leshybpf

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 14, 2026 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PendingSrcMapName   = "l4_pending_src"
	StatsMapName        = "l4_stats"
	ActiveFlowsMapName  = "l4_active_flows"
	GuardedPortsMapName = "l4_guarded_port"
	LogsMapName         = "l4_logs"

	ProgramName   = "l4_filter"
	PinnedProgRel = "l4_filter" // имя pinned файла в BPFPinPath
)

Имя мапы не может превышать 15 символов!

Variables

This section is empty.

Functions

func AttachBPFWithTC 

func AttachBPFWithTC(
	ctx context.Context,
	iface, bpfPinPath, bpfProgramPath string,
	pendingMap, guardedPortsMap, statsMap, activeFlowsMap **ebpf.Map,
) error

AttachBPFWithTC загружает и прикрепляет BPF программу к TC. возвращает карты из коллекции, чтобы контроллер использовал те же карты, что и программа.

func AttachBPFWithTCWithOptions 

func AttachBPFWithTCWithOptions(
	ctx context.Context,
	iface, bpfPinPath, bpfProgramPath string,
	opts AttachOptions,
	pendingMap, guardedPortsMap, statsMap, activeFlowsMap **ebpf.Map,
) error

func GetGuardedPorts 

func GetGuardedPorts(m *ebpf.Map) []uint16

GetGuardedPorts возвращает список защищаемых портов в HOST BYTE ORDER.

func HostToNetworkPort 

func HostToNetworkPort(port uint16) uint16

HostToNetworkPort преобразует формат порта HOST -> NETWORK BYTE.

func InitializeGuardedPorts 

func InitializeGuardedPorts(portsRange string, m *ebpf.Map) error

InitializeGuardedPorts инициализует защищаемые порты из диапазона.

func InsertPendingSrcPort 

func InsertPendingSrcPort(m *ebpf.Map, ip net.IP, port uint16, window time.Duration) error

InsertPendingSrcPort вставляет ключи IP+port в pending map с заданным expiration.

func IsPortGuarded 

func IsPortGuarded(m *ebpf.Map, port uint16) bool

IsPortGuarded проверяет находится ли порт в списке защищаемых (NETWORK byte order).

func RunDiagnostics 

func RunDiagnostics(ctx context.Context, opts DiagnosticsOptions) error

RunDiagnostics — для отладки: bpftool prog/map list + сравнение map_ids + проверка pinned путей.

Types

type AttachOptions 

type AttachOptions struct {
	Debug bool
}

type AttachResult 

type AttachResult struct {
	PendingMap      *ebpf.Map
	GuardedPortsMap *ebpf.Map
	StatsMap        *ebpf.Map
	ActiveFlowsMap  *ebpf.Map
}

type DiagnosticsOptions 

type DiagnosticsOptions struct {
	Iface    string
	PinPath  string
	Program  string
	MapNames []string
}

type FilterBackend 

type FilterBackend struct {
	// contains filtered or unexported fields
}

func NewFilterBackend 

func NewFilterBackend(pending, guarded, stats, active *ebpf.Map) *FilterBackend

func (*FilterBackend) FlushAuthorizations added in v0.0.3 

func (b *FilterBackend) FlushAuthorizations(ctx context.Context) (filter.FlushResult, error)

func (*FilterBackend) InsertPending 

func (b *FilterBackend) InsertPending(ctx context.Context, ip net.IP, port uint16, window time.Duration) error

func (*FilterBackend) IsPortGuarded 

func (b *FilterBackend) IsPortGuarded(ctx context.Context, port uint16) (bool, error)

func (*FilterBackend) Stats 

func (b *FilterBackend) Stats(ctx context.Context) (filter.Counters, error)

func (*FilterBackend) VerifyPending 

func (b *FilterBackend) VerifyPending(ctx context.Context, ip net.IP, port uint16) error

type IpPortKey 

type IpPortKey struct {
	Saddr uint32 // source IP
	Dport uint16 // destination port (network byte order)
	Pad   uint16
}

IpPortKey — ключ для pending map (eBPF).

type Manager 

type Manager struct {
	Pending     *ebpf.Map
	Guarded     *ebpf.Map
	Stats       *ebpf.Map
	ActiveFlows *ebpf.Map
	Program     *ebpf.Program
	// contains filtered or unexported fields
}

func NewManagerAndAttach 

func NewManagerAndAttach(
	ctx context.Context,
	iface, bpfPinPath, bpfProgramPath string,
	opts AttachOptions,
	pendingMap, guardedPortsMap, statsMap, activeFlowsMap **ebpf.Map,
) (*Manager, error)

func (*Manager) AttachWithOptions 

func (m *Manager) AttachWithOptions(
	ctx context.Context,
	iface, bpfPinPath, bpfProgramPath string,
	opts AttachOptions,
	pendingMap, guardedPortsMap, statsMap, activeFlowsMap **ebpf.Map,
) error

func (*Manager) Close 

func (m *Manager) Close() error

Close освобождает коллекцию.

type RuntimeSettingsApplier added in v0.0.3 

type RuntimeSettingsApplier struct {
	// contains filtered or unexported fields
}

RuntimeSettingsApplier применяет настройки управления к прикрепленному eBPF runtime.

func NewRuntimeSettingsApplier added in v0.0.3 

func NewRuntimeSettingsApplier(
	filterRuntime filter.RuntimeConfigurator,
	options RuntimeSettingsApplierOptions,
) *RuntimeSettingsApplier

NewRuntimeSettingsApplier создает новый runtime settings applier.

func (*RuntimeSettingsApplier) Apply added in v0.0.3 

func (a *RuntimeSettingsApplier) Apply(ctx context.Context, settings management.Settings) error

Apply при необходимости подключает и применяет настройки runtime к BPF-картам и фильтрующему сервису.

func (*RuntimeSettingsApplier) Close added in v0.0.3 

func (a *RuntimeSettingsApplier) Close() error

Close закрывает прикреплённый manager и высвобождает мапы.

func (*RuntimeSettingsApplier) RuntimeStatus added in v0.0.3 

func (a *RuntimeSettingsApplier) RuntimeStatus(_ context.Context) management.RuntimeStatus

RuntimeStatus сообщает, прикреплен ли в данный момент BPF-менеджер.

type RuntimeSettingsApplierOptions added in v0.0.3 

type RuntimeSettingsApplierOptions struct {
	BPFPinPath     string
	BPFProgramPath string
	Debug          bool
	AttachTimeout  time.Duration
}

RuntimeSettingsApplierOptions конфигурирует runtime настройки управления приложения.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.