Ejemplo n.º 1
0
// WriteEndpoint transforms the ep's relevant data into an LXCInfo and stores it in
// LXCMap.
func (m *LXCMap) WriteEndpoint(ep *endpoint.Endpoint) error {
	if m == nil {
		return nil
	}

	key := uint32(ep.ID)

	mac, err := ep.LXCMAC.Uint64()
	if err != nil {
		return err
	}

	nodeMAC, err := ep.NodeMAC.Uint64()
	if err != nil {
		return err
	}

	lxc := LXCInfo{
		IfIndex: uint32(ep.IfIndex),
		// Store security label in network byte order so it can be
		// written into the packet without an additional byte order
		// conversion.
		SecLabelID: common.Swab16(uint16(ep.SecLabel.ID)),
		LxcID:      ep.ID,
		MAC:        MAC(mac),
		NodeMAC:    MAC(nodeMAC),
	}

	copy(lxc.V6Addr[:], ep.IPv6)

	for i, pM := range ep.PortMap {
		lxc.PortMap[i] = PortMap{
			From: common.Swab16(pM.From),
			To:   common.Swab16(pM.To),
		}
	}

	err = bpf.UpdateElement(m.fd, unsafe.Pointer(&key), unsafe.Pointer(&lxc), 0)
	if err != nil {
		return err
	}

	if ep.IPv4 != nil {
		key := uint32(ep.IPv4.EndpointID()) | (1 << 16)
		// FIXME: Remove key again? Needs to be solved by caller
		return bpf.UpdateElement(m.fd, unsafe.Pointer(&key), unsafe.Pointer(&lxc), 0)
	}

	return nil
}
Ejemplo n.º 2
0
func (m *CtMap) Dump() (string, error) {
	var buffer bytes.Buffer
	entries, err := m.DumpToSlice()
	if err != nil {
		return "", err
	}
	for _, entry := range entries {
		if !entry.Key.Dump(&buffer) {
			continue
		}

		value := entry.Value
		buffer.WriteString(
			fmt.Sprintf(" expires=%d rx_packets=%d rx_bytes=%d tx_packets=%d tx_bytes=%d flags=%x revnat=%d\n",
				value.lifetime,
				value.rx_packets,
				value.rx_bytes,
				value.tx_packets,
				value.tx_bytes,
				value.flags,
				common.Swab16(value.revnat)),
		)

	}
	return buffer.String(), nil
}
Ejemplo n.º 3
0
func (lxc LXCInfo) String() string {
	var portMaps []string
	for _, port := range lxc.PortMap {
		if pStr := port.String(); pStr != "0:0" {
			portMaps = append(portMaps, pStr)
		}
	}
	if len(portMaps) == 0 {
		portMaps = append(portMaps, "(empty)")
	}
	return fmt.Sprintf("id=%d ifindex=%d mac=%s nodemac=%s ip=%s seclabel=0x%x portMaps=%s",
		lxc.LxcID,
		lxc.IfIndex,
		lxc.MAC,
		lxc.NodeMAC,
		lxc.V6Addr,
		common.Swab16(lxc.SecLabelID),
		strings.Join(portMaps, " "),
	)
}
Ejemplo n.º 4
0
func (k *Service4Key) Convert() ServiceKey {
	n := *k
	n.Port = common.Swab16(n.Port)
	return &n
}
Ejemplo n.º 5
0
func (v *RevNat4Value) Convert() RevNatValue {
	n := *v
	n.Port = common.Swab16(n.Port)
	return &n
}
Ejemplo n.º 6
0
func (k *RevNat4Key) Convert() RevNatKey {
	n := *k
	n.Key = common.Swab16(n.Key)
	return &n
}
Ejemplo n.º 7
0
func (v *Service4Value) Convert() ServiceValue {
	n := *v
	n.RevNat = common.Swab16(n.RevNat)
	n.Port = common.Swab16(n.Port)
	return &n
}
Ejemplo n.º 8
0
func (d *Daemon) writeBPFHeader(lxcDir string, ep *endpoint.Endpoint, geneveOpts []byte) error {
	headerPath := filepath.Join(lxcDir, common.CHeaderFileName)
	f, err := os.Create(headerPath)
	if err != nil {
		return fmt.Errorf("failed to open file %s for writing: %s", headerPath, err)

	}
	defer f.Close()

	fw := bufio.NewWriter(f)

	fmt.Fprint(fw, "/*\n")

	if epStr64, err := ep.Base64(); err == nil {
		fmt.Fprintf(fw, " * %s%s:%s\n * \n", common.CiliumCHeaderPrefix,
			common.Version, epStr64)
	} else {
		ep.LogStatus(endpoint.Warning, fmt.Sprintf("Unable to create a base64: %s", err))
	}

	if ep.DockerID == "" {
		fmt.Fprintf(fw, " * Docker Network ID: %s\n", ep.DockerNetworkID)
		fmt.Fprintf(fw, " * Docker Endpoint ID: %s\n", ep.DockerEndpointID)
	} else {
		fmt.Fprintf(fw, " * Docker Container ID: %s\n", ep.DockerID)
	}

	fmt.Fprintf(fw, ""+
		" * MAC: %s\n"+
		" * IPv6 address: %s\n"+
		" * IPv4 address: %s\n"+
		" * SecLabelID: %#x\n"+
		" * PolicyMap: %s\n"+
		" * NodeMAC: %s\n"+
		" */\n\n",
		ep.LXCMAC, ep.IPv6.String(), ep.IPv4.String(),
		ep.SecLabel.ID, path.Base(ep.PolicyMapPath()), ep.NodeMAC)

	fw.WriteString("/*\n")
	fw.WriteString(" * Labels:\n")
	if len(ep.SecLabel.Labels) == 0 {
		fmt.Fprintf(fw, " * - %s\n", "(no labels)")
	} else {
		for _, v := range ep.SecLabel.Labels {
			fmt.Fprintf(fw, " * - %s\n", v)
		}
	}
	fw.WriteString(" */\n\n")

	fw.WriteString(common.FmtDefineAddress("LXC_MAC", ep.LXCMAC))
	fw.WriteString(common.FmtDefineAddress("LXC_IP", ep.IPv6))
	if ep.IPv4 != nil {
		fmt.Fprintf(fw, "#define LXC_IPV4 %#x\n", binary.BigEndian.Uint32(ep.IPv4))
	}
	fw.WriteString(common.FmtDefineAddress("NODE_MAC", ep.NodeMAC))
	fw.WriteString(common.FmtDefineArray("GENEVE_OPTS", geneveOpts))
	fmt.Fprintf(fw, "#define LXC_ID %#x\n", ep.ID)
	fmt.Fprintf(fw, "#define LXC_ID_NB %#x\n", common.Swab16(ep.ID))
	fmt.Fprintf(fw, "#define SECLABEL_NB %#x\n", common.Swab32(ep.SecLabel.ID))
	fmt.Fprintf(fw, "#define SECLABEL %#x\n", ep.SecLabel.ID)
	fmt.Fprintf(fw, "#define POLICY_MAP %s\n", path.Base(ep.PolicyMapPath()))
	fmt.Fprintf(fw, "#define CT_MAP_SIZE 512000\n")
	fmt.Fprintf(fw, "#define CT_MAP6 %s\n", path.Base(common.BPFMapCT6+strconv.Itoa(int(ep.ID))))
	fmt.Fprintf(fw, "#define CT_MAP4 %s\n", path.Base(common.BPFMapCT4+strconv.Itoa(int(ep.ID))))

	// Always enable L4 and L3 load balancer for now
	fw.WriteString("#define LB_L3\n")
	fw.WriteString("#define LB_L4\n")

	// Endpoint options
	fw.WriteString(ep.Opts.GetFmtList())

	fw.WriteString("#define LXC_PORT_MAPPINGS ")
	for _, m := range ep.PortMap {
		// Write mappings directly in network byte order so we don't have
		// to convert it in the fast path
		fmt.Fprintf(fw, "{%#x,%#x},", common.Swab16(m.From), common.Swab16(m.To))
	}
	fw.WriteString("\n")

	return fw.Flush()
}
Ejemplo n.º 9
0
func (pm PortMap) String() string {
	return fmt.Sprintf("%d:%d", common.Swab16(pm.From), common.Swab16(pm.To))
}