// WriteEndpoint transforms the ep's relevant data into an LXCInfo and stores it in
// LXCMap.
func (m *LXCMap) WriteEndpoint(ep *endpoint.Endpoint) error {
if m == nil {
return nil
}
key := uint32(ep.ID)
mac, err := ep.LXCMAC.Uint64()
if err != nil {
return err
}
nodeMAC, err := ep.NodeMAC.Uint64()
if err != nil {
return err
}
lxc := LXCInfo{
IfIndex: uint32(ep.IfIndex),
// Store security label in network byte order so it can be
// written into the packet without an additional byte order
// conversion.
SecLabelID: common.Swab16(uint16(ep.SecLabel.ID)),
LxcID: ep.ID,
MAC: MAC(mac),
NodeMAC: MAC(nodeMAC),
}
copy(lxc.V6Addr[:], ep.IPv6)
for i, pM := range ep.PortMap {
lxc.PortMap[i] = PortMap{
From: common.Swab16(pM.From),
To: common.Swab16(pM.To),
}
}
err = bpf.UpdateElement(m.fd, unsafe.Pointer(&key), unsafe.Pointer(&lxc), 0)
if err != nil {
return err
}
if ep.IPv4 != nil {
key := uint32(ep.IPv4.EndpointID()) | (1 << 16)
// FIXME: Remove key again? Needs to be solved by caller
return bpf.UpdateElement(m.fd, unsafe.Pointer(&key), unsafe.Pointer(&lxc), 0)
}
return nil
}
func (m *CtMap) Dump() (string, error) {
var buffer bytes.Buffer
entries, err := m.DumpToSlice()
if err != nil {
return "", err
}
for _, entry := range entries {
if !entry.Key.Dump(&buffer) {
continue
}
value := entry.Value
buffer.WriteString(
fmt.Sprintf(" expires=%d rx_packets=%d rx_bytes=%d tx_packets=%d tx_bytes=%d flags=%x revnat=%d\n",
value.lifetime,
value.rx_packets,
value.rx_bytes,
value.tx_packets,
value.tx_bytes,
value.flags,
common.Swab16(value.revnat)),
)
}
return buffer.String(), nil
}
func (lxc LXCInfo) String() string {
var portMaps []string
for _, port := range lxc.PortMap {
if pStr := port.String(); pStr != "0:0" {
portMaps = append(portMaps, pStr)
}
}
if len(portMaps) == 0 {
portMaps = append(portMaps, "(empty)")
}
return fmt.Sprintf("id=%d ifindex=%d mac=%s nodemac=%s ip=%s seclabel=0x%x portMaps=%s",
lxc.LxcID,
lxc.IfIndex,
lxc.MAC,
lxc.NodeMAC,
lxc.V6Addr,
common.Swab16(lxc.SecLabelID),
strings.Join(portMaps, " "),
)
}
func (k *Service4Key) Convert() ServiceKey {
n := *k
n.Port = common.Swab16(n.Port)
return &n
}
func (v *RevNat4Value) Convert() RevNatValue {
n := *v
n.Port = common.Swab16(n.Port)
return &n
}
func (k *RevNat4Key) Convert() RevNatKey {
n := *k
n.Key = common.Swab16(n.Key)
return &n
}
func (v *Service4Value) Convert() ServiceValue {
n := *v
n.RevNat = common.Swab16(n.RevNat)
n.Port = common.Swab16(n.Port)
return &n
}
func (d *Daemon) writeBPFHeader(lxcDir string, ep *endpoint.Endpoint, geneveOpts []byte) error {
headerPath := filepath.Join(lxcDir, common.CHeaderFileName)
f, err := os.Create(headerPath)
if err != nil {
return fmt.Errorf("failed to open file %s for writing: %s", headerPath, err)
}
defer f.Close()
fw := bufio.NewWriter(f)
fmt.Fprint(fw, "/*\n")
if epStr64, err := ep.Base64(); err == nil {
fmt.Fprintf(fw, " * %s%s:%s\n * \n", common.CiliumCHeaderPrefix,
common.Version, epStr64)
} else {
ep.LogStatus(endpoint.Warning, fmt.Sprintf("Unable to create a base64: %s", err))
}
if ep.DockerID == "" {
fmt.Fprintf(fw, " * Docker Network ID: %s\n", ep.DockerNetworkID)
fmt.Fprintf(fw, " * Docker Endpoint ID: %s\n", ep.DockerEndpointID)
} else {
fmt.Fprintf(fw, " * Docker Container ID: %s\n", ep.DockerID)
}
fmt.Fprintf(fw, ""+
" * MAC: %s\n"+
" * IPv6 address: %s\n"+
" * IPv4 address: %s\n"+
" * SecLabelID: %#x\n"+
" * PolicyMap: %s\n"+
" * NodeMAC: %s\n"+
" */\n\n",
ep.LXCMAC, ep.IPv6.String(), ep.IPv4.String(),
ep.SecLabel.ID, path.Base(ep.PolicyMapPath()), ep.NodeMAC)
fw.WriteString("/*\n")
fw.WriteString(" * Labels:\n")
if len(ep.SecLabel.Labels) == 0 {
fmt.Fprintf(fw, " * - %s\n", "(no labels)")
} else {
for _, v := range ep.SecLabel.Labels {
fmt.Fprintf(fw, " * - %s\n", v)
}
}
fw.WriteString(" */\n\n")
fw.WriteString(common.FmtDefineAddress("LXC_MAC", ep.LXCMAC))
fw.WriteString(common.FmtDefineAddress("LXC_IP", ep.IPv6))
if ep.IPv4 != nil {
fmt.Fprintf(fw, "#define LXC_IPV4 %#x\n", binary.BigEndian.Uint32(ep.IPv4))
}
fw.WriteString(common.FmtDefineAddress("NODE_MAC", ep.NodeMAC))
fw.WriteString(common.FmtDefineArray("GENEVE_OPTS", geneveOpts))
fmt.Fprintf(fw, "#define LXC_ID %#x\n", ep.ID)
fmt.Fprintf(fw, "#define LXC_ID_NB %#x\n", common.Swab16(ep.ID))
fmt.Fprintf(fw, "#define SECLABEL_NB %#x\n", common.Swab32(ep.SecLabel.ID))
fmt.Fprintf(fw, "#define SECLABEL %#x\n", ep.SecLabel.ID)
fmt.Fprintf(fw, "#define POLICY_MAP %s\n", path.Base(ep.PolicyMapPath()))
fmt.Fprintf(fw, "#define CT_MAP_SIZE 512000\n")
fmt.Fprintf(fw, "#define CT_MAP6 %s\n", path.Base(common.BPFMapCT6+strconv.Itoa(int(ep.ID))))
fmt.Fprintf(fw, "#define CT_MAP4 %s\n", path.Base(common.BPFMapCT4+strconv.Itoa(int(ep.ID))))
// Always enable L4 and L3 load balancer for now
fw.WriteString("#define LB_L3\n")
fw.WriteString("#define LB_L4\n")
// Endpoint options
fw.WriteString(ep.Opts.GetFmtList())
fw.WriteString("#define LXC_PORT_MAPPINGS ")
for _, m := range ep.PortMap {
// Write mappings directly in network byte order so we don't have
// to convert it in the fast path
fmt.Fprintf(fw, "{%#x,%#x},", common.Swab16(m.From), common.Swab16(m.To))
}
fw.WriteString("\n")
return fw.Flush()
}
func (pm PortMap) String() string {
return fmt.Sprintf("%d:%d", common.Swab16(pm.From), common.Swab16(pm.To))
}