// WriteEndpoint transforms the ep's relevant data into an LXCInfo and stores it in
// LXCMap.
func (m *LXCMap) WriteEndpoint(ep *endpoint.Endpoint) error {
if m == nil {
return nil
}
key := uint32(ep.ID)
mac, err := ep.LXCMAC.Uint64()
if err != nil {
return err
}
nodeMAC, err := ep.NodeMAC.Uint64()
if err != nil {
return err
}
lxc := LXCInfo{
IfIndex: uint32(ep.IfIndex),
// Store security label in network byte order so it can be
// written into the packet without an additional byte order
// conversion.
SecLabelID: common.Swab16(uint16(ep.SecLabel.ID)),
LxcID: ep.ID,
MAC: MAC(mac),
NodeMAC: MAC(nodeMAC),
}
copy(lxc.V6Addr[:], ep.IPv6)
for i, pM := range ep.PortMap {
lxc.PortMap[i] = PortMap{
From: common.Swab16(pM.From),
To: common.Swab16(pM.To),
}
}
err = bpf.UpdateElement(m.fd, unsafe.Pointer(&key), unsafe.Pointer(&lxc), 0)
if err != nil {
return err
}
if ep.IPv4 != nil {
key := uint32(ep.IPv4.EndpointID()) | (1 << 16)
// FIXME: Remove key again? Needs to be solved by caller
return bpf.UpdateElement(m.fd, unsafe.Pointer(&key), unsafe.Pointer(&lxc), 0)
}
return nil
}
func (m *CtMap) doGc(interval uint16, key unsafe.Pointer, nextKey unsafe.Pointer, deleted *int) bool {
var entry CtEntry
err := bpf.GetNextKey(m.Fd, key, nextKey)
if err != nil {
return false
}
err = bpf.LookupElement(m.Fd, nextKey, unsafe.Pointer(&entry))
if err != nil {
return false
}
if entry.lifetime <= interval {
bpf.DeleteElement(m.Fd, nextKey)
(*deleted)++
} else {
entry.lifetime -= interval
bpf.UpdateElement(m.Fd, nextKey, unsafe.Pointer(&entry), 0)
}
return true
}
func (m *PolicyMap) AllowConsumer(id uint32) error {
entry := PolicyEntry{Action: 1}
return bpf.UpdateElement(m.Fd, unsafe.Pointer(&id), unsafe.Pointer(&entry), 0)
}