Documentation
¶
Overview ¶
Package config contains objects used to configure the eBPF datapath.
Index ¶
- func CiliumHost(ep endpoint.Config, lnc *Config) any
- func CiliumNet(ep endpoint.Config, lnc *Config, link netlink.Link) any
- func Endpoint(ep endpoint.Config, lnc *Config) any
- func Map(obj any) (map[string]any, error)
- func Netdev(ep endpoint.Config, lnc *Config, link netlink.Link, masq4, masq6 netip.Addr) any
- func Overlay(lnc *Config, link netlink.Link) any
- func Wireguard(lnc *Config, link netlink.Link) any
- func XDP(lnc *Config, link netlink.Link) any
- type BPFHost
- type BPFLXC
- type BPFOverlay
- type BPFSock
- type BPFWireguard
- type BPFXDP
- type ChangeHandler
- type Config
- type Node
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CiliumHost ¶ added in v1.19.0
CiliumHost returns a BPFHost for attaching bpf_host.c to cilium_host.
func CiliumNet ¶ added in v1.19.0
CiliumNet returns a BPFHost for attaching bpf_host.c to cilium_net.
func Map ¶ added in v1.19.0
Map converts an instance of a Go struct generated by [varsToStruct], or a slice of such structs, into a map of configuration values to be passed to LoadCollection.
Only struct members with a `config` tag are included. The tag value is used as the key in the map, and the map value is the runtime value of the member.
Duplicate variables (e.g. by specifying the same object twice) are not allowed.
func Netdev ¶ added in v1.19.0
Netdev returns a BPFHost for attaching bpf_host.c to an externally-facing network device.
func Overlay ¶ added in v1.19.0
Overlay returns a BPFOverlay.
func Wireguard ¶ added in v1.19.0
Wireguard returns a BPFWireguard.
Types ¶
type BPFHost ¶
type BPFHost struct {
// Allow ICMP_FRAG_NEEDED messages when applying Network Policy.
AllowICMPFragNeeded bool `config:"allow_icmp_frag_needed"`
// MTU of the device the bpf program is attached to (default: MTU set in
// node_config.h by agent).
DeviceMTU uint16 `config:"device_mtu"`
// Respond to ARP requests from local containers to resolve the default
// gateway.
EnableARPResponder bool `config:"enable_arp_responder"`
// Pass traffic with extended IP protocols.
EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
// Apply Network Policy for ICMP packets.
EnableICMPRule bool `config:"enable_icmp_rule"`
// Enable IPv4 fragments tracking.
EnableIPv4Fragments bool `config:"enable_ipv4_fragments"`
// Enable IPv6 fragments tracking.
EnableIPv6Fragments bool `config:"enable_ipv6_fragments"`
// Enable L2 Announcements.
EnableL2Announcements bool `config:"enable_l2_announcements"`
// Use netkit devices for pods.
EnableNetkit bool `config:"enable_netkit"`
// Enable routes when service has 0 endpoints.
EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
// Maintain packet and byte counters for every policy entry.
EnablePolicyAccounting bool `config:"enable_policy_accounting"`
// Masquerade traffic to remote nodes.
EnableRemoteNodeMasquerade bool `config:"enable_remote_node_masquerade"`
// Ephemeral port range minimun.
EphemeralMin uint16 `config:"ephemeral_min"`
// Length of the Ethernet header on this device. May be set to zero on L2-less
// devices. (default __ETH_HLEN).
EthHeaderLength uint8 `config:"eth_header_length"`
// The host endpoint ID.
HostEPID uint16 `config:"host_ep_id"`
// Enable hybrid mode routing based on subnet IDs.
HybridRoutingEnabled bool `config:"hybrid_routing_enabled"`
// Ifindex of the interface the bpf program is attached to.
InterfaceIfIndex uint32 `config:"interface_ifindex"`
// MAC address of the interface the bpf program is attached to.
InterfaceMAC types.MACAddr `config:"interface_mac"`
// If the agent is down for longer than the lease duration, stop responding.
L2AnnouncementsMaxLiveness uint64 `config:"l2_announcements_max_liveness"`
// Masquerade address for IPv4 traffic.
NATIPv4Masquerade types.V4Addr `config:"nat_ipv4_masquerade"`
// Masquerade address for IPv6 traffic.
NATIPv6Masquerade types.V6Addr `config:"nat_ipv6_masquerade"`
// Whether to redirect to the proxy via cilium_net (hairpin) or via stack.
ProxyRedirectViaCiliumNet bool `config:"proxy_redirect_via_cilium_net"`
// The endpoint's security label.
SecurityLabel uint32 `config:"security_label"`
// Port number used for the overlay network.
TunnelPort uint16 `config:"tunnel_port"`
// The identifier of the tunnel protocol used for the overlay network.
TunnelProtocol uint8 `config:"tunnel_protocol"`
// VXLAN tunnel endpoint network mask.
VTEPMask uint32 `config:"vtep_mask"`
// Index of the WireGuard interface.
WGIfIndex uint32 `config:"wg_ifindex"`
// Port for the WireGuard interface.
WGPort uint16 `config:"wg_port"`
Node
}
BPFHost is a configuration struct for a Cilium datapath object.
Warning: do not instantiate directly! Always use NewBPFHost to ensure the default values configured in the ELF are honored.
func NewBPFHost ¶
type BPFLXC ¶
type BPFLXC struct {
// Allow ICMP_FRAG_NEEDED messages when applying Network Policy.
AllowICMPFragNeeded bool `config:"allow_icmp_frag_needed"`
// MTU of the device the bpf program is attached to (default: MTU set in
// node_config.h by agent).
DeviceMTU uint16 `config:"device_mtu"`
// Respond to ARP requests from local containers to resolve the default
// gateway.
EnableARPResponder bool `config:"enable_arp_responder"`
// Pass traffic with extended IP protocols.
EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
// Apply Network Policy for ICMP packets.
EnableICMPRule bool `config:"enable_icmp_rule"`
// Enable IPv4 fragments tracking.
EnableIPv4Fragments bool `config:"enable_ipv4_fragments"`
// Enable IPv6 fragments tracking.
EnableIPv6Fragments bool `config:"enable_ipv6_fragments"`
// Enable support for Local Redirect Policy.
EnableLRP bool `config:"enable_lrp"`
// Use netkit devices for pods.
EnableNetkit bool `config:"enable_netkit"`
// Enable routes when service has 0 endpoints.
EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
// Maintain packet and byte counters for every policy entry.
EnablePolicyAccounting bool `config:"enable_policy_accounting"`
// Masquerade traffic to remote nodes.
EnableRemoteNodeMasquerade bool `config:"enable_remote_node_masquerade"`
// The endpoint's security ID.
EndpointID uint16 `config:"endpoint_id"`
// The endpoint's IPv4 address.
EndpointIPv4 types.V4Addr `config:"endpoint_ipv4"`
// The endpoint's IPv6 address.
EndpointIPv6 types.V6Addr `config:"endpoint_ipv6"`
// The endpoint's network namespace cookie.
EndpointNetNSCookie uint64 `config:"endpoint_netns_cookie"`
// Ephemeral port range minimun.
EphemeralMin uint16 `config:"ephemeral_min"`
// The host endpoint ID.
HostEPID uint16 `config:"host_ep_id"`
// Enable hybrid mode routing based on subnet IDs.
HybridRoutingEnabled bool `config:"hybrid_routing_enabled"`
// Ifindex of the interface the bpf program is attached to.
InterfaceIfIndex uint32 `config:"interface_ifindex"`
// MAC address of the interface the bpf program is attached to.
InterfaceMAC types.MACAddr `config:"interface_mac"`
// Masquerade address for IPv4 traffic.
NATIPv4Masquerade types.V4Addr `config:"nat_ipv4_masquerade"`
// Masquerade address for IPv6 traffic.
NATIPv6Masquerade types.V6Addr `config:"nat_ipv6_masquerade"`
// The log level for policy verdicts in workload endpoints.
PolicyVerdictLogFilter uint32 `config:"policy_verdict_log_filter"`
// Whether to redirect to the proxy via cilium_net (hairpin) or via stack.
ProxyRedirectViaCiliumNet bool `config:"proxy_redirect_via_cilium_net"`
// FIB routing table ID for egress lookups.
RtInfo uint32 `config:"rt_info"`
// The endpoint's security label.
SecurityLabel uint32 `config:"security_label"`
// Port number used for the overlay network.
TunnelPort uint16 `config:"tunnel_port"`
// The identifier of the tunnel protocol used for the overlay network.
TunnelProtocol uint8 `config:"tunnel_protocol"`
// VXLAN tunnel endpoint network mask.
VTEPMask uint32 `config:"vtep_mask"`
Node
}
BPFLXC is a configuration struct for a Cilium datapath object.
Warning: do not instantiate directly! Always use NewBPFLXC to ensure the default values configured in the ELF are honored.
type BPFOverlay ¶
type BPFOverlay struct {
// MTU of the device the bpf program is attached to (default: MTU set in
// node_config.h by agent).
DeviceMTU uint16 `config:"device_mtu"`
// Pass traffic with extended IP protocols.
EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
// Enable IPv4 fragments tracking.
EnableIPv4Fragments bool `config:"enable_ipv4_fragments"`
// Enable IPv6 fragments tracking.
EnableIPv6Fragments bool `config:"enable_ipv6_fragments"`
// Use netkit devices for pods.
EnableNetkit bool `config:"enable_netkit"`
// Enable routes when service has 0 endpoints.
EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
// Masquerade traffic to remote nodes.
EnableRemoteNodeMasquerade bool `config:"enable_remote_node_masquerade"`
// Enable strict encryption for ingress traffic.
EncryptionStrictIngress bool `config:"encryption_strict_ingress"`
// Ephemeral port range minimun.
EphemeralMin uint16 `config:"ephemeral_min"`
// Ifindex of the interface the bpf program is attached to.
InterfaceIfIndex uint32 `config:"interface_ifindex"`
// MAC address of the interface the bpf program is attached to.
InterfaceMAC types.MACAddr `config:"interface_mac"`
// Masquerade address for IPv4 traffic.
NATIPv4Masquerade types.V4Addr `config:"nat_ipv4_masquerade"`
// Masquerade address for IPv6 traffic.
NATIPv6Masquerade types.V6Addr `config:"nat_ipv6_masquerade"`
// Whether to redirect to the proxy via cilium_net (hairpin) or via stack.
ProxyRedirectViaCiliumNet bool `config:"proxy_redirect_via_cilium_net"`
// Port number used for the overlay network.
TunnelPort uint16 `config:"tunnel_port"`
// The identifier of the tunnel protocol used for the overlay network.
TunnelProtocol uint8 `config:"tunnel_protocol"`
// VXLAN tunnel endpoint network mask.
VTEPMask uint32 `config:"vtep_mask"`
Node
}
BPFOverlay is a configuration struct for a Cilium datapath object.
Warning: do not instantiate directly! Always use NewBPFOverlay to ensure the default values configured in the ELF are honored.
func NewBPFOverlay ¶
func NewBPFOverlay(node Node) *BPFOverlay
type BPFSock ¶ added in v1.19.0
type BPFSock struct {
// Pass traffic with extended IP protocols.
EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
// Enable IPv4 fragments tracking.
EnableIPv4Fragments bool `config:"enable_ipv4_fragments"`
// Enable IPv6 fragments tracking.
EnableIPv6Fragments bool `config:"enable_ipv6_fragments"`
// Enable support for Local Redirect Policy.
EnableLRP bool `config:"enable_lrp"`
// Enable routes when service has 0 endpoints.
EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
// Port number used for the overlay network.
TunnelPort uint16 `config:"tunnel_port"`
// The identifier of the tunnel protocol used for the overlay network.
TunnelProtocol uint8 `config:"tunnel_protocol"`
Node
}
BPFSock is a configuration struct for a Cilium datapath object.
Warning: do not instantiate directly! Always use NewBPFSock to ensure the default values configured in the ELF are honored.
func NewBPFSock ¶ added in v1.19.0
type BPFWireguard ¶
type BPFWireguard struct {
// MTU of the device the bpf program is attached to (default: MTU set in
// node_config.h by agent).
DeviceMTU uint16 `config:"device_mtu"`
// Pass traffic with extended IP protocols.
EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
// Enable IPv4 fragments tracking.
EnableIPv4Fragments bool `config:"enable_ipv4_fragments"`
// Enable IPv6 fragments tracking.
EnableIPv6Fragments bool `config:"enable_ipv6_fragments"`
// Use netkit devices for pods.
EnableNetkit bool `config:"enable_netkit"`
// Enable routes when service has 0 endpoints.
EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
// Masquerade traffic to remote nodes.
EnableRemoteNodeMasquerade bool `config:"enable_remote_node_masquerade"`
// Ephemeral port range minimun.
EphemeralMin uint16 `config:"ephemeral_min"`
// Ifindex of the interface the bpf program is attached to.
InterfaceIfIndex uint32 `config:"interface_ifindex"`
// MAC address of the interface the bpf program is attached to.
InterfaceMAC types.MACAddr `config:"interface_mac"`
// Masquerade address for IPv4 traffic.
NATIPv4Masquerade types.V4Addr `config:"nat_ipv4_masquerade"`
// Masquerade address for IPv6 traffic.
NATIPv6Masquerade types.V6Addr `config:"nat_ipv6_masquerade"`
// Whether to redirect to the proxy via cilium_net (hairpin) or via stack.
ProxyRedirectViaCiliumNet bool `config:"proxy_redirect_via_cilium_net"`
// Port number used for the overlay network.
TunnelPort uint16 `config:"tunnel_port"`
// The identifier of the tunnel protocol used for the overlay network.
TunnelProtocol uint8 `config:"tunnel_protocol"`
Node
}
BPFWireguard is a configuration struct for a Cilium datapath object.
Warning: do not instantiate directly! Always use NewBPFWireguard to ensure the default values configured in the ELF are honored.
func NewBPFWireguard ¶
func NewBPFWireguard(node Node) *BPFWireguard
type BPFXDP ¶
type BPFXDP struct {
// MTU of the device the bpf program is attached to (default: MTU set in
// node_config.h by agent).
DeviceMTU uint16 `config:"device_mtu"`
// Pass traffic with extended IP protocols.
EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
// Enable IPv4 fragments tracking.
EnableIPv4Fragments bool `config:"enable_ipv4_fragments"`
// Enable IPv6 fragments tracking.
EnableIPv6Fragments bool `config:"enable_ipv6_fragments"`
// Enable routes when service has 0 endpoints.
EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
// Masquerade traffic to remote nodes.
EnableRemoteNodeMasquerade bool `config:"enable_remote_node_masquerade"`
// Enable XDP Prefilter.
EnableXDPPrefilter bool `config:"enable_xdp_prefilter"`
// Ephemeral port range minimun.
EphemeralMin uint16 `config:"ephemeral_min"`
// Ifindex of the interface the bpf program is attached to.
InterfaceIfIndex uint32 `config:"interface_ifindex"`
// MAC address of the interface the bpf program is attached to.
InterfaceMAC types.MACAddr `config:"interface_mac"`
// Masquerade address for IPv4 traffic.
NATIPv4Masquerade types.V4Addr `config:"nat_ipv4_masquerade"`
// Masquerade address for IPv6 traffic.
NATIPv6Masquerade types.V6Addr `config:"nat_ipv6_masquerade"`
// Whether to redirect to the proxy via cilium_net (hairpin) or via stack.
ProxyRedirectViaCiliumNet bool `config:"proxy_redirect_via_cilium_net"`
// Port number used for the overlay network.
TunnelPort uint16 `config:"tunnel_port"`
// The identifier of the tunnel protocol used for the overlay network.
TunnelProtocol uint8 `config:"tunnel_protocol"`
Node
}
BPFXDP is a configuration struct for a Cilium datapath object.
Warning: do not instantiate directly! Always use NewBPFXDP to ensure the default values configured in the ELF are honored.
type ChangeHandler ¶
type Config ¶
type Config struct {
// NodeIPv4 is the primary IPv4 address of this node.
// Mutable at runtime.
// +deepequal-gen=false
NodeIPv4 netip.Addr
// NodeIPv6 is the primary IPv6 address of this node.
// Mutable at runtime.
// +deepequal-gen=false
NodeIPv6 netip.Addr
// CiliumInternalIPv4 is the internal IP address assigned to the cilium_host
// interface.
// Immutable at runtime.
// +deepequal-gen=false
CiliumInternalIPv4 netip.Addr
// CiliumInternalIPv6 is the internal IP address assigned to the cilium_host
// interface.
// Immutable at runtime.
// +deepequal-gen=false
CiliumInternalIPv6 netip.Addr
// Interface index of the cilium_host device
CiliumHostIfIndex uint32
// MAC address of the cilium_host device.
CiliumHostMAC mac.MAC
// Interface index of the cilium_net device
CiliumNetIfIndex uint32
// MAC address of the cilium_net device.
CiliumNetMAC mac.MAC
// AllocCIDRIPv4 is the IPv4 allocation CIDR from which IP addresses for
// endpoints are allocated from.
// Immutable at runtime.
AllocCIDRIPv4 *cidr.CIDR
// AllocCIDRIPv6 is the IPv6 allocation CIDR from which IP addresses for
// endpoints are allocated from.
// Immutable at runtime.
AllocCIDRIPv6 *cidr.CIDR
// NativeRoutingCIDRIPv4 is the v4 CIDR in which pod IPs are routable.
NativeRoutingCIDRIPv4 *cidr.CIDR
// NativeRoutingCIDRIPv6 is the v4 CIDR in which pod IPs are routable.
NativeRoutingCIDRIPv6 *cidr.CIDR
// LoopbackIPv4 is the source address used for SNAT when a Pod talks to itself
// over a Service.
//
// Immutable at runtime.
// +deepequal-gen=false
ServiceLoopbackIPv4 netip.Addr
// ServiceLoopbackIPv6 is the source address used for SNAT when a Pod talks to itself
// over a Service.
// Immutable at runtime.
// +deepequal-gen=false
ServiceLoopbackIPv6 netip.Addr
// Devices is the native network devices selected for datapath use.
// Mutable at runtime.
Devices []*tables.Device
// DirectRoutingDevice is the device used in direct routing mode.
// Mutable at runtime.
DirectRoutingDevice *tables.Device
// NodeAddresses are the IP addresses of the local node that are considered
// as this node's addresses. From this set we pick the addresses that are
// used as NodePort frontends and the addresses to use for BPF masquerading.
// Mutable at runtime.
NodeAddresses []tables.NodeAddress
// DeriveMasqIPAddrFromDevice overrides the interface name to use for deriving
// the masquerading IP address for the node.
DeriveMasqIPAddrFromDevice string
// HostEndpointID is the endpoint ID assigned to the host endpoint.
// Immutable at runtime.
HostEndpointID uint64
// DeviceMTU is the MTU used on workload facing devices.
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
DeviceMTU int
// RouteMTU is the MTU used on the network.
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
RouteMTU int
// RoutePostEncryptMTU is the MTU without the encryption overhead
// included.
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
RoutePostEncryptMTU int
// AuxiliaryPrefixes is the list of auxiliary prefixes that should be
// configured in addition to the node PodCIDR
//
// This field is mutable. The implementation of
// NodeConfigurationChanged() must adjust the routes accordingly.
AuxiliaryPrefixes []*cidr.CIDR
// EnableIPv4 enables use of IPv4. Routing to the IPv4 allocation CIDR
// of other nodes must be enabled.
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
EnableIPv4 bool
// EnableIPv6 enables use of IPv6. Routing to the IPv6 allocation CIDR
// of other nodes must be enabled.
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
EnableIPv6 bool
// EnableEncapsulation enables use of encapsulation in communication
// between nodes.
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
EnableEncapsulation bool
// TunnelProtocol is the datapath ID of the encapsulation protocol
// (0 if disabled, 1 for VXLAN, 2 for Geneve).
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
TunnelProtocol tunnel.BPFEncapProtocol
// TunnelPort is the UDP port used by the tunnel protocol (0 if disabled).
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
TunnelPort uint16
// EnableAutoDirectRouting enables the use of direct routes for
// communication between nodes if two nodes have direct L2
// connectivity.
//
// EnableAutoDirectRouting must be compatible with EnableEncapsulation
// and must provide a fallback to use encapsulation if direct routing
// is not feasible and encapsulation is enabled.
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
EnableAutoDirectRouting bool
// DirectRoutingSkipUnreachable will skip any direct routes between
// nodes if they have different L2 connectivity, only adding L2 routes
// if the underlying L2 shares the same gateway.
//
// This field is immutable at runtime. The value will not change in
// subsequent calls to NodeConfigurationChanged().
DirectRoutingSkipUnreachable bool
// EnableLocalNodeRoute enables installation of the route which points
// the allocation prefix of the local node. Disabling this option is
// useful when another component is responsible for the routing of the
// allocation CIDR IPs into Cilium endpoints.
EnableLocalNodeRoute bool
// DatapathIsLayer2 holds the configuration for whether the underlying
// connector to Pods on this node operate at Layer 2.
DatapathIsLayer2 bool
// DatapathIsNetkit holds the configuration for whether the underlying
// connector to pods on this node is Netkit or not.
DatapathIsNetkit bool
// EnableWireguard is used to check if we need to attach to the native
// device and to cilium_wg0.
EnableWireguard bool
// Ephemeral port range minimun.
EphemeralMin uint16
// Index of the cilium_wg0 interface if enabled.
WireguardIfIndex uint32
// EnableIPSec enables IPSec routes
EnableIPSec bool
// EncryptNode enables encrypting NodeIP traffic
EncryptNode bool
// EnablePolicyAccounting enables maintaining packet and byte counters for every
// policy entry
EnablePolicyAccounting bool
// Enable per flow (conntrack) statistics
EnableConntrackAccounting bool
// IPv4PodSubnets is a list of IPv4 subnets that pod IPs are assigned from
// these are then used when encryption is enabled to configure the node
// for encryption over these subnets at node initialization.
IPv4PodSubnets []*cidr.CIDR
// IPv6PodSubnets is a list of IPv6 subnets that pod IPs are assigned from
// these are then used when encryption is enabled to configure the node
// for encryption over these subnets at node initialization.
IPv6PodSubnets []*cidr.CIDR
// XDPConfig holds configuration options to determine how the node should
// handle XDP programs.
XDPConfig xdp.Config
// LBConfig holds the configuration options for load-balancing
LBConfig loadbalancer.Config
// Maglev configuration provides the maglev table sizes and seeds for
// the BPF programs.
MaglevConfig maglev.Config
KPRConfig kpr.KPRConfig
SvcRouteConfig svcrouteconfig.RoutesConfig
Plugins plugin.Plugins
}
Config represents the configuration of the local node
This configuration struct is immutable even when passed by reference. When the configuration is changed at runtime a new instance is allocated and passed down.
+deepequal-gen=true +deepequal-gen:private-method=true
func (*Config) DeviceNames ¶
func (*Config) GetIPv4PodSubnets ¶
func (*Config) GetIPv6PodSubnets ¶
type Node ¶
type Node struct {
// Interface index of the cilium_host device.
CiliumHostIfIndex uint32 `config:"cilium_host_ifindex"`
// MAC address of the cilium_host device.
CiliumHostMAC types.MACAddr `config:"cilium_host_mac"`
// Interface index of the cilium_net device.
CiliumNetIfIndex uint32 `config:"cilium_net_ifindex"`
// MAC address of the cilium_net device.
CiliumNetMAC types.MACAddr `config:"cilium_net_mac"`
// Cluster ID.
ClusterID uint32 `config:"cluster_id"`
// Number of bits of the identity reserved for the Cluster ID.
ClusterIDBits uint32 `config:"cluster_id_bits"`
// Enable debugging trace statements for load balancer.
DebugLB bool `config:"debug_lb"`
// Index of the interface used to connect nodes in the cluster.
DirectRoutingDevIfIndex uint32 `config:"direct_routing_dev_ifindex"`
// Enable per flow (conntrack) statistics.
EnableConntrackAccounting bool `config:"enable_conntrack_accounting"`
// Enable per endpoint routes.
EnableEndpointRoutes bool `config:"enable_endpoint_routes"`
// Enable setting identity mark for local traffic.
EnableIdentityMark bool `config:"enable_identity_mark"`
// Use jiffies (count of timer ticks since boot).
EnableJiffies bool `config:"enable_jiffies"`
// Enable dynamic source IP resolution for SNAT via linux's routing table.
EnableNodeportSourceLookup bool `config:"enable_nodeport_source_lookup"`
// Enable BPF-based proxy redirection.
EnableTproxy bool `config:"enable_tproxy"`
// Maximum number of messages that can be written to BPF events map in 1
// second.
EventsMapBurstLimit uint32 `config:"events_map_burst_limit"`
// The sustained message rate for the BPF events map in messages per second.
EventsMapRateLimit uint32 `config:"events_map_rate_limit"`
// Cluster-wide IPv4 tuple hash seed sourced.
HashInit4Seed uint32 `config:"hash_init4_seed"`
// Cluster-wide IPv6 tuple hash seed sourced.
HashInit6Seed uint32 `config:"hash_init6_seed"`
// Number of timer ticks per second.
KernelHz uint32 `config:"kernel_hz"`
// NAT 46x64 prefix.
NAT46X64Prefix types.V4Addr `config:"nat_46x64_prefix"`
// Nodeport maximum port value.
NodeportPortMax uint16 `config:"nodeport_port_max"`
// Nodeport minimum port value.
NodeportPortMin uint16 `config:"nodeport_port_min"`
// Enable ICMP responses for policy-denied traffic.
PolicyDenyResponseEnabled bool `config:"policy_deny_response_enabled"`
// Internal IPv6 router address assigned to the cilium_host interface.
RouterIPv6 types.V6Addr `config:"router_ipv6"`
// IPv4 source address used for SNAT when a Pod talks to itself over a Service.
ServiceLoopbackIPv4 types.V4Addr `config:"service_loopback_ipv4"`
// IPv6 source address used for SNAT when a Pod talks to itself over a Service.
ServiceLoopbackIPv6 types.V6Addr `config:"service_loopback_ipv6"`
// Whether or not BPF_FIB_LOOKUP_SKIP_NEIGH is supported.
SupportsFIBLookupSkipNeigh bool `config:"supports_fib_lookup_skip_neigh"`
// Whether or not BPF_FIB_LOOKUP_SRC is supported.
SupportsFIBLookupSrc bool `config:"supports_fib_lookup_src"`
// Length of payload to capture when tracing native packets.
TracePayloadLen uint32 `config:"trace_payload_len"`
// Length of payload to capture when tracing overlay packets.
TracePayloadLenOverlay uint32 `config:"trace_payload_len_overlay"`
// The IP option type to use for packet tracing.
TracingIPOptionType uint8 `config:"tracing_ip_option_type"`
}
Node is a configuration struct for a Cilium datapath object.
Warning: do not instantiate directly! Always use NewNode to ensure the default values configured in the ELF are honored.
func NodeConfig ¶ added in v1.19.0
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.