// WriteEndpoint transforms the ep's relevant data into an LXCInfo and stores it in // LXCMap. func (m *LXCMap) WriteEndpoint(ep *endpoint.Endpoint) error { if m == nil { return nil } key := uint32(ep.ID) mac, err := ep.LXCMAC.Uint64() if err != nil { return err } nodeMAC, err := ep.NodeMAC.Uint64() if err != nil { return err } lxc := LXCInfo{ IfIndex: uint32(ep.IfIndex), // Store security label in network byte order so it can be // written into the packet without an additional byte order // conversion. SecLabelID: common.Swab16(uint16(ep.SecLabel.ID)), LxcID: ep.ID, MAC: MAC(mac), NodeMAC: MAC(nodeMAC), } copy(lxc.V6Addr[:], ep.IPv6) for i, pM := range ep.PortMap { lxc.PortMap[i] = PortMap{ From: common.Swab16(pM.From), To: common.Swab16(pM.To), } } err = bpf.UpdateElement(m.fd, unsafe.Pointer(&key), unsafe.Pointer(&lxc), 0) if err != nil { return err } if ep.IPv4 != nil { key := uint32(ep.IPv4.EndpointID()) | (1 << 16) // FIXME: Remove key again? Needs to be solved by caller return bpf.UpdateElement(m.fd, unsafe.Pointer(&key), unsafe.Pointer(&lxc), 0) } return nil }
func (m *CtMap) Dump() (string, error) { var buffer bytes.Buffer entries, err := m.DumpToSlice() if err != nil { return "", err } for _, entry := range entries { if !entry.Key.Dump(&buffer) { continue } value := entry.Value buffer.WriteString( fmt.Sprintf(" expires=%d rx_packets=%d rx_bytes=%d tx_packets=%d tx_bytes=%d flags=%x revnat=%d\n", value.lifetime, value.rx_packets, value.rx_bytes, value.tx_packets, value.tx_bytes, value.flags, common.Swab16(value.revnat)), ) } return buffer.String(), nil }
func (lxc LXCInfo) String() string { var portMaps []string for _, port := range lxc.PortMap { if pStr := port.String(); pStr != "0:0" { portMaps = append(portMaps, pStr) } } if len(portMaps) == 0 { portMaps = append(portMaps, "(empty)") } return fmt.Sprintf("id=%d ifindex=%d mac=%s nodemac=%s ip=%s seclabel=0x%x portMaps=%s", lxc.LxcID, lxc.IfIndex, lxc.MAC, lxc.NodeMAC, lxc.V6Addr, common.Swab16(lxc.SecLabelID), strings.Join(portMaps, " "), ) }
func (k *Service4Key) Convert() ServiceKey { n := *k n.Port = common.Swab16(n.Port) return &n }
func (v *RevNat4Value) Convert() RevNatValue { n := *v n.Port = common.Swab16(n.Port) return &n }
func (k *RevNat4Key) Convert() RevNatKey { n := *k n.Key = common.Swab16(n.Key) return &n }
func (v *Service4Value) Convert() ServiceValue { n := *v n.RevNat = common.Swab16(n.RevNat) n.Port = common.Swab16(n.Port) return &n }
func (d *Daemon) writeBPFHeader(lxcDir string, ep *endpoint.Endpoint, geneveOpts []byte) error { headerPath := filepath.Join(lxcDir, common.CHeaderFileName) f, err := os.Create(headerPath) if err != nil { return fmt.Errorf("failed to open file %s for writing: %s", headerPath, err) } defer f.Close() fw := bufio.NewWriter(f) fmt.Fprint(fw, "/*\n") if epStr64, err := ep.Base64(); err == nil { fmt.Fprintf(fw, " * %s%s:%s\n * \n", common.CiliumCHeaderPrefix, common.Version, epStr64) } else { ep.LogStatus(endpoint.Warning, fmt.Sprintf("Unable to create a base64: %s", err)) } if ep.DockerID == "" { fmt.Fprintf(fw, " * Docker Network ID: %s\n", ep.DockerNetworkID) fmt.Fprintf(fw, " * Docker Endpoint ID: %s\n", ep.DockerEndpointID) } else { fmt.Fprintf(fw, " * Docker Container ID: %s\n", ep.DockerID) } fmt.Fprintf(fw, ""+ " * MAC: %s\n"+ " * IPv6 address: %s\n"+ " * IPv4 address: %s\n"+ " * SecLabelID: %#x\n"+ " * PolicyMap: %s\n"+ " * NodeMAC: %s\n"+ " */\n\n", ep.LXCMAC, ep.IPv6.String(), ep.IPv4.String(), ep.SecLabel.ID, path.Base(ep.PolicyMapPath()), ep.NodeMAC) fw.WriteString("/*\n") fw.WriteString(" * Labels:\n") if len(ep.SecLabel.Labels) == 0 { fmt.Fprintf(fw, " * - %s\n", "(no labels)") } else { for _, v := range ep.SecLabel.Labels { fmt.Fprintf(fw, " * - %s\n", v) } } fw.WriteString(" */\n\n") fw.WriteString(common.FmtDefineAddress("LXC_MAC", ep.LXCMAC)) fw.WriteString(common.FmtDefineAddress("LXC_IP", ep.IPv6)) if ep.IPv4 != nil { fmt.Fprintf(fw, "#define LXC_IPV4 %#x\n", binary.BigEndian.Uint32(ep.IPv4)) } fw.WriteString(common.FmtDefineAddress("NODE_MAC", ep.NodeMAC)) fw.WriteString(common.FmtDefineArray("GENEVE_OPTS", geneveOpts)) fmt.Fprintf(fw, "#define LXC_ID %#x\n", ep.ID) fmt.Fprintf(fw, "#define LXC_ID_NB %#x\n", common.Swab16(ep.ID)) fmt.Fprintf(fw, "#define SECLABEL_NB %#x\n", common.Swab32(ep.SecLabel.ID)) fmt.Fprintf(fw, "#define SECLABEL %#x\n", ep.SecLabel.ID) fmt.Fprintf(fw, "#define POLICY_MAP %s\n", path.Base(ep.PolicyMapPath())) fmt.Fprintf(fw, "#define CT_MAP_SIZE 512000\n") fmt.Fprintf(fw, "#define CT_MAP6 %s\n", path.Base(common.BPFMapCT6+strconv.Itoa(int(ep.ID)))) fmt.Fprintf(fw, "#define CT_MAP4 %s\n", path.Base(common.BPFMapCT4+strconv.Itoa(int(ep.ID)))) // Always enable L4 and L3 load balancer for now fw.WriteString("#define LB_L3\n") fw.WriteString("#define LB_L4\n") // Endpoint options fw.WriteString(ep.Opts.GetFmtList()) fw.WriteString("#define LXC_PORT_MAPPINGS ") for _, m := range ep.PortMap { // Write mappings directly in network byte order so we don't have // to convert it in the fast path fmt.Fprintf(fw, "{%#x,%#x},", common.Swab16(m.From), common.Swab16(m.To)) } fw.WriteString("\n") return fw.Flush() }
func (pm PortMap) String() string { return fmt.Sprintf("%d:%d", common.Swab16(pm.From), common.Swab16(pm.To)) }