Documentation
¶
Index ¶
- Constants
- Variables
- func RemoteSNATDstAddrExclusionCIDRv4(localNode node.LocalNode) *cidr.CIDR
- func RemoteSNATDstAddrExclusionCIDRv6(localNode node.LocalNode) *cidr.CIDR
- type AuthInfo
- type AuthKey
- type BandwidthConfig
- type BandwidthManager
- type Be32
- type BigTCPConfig
- type BigTCPConfiguration
- type BigTCPUserConfig
- type CTEntry
- type CompilationLock
- type CompileTimeConfiguration
- type ConfigWriter
- type ConnectorConfig
- type ConnectorMode
- type DebugCaptureMsg
- type DebugMsg
- type DeviceConfiguration
- type DeviceState
- type DropNotify
- type EDTID
- type EDTInfo
- type EgressGWPolicyEntry
- type EgressGWPolicyEntry6
- type EgressGWPolicyKey
- type EgressGWPolicyKey6
- type EncryptConfig
- type Endpoint
- type EndpointConfiguration
- type EndpointInfo
- type EndpointKey
- type IPCacheKey
- type IPSecDir
- type IPSecParameters
- type IPsecAgent
- type IPsecConfig
- type IPv4CTTuple
- type IPv4FragID
- type IPv4FragL4ports
- type IPv4NATEntry
- type IPv4RevNATEntry
- type IPv4RevNATTuple
- type IPv6CTTuple
- type IPv6FragID
- type IPv6FragL4ports
- type IPv6NATEntry
- type IPv6RevNATEntry
- type IPv6RevNATTuple
- type IptablesManager
- type L2ResponderStats
- type L2ResponderV4Key
- type L2ResponderV6Key
- type LB4AffinityKey
- type LB4Backend
- type LB4Health
- type LB4Key
- type LB4ReverseNAT
- type LB4Service
- type LB4SrcRangeKey
- type LB6AffinityKey
- type LB6Backend
- type LB6Health
- type LB6Key
- type LB6ReverseNAT
- type LB6Service
- type LB6SrcRangeKey
- type LBACTKey
- type LBACTValue
- type LBAffinityMatch
- type LBAffinityVal
- type LPMV4Key
- type LPMV6Key
- type LPMVal
- type LinkConfig
- type LinkPair
- type LoadTimeConfiguration
- type Loader
- type LocalNodeConfiguration
- type MACAddr
- type MTUConfiguration
- type McastGroupV4
- type McastSubscriberV4
- type MetricsKey
- type MetricsValue
- type NodeAddressing
- type NodeAddressingFamily
- type NodeConfigChangeHandler
- type NodeHandler
- type NodeIDHandler
- type NodeKey
- type NodeValue
- type Orchestrator
- type PolicyEntry
- type PolicyKey
- type PolicyStatsKey
- type PolicyStatsValue
- type PolicyVerdictNotify
- type PreFilter
- type Proxy
- type RatelimitKey
- type RatelimitMetricsKey
- type RatelimitMetricsValue
- type RatelimitValue
- type RemoteEndpointInfo
- type SRv6PolicyKey4
- type SRv6PolicyKey6
- type SRv6VRFKey4
- type SRv6VRFKey6
- type SkipLB4Key
- type SkipLB6Key
- type SockCookie
- type SubnetKey
- type SubnetValue
- type TraceNotify
- type TraceSockNotify
- type U8
- type U16
- type U32
- type U64
- type V4Addr
- type V6Addr
- type VTEPKey
- type VTEPValue
Constants ¶
View Source
const ( EnableBandwidthManagerFlag = "enable-bandwidth-manager" EnableBBRFlag = "enable-bbr" EnableBBRHostnsOnlyFlag = "enable-bbr-hostns-only" )
View Source
const ( EnableIPv4BIGTCPFlag = "enable-ipv4-big-tcp" EnableIPv6BIGTCPFlag = "enable-ipv6-big-tcp" // Corresponds to the value of GRO_LEGACY_MAX_SIZE and GSO_LEGACY_MAX_SIZE in // the kernel. This is the maximum aggregation size of a packet pre BIG TCP. GROGSOLegacyMaxSize = 65536 )
View Source
const ( ConnectorModeUnspec = ConnectorMode("") ConnectorModeAuto = ConnectorMode(option.DatapathModeAuto) ConnectorModeVeth = ConnectorMode(option.DatapathModeVeth) ConnectorModeNetkit = ConnectorMode(option.DatapathModeNetkit) ConnectorModeNetkitL2 = ConnectorMode(option.DatapathModeNetkitL2) )
View Source
const ( // EnableIPSec is the name of the option which enables the IPsec feature. EnableIPSec = "enable-ipsec" // Duration of the IPsec key rotation. After that time, we will clean the // previous IPsec key from the node. IPsecKeyRotationDuration = "ipsec-key-rotation-duration" // Enable watcher for IPsec key. If disabled, a restart of the agent will // be necessary on key rotations. EnableIPsecKeyWatcher = "enable-ipsec-key-watcher" // Enable caching for XfrmState for IPSec. Significantly reduces CPU usage // in large clusters. EnableIPSecXfrmStateCaching = "enable-ipsec-xfrm-state-caching" // IPSecKeyFile is the name of the option for ipsec key file IPSecKeyFile = "ipsec-key-file" // EnableIPSecEncryptedOverlay is the name of the option which enables // the EncryptedOverlay feature. // // This feature will encrypt overlay traffic before it leaves the cluster. EnableIPSecEncryptedOverlay = "enable-ipsec-encrypted-overlay" // Use the CiliumInternalIPs (vs. NodeInternalIPs) for IPsec encapsulation. UseCiliumInternalIPForIPsec = "use-cilium-internal-ip-for-ipsec" // DNSProxyInsecureSkipTransparentModeCheck is a hidden flag that allows users // to disable transparent mode even if IPSec is enabled DNSProxyInsecureSkipTransparentModeCheck = "dnsproxy-insecure-skip-transparent-mode-check" )
Variables ¶
View Source
var DefaultBandwidthConfig = BandwidthConfig{ EnableBandwidthManager: false, EnableBBR: false, EnableBBRHostnsOnly: false, }
Functions ¶
func RemoteSNATDstAddrExclusionCIDRv4 ¶
RemoteSNATDstAddrExclusionCIDRv4 returns a CIDR for SNAT exclusion. Any packet sent from a local endpoint to an IP address belonging to the CIDR should not be SNAT'd.
Types ¶
type AuthInfo ¶
type AuthInfo struct {
Expiration uint64
// contains filtered or unexported fields
}
AuthInfo is generated from the BPF C type auth_info.
type AuthKey ¶
type AuthKey struct {
LocalSecLabel uint32
RemoteSecLabel uint32
RemoteNodeID uint16
AuthType uint8
Pad uint8
// contains filtered or unexported fields
}
AuthKey is generated from the BPF C type auth_key.
type BandwidthConfig ¶ added in v1.16.0
type BandwidthConfig struct {
// EnableBandwidthManager enables EDT-based pacing
EnableBandwidthManager bool
// EnableBBR enables BBR TCP congestion control for the node including Pods
EnableBBR bool
// EnableBBRHostnsOnly enables BBR TCP congestion control for the node excluding Pods
EnableBBRHostnsOnly bool
}
func (BandwidthConfig) Flags ¶ added in v1.16.0
func (def BandwidthConfig) Flags(flags *pflag.FlagSet)
type BandwidthManager ¶ added in v1.15.8
type BandwidthManager interface {
BBREnabled() bool
Enabled() bool
UpdateBandwidthLimit(endpointID uint16, bytesPerSecond uint64, prio uint32)
DeleteBandwidthLimit(endpointID uint16)
UpdateIngressBandwidthLimit(endpointID uint16, bytesPerSecond uint64)
DeleteIngressBandwidthLimit(endpointID uint16)
}
type BigTCPConfig ¶ added in v1.14.19
type BigTCPConfiguration ¶ added in v1.19.0
type BigTCPUserConfig ¶ added in v1.14.19
type BigTCPUserConfig struct {
// EnableIPv6BIGTCP enables IPv6 BIG TCP (larger GSO/GRO limits) for the node including pods.
EnableIPv6BIGTCP bool
// EnableIPv4BIGTCP enables IPv4 BIG TCP (larger GSO/GRO limits) for the node including pods.
EnableIPv4BIGTCP bool
}
BigTCPUserConfig are the configuration flags that the user can modify.
func (BigTCPUserConfig) Flags ¶ added in v1.15.13
func (def BigTCPUserConfig) Flags(flags *pflag.FlagSet)
func (BigTCPUserConfig) IsIPv4Enabled ¶ added in v1.14.19
func (def BigTCPUserConfig) IsIPv4Enabled() bool
func (BigTCPUserConfig) IsIPv6Enabled ¶ added in v1.14.19
func (def BigTCPUserConfig) IsIPv6Enabled() bool
type CTEntry ¶
type CTEntry struct {
NATAddr struct {
Addr [16]uint8
// contains filtered or unexported fields
}
Packets uint64
Bytes uint64
Lifetime uint32
RevNATIndex uint16
NATPort uint16
TxFlagsSeen uint8
RxFlagsSeen uint8
SrcSecID uint32
LastTxReport uint32
LastRxReport uint32
// contains filtered or unexported fields
}
CTEntry is generated from the BPF C type ct_entry.
type CompilationLock ¶ added in v1.16.0
type CompilationLock interface {
Lock()
Unlock()
RLock()
RUnlock()
}
CompilationLock is a interface over a mutex, it is used by both the loader, daemon and endpoint manager to lock the compilation process. This is a bit of a layer violation since certain methods on the loader such as CompileAndLoad and CompileOrLoad expect the lock to be taken before being called.
Once we have moved header file generation from the endpoint manager into the loader, we can remove this interface and have the loader manage the lock internally.
type CompileTimeConfiguration ¶
type CompileTimeConfiguration interface {
DeviceConfiguration
// RequireEgressProg returns true if the endpoint requires an egress
// program attached to the InterfaceName() invoking the section
// "to-container"
RequireEgressProg() bool
// RequireRouting returns true if the endpoint requires BPF routing to
// be enabled, when disabled, routing is delegated to Linux routing
RequireRouting() bool
// RequireEndpointRoute returns true if the endpoint wishes to have a
// per endpoint route installed in the host's routing table to point to
// the endpoint's interface
RequireEndpointRoute() bool
// IsHost returns true if the endpoint is the host endpoint.
IsHost() bool
}
CompileTimeConfiguration provides datapath implementations a clean interface to access endpoint-specific configuration that can only be changed at compile time.
type ConfigWriter ¶
type ConfigWriter interface {
// WriteNodeConfig writes the implementation-specific configuration of
// node-wide options into the specified writer.
WriteNodeConfig(io.Writer, *LocalNodeConfiguration) error
// WriteNetdevConfig writes the implementation-specific configuration
// of configurable options to the specified writer. Options specified
// here will apply to base programs and not to endpoints, though
// endpoints may have equivalent configurable options.
WriteNetdevConfig(io.Writer, *option.IntOptions) error
// WriteTemplateConfig writes the implementation-specific configuration
// of configurable options for BPF templates to the specified writer.
WriteTemplateConfig(w io.Writer, nodeCfg *LocalNodeConfiguration, cfg EndpointConfiguration) error
// WriteEndpointConfig writes the implementation-specific configuration
// of configurable options for the endpoint to the specified writer.
WriteEndpointConfig(w io.Writer, nodeCfg *LocalNodeConfiguration, cfg EndpointConfiguration) error
}
ConfigWriter is anything which writes the configuration for various datapath program types.
type ConnectorConfig ¶ added in v1.19.0
type ConnectorConfig interface {
Reinitialize() error
GetPodDeviceHeadroom() uint16
GetPodDeviceTailroom() uint16
GetConfiguredMode() ConnectorMode
GetOperationalMode() ConnectorMode
NewLinkPair(cfg LinkConfig, sysctl sysctl.Sysctl) (LinkPair, error)
GetLinkCompatibility(ifName string) (ConnectorMode, bool, error)
}
type ConnectorMode ¶
type ConnectorMode string
func GetConnectorModeByName ¶
func GetConnectorModeByName(mode string) ConnectorMode
func (ConnectorMode) IsLayer2 ¶
func (mode ConnectorMode) IsLayer2() bool
func (ConnectorMode) IsNetkit ¶
func (mode ConnectorMode) IsNetkit() bool
func (ConnectorMode) IsVeth ¶
func (mode ConnectorMode) IsVeth() bool
func (ConnectorMode) String ¶
func (mode ConnectorMode) String() string
type DebugCaptureMsg ¶
type DebugCaptureMsg struct {
Type uint8
Subtype uint8
Source uint16
Hash uint32
LenOrig uint32
LenCap uint16
Version uint8
ExtVersion uint8
Arg1 uint32
Arg2 uint32
// contains filtered or unexported fields
}
DebugCaptureMsg is generated from the BPF C type debug_capture_msg.
type DebugMsg ¶
type DebugMsg struct {
Type uint8
Subtype uint8
Source uint16
Hash uint32
Arg1 uint32
Arg2 uint32
Arg3 uint32
// contains filtered or unexported fields
}
DebugMsg is generated from the BPF C type debug_msg.
type DeviceConfiguration ¶
type DeviceConfiguration interface {
// GetOptions fetches the configurable datapath options from the owner.
GetOptions() *option.IntOptions
}
DeviceConfiguration is an interface for injecting configuration of datapath options that affect lookups and logic applied at a per-device level, whether those are devices associated with the endpoint or associated with the host.
type DeviceState ¶
type DeviceState struct {
MAC struct {
Addr [6]uint8
// contains filtered or unexported fields
}
Pad1 uint8
Pad2 uint16
Pad3 uint32
// contains filtered or unexported fields
}
DeviceState is generated from the BPF C type device_state.
type DropNotify ¶
type DropNotify struct {
Type uint8
Subtype uint8
Source uint16
Hash uint32
LenOrig uint32
LenCap uint16
Version uint8
ExtVersion uint8
SrcLabel uint32
DstLabel uint32
DstID uint32
Line uint16
File uint8
ExtError int8
IfIndex uint32
Flags uint8
Pad2 [3]uint8
IPTraceID uint64
// contains filtered or unexported fields
}
DropNotify is generated from the BPF C type drop_notify.
type EDTID ¶
type EDTID struct {
ID uint32
Direction uint8
Pad [3]uint8
// contains filtered or unexported fields
}
EDTID is generated from the BPF C type edt_id.
type EDTInfo ¶
type EDTInfo struct {
Bps uint64
TLast uint64
THorizonDrop uint64
Prio uint32
Pad32 uint32
Pad [3]uint64
// contains filtered or unexported fields
}
EDTInfo is generated from the BPF C type edt_info.
type EgressGWPolicyEntry ¶
type EgressGWPolicyEntry struct {
EgressIP uint32
GatewayIP uint32
// contains filtered or unexported fields
}
EgressGWPolicyEntry is generated from the BPF C type egress_gw_policy_entry.
type EgressGWPolicyEntry6 ¶
type EgressGWPolicyEntry6 struct {
EgressIP struct {
Addr [16]uint8
// contains filtered or unexported fields
}
GatewayIP uint32
Reserved [3]uint32
EgressIfIndex uint32
Reserved2 uint32
// contains filtered or unexported fields
}
EgressGWPolicyEntry6 is generated from the BPF C type egress_gw_policy_entry6.
type EgressGWPolicyKey ¶
type EgressGWPolicyKey struct {
LPMKey struct {
Prefixlen uint32
Data [0]uint8
// contains filtered or unexported fields
}
SAddr uint32
DAddr uint32
// contains filtered or unexported fields
}
EgressGWPolicyKey is generated from the BPF C type egress_gw_policy_key.
type EgressGWPolicyKey6 ¶
type EgressGWPolicyKey6 struct {
LPMKey struct {
Prefixlen uint32
Data [0]uint8
// contains filtered or unexported fields
}
SAddr struct {
Addr [16]uint8
// contains filtered or unexported fields
}
DAddr struct {
Addr [16]uint8
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
EgressGWPolicyKey6 is generated from the BPF C type egress_gw_policy_key6.
type EncryptConfig ¶
type EncryptConfig struct {
EncryptKey uint8
// contains filtered or unexported fields
}
EncryptConfig is generated from the BPF C type encrypt_config.
type Endpoint ¶
type Endpoint interface {
EndpointConfiguration
InterfaceName() string
Logger(subsystem string) *slog.Logger
StateDir() string
}
Endpoint provides access endpoint configuration information that is necessary to compile and load the datapath.
type EndpointConfiguration ¶
type EndpointConfiguration interface {
CompileTimeConfiguration
LoadTimeConfiguration
}
EndpointConfiguration provides datapath implementations a clean interface to access endpoint-specific configuration when configuring the datapath.
type EndpointInfo ¶
type EndpointInfo struct {
IfIndex uint32
Unused uint16
LXCID uint16
Flags uint32
MAC uint64
NodeMAC uint64
SecID uint32
ParentIfIndex uint32
Pad [2]uint32
// contains filtered or unexported fields
}
EndpointInfo is generated from the BPF C type endpoint_info.
type EndpointKey ¶
type EndpointKey struct {
IP4 struct {
Addr [4]uint8
// contains filtered or unexported fields
}
Family uint8
Key uint8
ClusterID uint16
// contains filtered or unexported fields
}
EndpointKey is generated from the BPF C type endpoint_key.
type IPCacheKey ¶
type IPCacheKey struct {
LPMKey struct {
Prefixlen uint32
Data [0]uint8
// contains filtered or unexported fields
}
ClusterID uint16
Pad1 uint8
Family uint8
IP4 struct {
Addr [4]uint8
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
IPCacheKey is generated from the BPF C type ipcache_key.
type IPSecParameters ¶ added in v1.19.0
type IPSecParameters struct {
// The BootID for the local host is used to determine if creation of the
// policy should occur and for key derivation purposes.
LocalBootID string
// The BootID for the remote host is used to determine if creation of the
// policy should occur and for key derivation purposes.
RemoteBootID string
// The direction of the created XFRM policy.
Dir IPSecDir
// The source subnet selector for the XFRM policy/state
SourceSubnet *net.IPNet
// The destination subnet selector for the XFRM policy/state
DestSubnet *net.IPNet
// The source security gateway IP used to define an IPsec tunnel mode SA
// For OUT policies this is the resulting source address of an ESP encrypted
// packet.
// For IN/FWD this should identify the source SA address of the state which
// decrypted the the packet.
SourceTunnelIP *net.IP
// The destination security gateway IP used to define an IPsec tunnel mode SA
// For OUT policies this is the resulting destination address of an ESP encrypted
// packet.
// For IN/FWD this should identify the destination SA address of the state which
// decrypted the the packet.
DestTunnelIP *net.IP
// The ReqID used for the resulting XFRM policy/state
ReqID int
// The remote node ID used for SPI identification and appropriate packet
// mark matching.
RemoteNodeID uint16
// Whether to use a zero output mark or not.
// This is useful when you want the resulting encrypted packet to immediately
// handled by the stack and not Cilium's datapath.
ZeroOutputMark bool
// Whether the remote has been rebooted, this is used for bookkeping and
// informs the policy/state creation methods whether the creation should
// take place.
RemoteRebooted bool
}
func NewIPSecParameters ¶ added in v1.19.0
func NewIPSecParameters(template *IPSecParameters) *IPSecParameters
Creates a new IPSecParameters. If template is provided make a copy of it instead of returning a new empty structure.
type IPsecAgent ¶ added in v1.19.0
type IPsecConfig ¶ added in v1.19.0
type IPv4CTTuple ¶
type IPv4CTTuple struct {
DAddr uint32
SAddr uint32
DPort uint16
SPort uint16
Nexthdr uint8
Flags uint8
// contains filtered or unexported fields
}
IPv4CTTuple is generated from the BPF C type ipv4_ct_tuple.
type IPv4FragID ¶
type IPv4FragID struct {
DAddr uint32
SAddr uint32
ID uint16
Proto uint8
Pad uint8
// contains filtered or unexported fields
}
IPv4FragID is generated from the BPF C type ipv4_frag_id.
type IPv4FragL4ports ¶
IPv4FragL4ports is generated from the BPF C type ipv4_frag_l4ports.
type IPv4NATEntry ¶
type IPv4NATEntry struct {
Common struct {
Created uint64
NeedsCT uint64
Pad1 uint64
Pad2 uint64
// contains filtered or unexported fields
}
NATInfo struct {
Address uint32
Port uint16
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
IPv4NATEntry is generated from the BPF C type ipv4_nat_entry.
type IPv4RevNATEntry ¶
type IPv4RevNATEntry struct {
Address uint32
Port uint16
RevNATIndex uint16
// contains filtered or unexported fields
}
IPv4RevNATEntry is generated from the BPF C type ipv4_revnat_entry.
type IPv4RevNATTuple ¶
type IPv4RevNATTuple struct {
Cookie uint64
Address uint32
Port uint16
Pad uint16
// contains filtered or unexported fields
}
IPv4RevNATTuple is generated from the BPF C type ipv4_revnat_tuple.
type IPv6CTTuple ¶
type IPv6CTTuple struct {
DAddr struct {
Addr [16]uint8
// contains filtered or unexported fields
}
SAddr struct {
Addr [16]uint8
// contains filtered or unexported fields
}
DPort uint16
SPort uint16
Nexthdr uint8
Flags uint8
// contains filtered or unexported fields
}
IPv6CTTuple is generated from the BPF C type ipv6_ct_tuple.
type IPv6FragID ¶
type IPv6FragID struct {
ID uint32
Proto uint8
Pad [3]uint8
SAddr struct {
Addr [16]uint8
// contains filtered or unexported fields
}
DAddr struct {
Addr [16]uint8
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
IPv6FragID is generated from the BPF C type ipv6_frag_id.
type IPv6FragL4ports ¶
IPv6FragL4ports is generated from the BPF C type ipv6_frag_l4ports.
type IPv6NATEntry ¶
type IPv6NATEntry struct {
Common struct {
Created uint64
NeedsCT uint64
Pad1 uint64
Pad2 uint64
// contains filtered or unexported fields
}
NATInfo struct {
Address struct {
Addr [16]uint8
// contains filtered or unexported fields
}
Port uint16
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
IPv6NATEntry is generated from the BPF C type ipv6_nat_entry.
type IPv6RevNATEntry ¶
type IPv6RevNATEntry struct {
Address struct {
Addr [16]uint8
// contains filtered or unexported fields
}
Port uint16
RevNATIndex uint16
// contains filtered or unexported fields
}
IPv6RevNATEntry is generated from the BPF C type ipv6_revnat_entry.
type IPv6RevNATTuple ¶
type IPv6RevNATTuple struct {
Cookie uint64
Address struct {
Addr [16]uint8
// contains filtered or unexported fields
}
Port uint16
Pad uint16
// contains filtered or unexported fields
}
IPv6RevNATTuple is generated from the BPF C type ipv6_revnat_tuple.
type IptablesManager ¶
type IptablesManager interface {
// InstallProxyRules creates the necessary datapath config (e.g., iptables
// rules for redirecting host proxy traffic on a specific ProxyPort)
InstallProxyRules(proxyPort uint16, name string)
// SupportsOriginalSourceAddr tells if the datapath supports
// use of original source addresses in proxy upstream
// connections.
SupportsOriginalSourceAddr() bool
// GetProxyPorts fetches the existing proxy ports configured in the
// datapath. Used early in bootstrap to reopen proxy ports.
GetProxyPorts() map[string]uint16
// InstallNoTrackRules is explicitly called when a pod has valid
// "policy.cilium.io/no-track-port" annotation. When
// InstallNoConntrackIptRules flag is set, a super set of v4 NOTRACK
// rules will be automatically installed upon agent bootstrap (via
// function addNoTrackPodTrafficRules) and this function will be
// skipped. When InstallNoConntrackIptRules is not set, this function
// will be executed to install NOTRACK rules. The rules installed by
// this function is very specific, for now, the only user is
// node-local-dns pods.
InstallNoTrackRules(ip netip.Addr, port uint16)
// See comments for InstallNoTrackRules.
RemoveNoTrackRules(ip netip.Addr, port uint16)
// AddNoTrackHostPorts/RemoveNoTrackHostPort are explicitly called when a pod has a valid "no-track-host-ports" annotation.
// causes iptables notrack rules to be added/removed so CT is skipped for pods using host networking on the requested ports.
AddNoTrackHostPorts(namespace, name string, ports []string)
RemoveNoTrackHostPorts(namespace, name string)
}
IptablesManager manages iptables rules.
type L2ResponderStats ¶
type L2ResponderStats struct {
ResponsesSent uint64
// contains filtered or unexported fields
}
L2ResponderStats is generated from the BPF C type l2_responder_stats.
type L2ResponderV4Key ¶
type L2ResponderV4Key struct {
IP4 struct {
Addr [4]uint8
// contains filtered or unexported fields
}
IfIndex uint32
// contains filtered or unexported fields
}
L2ResponderV4Key is generated from the BPF C type l2_responder_v4_key.
type L2ResponderV6Key ¶
type L2ResponderV6Key struct {
IP6 struct {
Addr [16]uint8
// contains filtered or unexported fields
}
IfIndex uint32
Pad uint32
// contains filtered or unexported fields
}
L2ResponderV6Key is generated from the BPF C type l2_responder_v6_key.
type LB4AffinityKey ¶
type LB4AffinityKey struct {
ClientID struct {
ClientIP uint32
// contains filtered or unexported fields
}
RevNATID uint16
Pad1 uint8
Pad2 uint32
// contains filtered or unexported fields
}
LB4AffinityKey is generated from the BPF C type lb4_affinity_key.
type LB4Backend ¶
type LB4Backend struct {
Address uint32
Port uint16
Proto uint8
Flags uint8
ClusterID uint16
Zone uint8
Pad uint8
// contains filtered or unexported fields
}
LB4Backend is generated from the BPF C type lb4_backend.
type LB4Health ¶
type LB4Health struct {
Peer struct {
Address uint32
Port uint16
Proto uint8
Flags uint8
ClusterID uint16
Zone uint8
Pad uint8
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
LB4Health is generated from the BPF C type lb4_health.
type LB4Key ¶
type LB4Key struct {
Address uint32
DPort uint16
BackendSlot uint16
Proto uint8
Scope uint8
Pad [2]uint8
// contains filtered or unexported fields
}
LB4Key is generated from the BPF C type lb4_key.
type LB4ReverseNAT ¶
LB4ReverseNAT is generated from the BPF C type lb4_reverse_nat.
type LB4Service ¶
type LB4Service struct {
BackendID uint32
Count uint16
RevNATIndex uint16
Flags uint8
Flags2 uint8
Qcount uint16
// contains filtered or unexported fields
}
LB4Service is generated from the BPF C type lb4_service.
type LB4SrcRangeKey ¶
type LB4SrcRangeKey struct {
LPMKey struct {
Prefixlen uint32
Data [0]uint8
// contains filtered or unexported fields
}
RevNATID uint16
Pad uint16
Addr uint32
// contains filtered or unexported fields
}
LB4SrcRangeKey is generated from the BPF C type lb4_src_range_key.
type LB6AffinityKey ¶
type LB6AffinityKey struct {
ClientID struct {
ClientIP struct {
Addr [16]uint8
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
RevNATID uint16
Pad1 uint8
Pad2 uint32
// contains filtered or unexported fields
}
LB6AffinityKey is generated from the BPF C type lb6_affinity_key.
type LB6Backend ¶
type LB6Backend struct {
Address struct {
Addr [16]uint8
// contains filtered or unexported fields
}
Port uint16
Proto uint8
Flags uint8
ClusterID uint16
Zone uint8
Pad uint8
// contains filtered or unexported fields
}
LB6Backend is generated from the BPF C type lb6_backend.
type LB6Health ¶
type LB6Health struct {
Peer struct {
Address struct {
Addr [16]uint8
// contains filtered or unexported fields
}
Port uint16
Proto uint8
Flags uint8
ClusterID uint16
Zone uint8
Pad uint8
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
LB6Health is generated from the BPF C type lb6_health.
type LB6Key ¶
type LB6Key struct {
Address struct {
Addr [16]uint8
// contains filtered or unexported fields
}
DPort uint16
BackendSlot uint16
Proto uint8
Scope uint8
Pad [2]uint8
// contains filtered or unexported fields
}
LB6Key is generated from the BPF C type lb6_key.
type LB6ReverseNAT ¶
type LB6ReverseNAT struct {
Address struct {
Addr [16]uint8
// contains filtered or unexported fields
}
Port uint16
// contains filtered or unexported fields
}
LB6ReverseNAT is generated from the BPF C type lb6_reverse_nat.
type LB6Service ¶
type LB6Service struct {
BackendID uint32
Count uint16
RevNATIndex uint16
Flags uint8
Flags2 uint8
Qcount uint16
// contains filtered or unexported fields
}
LB6Service is generated from the BPF C type lb6_service.
type LB6SrcRangeKey ¶
type LB6SrcRangeKey struct {
LPMKey struct {
Prefixlen uint32
Data [0]uint8
// contains filtered or unexported fields
}
RevNATID uint16
Pad uint16
Addr struct {
Addr [16]uint8
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
LB6SrcRangeKey is generated from the BPF C type lb6_src_range_key.
type LBACTKey ¶
type LBACTKey struct {
SvcID uint16
Zone uint8
Pad uint8
// contains filtered or unexported fields
}
LBACTKey is generated from the BPF C type lb_act_key.
type LBACTValue ¶
LBACTValue is generated from the BPF C type lb_act_value.
type LBAffinityMatch ¶
type LBAffinityMatch struct {
BackendID uint32
RevNATID uint16
Pad uint16
// contains filtered or unexported fields
}
LBAffinityMatch is generated from the BPF C type lb_affinity_match.
type LBAffinityVal ¶
type LBAffinityVal struct {
LastUsed uint64
BackendID uint32
Pad uint32
// contains filtered or unexported fields
}
LBAffinityVal is generated from the BPF C type lb_affinity_val.
type LPMV4Key ¶
type LPMV4Key struct {
LPM struct {
Prefixlen uint32
Data [0]uint8
// contains filtered or unexported fields
}
Addr [4]uint8
// contains filtered or unexported fields
}
LPMV4Key is generated from the BPF C type lpm_v4_key.
type LPMV6Key ¶
type LPMV6Key struct {
LPM struct {
Prefixlen uint32
Data [0]uint8
// contains filtered or unexported fields
}
Addr [16]uint8
// contains filtered or unexported fields
}
LPMV6Key is generated from the BPF C type lpm_v6_key.
type LPMVal ¶
type LPMVal struct {
Flags uint8
// contains filtered or unexported fields
}
LPMVal is generated from the BPF C type lpm_val.
type LinkConfig ¶
type LinkConfig struct {
// EndpointID defines the container ID to which we are creating a new
// linkpair. Set this if you want the connector to generate interface
// names itself. Otherwise, set HostIfName and PeerIfName.
EndpointID string
// HostIfName defines the interface name as seen in the host namespace.
HostIfName string
// PeerIfName defines the interface name as seen in the container namespace.
PeerIfName string
// PeerNamespace defines the namespace the peer link should be moved into.
PeerNamespace *netns.NetNS
GROIPv6MaxSize int
GSOIPv6MaxSize int
GROIPv4MaxSize int
GSOIPv4MaxSize int
DeviceMTU int
DeviceHeadroom uint16
DeviceTailroom uint16
}
LinkConfig contains the GRO/GSO, MTU values and buffer margins to be configured on both sides of the created veth or netkit pair.
type LoadTimeConfiguration ¶
type LoadTimeConfiguration interface {
// GetID returns a locally-significant endpoint identification number.
GetID() uint64
// StringID returns the string-formatted version of the ID from GetID().
StringID() string
// GetIdentity returns a globally-significant numeric security identity.
GetIdentity() identity.NumericIdentity
IPv4Address() netip.Addr
IPv6Address() netip.Addr
GetNodeMAC() mac.MAC
GetIfIndex() int
GetEndpointNetNsCookie() uint64
// GetPolicyVerdictLogFilter returns the PolicyVerdictLogFilter for the endpoint
GetPolicyVerdictLogFilter() uint32
// GetPropertyValue returns the endpoint property value for this key.
GetPropertyValue(key string) any
GetFibTableID() uint32
// RequireARPPassthrough returns true if the datapath must implement
// ARP passthrough for this endpoint
RequireARPPassthrough() bool
}
LoadTimeConfiguration provides datapath implementations a clean interface to access endpoint-specific configuration that can be changed at load time.
type Loader ¶
type Loader interface {
CallsMapPath(id uint16) string
Unload(ep Endpoint)
HostDatapathInitialized() <-chan struct{}
ReloadDatapath(ctx context.Context, ep Endpoint, cfg *LocalNodeConfiguration, stats *metrics.SpanStat) (string, error)
EndpointHash(cfg EndpointConfiguration, lnCfg *LocalNodeConfiguration) (string, error)
ReinitializeHostDev(ctx context.Context, mtu int) error
Reinitialize(ctx context.Context, cfg *LocalNodeConfiguration, tunnelConfig tunnel.Config, iptMgr IptablesManager, p Proxy, bigtcp BigTCPConfiguration) error
WriteEndpointConfig(w io.Writer, cfg EndpointConfiguration, lnCfg *LocalNodeConfiguration) error
}
Loader is an interface to abstract out loading of datapath programs.
type LocalNodeConfiguration ¶
type LocalNodeConfiguration struct {
// NodeIPv4 is the primary IPv4 address of this node.
// Mutable at runtime.
// +deepequal-gen=false
NodeIPv4 netip.Addr
// NodeIPv6 is the primary IPv6 address of this node.
// Mutable at runtime.
// +deepequal-gen=false
NodeIPv6 netip.Addr
// CiliumInternalIPv4 is the internal IP address assigned to the cilium_host
// interface.
// Immutable at runtime.
// +deepequal-gen=false
CiliumInternalIPv4 netip.Addr
// CiliumInternalIPv6 is the internal IP address assigned to the cilium_host
// interface.
// Immutable at runtime.
// +deepequal-gen=false
CiliumInternalIPv6 netip.Addr
// Interface index of the cilium_host device
CiliumHostIfIndex uint32
// MAC address of the cilium_host device.
CiliumHostMAC mac.MAC
// Interface index of the cilium_net device
CiliumNetIfIndex uint32
// MAC address of the cilium_net device.
CiliumNetMAC mac.MAC
// AllocCIDRIPv4 is the IPv4 allocation CIDR from which IP addresses for
// endpoints are allocated from.
// Immutable at runtime.
AllocCIDRIPv4 *cidr.CIDR
// AllocCIDRIPv6 is the IPv6 allocation CIDR from which IP addresses for
// endpoints are allocated from.
// Immutable at runtime.
AllocCIDRIPv6 *cidr.CIDR
// NativeRoutingCIDRIPv4 is the v4 CIDR in which pod IPs are routable.
NativeRoutingCIDRIPv4 *cidr.CIDR
// NativeRoutingCIDRIPv6 is the v4 CIDR in which pod IPs are routable.
NativeRoutingCIDRIPv6 *cidr.CIDR
// LoopbackIPv4 is the source address used for SNAT when a Pod talks to itself
// over a Service.
//
// Immutable at runtime.
// +deepequal-gen=false
ServiceLoopbackIPv4 netip.Addr
// ServiceLoopbackIPv6 is the source address used for SNAT when a Pod talks to itself
// over a Service.
// Immutable at runtime.
// +deepequal-gen=false
ServiceLoopbackIPv6 netip.Addr
// Devices is the native network devices selected for datapath use.
// Mutable at runtime.
Devices []*tables.Device
// DirectRoutingDevice is the device used in direct routing mode.
// Mutable at runtime.
DirectRoutingDevice *tables.Device
// NodeAddresses are the IP addresses of the local node that are considered
// as this node's addresses. From this set we pick the addresses that are
// used as NodePort frontends and the addresses to use for BPF masquerading.
// Mutable at runtime.
NodeAddresses []tables.NodeAddress
// DeriveMasqIPAddrFromDevice overrides the interface name to use for deriving
// the masquerading IP address for the node.
DeriveMasqIPAddrFromDevice string
// HostEndpointID is the endpoint ID assigned to the host endpoint.
// Immutable at runtime.
HostEndpointID uint64
// DeviceMTU is the MTU used on workload facing devices.
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
DeviceMTU int
// RouteMTU is the MTU used on the network.
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
RouteMTU int
// RoutePostEncryptMTU is the MTU without the encryption overhead
// included.
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
RoutePostEncryptMTU int
// AuxiliaryPrefixes is the list of auxiliary prefixes that should be
// configured in addition to the node PodCIDR
//
// This field is mutable. The implementation of
// NodeConfigurationChanged() must adjust the routes accordingly.
AuxiliaryPrefixes []*cidr.CIDR
// EnableIPv4 enables use of IPv4. Routing to the IPv4 allocation CIDR
// of other nodes must be enabled.
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
EnableIPv4 bool
// EnableIPv6 enables use of IPv6. Routing to the IPv6 allocation CIDR
// of other nodes must be enabled.
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
EnableIPv6 bool
// EnableEncapsulation enables use of encapsulation in communication
// between nodes.
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
EnableEncapsulation bool
// TunnelProtocol is the datapath ID of the encapsulation protocol
// (0 if disabled, 1 for VXLAN, 2 for Geneve).
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
TunnelProtocol tunnel.BPFEncapProtocol
// TunnelPort is the UDP port used by the tunnel protocol (0 if disabled).
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
TunnelPort uint16
// EnableAutoDirectRouting enables the use of direct routes for
// communication between nodes if two nodes have direct L2
// connectivity.
//
// EnableAutoDirectRouting must be compatible with EnableEncapsulation
// and must provide a fallback to use encapsulation if direct routing
// is not feasible and encapsulation is enabled.
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
EnableAutoDirectRouting bool
// DirectRoutingSkipUnreachable will skip any direct routes between
// nodes if they have different L2 connectivity, only adding L2 routes
// if the underlying L2 shares the same gateway.
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
DirectRoutingSkipUnreachable bool
// EnableLocalNodeRoute enables installation of the route which points
// the allocation prefix of the local node. Disabling this option is
// useful when another component is responsible for the routing of the
// allocation CIDR IPs into Cilium endpoints.
EnableLocalNodeRoute bool
// DatapathIsLayer2 holds the configuration for whether the underlying
// connector to Pods on this node operate at Layer 2.
DatapathIsLayer2 bool
// DatapathIsNetkit holds the configuration for whether the underlying
// connector to pods on this node is Netkit or not.
DatapathIsNetkit bool
// EnableWireguard is used to check if we need to attach to the native
// device and to cilium_wg0.
EnableWireguard bool
// Ephemeral port range minimun.
EphemeralMin uint16
// Index of the cilium_wg0 interface if enabled.
WireguardIfIndex uint32
// EnableIPSec enables IPSec routes
EnableIPSec bool
// EncryptNode enables encrypting NodeIP traffic
EncryptNode bool
// EnablePolicyAccounting enables maintaining packet and byte counters for every
// policy entry
EnablePolicyAccounting bool
// Enable per flow (conntrack) statistics
EnableConntrackAccounting bool
// IPv4PodSubnets is a list of IPv4 subnets that pod IPs are assigned from
// these are then used when encryption is enabled to configure the node
// for encryption over these subnets at node initialization.
IPv4PodSubnets []*cidr.CIDR
// IPv6PodSubnets is a list of IPv6 subnets that pod IPs are assigned from
// these are then used when encryption is enabled to configure the node
// for encryption over these subnets at node initialization.
IPv6PodSubnets []*cidr.CIDR
// XDPConfig holds configuration options to determine how the node should
// handle XDP programs.
XDPConfig xdp.Config
// LBConfig holds the configuration options for load-balancing
LBConfig loadbalancer.Config
// Maglev configuration provides the maglev table sizes and seeds for
// the BPF programs.
MaglevConfig maglev.Config
KPRConfig kpr.KPRConfig
SvcRouteConfig svcrouteconfig.RoutesConfig
}
LocalNodeConfiguration represents the configuration of the local node
This configuration struct is immutable even when passed by reference. When the configuration is changed at runtime a new instance is allocated and passed down.
+deepequal-gen=true +deepequal-gen:private-method=true
func (*LocalNodeConfiguration) DeepEqual ¶ added in v1.17.0
func (cfg *LocalNodeConfiguration) DeepEqual(other *LocalNodeConfiguration) bool
DeepEqual compares two LocalNodeConfiguration structs for equality.
func (*LocalNodeConfiguration) DeviceNames ¶ added in v1.16.0
func (cfg *LocalNodeConfiguration) DeviceNames() []string
func (*LocalNodeConfiguration) GetIPv4PodSubnets ¶ added in v1.17.0
func (cfg *LocalNodeConfiguration) GetIPv4PodSubnets() []*net.IPNet
func (*LocalNodeConfiguration) GetIPv6PodSubnets ¶ added in v1.17.0
func (cfg *LocalNodeConfiguration) GetIPv6PodSubnets() []*net.IPNet
type MACAddr ¶
type MACAddr struct {
Addr [6]uint8
// contains filtered or unexported fields
}
MACAddr is generated from the BPF C type macaddr.
type MTUConfiguration ¶ added in v1.15.0
type McastGroupV4 ¶
type McastGroupV4 uint32
McastGroupV4 is generated from the BPF C type mcast_group_v4.
type McastSubscriberV4 ¶
type McastSubscriberV4 struct {
SAddr uint32
IfIndex uint32
Pad1 uint16
Pad2 uint8
Flags uint8
// contains filtered or unexported fields
}
McastSubscriberV4 is generated from the BPF C type mcast_subscriber_v4.
type MetricsKey ¶
type MetricsKey struct {
Reason uint8
Line uint16
File uint8
Reserved [3]uint8
// contains filtered or unexported fields
}
MetricsKey is generated from the BPF C type metrics_key.
type MetricsValue ¶
MetricsValue is generated from the BPF C type metrics_value.
type NodeAddressing ¶
type NodeAddressing interface {
IPv6() NodeAddressingFamily
IPv4() NodeAddressingFamily
}
NodeAddressing implements addressing of a node
type NodeAddressingFamily ¶
type NodeAddressingFamily interface {
// Router is the address that will act as the router on each node where
// an agent is running on. Endpoints have a default route that points
// to this address.
Router() net.IP
// PrimaryExternal is the primary external address of the node. Nodes
// must be able to reach each other via this address.
PrimaryExternal() net.IP
// AllocationCIDR is the CIDR used for IP allocation of all endpoints
// on the node
AllocationCIDR() *cidr.CIDR
}
NodeAddressingFamily is the node addressing information for a particular address family
type NodeConfigChangeHandler ¶ added in v1.18.0
type NodeConfigChangeHandler interface {
// NodeConfigurationChanged is called when the local node configuration
// has changed
NodeConfigurationChanged(config LocalNodeConfiguration) error
}
type NodeHandler ¶
type NodeHandler interface {
// Name identifies the handler, this is used in logging/reporting handler
// reconciliation errors.
Name() string
// NodeAdd is called when a node is discovered for the first time.
NodeAdd(newNode nodeTypes.Node) error
// NodeUpdate is called when a node definition changes. Both the old
// and new node definition is provided. NodeUpdate() is never called
// before NodeAdd() is called for a particular node.
NodeUpdate(oldNode, newNode nodeTypes.Node) error
// NodeDelete is called after a node has been deleted
NodeDelete(node nodeTypes.Node) error
// AllNodeValidateImplementation is called to validate the implementation
// of all nodes in the node cache.
AllNodeValidateImplementation()
// NodeValidateImplementation is called to validate the implementation of
// the node in the datapath. This function is intended to be run on an
// interval to ensure that the datapath is consistently converged.
NodeValidateImplementation(node nodeTypes.Node) error
}
NodeHandler handles node related events such as addition, update or deletion of nodes or changes to the local node configuration.
Node events apply to the local node as well as to remote nodes. The implementation can differ between the own local node and remote nodes by calling node.IsLocal().
type NodeIDHandler ¶
type NodeIDHandler interface {
// GetNodeIP returns the string node IP that was previously registered as the given node ID.
GetNodeIP(uint16) string
// GetNodeID gets the node ID for the given node IP. If none is found, exists is false.
GetNodeID(nodeIP net.IP) (nodeID uint16, exists bool)
// DumpNodeIDs returns all node IDs and their associated IP addresses.
DumpNodeIDs() []*models.NodeID
// RestoreNodeIDs restores node IDs and their associated IP addresses from the
// BPF map and into the node handler in-memory copy.
RestoreNodeIDs()
}
type NodeKey ¶
type NodeKey struct {
Pad1 uint16
Pad2 uint8
Family uint8
IP4 struct {
Addr [4]uint8
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
NodeKey is generated from the BPF C type node_key.
type Orchestrator ¶ added in v1.16.0
type Orchestrator interface {
Reinitialize(ctx context.Context) error
DatapathInitialized() <-chan struct{}
ReloadDatapath(ctx context.Context, ep Endpoint, stats *metrics.SpanStat) (string, error)
EndpointHash(cfg EndpointConfiguration) (string, error)
WriteEndpointConfig(w io.Writer, cfg EndpointConfiguration) error
Unload(ep Endpoint)
}
type PolicyEntry ¶
type PolicyEntry struct {
ProxyPort uint16
Precedence uint32
Cookie uint32
// contains filtered or unexported fields
}
PolicyEntry is generated from the BPF C type policy_entry.
type PolicyKey ¶
type PolicyKey struct {
LPMKey struct {
Prefixlen uint32
Data [0]uint8
// contains filtered or unexported fields
}
SecLabel uint32
Protocol uint8
DPort uint16
// contains filtered or unexported fields
}
PolicyKey is generated from the BPF C type policy_key.
type PolicyStatsKey ¶
type PolicyStatsKey struct {
EndpointID uint16
Pad1 uint8
PrefixLen uint8
SecLabel uint32
Protocol uint8
DPort uint16
// contains filtered or unexported fields
}
PolicyStatsKey is generated from the BPF C type policy_stats_key.
type PolicyStatsValue ¶
type PolicyStatsValue struct {
Packets uint64
Bytes uint64
// contains filtered or unexported fields
}
PolicyStatsValue is generated from the BPF C type policy_stats_value.
type PolicyVerdictNotify ¶
type PolicyVerdictNotify struct {
Type uint8
Subtype uint8
Source uint16
Hash uint32
LenOrig uint32
LenCap uint16
Version uint8
ExtVersion uint8
RemoteLabel uint32
Verdict int32
DstPort uint16
Proto uint8
AuthType uint8
Pad1 [3]uint8
Cookie uint32
Pad2 uint32
// contains filtered or unexported fields
}
PolicyVerdictNotify is generated from the BPF C type policy_verdict_notify.
type PreFilter ¶
type PreFilter interface {
Enabled() bool
WriteConfig(fw io.Writer)
Dump(to []string) ([]string, int64)
Insert(revision int64, cidrs []net.IPNet) error
Delete(revision int64, cidrs []net.IPNet) error
}
PreFilter an interface for an XDP pre-filter.
type Proxy ¶
type Proxy interface {
ReinstallRoutingRules(ctx context.Context, mtu int, ipsecEnabled, wireguardEnabled bool) error
}
Proxy is any type which installs rules related to redirecting traffic to a proxy.
type RatelimitKey ¶
type RatelimitKey struct {
Usage uint32
Key struct {
ICMPv6 struct {
NetdevIdx uint32
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
RatelimitKey is generated from the BPF C type ratelimit_key.
type RatelimitMetricsKey ¶
type RatelimitMetricsKey struct {
Usage uint32
// contains filtered or unexported fields
}
RatelimitMetricsKey is generated from the BPF C type ratelimit_metrics_key.
type RatelimitMetricsValue ¶
type RatelimitMetricsValue struct {
Dropped uint64
// contains filtered or unexported fields
}
RatelimitMetricsValue is generated from the BPF C type ratelimit_metrics_value.
type RatelimitValue ¶
type RatelimitValue struct {
LastTopup uint64
Tokens uint64
// contains filtered or unexported fields
}
RatelimitValue is generated from the BPF C type ratelimit_value.
type RemoteEndpointInfo ¶
type RemoteEndpointInfo struct {
SecIdentity uint32
TunnelEndpoint struct {
IP4 struct {
Addr [4]uint8
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
Pad uint16
Key uint8
// contains filtered or unexported fields
}
RemoteEndpointInfo is generated from the BPF C type remote_endpoint_info.
type SRv6PolicyKey4 ¶
type SRv6PolicyKey4 struct {
LPM struct {
Prefixlen uint32
Data [0]uint8
// contains filtered or unexported fields
}
VRFID uint32
DstCIDR uint32
// contains filtered or unexported fields
}
SRv6PolicyKey4 is generated from the BPF C type srv6_policy_key4.
type SRv6PolicyKey6 ¶
type SRv6PolicyKey6 struct {
LPM struct {
Prefixlen uint32
Data [0]uint8
// contains filtered or unexported fields
}
VRFID uint32
DstCIDR struct {
Addr [16]uint8
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
SRv6PolicyKey6 is generated from the BPF C type srv6_policy_key6.
type SRv6VRFKey4 ¶
type SRv6VRFKey4 struct {
LPM struct {
Prefixlen uint32
Data [0]uint8
// contains filtered or unexported fields
}
SrcIP uint32
DstCIDR uint32
// contains filtered or unexported fields
}
SRv6VRFKey4 is generated from the BPF C type srv6_vrf_key4.
type SRv6VRFKey6 ¶
type SRv6VRFKey6 struct {
LPM struct {
Prefixlen uint32
Data [0]uint8
// contains filtered or unexported fields
}
SrcIP struct {
Addr [16]uint8
// contains filtered or unexported fields
}
DstCIDR struct {
Addr [16]uint8
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
SRv6VRFKey6 is generated from the BPF C type srv6_vrf_key6.
type SkipLB4Key ¶
type SkipLB4Key struct {
NetNSCookie uint64
Address uint32
Port uint16
Pad uint16
// contains filtered or unexported fields
}
SkipLB4Key is generated from the BPF C type skip_lb4_key.
type SkipLB6Key ¶
type SkipLB6Key struct {
NetNSCookie uint64
Address struct {
Addr [16]uint8
// contains filtered or unexported fields
}
Pad uint32
Port uint16
Pad2 uint16
// contains filtered or unexported fields
}
SkipLB6Key is generated from the BPF C type skip_lb6_key.
type SubnetKey ¶
type SubnetKey struct {
LPMKey struct {
Prefixlen uint32
Data [0]uint8
// contains filtered or unexported fields
}
Pad0 uint16
Pad1 uint8
Family uint8
IP4 struct {
Addr [4]uint8
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
SubnetKey is generated from the BPF C type subnet_key.
type SubnetValue ¶
type SubnetValue struct {
Identity uint32
// contains filtered or unexported fields
}
SubnetValue is generated from the BPF C type subnet_value.
type TraceNotify ¶
type TraceNotify struct {
Type uint8
Subtype uint8
Source uint16
Hash uint32
LenOrig uint32
LenCap uint16
Version uint8
ExtVersion uint8
SrcLabel uint32
DstLabel uint32
DstID uint16
Reason uint8
Flags uint8
IfIndex uint32
OrigIP4 struct {
Addr [4]uint8
// contains filtered or unexported fields
}
IPTraceID uint64
// contains filtered or unexported fields
}
TraceNotify is generated from the BPF C type trace_notify.
type TraceSockNotify ¶
type TraceSockNotify struct {
Type uint8
XlatePoint uint8
L4Proto uint8
DstPort uint16
Pad2 uint16
SockCookie uint64
CgroupID uint64
DstIP struct {
IP4 struct {
Addr [4]uint8
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
// contains filtered or unexported fields
}
TraceSockNotify is generated from the BPF C type trace_sock_notify.
type V4Addr ¶
type V4Addr struct {
Addr [4]uint8
// contains filtered or unexported fields
}
V4Addr is generated from the BPF C type v4addr.
type V6Addr ¶
type V6Addr struct {
Addr [16]uint8
// contains filtered or unexported fields
}
V6Addr is generated from the BPF C type v6addr.
Source Files
Click to show internal directories.
Click to hide internal directories.