Documentation
¶
Index ¶
- Constants
- func AttachBPFWithTC(ctx context.Context, iface, bpfPinPath, bpfProgramPath string, ...) error
- func AttachBPFWithTCWithOptions(ctx context.Context, iface, bpfPinPath, bpfProgramPath string, ...) error
- func GetGuardedPorts(m *ebpf.Map) []uint16
- func HostToNetworkPort(port uint16) uint16
- func InitializeGuardedPorts(portsRange string, m *ebpf.Map) error
- func InsertPendingSrcPort(m *ebpf.Map, ip net.IP, port uint16, window time.Duration) error
- func IsPortGuarded(m *ebpf.Map, port uint16) bool
- func RunDiagnostics(ctx context.Context, opts DiagnosticsOptions) error
- type AttachOptions
- type AttachResult
- type DiagnosticsOptions
- type FilterBackend
- func (b *FilterBackend) InsertPending(ctx context.Context, ip net.IP, port uint16, window time.Duration) error
- func (b *FilterBackend) IsPortGuarded(ctx context.Context, port uint16) (bool, error)
- func (b *FilterBackend) Stats(ctx context.Context) (filter.Counters, error)
- func (b *FilterBackend) VerifyPending(ctx context.Context, ip net.IP, port uint16) error
- type IpPortKey
- type Manager
Constants ¶
View Source
const ( PendingSrcMapName = "l4_pending_src" StatsMapName = "l4_stats" ActiveFlowsMapName = "l4_active_flows" GuardedPortsMapName = "l4_guarded_port" LogsMapName = "l4_logs" ProgramName = "l4_filter" PinnedProgRel = "l4_filter" // имя pinned файла в BPFPinPath )
Имя мапы не может превышать 15 символов!
Variables ¶
This section is empty.
Functions ¶
func AttachBPFWithTC ¶
func AttachBPFWithTC( ctx context.Context, iface, bpfPinPath, bpfProgramPath string, pendingMap, guardedPortsMap, statsMap, activeFlowsMap **ebpf.Map, ) error
AttachBPFWithTC загружает и прикрепляет BPF программу к TC. возвращает карты из коллекции, чтобы контроллер использовал те же карты, что и программа.
func GetGuardedPorts ¶
GetGuardedPorts returns the list of guarded ports in HOST BYTE ORDER.
func HostToNetworkPort ¶
HostToNetworkPort converts port from host to network byte order.
func InitializeGuardedPorts ¶
InitializeGuardedPorts initializes guarded ports from port range.
func InsertPendingSrcPort ¶
InsertPendingSrcPort inserts an IP+port into the pending map with expiration.
func IsPortGuarded ¶
IsPortGuarded checks if a port is in the guarded ports list (uses NETWORK byte order).
func RunDiagnostics ¶
func RunDiagnostics(ctx context.Context, opts DiagnosticsOptions) error
RunDiagnostics — для отладки: bpftool prog/map list + сравнение map_ids + проверка pinned путей.
Types ¶
type AttachOptions ¶
type AttachOptions struct {
Debug bool
}
type AttachResult ¶
type DiagnosticsOptions ¶
type FilterBackend ¶
type FilterBackend struct {
// contains filtered or unexported fields
}
func NewFilterBackend ¶
func NewFilterBackend(pending, guarded, stats *ebpf.Map) *FilterBackend
func (*FilterBackend) InsertPending ¶
func (*FilterBackend) IsPortGuarded ¶
func (*FilterBackend) VerifyPending ¶
type IpPortKey ¶
type IpPortKey struct {
Saddr uint32 // source IP
Dport uint16 // destination port (network byte order)
Pad uint16
}
IpPortKey — ключ для pending map (eBPF).
Source Files
Click to show internal directories.
Click to hide internal directories.