policy

package
v0.0.0-...-b8a1a0e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 31, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

README

Labeler主要任务

给flow打上对应云平台信息,以及observatrace的控制信息

1.云平台相关信息,如设备所属项目,设备id,设备类型,子网等 2.flow所属observatrace平台的资源组,标签以及白名单

Documentation

Index

Constants

View Source 
const (
	MASK_VECTOR_MAX_SIZE = 16
	MASK_VECTOR_MIN_SIZE = 4
	TABLE_SIZE           = 1 << MASK_VECTOR_MAX_SIZE
)
View Source 
const (
	NAMED     = 0
	ANONYMOUS = 1
)
View Source 
const (
	MIN_FASTPATH_MAP_LEN = 1 << 10
	MAX_FASTPATH_MAP_LEN = 1 << 20

	ACL_PROTO_MAX = 256
)
View Source 
const (
	MAX_QUEUE_COUNT = 16
)
View Source 
const (
	PROTO_ALL = 256
)

Variables

View Source 
var STANDARD_NETMASK = MaskLenToNetmask(STANDARD_MASK_LEN)

Functions

func IfHasNetmaskBit 

func IfHasNetmaskBit(bitmap uint32, k uint32) bool

func PortInObservatraceExporter 

func PortInObservatraceExporter(inPort uint32) bool

Types

type Acl 

type Acl struct {
	Id           uint32
	TapType      TapType
	SrcGroups    []uint32
	DstGroups    []uint32
	SrcPortRange []PortRange // 0仅表示采集端口0
	DstPortRange []PortRange // 0仅表示采集端口0
	Proto        uint16      // 256表示全采集, 0表示采集采集协议0
	NpbActions   []NpbActions
	FieldLink    Link
	Field6Link   Link6
	// contains filtered or unexported fields
}

func SortAclsById 

func SortAclsById(acls []*Acl) []*Acl

func (*Acl) InitPolicy 

func (a *Acl) InitPolicy()

func (*Acl) Reset 

func (a *Acl) Reset()

func (*Acl) String 

func (a *Acl) String() string

type CloudPlatformLabeler 

type CloudPlatformLabeler struct {
	// contains filtered or unexported fields
}

func NewCloudPlatformLabeler 

func NewCloudPlatformLabeler(queueCount int, mapSize uint32) *CloudPlatformLabeler

func (*CloudPlatformLabeler) CheckEndpointDataIfNeedCopy 

func (l *CloudPlatformLabeler) CheckEndpointDataIfNeedCopy(store *EndpointStore, key *LookupKey) *EndpointData

检查L2End和L3End是否有可能进行修正

func (*CloudPlatformLabeler) GenerateEpcIpData 

func (l *CloudPlatformLabeler) GenerateEpcIpData(platformDatas []PlatformData) (EpcIpMapData, EpcIp6MapData)

func (*CloudPlatformLabeler) GenerateIpData 

func (l *CloudPlatformLabeler) GenerateIpData(platformDatas []PlatformData) (IpMapDatas, Ip6MapData)

func (*CloudPlatformLabeler) GenerateMacData 

func (l *CloudPlatformLabeler) GenerateMacData(platformDatas []PlatformData) MacMapData

func (*CloudPlatformLabeler) GenerateMacForIpTable 

func (l *CloudPlatformLabeler) GenerateMacForIpTable(platformDatas []PlatformData) MacForIpTable

func (*CloudPlatformLabeler) GetDataByEpcIp 

func (l *CloudPlatformLabeler) GetDataByEpcIp(epc int32, ip net.IP) *PlatformData

func (*CloudPlatformLabeler) GetDataByIp 

func (l *CloudPlatformLabeler) GetDataByIp(ip net.IP) *PlatformData

func (*CloudPlatformLabeler) GetDataByIp4 

func (l *CloudPlatformLabeler) GetDataByIp4(ip uint32) *PlatformData

func (*CloudPlatformLabeler) GetDataByIp6 

func (l *CloudPlatformLabeler) GetDataByIp6(ip net.IP) *PlatformData

func (*CloudPlatformLabeler) GetDataByMac 

func (l *CloudPlatformLabeler) GetDataByMac(key MacKey) *PlatformData

func (*CloudPlatformLabeler) GetEndpointData 

func (l *CloudPlatformLabeler) GetEndpointData(key *LookupKey) *EndpointData

func (*CloudPlatformLabeler) GetEndpointInfo 

func (l *CloudPlatformLabeler) GetEndpointInfo(mac uint64, ip net.IP, tapType TapType, l3End bool, tunnelId uint32) (*EndpointInfo, bool)

func (*CloudPlatformLabeler) GetL3ByIp 

func (l *CloudPlatformLabeler) GetL3ByIp(src, dst net.IP, endpoints *EndpointData)

func (*CloudPlatformLabeler) GetL3ByPeerConnection 

func (l *CloudPlatformLabeler) GetL3ByPeerConnection(src, dst net.IP, endpoints *EndpointData)

func (*CloudPlatformLabeler) GetL3ByWanIp 

func (l *CloudPlatformLabeler) GetL3ByWanIp(srcIp, dstIp net.IP, endpointData *EndpointData) (bool, bool)

func (*CloudPlatformLabeler) GetRealIpByMac 

func (l *CloudPlatformLabeler) GetRealIpByMac(mac uint64, isIpv6 bool) net.IP

func (*CloudPlatformLabeler) GetVIP 

func (l *CloudPlatformLabeler) GetVIP(mac uint64, ip net.IP, isWAN bool, endpoint *EndpointInfo)

func (*CloudPlatformLabeler) ModifyEndpointData 

func (l *CloudPlatformLabeler) ModifyEndpointData(endpointData *EndpointData, key *LookupKey)

func (*CloudPlatformLabeler) ModifyInternetEpcId 

func (l *CloudPlatformLabeler) ModifyInternetEpcId(endpoints *EndpointData)

func (*CloudPlatformLabeler) UpdateCidr 

func (l *CloudPlatformLabeler) UpdateCidr(cidrs []*Cidr)

func (*CloudPlatformLabeler) UpdateEndpointData 

func (l *CloudPlatformLabeler) UpdateEndpointData(endpoint *EndpointStore, key *LookupKey) *EndpointData

func (*CloudPlatformLabeler) UpdateEpcIpTable 

func (l *CloudPlatformLabeler) UpdateEpcIpTable(epcIpMap EpcIpMapData, epcIp6Map EpcIp6MapData)

func (*CloudPlatformLabeler) UpdateInterfaceTable 

func (l *CloudPlatformLabeler) UpdateInterfaceTable(platformDatas []PlatformData)

func (*CloudPlatformLabeler) UpdateIpTable 

func (l *CloudPlatformLabeler) UpdateIpTable(ipDatas IpMapDatas, ip6Data Ip6MapData)

func (*CloudPlatformLabeler) UpdateMacForIpTable 

func (l *CloudPlatformLabeler) UpdateMacForIpTable(macForIpTable MacForIpTable)

func (*CloudPlatformLabeler) UpdateMacTable 

func (l *CloudPlatformLabeler) UpdateMacTable(macmap MacMapData)

func (*CloudPlatformLabeler) UpdatePeerConnectionTable 

func (l *CloudPlatformLabeler) UpdatePeerConnectionTable(connections []*PeerConnection)

type Ddbs 

type Ddbs struct {
	FastPath
	InterestTable

	FastPathDisable bool

	RawAcls []*Acl

	FirstPathHit         uint64
	AclHitMax            uint32
	UnmatchedPacketCount uint64
	// contains filtered or unexported fields
}

func (*Ddbs) AddAcl 

func (d *Ddbs) AddAcl(acl *Acl)

func (*Ddbs) Current 

func (d *Ddbs) Current() uint64

func (*Ddbs) DelAcl 

func (d *Ddbs) DelAcl(id int)

func (*Ddbs) FlushAcls 

func (d *Ddbs) FlushAcls()

func (*Ddbs) GetAcl 

func (d *Ddbs) GetAcl() []*Acl

func (*Ddbs) GetCounter 

func (d *Ddbs) GetCounter() interface{}

func (*Ddbs) GetHitStatus 

func (d *Ddbs) GetHitStatus() (uint64, uint64)

func (*Ddbs) GetPolicyByFastPath 

func (d *Ddbs) GetPolicyByFastPath(packet *LookupKey, policy *PolicyData) *EndpointStore

func (*Ddbs) GetPolicyByFirstPath 

func (d *Ddbs) GetPolicyByFirstPath(packet *LookupKey, findPolicy *PolicyData, endpointData *EndpointData) *EndpointStore

func (*Ddbs) SetCloudPlatform 

func (d *Ddbs) SetCloudPlatform(cloudPlatformLabeler *CloudPlatformLabeler)

func (*Ddbs) UpdateAcls 

func (d *Ddbs) UpdateAcls(acls []*Acl, check ...bool) error

func (*Ddbs) UpdateCidr 

func (d *Ddbs) UpdateCidr(data []*Cidr)

func (*Ddbs) UpdateInterfaceData 

func (d *Ddbs) UpdateInterfaceData(data []PlatformData)

func (*Ddbs) UpdateIpGroupData 

func (d *Ddbs) UpdateIpGroupData(data []*IpGroupData)

func (*Ddbs) UpdateMemoryLimit 

func (d *Ddbs) UpdateMemoryLimit(memoryLimit uint64)

type EpcIp6MapData 

type EpcIp6MapData map[EpcIpKey]*list.List

type EpcIpKey 

type EpcIpKey uint64 // u32(epc_id) . u32(ip)

type EpcIpMapData 

type EpcIpMapData map[EpcIpKey]*PlatformData

type EpcIpTable 

type EpcIpTable struct {
	// contains filtered or unexported fields
}

type FastPath 

type FastPath struct {
	IpNetmaskMap [math.MaxUint16 + 1]uint32 // 根据IP地址查找对应的最大掩码

	FastPortPolicyMaps [MAX_QUEUE_COUNT + 1][TAP_MAX]*lru.U128LRU // 快速路径上的Policy映射表,Key为IP掩码对 + MAC + PORT,Value为PortPolicyValue

	FastPathHit uint64

	FastPathMacCount, FastPathPolicyCount uint32

	MapSize uint32
	// contains filtered or unexported fields
}

func (*FastPath) Close 

func (f *FastPath) Close()

func (*FastPath) FlushAcls 

func (f *FastPath) FlushAcls()

func (*FastPath) GenerateIpNetmaskMapFromCidrData 

func (f *FastPath) GenerateIpNetmaskMapFromCidrData(data []*Cidr)

func (*FastPath) GenerateIpNetmaskMapFromIpGroupData 

func (f *FastPath) GenerateIpNetmaskMapFromIpGroupData(data []*IpGroupData)

func (*FastPath) GenerateIpNetmaskMapFromPlatformData 

func (f *FastPath) GenerateIpNetmaskMapFromPlatformData(data []PlatformData)

func (*FastPath) GenerateMapKey 

func (f *FastPath) GenerateMapKey(packet *LookupKey, direction DirectionType) (uint64, uint64)

func (*FastPath) Init 

func (f *FastPath) Init(mapSize uint32, queueCount int)

type GroupId 

type GroupId uint32

type GroupIdData 

type GroupIdData struct {
	GroupIdMap   map[uint16]bool
	GroupIdSlice []uint16
}

type InterestTable 

type InterestTable struct {
	InterestPortMaps *[math.MaxUint16 + 1]PortRange
}

func (*InterestTable) GenerateInterestMaps 

func (t *InterestTable) GenerateInterestMaps(acls []*Acl)

func (*InterestTable) Init 

func (t *InterestTable) Init()

type Ip6GroupItem 

type Ip6GroupItem struct {
	// contains filtered or unexported fields
}

type Ip6MapData 

type Ip6MapData map[IpKey]*list.List

type Ip6Table 

type Ip6Table struct {
	// contains filtered or unexported fields
}

type IpGroupData 

type IpGroupData struct {
	Id    uint32
	EpcId int32
	Type  uint8
	Ips   []string
	VmIds []uint32
}

func SortIpGroupsById 

func SortIpGroupsById(ipGroups []*IpGroupData) []*IpGroupData

type IpKey 

type IpKey uint32 // u32(ip)

type IpMapData 

type IpMapData map[IpKey]*PlatformData

type IpMapDatas 

type IpMapDatas []map[IpKey]*PlatformData

type IpResourceGroup 

type IpResourceGroup struct {
	// contains filtered or unexported fields
}

IpResourceGroup is the labeler for resource groups

func NewIpResourceGroup 

func NewIpResourceGroup() *IpResourceGroup

func (*IpResourceGroup) AddAnonymousGroupId 

func (g *IpResourceGroup) AddAnonymousGroupId(anonymous map[uint32]bool, group *IpGroupData)

func (*IpResourceGroup) GenerateAnonymousGroupIdMap 

func (g *IpResourceGroup) GenerateAnonymousGroupIdMap()

func (*IpResourceGroup) GenerateIp6NetmaskMap 

func (g *IpResourceGroup) GenerateIp6NetmaskMap(ipgroupData []*IpGroupData)

func (*IpResourceGroup) GenerateIpNetmaskMap 

func (g *IpResourceGroup) GenerateIpNetmaskMap(ipgroupData []*IpGroupData)

func (*IpResourceGroup) GetGroupIds 

func (g *IpResourceGroup) GetGroupIds(ip uint32, endpointInfo *EndpointInfo) []uint16

func (*IpResourceGroup) GetGroupIdsByIpv6 

func (g *IpResourceGroup) GetGroupIdsByIpv6(ip net.IP, endpointInfo *EndpointInfo) []uint16

func (*IpResourceGroup) RemoveAnonymousGroupIds 

func (g *IpResourceGroup) RemoveAnonymousGroupIds(groupIds []uint32, relationIds []uint16) ([]uint32, []uint16)

func (*IpResourceGroup) Update 

func (g *IpResourceGroup) Update(groups []*IpGroupData)

type IpTable 

type IpTable struct {
	// contains filtered or unexported fields
}

func (*IpTable) UpdateIpMap 

func (t *IpTable) UpdateIpMap(ipMap IpMapData)
type Link struct {
	Head  *MatchNode
	Count uint32
}

type Link6 

type Link6 struct {
	Head  *Match6Node
	Count uint32
}

type MacForIpTable 

type MacForIpTable map[uint64]net.IP

type MacIpInportKey 

type MacIpInportKey uint64 // u64(mac) . u32(ip) . u32(Tap)

type MacIpKey 

type MacIpKey uint64 // u64(mac) . u32(ip)

type MacKey 

type MacKey uint64 // u64(mac)

查询逻辑:160~640~920ns + 160ns*N_group

  1. 分别查询源端、目的端的如下信息:160~640~920ns + 80ns*N_group 1.1. 根据MAC和IP组成MacIpKey,查询endPointCache:80~320~460ns 1.1.1. 若Cache命中,则直接获取EndpointInfo:0ns 1.1.2. 若Cache未命中:240~380ns 1.1.2.1. 根据MAC查询macMap,获取EndpointInfo:80ns 1.1.2.2. 根据EPC_ID和IP组成EpcIpKey查询epcIpMap,获取EndpointInfo,与上一步的结果合并:80ns 1.1.2.3. 根据EPC_ID和IP组成EpcIpKey查询ipGroupCache:80~220ns 1.1.2.3.1. 若Cache命中,则直接获取EndpointInfo,并与上一步的结果合并:0ns 1.1.2.3.2. 若Cache未命中,则使用EpcIpKey查询ipGroupTree,并与上一步的结果合并:140ns 1.2. 遍历GroupIds,与proto、port组成ServiceKey,查询serviceMap:80ns*n_group 1.2.1. 通过interest_proto和interest_port数组避免肯定没有结果的查询 1.3. 根据TTL修复L3End(FIXME:如何避免首包L3End错误)
  2. 根据源端、目的端信息,获取PolicyId:80ns*N_group 2.1. 使用源端GroupId、目的端ServiceId、VLAN组成PolicyKey,查询policyMap,获取PolicyId 2.2. 使用源端ServiceId、目的端GroupId、VLAN组成PolicyKey,查询policyMap,获取PolicyId
  3. 通过PolicyId找到Action
  4. 合并Action,返回

type MacMapData 

type MacMapData map[MacKey]*PlatformData

type MacTable 

type MacTable struct {
	// contains filtered or unexported fields
}

type MaskLenData 

type MaskLenData struct {
	// contains filtered or unexported fields
}

func NewMaskLenData 

func NewMaskLenData() *MaskLenData

func (*MaskLenData) Add 

func (d *MaskLenData) Add(maskLen uint16)

type MaskLenGroupData 

type MaskLenGroupData struct {
	// contains filtered or unexported fields
}

func NewMaskLenGroupData 

func NewMaskLenGroupData() *MaskLenGroupData

type MaskLenGroupDataMini 

type MaskLenGroupDataMini struct {
	// contains filtered or unexported fields
}

func NewMaskLenGroupDataMini 

func NewMaskLenGroupDataMini() *MaskLenGroupDataMini

type Match6Node 

type Match6Node struct {
	Matched, MatchedMask MatchedField6

	Next *Match6Node
}

func (*Match6Node) GetAllTableIndex 

func (n *Match6Node) GetAllTableIndex(maskVector *MatchedField6, min, max int, vectorBits []int) []uint16

type MatchNode 

type MatchNode struct {
	Matched, MatchedMask MatchedField

	Next *MatchNode
}

func (*MatchNode) GetAllTableIndex 

func (n *MatchNode) GetAllTableIndex(maskVector *MatchedField, min, max int, vectorBits []int) []uint16

type Padding 

type Padding [8]uint64

type PolicyCounter 

type PolicyCounter struct {
	MacTable   uint32 `statsd:"mac_table"`
	EpcIpTable uint32 `statsd:"epc_ip_table"`
	IpTable    uint32 `statsd:"ip_table"`
	ArpTable   uint32 `statsd:"arp_table"`

	Acl                  uint32 `statsd:"acl"`
	FirstHit             uint64 `statsd:"first_hit"`
	FastHit              uint64 `statsd:"fast_hit"`
	AclHitMax            uint32 `statsd:"acl_hit_max"`
	FastPath             uint32 `statsd:"fast_path"`
	FastPathMacCount     uint32 `statsd:"fast_path_mac_count"`
	FastPathPolicyCount  uint32 `statsd:"fast_path_policy_count"`
	UnmatchedPacketCount uint64 `statsd:"unmatched_packet_count"`
	FirstPathItems       uint64 `statsd:"first_path_items"`
	FirstPathMaxBucket   uint32 `statsd:"first_path_max_bucket"`
}

type PolicyId 

type PolicyId uint32

type PolicyKey 

type PolicyKey uint64 // u20(group_id) . u20(service_id) . u12(vlan_id)

type PolicyTable 

type PolicyTable struct {
	// contains filtered or unexported fields
}

func NewPolicyTable 

func NewPolicyTable(queueCount, level int, mapSize uint32, fastPathDisable bool, ids ...TableID) *PolicyTable

func (*PolicyTable) AddAcl 

func (t *PolicyTable) AddAcl(acl *Acl)

func (*PolicyTable) Close 

func (t *PolicyTable) Close()

func (*PolicyTable) DelAcl 

func (t *PolicyTable) DelAcl(id int)

func (*PolicyTable) EnableAclData 

func (t *PolicyTable) EnableAclData()

func (*PolicyTable) GetAcl 

func (t *PolicyTable) GetAcl() []*Acl

func (*PolicyTable) GetCounter 

func (t *PolicyTable) GetCounter() interface{}

func (*PolicyTable) GetEndpointInfo 

func (t *PolicyTable) GetEndpointInfo(mac uint64, ip net.IP, inPort uint32) *EndpointInfo

该函数仅用于测试或命令行使用

func (*PolicyTable) GetHitStatus 

func (t *PolicyTable) GetHitStatus() (uint64, uint64)

func (*PolicyTable) GetPolicyByFastPath 

func (t *PolicyTable) GetPolicyByFastPath(key *LookupKey) (*EndpointData, *PolicyData)

测试使用

func (*PolicyTable) GetPolicyByFirstPath 

func (t *PolicyTable) GetPolicyByFirstPath(key *LookupKey) (*EndpointData, *PolicyData)

测试使用

func (*PolicyTable) LookupAllByKey 

func (t *PolicyTable) LookupAllByKey(key *LookupKey, policy *PolicyData, endpoint *EndpointData)

func (*PolicyTable) UpdateAclData 

func (t *PolicyTable) UpdateAclData(data []*Acl, check ...bool) error

func (*PolicyTable) UpdateCidrs 

func (t *PolicyTable) UpdateCidrs(data []*Cidr)

func (*PolicyTable) UpdateInterfaceData 

func (t *PolicyTable) UpdateInterfaceData(data []PlatformData)

func (*PolicyTable) UpdateIpGroupData 

func (t *PolicyTable) UpdateIpGroupData(data []*IpGroupData)

func (*PolicyTable) UpdateMemoryLimit 

func (t *PolicyTable) UpdateMemoryLimit(limit uint64)

func (*PolicyTable) UpdatePeerConnection 

func (t *PolicyTable) UpdatePeerConnection(data []*PeerConnection)

type PortPolicyValue 

type PortPolicyValue struct {
	// contains filtered or unexported fields
}

type ServiceId 

type ServiceId uint32

type ServiceKey 

type ServiceKey uint64 // u20(group_id) . u8(proto) . u16(port)

type SortedAcls 

type SortedAcls []*Acl

func (SortedAcls) Len 

func (acls SortedAcls) Len() int

func (SortedAcls) Less 

func (acls SortedAcls) Less(i, j int) bool

func (SortedAcls) Swap 

func (acls SortedAcls) Swap(i, j int)

type SortedIpGroups 

type SortedIpGroups []*IpGroupData

func (SortedIpGroups) Len 

func (ipGroups SortedIpGroups) Len() int

func (SortedIpGroups) Less 

func (ipGroups SortedIpGroups) Less(i, j int) bool

func (SortedIpGroups) Swap 

func (ipGroups SortedIpGroups) Swap(i, j int)

type Table6Item 

type Table6Item struct {
	// contains filtered or unexported fields
}

type TableCreator 

type TableCreator func(queueCount, level int, mapSize uint32, fastPathDisable bool) TableOperator

type TableID 

type TableID int
const (
	DDBS TableID = iota
)

type TableItem 

type TableItem struct {
	// contains filtered or unexported fields
}

type TableOperator 

type TableOperator interface {
	GetHitStatus() (uint64, uint64)
	GetCounter() interface{}

	AddAcl(acl *Acl)
	DelAcl(id int)
	GetAcl() []*Acl
	FlushAcls()
	UpdateAcls(data []*Acl, check ...bool) error
	UpdateInterfaceData(data []PlatformData)
	UpdateIpGroupData(data []*IpGroupData)
	UpdateCidr(data []*Cidr)
	UpdateMemoryLimit(memoryLimit uint64)

	SetCloudPlatform(cloudPlatformLabeler *CloudPlatformLabeler)

	GetPolicyByFirstPath(*LookupKey, *PolicyData, *EndpointData) *EndpointStore
	GetPolicyByFastPath(*LookupKey, *PolicyData) *EndpointStore

	// 目前是从statsd监控中移除
	Close()
}

func NewDdbs 

func NewDdbs(queueCount, level int, mapSize uint32, fastPathDisable bool) TableOperator

type VlanAndPortMap 

type VlanAndPortMap struct {
	// contains filtered or unexported fields
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.