates or updates a L4 redirect with corresponding proxy configuration. This will allocate a proxy port as required and launch a proxy instance. If the redirect is already in place, only the rules will be updated.

func (*Proxy) GetStatusModel added in v1.5.0

func (p *Proxy) GetStatusModel() *models.ProxyStatus

GetStatusModel returns the proxy status as API model

func (*Proxy) RemoveRedirect

func (p *Proxy) RemoveRedirect(id string, wg *completion.WaitGroup) (error, revert.FinalizeFunc, revert.RevertFunc)

RemoveRedirect removes an existing redirect.

func (*Proxy) UpdateRedirectMetrics added in v1.5.0

func (p *Proxy) UpdateRedirectMetrics()

UpdateRedirectMetrics updates the redirect metrics per application protocol in Prometheus. Lock needs to be held to call this function.

type Redirect

type Redirect struct {

	// ProxyPort is the port the redirects redirects to where the proxy is
	// listening on
	ProxyPort uint16
	// contains filtered or unexported fields
}

type RedirectImplementation added in v1.5.0

type RedirectImplementation interface {
	// UpdateRules notifies the proxy implementation that the new rules in
	// parameter l4 are to be applied. The implementation should .Add to the
	// WaitGroup if the update is asynchronous and the update should not return
	// until it is complete.
	// The returned RevertFunc must be non-nil.
	// Note: UpdateRules is not called when a redirect is created.
	UpdateRules(wg *completion.WaitGroup, l4 *policy.L4Filter) (revert.RevertFunc, error)

	// Close closes and cleans up resources associated with the redirect
	// implementation. The implementation should .Add to the WaitGroup if the
	// update is asynchronous and the update should not return until it is
	// complete.
	Close(wg *completion.WaitGroup) (revert.FinalizeFunc, revert.RevertFunc)
}

RedirectImplementation is the generic proxy redirect interface that each proxy redirect type must implement

Directories

Path Synopsis
Package logger provides the accesslog logging logic for all proxies
Package logger provides the accesslog logging logic for all proxies

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL