Documentation
¶
Overview ¶
+groupName=maps
Index ¶
- Constants
- Variables
- type EgressPolicyIterateCallback
- type EgressPolicyIterateCallback6
- type EgressPolicyKey4
- type EgressPolicyKey6
- type EgressPolicyVal4
- type EgressPolicyVal6
- type PolicyConfig
- type PolicyMap4
- func (m *PolicyMap4) Delete(sourceIP netip.Addr, destCIDR netip.Prefix) error
- func (m *PolicyMap4) IterateWithCallback(cb EgressPolicyIterateCallback) error
- func (m *PolicyMap4) Lookup(sourceIP netip.Addr, destCIDR netip.Prefix) (*EgressPolicyVal4, error)
- func (m *PolicyMap4) Update(sourceIP netip.Addr, destCIDR netip.Prefix, egressIP, gatewayIP netip.Addr) error
- type PolicyMap6
- func (m *PolicyMap6) Delete(sourceIP netip.Addr, destCIDR netip.Prefix) error
- func (m *PolicyMap6) IterateWithCallback(cb EgressPolicyIterateCallback6) error
- func (m *PolicyMap6) Lookup(sourceIP netip.Addr, destCIDR netip.Prefix) (*EgressPolicyVal6, error)
- func (m *PolicyMap6) Update(sourceIP netip.Addr, destCIDR netip.Prefix, egressIP, gatewayIP netip.Addr) error
Constants ¶
const ( PolicyMapName4 = "cilium_egress_gw_policy_v4" PolicyMapName6 = "cilium_egress_gw_policy_v6" // PolicyStaticPrefixBits4 represents the size in bits of the static // prefix part of an egress policy key (i.e. the source IP). PolicyStaticPrefixBits4 = uint32(unsafe.Sizeof(types.IPv4{}) * 8) PolicyStaticPrefixBits6 = uint32(unsafe.Sizeof(types.IPv6{}) * 8) )
Variables ¶
var Cell = cell.Module( "egressmaps", "Egressmaps provide access to the egress gateway datapath maps", cell.Config(DefaultPolicyConfig), cell.Provide(createPolicyMapFromDaemonConfig), )
var DefaultPolicyConfig = PolicyConfig{
EgressGatewayPolicyMapMax: 1 << 14,
}
Functions ¶
This section is empty.
Types ¶
type EgressPolicyIterateCallback ¶
type EgressPolicyIterateCallback func(*EgressPolicyKey4, *EgressPolicyVal4)
EgressPolicyIterateCallback represents the signature of the callback function expected by the IterateWithCallback method, which in turn is used to iterate all the keys/values of an egress policy map.
type EgressPolicyIterateCallback6 ¶ added in v1.18.0
type EgressPolicyIterateCallback6 func(*EgressPolicyKey6, *EgressPolicyVal6)
EgressPolicyIterateCallback6 represents the signature of the callback function expected by the IterateWithCallback method, which in turn is used to iterate all the keys/values of an egress policy map.
type EgressPolicyKey4 ¶
type EgressPolicyKey4 struct {
// PrefixLen is full 32 bits of SourceIP + DestCIDR's mask bits
PrefixLen uint32 `align:"lpm_key"`
SourceIP types.IPv4 `align:"saddr"`
DestCIDR types.IPv4 `align:"daddr"`
}
EgressPolicyKey4 is the key of an egress policy map.
func NewEgressPolicyKey4 ¶
func NewEgressPolicyKey4(sourceIP netip.Addr, destPrefix netip.Prefix) EgressPolicyKey4
NewEgressPolicyKey4 returns a new EgressPolicyKey4 object representing the (source IP, destination CIDR) tuple.
func (*EgressPolicyKey4) GetDestCIDR ¶
func (k *EgressPolicyKey4) GetDestCIDR() netip.Prefix
GetDestCIDR returns the egress policy key's destination CIDR.
func (*EgressPolicyKey4) GetSourceIP ¶
func (k *EgressPolicyKey4) GetSourceIP() netip.Addr
GetSourceIP returns the egress policy key's source IP.
func (*EgressPolicyKey4) Match ¶
Match returns true if the sourceIP and destCIDR parameters match the egress policy key.
func (*EgressPolicyKey4) New ¶ added in v1.16.0
func (k *EgressPolicyKey4) New() bpf.MapKey
New returns an egress policy key
func (*EgressPolicyKey4) String ¶ added in v1.16.0
func (k *EgressPolicyKey4) String() string
String returns the string representation of an egress policy key.
type EgressPolicyKey6 ¶ added in v1.18.0
type EgressPolicyKey6 struct {
// PrefixLen is full 32 bits of SourceIP + DestCIDR's mask bits
PrefixLen uint32 `align:"lpm_key"`
SourceIP types.IPv6 `align:"saddr"`
DestCIDR types.IPv6 `align:"daddr"`
}
EgressPolicyKey6 is the key of an egress policy map.
func NewEgressPolicyKey6 ¶ added in v1.18.0
func NewEgressPolicyKey6(sourceIP netip.Addr, destPrefix netip.Prefix) EgressPolicyKey6
NewEgressPolicyKey6 returns a new EgressPolicyKey6 object representing the (source IP, destination CIDR) tuple.
func (*EgressPolicyKey6) GetDestCIDR ¶ added in v1.18.0
func (k *EgressPolicyKey6) GetDestCIDR() netip.Prefix
GetDestCIDR returns the egress policy key's destination CIDR.
func (*EgressPolicyKey6) GetSourceIP ¶ added in v1.18.0
func (k *EgressPolicyKey6) GetSourceIP() netip.Addr
GetSourceIP returns the egress policy key's source IP.
func (*EgressPolicyKey6) Match ¶ added in v1.18.0
Match returns true if the sourceIP and destCIDR parameters match the egress policy key.
func (*EgressPolicyKey6) New ¶ added in v1.18.0
func (k *EgressPolicyKey6) New() bpf.MapKey
New returns an egress policy key
func (*EgressPolicyKey6) String ¶ added in v1.18.0
func (k *EgressPolicyKey6) String() string
String returns the string representation of an egress policy key.
type EgressPolicyVal4 ¶
type EgressPolicyVal4 struct {
EgressIP types.IPv4 `align:"egress_ip"`
GatewayIP types.IPv4 `align:"gateway_ip"`
}
EgressPolicyVal4 is the value of an egress policy map.
func NewEgressPolicyVal4 ¶
func NewEgressPolicyVal4(egressIP, gatewayIP netip.Addr) EgressPolicyVal4
NewEgressPolicyVal4 returns a new EgressPolicyVal4 object representing for the given egress IP and gateway IPs
func (*EgressPolicyVal4) GetEgressAddr ¶ added in v1.15.0
func (v *EgressPolicyVal4) GetEgressAddr() netip.Addr
GetEgressIP returns the egress policy value's egress IP.
func (*EgressPolicyVal4) GetGatewayAddr ¶ added in v1.15.0
func (v *EgressPolicyVal4) GetGatewayAddr() netip.Addr
GetGatewayIP returns the egress policy value's gateway IP.
func (*EgressPolicyVal4) Match ¶
func (v *EgressPolicyVal4) Match(egressIP, gatewayIP netip.Addr) bool
Match returns true if the egressIP and gatewayIP parameters match the egress policy value.
func (*EgressPolicyVal4) New ¶ added in v1.16.0
func (v *EgressPolicyVal4) New() bpf.MapValue
New returns an egress policy value
func (*EgressPolicyVal4) String ¶
func (v *EgressPolicyVal4) String() string
String returns the string representation of an egress policy value.
type EgressPolicyVal6 ¶ added in v1.18.0
type EgressPolicyVal6 struct {
EgressIP types.IPv6 `align:"egress_ip"`
GatewayIP types.IPv4 `align:"gateway_ip"`
Reserved [3]uint32 `align:"reserved"`
EgressIfindex uint32 `align:"egress_ifindex"`
Reserved2 uint32 `align:"reserved2"`
}
EgressPolicyVal6 is the value of an egress policy map.
func NewEgressPolicyVal6 ¶ added in v1.18.0
func NewEgressPolicyVal6(egressIP, gatewayIP netip.Addr) EgressPolicyVal6
NewEgressPolicyVal6 returns a new EgressPolicyVal6 object representing for the given egress IP and gateway IPs
func (*EgressPolicyVal6) GetEgressAddr ¶ added in v1.18.0
func (v *EgressPolicyVal6) GetEgressAddr() netip.Addr
GetEgressIP returns the egress policy value's egress IP.
func (*EgressPolicyVal6) GetGatewayAddr ¶ added in v1.18.0
func (v *EgressPolicyVal6) GetGatewayAddr() netip.Addr
GetGatewayIP returns the egress policy value's gateway IP.
func (*EgressPolicyVal6) Match ¶ added in v1.18.0
func (v *EgressPolicyVal6) Match(egressIP, gatewayIP netip.Addr) bool
Match returns true if the egressIP and gatewayIP parameters match the egress policy value.
func (*EgressPolicyVal6) New ¶ added in v1.18.0
func (v *EgressPolicyVal6) New() bpf.MapValue
New returns an egress policy value
func (*EgressPolicyVal6) String ¶ added in v1.18.0
func (v *EgressPolicyVal6) String() string
String returns the string representation of an egress policy value.
type PolicyConfig ¶
type PolicyConfig struct {
// EgressGatewayPolicyMapMax is the maximum number of entries
// allowed in the BPF egress gateway policy map.
EgressGatewayPolicyMapMax int
}
func (PolicyConfig) Flags ¶
func (def PolicyConfig) Flags(flags *pflag.FlagSet)
type PolicyMap4 ¶ added in v1.18.0
type PolicyMap4 policyMap
PolicyMap4 is used to communicate ipv4 EGW policies to the datapath.
func CreatePrivatePolicyMap4 ¶ added in v1.18.0
func CreatePrivatePolicyMap4(lc cell.Lifecycle, registry *metrics.Registry, cfg PolicyConfig) *PolicyMap4
CreatePrivatePolicyMap4 creates an unpinned IPv4 policy map.
Useful for testing.
func OpenPinnedPolicyMap4 ¶ added in v1.18.0
func OpenPinnedPolicyMap4(logger *slog.Logger) (*PolicyMap4, error)
OpenPinnedPolicyMap4 opens an existing pinned IPv4 policy map.
func (*PolicyMap4) Delete ¶ added in v1.18.0
Delete deletes the (sourceIP, destCIDR) egress policy entry.
func (*PolicyMap4) IterateWithCallback ¶ added in v1.18.0
func (m *PolicyMap4) IterateWithCallback(cb EgressPolicyIterateCallback) error
IterateWithCallback iterates through all the keys/values of an egress policy map, passing each key/value pair to the cb callback.
func (*PolicyMap4) Lookup ¶ added in v1.18.0
func (m *PolicyMap4) Lookup(sourceIP netip.Addr, destCIDR netip.Prefix) (*EgressPolicyVal4, error)
Lookup returns the egress policy object associated with the provided (source IP, destination CIDR) tuple.
type PolicyMap6 ¶ added in v1.18.0
type PolicyMap6 policyMap
PolicyMap6 is used to communicate ipv6 EGW policies to the datapath.
func CreatePrivatePolicyMap6 ¶ added in v1.18.0
func CreatePrivatePolicyMap6(lc cell.Lifecycle, registry *metrics.Registry, cfg PolicyConfig) *PolicyMap6
CreatePrivatePolicyMap6 creates an unpinned IPv6 policy map.
Useful for testing.
func OpenPinnedPolicyMap6 ¶ added in v1.18.0
func OpenPinnedPolicyMap6(logger *slog.Logger) (*PolicyMap6, error)
OpenPinnedPolicyMap6 opens an existing pinned IPv6 policy map.
func (*PolicyMap6) Delete ¶ added in v1.18.0
Delete deletes the (sourceIP, destCIDR) egress policy entry.
func (*PolicyMap6) IterateWithCallback ¶ added in v1.18.0
func (m *PolicyMap6) IterateWithCallback(cb EgressPolicyIterateCallback6) error
IterateWithCallback iterates through all the keys/values of an egress policy map, passing each key/value pair to the cb callback.
func (*PolicyMap6) Lookup ¶ added in v1.18.0
func (m *PolicyMap6) Lookup(sourceIP netip.Addr, destCIDR netip.Prefix) (*EgressPolicyVal6, error)
Lookup returns the egress policy object associated with the provided (source IP, destination CIDR) tuple.
Source Files