ctmap

package
v1.6.11 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 3, 2020 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Overview

+groupName=maps

Index

Constants

View Source
const (

	// Map names for TCP CT tables are retained from Cilium 1.0 naming
	// scheme to minimize disruption of ongoing connections during upgrade.
	MapNamePrefix     = "cilium_ct"
	MapNameTCP6       = MapNamePrefix + "6_"
	MapNameTCP4       = MapNamePrefix + "4_"
	MapNameTCP6Global = MapNameTCP6 + "global"
	MapNameTCP4Global = MapNameTCP4 + "global"

	// Map names for "any" protocols indicate CT for non-TCP protocols.
	MapNameAny6       = MapNamePrefix + "_any6_"
	MapNameAny4       = MapNamePrefix + "_any4_"
	MapNameAny6Global = MapNameAny6 + "global"
	MapNameAny4Global = MapNameAny4 + "global"

	MapNumEntriesLocal = 64000

	TUPLE_F_OUT     = 0
	TUPLE_F_IN      = 1
	TUPLE_F_RELATED = 2
	TUPLE_F_SERVICE = 4

	// MaxTime specifies the last possible time for GCFilter.Time
	MaxTime = math.MaxUint32
)
View Source
const (
	// MapTypeIPv4TCPLocal and friends are MapTypes which correspond to a
	// combination of the following attributes:
	// * IPv4 or IPv6;
	// * TCP or non-TCP (shortened to Any)
	// * Local (endpoint-specific) or global (endpoint-oblivious).
	MapTypeIPv4TCPLocal = iota
	MapTypeIPv6TCPLocal
	MapTypeIPv4TCPGlobal
	MapTypeIPv6TCPGlobal
	MapTypeIPv4AnyLocal
	MapTypeIPv6AnyLocal
	MapTypeIPv4AnyGlobal
	MapTypeIPv6AnyGlobal
	MapTypeMax
)
View Source
const (
	RxClosing  = 1 << 0
	TxClosing  = 1 << 1
	Nat64      = 1 << 2
	LBLoopback = 1 << 3
	SeenNonSyn = 1 << 4
	NodePort   = 1 << 5
)

Variables

This section is empty.

Functions

func CloseLocalMaps added in v1.5.1

func CloseLocalMaps(mapname string)

CloseLocalMaps closes all local conntrack maps opened previously for lookup with the given 'mapname'.

func DeleteIfUpgradeNeeded added in v1.5.0

func DeleteIfUpgradeNeeded(e CtEndpoint)

DeleteIfUpgradeNeeded attempts to open the conntrack maps associated with the specified endpoint, and delete the maps from the filesystem if any properties do not match the properties defined in this package.

The typical trigger for this is when, for example, the CT entry size changes from one version of Cilium to the next. When Cilium restarts, it may opt to restore endpoints from the prior life. Existing endpoints that use the old map style are incompatible with the new version, so the CT map must be destroyed and recreated during upgrade. By removing the old map location from the filesystem, we ensure that the next time that the endpoint is regenerated, it will recreate a new CT map with the new properties.

Note that if an existing BPF program refers to the map at the canonical paths (as fetched via the getMapPathsToKeySize() call below), then that BPF program will continue to operate on the old map, even once the map is removed from the filesystem. The old map will only be completely cleaned up once all referenced to the map are cleared - that is, all BPF programs which refer to the old map and removed/reloaded.

func Exists added in v1.5.0

func Exists(e CtEndpoint, ipv4, ipv6 bool) bool

Exists returns false if the CT maps for the specified endpoint (or global maps if nil) are not pinned to the filesystem, or true if they exist or an internal error occurs.

func GC added in v0.9.0

func GC(m *Map, filter *GCFilter) int

GC runs garbage collection for map m with name mapType with the given filter. It returns how many items were deleted from m.

func GetInterval added in v1.5.2

func GetInterval(mapType bpf.MapType, maxDeleteRatio float64) (interval time.Duration)

GetInterval returns the interval adjusted based on the deletion ratio of the last run

func InitMapInfo added in v1.5.0

func InitMapInfo(tcpMaxEntries, anyMaxEntries int, v4, v6 bool)

InitMapInfo builds the information about different CT maps for the combination of L3/L4 protocols, using the specified limits on TCP vs non-TCP maps.

func NameIsGlobal added in v1.5.0

func NameIsGlobal(filename string) bool

NameIsGlobal returns true if the specified filename (basename) denotes a global conntrack map.

func WriteBPFMacros added in v1.5.0

func WriteBPFMacros(fw io.Writer, e CtEndpoint)

WriteBPFMacros writes the map names for conntrack maps into the specified writer, defining usage of the global map or local maps depending on whether the specified CtEndpoint is nil.

Types

type CtEndpoint added in v1.5.0

type CtEndpoint interface {
	GetID() uint64
}

CtEndpoint represents an endpoint for the functions required to manage conntrack maps for the endpoint.

type CtEntry

type CtEntry struct {
	RxPackets uint64 `align:"rx_packets"`
	RxBytes   uint64 `align:"rx_bytes"`
	TxPackets uint64 `align:"tx_packets"`
	TxBytes   uint64 `align:"tx_bytes"`
	Lifetime  uint32 `align:"lifetime"`
	Flags     uint16 `align:"rx_closing"`
	// RevNAT is in network byte order
	RevNAT uint16 `align:"rev_nat_index"`

	TxFlagsSeen      uint8  `align:"tx_flags_seen"`
	RxFlagsSeen      uint8  `align:"rx_flags_seen"`
	SourceSecurityID uint32 `align:"src_sec_id"`
	LastTxReport     uint32 `align:"last_tx_report"`
	LastRxReport     uint32 `align:"last_rx_report"`
	// contains filtered or unexported fields
}

CtEntry represents an entry in the connection tracking table. +k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapValue

func Lookup added in v1.5.1

func Lookup(epname string, remoteAddr, localAddr string, proto u8proto.U8proto, ingress bool) (*CtEntry, error)

Lookup opens a conntrack map if necessary, and does a lookup on it with a key constructed from the parameters 'epname' is a 5-digit representation of the endpoint ID if local maps are to be used, or "global" if global maps should be used.

func (*CtEntry) DeepCopy added in v1.5.1

func (in *CtEntry) DeepCopy() *CtEntry

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CtEntry.

func (*CtEntry) DeepCopyInto added in v1.5.1

func (in *CtEntry) DeepCopyInto(out *CtEntry)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CtEntry) DeepCopyMapValue added in v1.5.1

func (in *CtEntry) DeepCopyMapValue() bpf.MapValue

DeepCopyMapValue is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapValue.

func (*CtEntry) GetValuePtr added in v0.9.0

func (c *CtEntry) GetValuePtr() unsafe.Pointer

GetValuePtr returns the unsafe.Pointer for s.

func (*CtEntry) String added in v1.5.0

func (c *CtEntry) String() string

String returns the readable format

type CtKey

type CtKey interface {
	bpf.MapKey

	// ToNetwork converts fields to network byte order.
	ToNetwork() CtKey

	// ToHost converts fields to host byte order.
	ToHost() CtKey

	// Dump contents of key to buffer. Returns true if successful.
	Dump(buffer *bytes.Buffer, reverse bool) bool

	// GetFlags flags containing the direction of the CtKey.
	GetFlags() uint8

	GetTupleKey() tuple.TupleKey
}

type CtKey4

type CtKey4 struct {
	tuple.TupleKey4
}

CtKey4 is needed to provide CtEntry type to Lookup values +k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapKey

func (*CtKey4) DeepCopy added in v1.6.0

func (in *CtKey4) DeepCopy() *CtKey4

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CtKey4.

func (*CtKey4) DeepCopyInto added in v1.6.0

func (in *CtKey4) DeepCopyInto(out *CtKey4)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CtKey4) DeepCopyMapKey added in v1.6.0

func (in *CtKey4) DeepCopyMapKey() bpf.MapKey

DeepCopyMapKey is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapKey.

func (*CtKey4) Dump

func (k *CtKey4) Dump(buffer *bytes.Buffer, reverse bool) bool

Dump writes the contents of key to buffer and returns true if the value for next header in the key is nonzero.

func (*CtKey4) GetFlags added in v1.6.0

func (k *CtKey4) GetFlags() uint8

GetFlags returns the tuple's flags.

func (*CtKey4) GetKeyPtr added in v0.9.0

func (k *CtKey4) GetKeyPtr() unsafe.Pointer

GetKeyPtr returns the unsafe.Pointer for k.

func (*CtKey4) GetTupleKey added in v1.6.0

func (k *CtKey4) GetTupleKey() tuple.TupleKey

func (*CtKey4) NewValue added in v0.9.0

func (k *CtKey4) NewValue() bpf.MapValue

NewValue creates a new bpf.MapValue.

func (*CtKey4) String added in v0.9.0

func (k *CtKey4) String() string

func (*CtKey4) ToHost added in v0.10.0

func (k *CtKey4) ToHost() CtKey

ToHost converts CtKey ports to host byte order.

func (*CtKey4) ToNetwork added in v0.10.0

func (k *CtKey4) ToNetwork() CtKey

ToNetwork converts CtKey4 ports to network byte order.

type CtKey4Global added in v0.9.0

type CtKey4Global struct {
	tuple.TupleKey4Global
}

CtKey4Global is needed to provide CtEntry type to Lookup values +k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapKey

func (*CtKey4Global) DeepCopy added in v1.6.0

func (in *CtKey4Global) DeepCopy() *CtKey4Global

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CtKey4Global.

func (*CtKey4Global) DeepCopyInto added in v1.6.0

func (in *CtKey4Global) DeepCopyInto(out *CtKey4Global)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CtKey4Global) DeepCopyMapKey added in v1.6.0

func (in *CtKey4Global) DeepCopyMapKey() bpf.MapKey

DeepCopyMapKey is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapKey.

func (*CtKey4Global) Dump added in v0.9.0

func (k *CtKey4Global) Dump(buffer *bytes.Buffer, reverse bool) bool

Dump writes the contents of key to buffer and returns true if the value for next header in the key is nonzero.

func (*CtKey4Global) GetFlags added in v1.6.0

func (k *CtKey4Global) GetFlags() uint8

GetFlags returns the tuple's flags.

func (*CtKey4Global) GetKeyPtr added in v0.9.0

func (k *CtKey4Global) GetKeyPtr() unsafe.Pointer

GetKeyPtr returns the unsafe.Pointer for k.

func (*CtKey4Global) GetTupleKey added in v1.6.0

func (k *CtKey4Global) GetTupleKey() tuple.TupleKey

func (*CtKey4Global) NewValue added in v0.9.0

func (k *CtKey4Global) NewValue() bpf.MapValue

NewValue creates a new bpf.MapValue.

func (*CtKey4Global) String added in v0.9.0

func (k *CtKey4Global) String() string

func (*CtKey4Global) ToHost added in v0.10.0

func (k *CtKey4Global) ToHost() CtKey

ToHost converts ports to host byte order.

This is necessary to prevent callers from implicitly converting the CtKey4Global type here into a local key type in the nested TupleKey4Global field.

func (*CtKey4Global) ToNetwork added in v0.10.0

func (k *CtKey4Global) ToNetwork() CtKey

ToNetwork converts ports to network byte order.

This is necessary to prevent callers from implicitly converting the CtKey4Global type here into a local key type in the nested TupleKey4Global field.

type CtKey6

type CtKey6 struct {
	tuple.TupleKey6
}

CtKey6 is needed to provide CtEntry type to Lookup values +k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapKey

func (*CtKey6) DeepCopy added in v1.6.0

func (in *CtKey6) DeepCopy() *CtKey6

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CtKey6.

func (*CtKey6) DeepCopyInto added in v1.6.0

func (in *CtKey6) DeepCopyInto(out *CtKey6)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CtKey6) DeepCopyMapKey added in v1.6.0

func (in *CtKey6) DeepCopyMapKey() bpf.MapKey

DeepCopyMapKey is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapKey.

func (*CtKey6) Dump

func (k *CtKey6) Dump(buffer *bytes.Buffer, reverse bool) bool

Dump writes the contents of key to buffer and returns true if the value for next header in the key is nonzero.

func (*CtKey6) GetFlags added in v1.6.0

func (k *CtKey6) GetFlags() uint8

GetFlags returns the tuple's flags.

func (*CtKey6) GetKeyPtr added in v0.9.0

func (k *CtKey6) GetKeyPtr() unsafe.Pointer

GetKeyPtr returns the unsafe.Pointer for k.

func (*CtKey6) GetTupleKey added in v1.6.0

func (k *CtKey6) GetTupleKey() tuple.TupleKey

func (*CtKey6) NewValue added in v0.9.0

func (k *CtKey6) NewValue() bpf.MapValue

NewValue creates a new bpf.MapValue.

func (*CtKey6) String added in v0.9.0

func (k *CtKey6) String() string

func (*CtKey6) ToHost added in v0.10.0

func (k *CtKey6) ToHost() CtKey

ToHost converts CtKey ports to host byte order.

func (*CtKey6) ToNetwork added in v0.10.0

func (k *CtKey6) ToNetwork() CtKey

ToNetwork converts CtKey6 ports to network byte order.

type CtKey6Global added in v0.9.0

type CtKey6Global struct {
	tuple.TupleKey6Global
}

CtKey6Global is needed to provide CtEntry type to Lookup values +k8s:deepcopy-gen=true +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapKey

func (*CtKey6Global) DeepCopy added in v1.6.0

func (in *CtKey6Global) DeepCopy() *CtKey6Global

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CtKey6Global.

func (*CtKey6Global) DeepCopyInto added in v1.6.0

func (in *CtKey6Global) DeepCopyInto(out *CtKey6Global)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*CtKey6Global) DeepCopyMapKey added in v1.6.0

func (in *CtKey6Global) DeepCopyMapKey() bpf.MapKey

DeepCopyMapKey is an autogenerated deepcopy function, copying the receiver, creating a new bpf.MapKey.

func (*CtKey6Global) Dump added in v0.9.0

func (k *CtKey6Global) Dump(buffer *bytes.Buffer, reverse bool) bool

Dump writes the contents of key to buffer and returns true if the value for next header in the key is nonzero.

func (*CtKey6Global) GetFlags added in v1.6.0

func (k *CtKey6Global) GetFlags() uint8

GetFlags returns the tuple's flags.

func (*CtKey6Global) GetKeyPtr added in v0.9.0

func (k *CtKey6Global) GetKeyPtr() unsafe.Pointer

GetKeyPtr returns the unsafe.Pointer for k.

func (*CtKey6Global) GetTupleKey added in v1.6.0

func (k *CtKey6Global) GetTupleKey() tuple.TupleKey

func (*CtKey6Global) NewValue added in v0.9.0

func (k *CtKey6Global) NewValue() bpf.MapValue

NewValue creates a new bpf.MapValue.

func (*CtKey6Global) String added in v0.9.0

func (k *CtKey6Global) String() string

func (*CtKey6Global) ToHost added in v0.10.0

func (k *CtKey6Global) ToHost() CtKey

ToHost converts ports to host byte order.

This is necessary to prevent callers from implicitly converting the CtKey6Global type here into a local key type in the nested TupleKey6Global field.

func (*CtKey6Global) ToNetwork added in v0.10.0

func (k *CtKey6Global) ToNetwork() CtKey

ToNetwork converts ports to network byte order.

This is necessary to prevent callers from implicitly converting the CtKey6Global type here into a local key type in the nested TupleKey6Global field.

type GCFilter added in v0.10.0

type GCFilter struct {
	// RemoveExpired enables removal of all entries that have expired
	RemoveExpired bool

	// Time is the reference timestamp to reomove expired entries. If
	// RemoveExpired is true and lifetime is lesser than Time, the entry is
	// removed
	Time uint32

	// ValidIPs is the list of valid IPs to scrub all entries for which the
	// source or destination IP is *not* matching one of the valid IPs.
	// The key is the IP in string form: net.IP.String()
	ValidIPs map[string]struct{}

	// MatchIPs is the list of IPs to remove from the conntrack table
	MatchIPs map[string]struct{}
}

GCFilter contains the necessary fields to filter the CT maps. Filtering by endpoint requires both EndpointID to be > 0 and EndpointIP to be not nil.

type Map added in v1.5.0

type Map struct {
	bpf.Map
	// contains filtered or unexported fields
}

Map represents an instance of a BPF connection tracking map.

func GlobalMaps added in v1.5.0

func GlobalMaps(ipv4, ipv6 bool) []*Map

GlobalMaps returns a slice of CT maps that are used globally by all endpoints that are not otherwise configured to use their own local maps. If ipv4 or ipv6 are false, the maps for that protocol will not be returned.

The returned maps are not yet opened.

func LocalMaps added in v1.5.0

func LocalMaps(e CtEndpoint, ipv4, ipv6 bool) []*Map

LocalMaps returns a slice of CT maps for the endpoint, which are local to the endpoint and not shared with other endpoints. If ipv4 or ipv6 are false, the maps for that protocol will not be returned.

The returned maps are not yet opened.

func NewMap added in v1.5.0

func NewMap(mapName string, mapType MapType) *Map

NewMap creates a new CT map of the specified type with the specified name.

func (*Map) DumpEntries added in v1.5.0

func (m *Map) DumpEntries() (string, error)

ToString iterates through Map m and writes the values of the ct entries in m to a string.

func (*Map) Flush added in v1.5.0

func (m *Map) Flush() int

Flush runs garbage collection for map m with the name mapType, deleting all entries. The specified map must be already opened using bpf.OpenMap().

type MapType added in v1.5.0

type MapType int

MapType is a type of connection tracking map.

func (MapType) String added in v1.5.0

func (m MapType) String() string

String renders the map type into a user-readable string.

type NatMap added in v1.6.0

type NatMap interface {
	Open() error
	Close() error
	DeleteMapping(key tuple.TupleKey) error
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL