api

package
v1.19.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2026 License: Apache-2.0 Imports: 15 Imported by: 98

Documentation

Index

Constants

View Source 
const (
	// 0-128 are reserved for BPF datapath events
	MessageTypeUnspec = iota

	// MessageTypeDrop is a BPF datapath notification carrying a DropNotify
	// which corresponds to drop_notify defined in bpf/lib/drop.h
	MessageTypeDrop

	// MessageTypeDebug is a BPF datapath notification carrying a DebugMsg
	// which corresponds to debug_msg defined in bpf/lib/dbg.h
	MessageTypeDebug

	// MessageTypeCapture is a BPF datapath notification carrying a DebugCapture
	// which corresponds to debug_capture_msg defined in bpf/lib/dbg.h
	MessageTypeCapture

	// MessageTypeTrace is a BPF datapath notification carrying a TraceNotify
	// which corresponds to trace_notify defined in bpf/lib/trace.h
	MessageTypeTrace

	// MessageTypePolicyVerdict is a BPF datapath notification carrying a PolicyVerdictNotify
	// which corresponds to policy_verdict_notify defined in bpf/lib/policy_log.h
	MessageTypePolicyVerdict

	// MessageTypeTraceSock is a BPF datapath notification carrying a TraceNotifySock
	// which corresponds to trace_sock_notify defined in bpf/lib/trace_sock.h
	MessageTypeTraceSock = 7

	// MessageTypeAccessLog contains a pkg/proxy/accesslog.LogRecord
	MessageTypeAccessLog = 129

	// MessageTypeAgent is an agent notification carrying a AgentNotify
	MessageTypeAgent = 130
)

Must be synchronized with <bpf/lib/common.h>

View Source 
const (
	MessageTypeNameDrop          = "drop"
	MessageTypeNameDebug         = "debug"
	MessageTypeNameCapture       = "capture"
	MessageTypeNameTrace         = "trace"
	MessageTypeNameL7            = "l7"
	MessageTypeNameAgent         = "agent"
	MessageTypeNamePolicyVerdict = "policy-verdict"
	MessageTypeNameTraceSock     = "trace-sock"
)
View Source 
const (
	TraceToLxc = iota
	TraceToProxy
	TraceToHost
	TraceToStack
	TraceToOverlay
	TraceFromLxc
	TraceFromProxy
	TraceFromHost
	TraceFromStack
	TraceFromOverlay
	TraceFromNetwork
	TraceToNetwork
	TraceFromCrypto
	TraceToCrypto
)

Must be synchronized with <bpf/lib/trace.h>

View Source 
const (
	// PolicyIngress is the value of Flags&PolicyNotifyFlagDirection for ingress traffic
	PolicyIngress = 1

	// PolicyEgress is the value of Flags&PolicyNotifyFlagDirection for egress traffic
	PolicyEgress = 2

	// PolicyMatchNone is the value of MatchType indicatating no policy match
	PolicyMatchNone = 0

	// PolicyMatchL3Only is the value of MatchType indicating a L3-only match
	PolicyMatchL3Only = 1

	// PolicyMatchL3L4 is the value of MatchType indicating a L3+L4 match
	PolicyMatchL3L4 = 2

	// PolicyMatchL4Only is the value of MatchType indicating a L4-only match
	PolicyMatchL4Only = 3

	// PolicyMatchAll is the value of MatchType indicating an allow-all match
	PolicyMatchAll = 4

	// PolicyMatchL3Proto is the value of MatchType indicating a L3 and protocol match
	PolicyMatchL3Proto = 5

	// PolicyMatchProtoOnly is the value of MatchType indicating only a protocol match
	PolicyMatchProtoOnly = 6
)

Variables

View Source 
var AgentNotifications = map[AgentNotification]string{
	AgentNotifyUnspec:                    "unspecified",
	AgentNotifyGeneric:                   "Message",
	AgentNotifyStart:                     "Cilium agent started",
	AgentNotifyEndpointRegenerateSuccess: "Endpoint regenerated",
	AgentNotifyEndpointCreated:           "Endpoint created",
	AgentNotifyEndpointDeleted:           "Endpoint deleted",
	AgentNotifyEndpointRegenerateFail:    "Failed endpoint regeneration",
	AgentNotifyIPCacheDeleted:            "IPCache entry deleted",
	AgentNotifyIPCacheUpserted:           "IPCache entry upserted",
	AgentNotifyPolicyUpdated:             "Policy updated",
	AgentNotifyPolicyDeleted:             "Policy deleted",
}

AgentNotifications is a map of all supported agent notification types.

View Source 
var DropInvalid uint8 = 2

DropInvalid is the Invalid packet reason.

View Source 
var DropMin uint8 = 130

DropMin numbers less than this are non-drop reason codes

View Source 
var (
	// MessageTypeNames is a map of all type names
	MessageTypeNames = map[string]int{
		MessageTypeNameDrop:          MessageTypeDrop,
		MessageTypeNameDebug:         MessageTypeDebug,
		MessageTypeNameCapture:       MessageTypeCapture,
		MessageTypeNameTrace:         MessageTypeTrace,
		MessageTypeNameL7:            MessageTypeAccessLog,
		MessageTypeNameAgent:         MessageTypeAgent,
		MessageTypeNamePolicyVerdict: MessageTypePolicyVerdict,
		MessageTypeNameTraceSock:     MessageTypeTraceSock,
	}
)
View Source 
var TraceObservationPoints = map[uint8]string{
	TraceToLxc:       "to-endpoint",
	TraceToProxy:     "to-proxy",
	TraceToHost:      "to-host",
	TraceToStack:     "to-stack",
	TraceToOverlay:   "to-overlay",
	TraceToNetwork:   "to-network",
	TraceToCrypto:    "to-crypto",
	TraceFromLxc:     "from-endpoint",
	TraceFromProxy:   "from-proxy",
	TraceFromHost:    "from-host",
	TraceFromStack:   "from-stack",
	TraceFromOverlay: "from-overlay",
	TraceFromNetwork: "from-network",
	TraceFromCrypto:  "from-crypto",
}

TraceObservationPoints is a map of all supported trace observation points

Functions

func AllMessageTypeNames 

func AllMessageTypeNames() []string

AllMessageTypeNames returns a slice of MessageTypeNames

func BPFFileName added in v1.16.0 

func BPFFileName(id uint8) string

BPFFileName returns the file name for the given BPF file id.

func DropReason 

func DropReason(reason uint8) string

DropReason prints the drop reason in a human readable string

func DropReasonExt 

func DropReasonExt(reason uint8, extError int8) string

func MessageTypeName 

func MessageTypeName(typ int) string

MessageTypeName returns the name for a message type or the numeric value if the name can't be found

func TraceObservationPoint 

func TraceObservationPoint(obsPoint uint8) string

TraceObservationPoint returns the name of a trace observation point

Types

type AgentNotification 

type AgentNotification uint32

AgentNotification specifies the type of agent notification 

const (
	AgentNotifyUnspec AgentNotification = iota
	AgentNotifyGeneric
	AgentNotifyStart
	AgentNotifyEndpointRegenerateSuccess
	AgentNotifyEndpointRegenerateFail
	AgentNotifyPolicyUpdated
	AgentNotifyPolicyDeleted
	AgentNotifyEndpointCreated
	AgentNotifyEndpointDeleted
	AgentNotifyIPCacheUpserted
	AgentNotifyIPCacheDeleted
)

type AgentNotify 

type AgentNotify struct {
	Type AgentNotification
	Text string
}

AgentNotify is a notification from the agent. The notification is stored in its JSON-encoded representation

func (*AgentNotify) Decode added in v1.19.0 

func (a *AgentNotify) Decode(data []byte) error

Decode decodes the message in 'data' into the struct.

func (*AgentNotify) Dump added in v1.19.0 

func (n *AgentNotify) Dump(args *DumpArgs)

Dump prints the message according to the verbosity level specified

func (*AgentNotify) GetDst added in v1.19.0 

func (n *AgentNotify) GetDst() (dst uint16)

GetDst retrieves the destination endpoint for the message.

func (*AgentNotify) GetSrc added in v1.19.0 

func (n *AgentNotify) GetSrc() (src uint16)

GetSrc retrieves the source endpoint for the message

type AgentNotifyMessage 

type AgentNotifyMessage struct {
	Type         AgentNotification
	Notification any
}

AgentNotifyMessage is a notification from the agent. It is similar to AgentNotify, but the notification is an unencoded struct. See the *Message constructors in this package for possible values.

func EndpointCreateMessage 

func EndpointCreateMessage(e notifications.RegenNotificationInfo) AgentNotifyMessage

EndpointCreateMessage constructs an agent notification message for endpoint creation

func EndpointDeleteMessage 

func EndpointDeleteMessage(e notifications.RegenNotificationInfo) AgentNotifyMessage

EndpointDeleteMessage constructs an agent notification message for endpoint deletion

func EndpointRegenMessage 

func EndpointRegenMessage(e notifications.RegenNotificationInfo, err error) AgentNotifyMessage

EndpointRegenMessage constructs an agent notification message for endpoint regeneration

func IPCacheDeletedMessage 

func IPCacheDeletedMessage(cidr string, id uint32, oldID *uint32, hostIP net.IP, oldHostIP net.IP,
	encryptKey uint8, namespace, podName string) AgentNotifyMessage

IPCacheDeletedMessage constructs an agent notification message for ipcache deletions

func IPCacheUpsertedMessage 

func IPCacheUpsertedMessage(cidr string, id uint32, oldID *uint32, hostIP net.IP, oldHostIP net.IP,
	encryptKey uint8, namespace, podName string) AgentNotifyMessage

IPCacheUpsertedMessage constructs an agent notification message for ipcache upsertions

func PolicyDeleteMessage 

func PolicyDeleteMessage(deleted int, labels []string, revision uint64) AgentNotifyMessage

PolicyDeleteMessage constructs an agent notification message for policy deletion

func PolicyUpdateMessage 

func PolicyUpdateMessage(numRules int, labels []string, revision uint64) AgentNotifyMessage

PolicyUpdateMessage constructs an agent notification message for policy updates

func StartMessage 

func StartMessage(t time.Time) AgentNotifyMessage

StartMessage constructs an agent notification message when the agent starts

func (*AgentNotifyMessage) ToJSON 

func (m *AgentNotifyMessage) ToJSON() (AgentNotify, error)

ToJSON encodes a AgentNotifyMessage to its JSON-based AgentNotify representation

type DefaultDecoder added in v1.19.0 

type DefaultDecoder struct{}

DefaultDecoder is a default implementation of the Decode method

func (*DefaultDecoder) Decode added in v1.19.0 

func (d *DefaultDecoder) Decode(data []byte) error

Decode decodes the message in 'data' into the struct.

type DefaultSrcDstGetter added in v1.19.0 

type DefaultSrcDstGetter struct{}

DefaultSrcDstGetter is a default implementation of the GetSrc and GetDst methods

func (*DefaultSrcDstGetter) GetDst added in v1.19.0 

func (d *DefaultSrcDstGetter) GetDst() (dst uint16)

GetDst retrieves the destination endpoint for the message.

func (*DefaultSrcDstGetter) GetSrc added in v1.19.0 

func (d *DefaultSrcDstGetter) GetSrc() (src uint16)

GetSrc retrieves the source endpoint for the message

type DisplayFormat added in v1.19.0 

type DisplayFormat bool

DisplayFormat is used to determine how to display the endpoint 

const (
	// DisplayLabel is used to display the endpoint as a label
	DisplayLabel DisplayFormat = false
	// DisplayHex is used to display the endpoint as a number
	DisplayNumeric DisplayFormat = true
)

type DumpArgs added in v1.19.0 

type DumpArgs struct {
	Data        []byte
	CpuPrefix   string
	Format      DisplayFormat
	LinkMonitor getters.LinkGetter
	Dissect     bool
	Verbosity   Verbosity
	Buf         *bufio.Writer
}

DumpArgs is used to pass arguments to the Dump method

type EndpointNotification 

type EndpointNotification struct {
	EndpointRegenNotification
	PodName   string `json:"pod-name,omitempty"`
	Namespace string `json:"namespace,omitempty"`
}

EndpointNotification structures the endpoint create or delete notification

type EndpointRegenNotification 

type EndpointRegenNotification struct {
	ID     uint64   `json:"id,omitempty"`
	Labels []string `json:"labels,omitempty"`
	Error  string   `json:"error,omitempty"`
}

EndpointRegenNotification structures regeneration notification

type IPCacheNotification 

type IPCacheNotification struct {
	CIDR        string  `json:"cidr"`
	Identity    uint32  `json:"id"`
	OldIdentity *uint32 `json:"old-id,omitempty"`

	HostIP    net.IP `json:"host-ip,omitempty"`
	OldHostIP net.IP `json:"old-host-ip,omitempty"`

	EncryptKey uint8  `json:"encrypt-key"`
	Namespace  string `json:"namespace,omitempty"`
	PodName    string `json:"pod-name,omitempty"`
}

IPCacheNotification structures ipcache change notifications

type MessageTypeFilter 

type MessageTypeFilter []int

func (*MessageTypeFilter) Contains 

func (m *MessageTypeFilter) Contains(typ int) bool

func (*MessageTypeFilter) Set 

func (m *MessageTypeFilter) Set(value string) error

func (*MessageTypeFilter) String 

func (m *MessageTypeFilter) String() string

func (*MessageTypeFilter) Type 

func (m *MessageTypeFilter) Type() string

type MonitorEvent added in v1.19.0 

type MonitorEvent interface {
	// Decode decodes the message in 'data' into the struct.
	Decode(data []byte) error
	// GetSrc retrieves the source endpoint for the message
	GetSrc() (src uint16)
	// GetDst retrieves the destination endpoint for the message.
	GetDst() (dst uint16)
	// Dump prints the message according to the verbosity level specified
	Dump(args *DumpArgs)
}

MonitorEvent is the interface that all monitor events must implement to be dumped

type PolicyMatchType 

type PolicyMatchType int

func (PolicyMatchType) String 

func (m PolicyMatchType) String() string

type PolicyUpdateNotification 

type PolicyUpdateNotification struct {
	Labels    []string `json:"labels,omitempty"`
	Revision  uint64   `json:"revision,omitempty"`
	RuleCount int      `json:"rule_count"`
}

PolicyUpdateNotification structures update notification

type TimeNotification 

type TimeNotification struct {
	Time string `json:"time"`
}

TimeNotification structures agent start notification

type Verbosity added in v1.19.0 

type Verbosity uint8

Verbosity levels for formatting output. 

const (
	// INFO is the level of verbosity in which summaries of Drop and Capture
	// messages are printed out when the monitor is invoked
	INFO Verbosity = iota + 1
	// DEBUG is the level of verbosity in which more information about packets
	// is printed than in INFO mode. Debug, Drop, and Capture messages are printed.
	DEBUG
	// VERBOSE is the level of verbosity in which the most information possible
	// about packets is printed out. Currently is not utilized.
	VERBOSE
	// JSON is the level of verbosity in which event information is printed out in json format
	JSON
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.