Exemple #1
0
// WriteEndpoint transforms the ep's relevant data into an LXCInfo and stores it in
// LXCMap.
func (m *LXCMap) WriteEndpoint(ep *endpoint.Endpoint) error {
	if m == nil {
		return nil
	}

	key := uint32(ep.ID)

	mac, err := ep.LXCMAC.Uint64()
	if err != nil {
		return err
	}

	nodeMAC, err := ep.NodeMAC.Uint64()
	if err != nil {
		return err
	}

	lxc := LXCInfo{
		IfIndex: uint32(ep.IfIndex),
		// Store security label in network byte order so it can be
		// written into the packet without an additional byte order
		// conversion.
		SecLabelID: common.Swab16(uint16(ep.SecLabel.ID)),
		LxcID:      ep.ID,
		MAC:        MAC(mac),
		NodeMAC:    MAC(nodeMAC),
	}

	copy(lxc.V6Addr[:], ep.IPv6)

	for i, pM := range ep.PortMap {
		lxc.PortMap[i] = PortMap{
			From: common.Swab16(pM.From),
			To:   common.Swab16(pM.To),
		}
	}

	err = bpf.UpdateElement(m.fd, unsafe.Pointer(&key), unsafe.Pointer(&lxc), 0)
	if err != nil {
		return err
	}

	if ep.IPv4 != nil {
		key := uint32(ep.IPv4.EndpointID()) | (1 << 16)
		// FIXME: Remove key again? Needs to be solved by caller
		return bpf.UpdateElement(m.fd, unsafe.Pointer(&key), unsafe.Pointer(&lxc), 0)
	}

	return nil
}
Exemple #2
0
func (m *CtMap) doGc(interval uint16, key unsafe.Pointer, nextKey unsafe.Pointer, deleted *int) bool {
	var entry CtEntry

	err := bpf.GetNextKey(m.Fd, key, nextKey)
	if err != nil {
		return false
	}

	err = bpf.LookupElement(m.Fd, nextKey, unsafe.Pointer(&entry))
	if err != nil {
		return false
	}

	if entry.lifetime <= interval {
		bpf.DeleteElement(m.Fd, nextKey)
		(*deleted)++
	} else {
		entry.lifetime -= interval
		bpf.UpdateElement(m.Fd, nextKey, unsafe.Pointer(&entry), 0)
	}

	return true
}
Exemple #3
0
func (m *PolicyMap) AllowConsumer(id uint32) error {
	entry := PolicyEntry{Action: 1}
	return bpf.UpdateElement(m.Fd, unsafe.Pointer(&id), unsafe.Pointer(&entry), 0)
}