Documentation

Overview

    Package eppolicymap represents the map from an endpoint ID to its policy map. This map is of type bpf.MapTypeHashOfMaps where the key is the endpoint ID. It is used to lookup the policy from the socket context where unlike in the L2/L3 context, where the program has a direct lookup of the policy because each program is attached to an endpoint, socket programs run on all sockets regardless of endpoint. +groupName=maps

    Index

    Constants

    View Source
    const (
    	// MaxEntries represents the maximum number of endpoints in the map
    	MaxEntries = 65536
    )

    Variables

    View Source
    var (
    
    	// EpPolicyMap is the global singleton of the endpoint policy map.
    	EpPolicyMap *bpf.Map
    )
    View Source
    var (
    	MapName = "cilium_ep_to_policy"
    )

    Functions

    func CreateEPPolicyMap

    func CreateEPPolicyMap()

      CreateEPPolicyMap will create both the innerMap (needed for map in map types) and then after BPFFS is mounted create the epPolicyMap. We only create the innerFd once to avoid having multiple inner maps.

      func CreateWithName

      func CreateWithName(mapName string) error

        CreateWithName creates a new endpoint policy hash of maps for looking up an endpoint's policy map by the endpoint key.

        The specified mapName allows non-standard map paths to be used, for instance for testing purposes.

        func WriteEndpoint

        func WriteEndpoint(f lxcmap.EndpointFrontend, pm *policymap.PolicyMap) error

          WriteEndpoint writes the policy map file descriptor into the map so that the datapath side can do a lookup from EndpointKey->PolicyMap. Locking is handled in the usual way via Map lock. If sockops is disabled this will be a nop.

          Types

          type EPPolicyValue

          type EPPolicyValue struct{ Fd uint32 }

            +k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapValue

            func (*EPPolicyValue) DeepCopy

            func (in *EPPolicyValue) DeepCopy() *EPPolicyValue

              DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EPPolicyValue.

              func (*EPPolicyValue) DeepCopyInto

              func (in *EPPolicyValue) DeepCopyInto(out *EPPolicyValue)

                DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                func (*EPPolicyValue) DeepCopyMapValue

                func (in *EPPolicyValue) DeepCopyMapValue() bpf.MapValue

                  DeepCopyMapValue is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapValue.

                  func (*EPPolicyValue) GetValuePtr

                  func (v *EPPolicyValue) GetValuePtr() unsafe.Pointer

                    GetValuePtr returns the unsafe value pointer to the Endpoint Policy fd

                    func (EPPolicyValue) String

                    func (v EPPolicyValue) String() string

                    type EndpointKey

                    type EndpointKey struct{ bpf.EndpointKey }

                      +k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapKey

                      func (*EndpointKey) DeepCopy

                      func (in *EndpointKey) DeepCopy() *EndpointKey

                        DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointKey.

                        func (*EndpointKey) DeepCopyInto

                        func (in *EndpointKey) DeepCopyInto(out *EndpointKey)

                          DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

                          func (*EndpointKey) DeepCopyMapKey

                          func (in *EndpointKey) DeepCopyMapKey() bpf.MapKey

                            DeepCopyMapKey is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapKey.

                            func (EndpointKey) NewValue

                            func (k EndpointKey) NewValue() bpf.MapValue

                              NewValue returns a new empty instance of the Endpoint Policy fd