network

package
v0.0.0-...-02fb3ca Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 3, 2025 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	NewSlotsPoolSize    = 32
	ReusedSlotsPoolSize = 100
)

Variables

This section is empty.

Functions

func GetVrtSlotsSize 

func GetVrtSlotsSize() int

Types

type Firewall 

type Firewall struct {
	// contains filtered or unexported fields
}

func NewFirewall 

func NewFirewall(tapIf string) (*Firewall, error)

func (*Firewall) AddAllowedIP 

func (fw *Firewall) AddAllowedIP(cidr string) error

AddAllowedIP adds a single CIDR to the allow set at runtime.

func (*Firewall) AddBlockedIP 

func (fw *Firewall) AddBlockedIP(cidr string) error

AddBlockedIP adds a single CIDR to the block set at runtime.

func (*Firewall) Close 

func (fw *Firewall) Close() error

func (*Firewall) ResetAllCustom 

func (fw *Firewall) ResetAllCustom() error

func (*Firewall) ResetAllowedCustom 

func (fw *Firewall) ResetAllowedCustom() error

ResetAllowedCustom resets allow set back to original ranges.

func (*Firewall) ResetBlockedCustom 

func (fw *Firewall) ResetBlockedCustom() error

ResetBlockedCustom resets the block set back to original ranges.

type Pool 

type Pool struct {
	// contains filtered or unexported fields
}

func NewPool 

func NewPool(ctx context.Context, meterProvider metric.MeterProvider, newSlotsPoolSize, reusedSlotsPoolSize int, nodeID string) (*Pool, error)

func (*Pool) Close 

func (p *Pool) Close(_ context.Context) error

func (*Pool) Get 

func (p *Pool) Get(ctx context.Context, allowInternet bool) (*Slot, error)

func (*Pool) Return 

func (p *Pool) Return(ctx context.Context, slot *Slot) error

type Slot 

type Slot struct {
	Key string
	Idx int

	Firewall *Firewall
	// contains filtered or unexported fields
}

Slot network allocation

For each slot, we allocate three IP addresses: Host IP - used to access the sandbox from the host machine Vpeer and Veth IPs - used by the sandbox to communicate with the host

Host default namespace creates a /16 CIDR block for the host IPs. Slot with Idx 1 will receive 10.11.0.1 and so on. Its allocated incrementally by slot Idx. Host mask is /32 because we only use one IP per slot.

Vrt addresses (vpeer and veth) are allocated from a /31 CIDR block so we can use CIDR for network link routing. By default, they are using 10.12.0.0/16 CIDR block, that can be configured via environment variable. Vpeer receives the first IP in the block, and Veth receives the second IP. Block is calculated as (slot index * addresses per slot allocation). Vrt address per slot is always 2, so we can allocate /31 CIDR block for each slot.

func NewSlot 

func NewSlot(key string, idx int) (*Slot, error)

func (*Slot) CloseFirewall 

func (s *Slot) CloseFirewall() error

func (*Slot) ConfigureInternet 

func (s *Slot) ConfigureInternet(ctx context.Context, allowInternet bool) (e error)

func (*Slot) CreateNetwork 

func (s *Slot) CreateNetwork() error

func (*Slot) HostCIDR 

func (s *Slot) HostCIDR() string

func (*Slot) HostIP 

func (s *Slot) HostIP() net.IP

func (*Slot) HostIPString 

func (s *Slot) HostIPString() string

func (*Slot) HostMask 

func (s *Slot) HostMask() net.IPMask

func (*Slot) HostNet 

func (s *Slot) HostNet() *net.IPNet

func (*Slot) HyperloopIPString 

func (s *Slot) HyperloopIPString() string

func (*Slot) InitializeFirewall 

func (s *Slot) InitializeFirewall() error

func (*Slot) NamespaceID 

func (s *Slot) NamespaceID() string

func (*Slot) NamespaceIP 

func (s *Slot) NamespaceIP() string

func (*Slot) RemoveNetwork 

func (s *Slot) RemoveNetwork() error

func (*Slot) ResetInternet 

func (s *Slot) ResetInternet(ctx context.Context) error

func (*Slot) TapCIDR 

func (s *Slot) TapCIDR() net.IPMask

func (*Slot) TapIP 

func (s *Slot) TapIP() net.IP

func (*Slot) TapIPString 

func (s *Slot) TapIPString() string

func (*Slot) TapMAC 

func (s *Slot) TapMAC() string

func (*Slot) TapMask 

func (s *Slot) TapMask() int

func (*Slot) TapMaskString 

func (s *Slot) TapMaskString() string

func (*Slot) TapName 

func (s *Slot) TapName() string

func (*Slot) VethIP 

func (s *Slot) VethIP() net.IP

func (*Slot) VethName 

func (s *Slot) VethName() string

func (*Slot) VpeerIP 

func (s *Slot) VpeerIP() net.IP

func (*Slot) VpeerName 

func (s *Slot) VpeerName() string

func (*Slot) VrtMask 

func (s *Slot) VrtMask() net.IPMask

type Storage 

type Storage interface {
	Acquire(ctx context.Context) (*Slot, error)
	Release(s *Slot) error
}

func NewStorage 

func NewStorage(slotsSize int, nodeID string) (Storage, error)

NewStorage creates a new slot storage based on the environment, we are ok with using a memory storage for local

type StorageKV 

type StorageKV struct {
	// contains filtered or unexported fields
}

func NewStorageKV 

func NewStorageKV(slotsSize int, nodeID string) (*StorageKV, error)

func (*StorageKV) Acquire 

func (s *StorageKV) Acquire(_ context.Context) (*Slot, error)

func (*StorageKV) Release 

func (s *StorageKV) Release(ips *Slot) error

type StorageLocal 

type StorageLocal struct {
	// contains filtered or unexported fields
}

func NewStorageLocal 

func NewStorageLocal(slotsSize int) (*StorageLocal, error)

func (*StorageLocal) Acquire 

func (s *StorageLocal) Acquire(ctx context.Context) (*Slot, error)

func (*StorageLocal) Release 

func (s *StorageLocal) Release(ips *Slot) error

type StorageMemory 

type StorageMemory struct {
	// contains filtered or unexported fields
}

func NewStorageMemory 

func NewStorageMemory(slotsSize int) (*StorageMemory, error)

func (*StorageMemory) Acquire 

func (s *StorageMemory) Acquire(_ context.Context) (*Slot, error)

func (*StorageMemory) Release 

func (s *StorageMemory) Release(ips *Slot) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.