proxy, daemon: Extract common types to separate types package

In the upcoming commits, the DNS proxy code and the datapath iptables
code need to share a few variables. This commit is necessary to prevent
an import cycle.

Signed-off-by: Chris Tarazi <chris@isovalent.com>

daemon/cmd/fqdn.go

@@ -42,6 +42,7 @@ import (
 	"github.com/cilium/cilium/pkg/proxy"
 	"github.com/cilium/cilium/pkg/proxy/accesslog"
 	"github.com/cilium/cilium/pkg/proxy/logger"
+	proxytypes "github.com/cilium/cilium/pkg/proxy/types"
 	"github.com/cilium/cilium/pkg/u8proto"
 )
 
@@ -359,15 +360,15 @@ func (d *Daemon) bootstrapFQDN(possibleEndpoints map[uint16]*endpoint.Endpoint,
 
 	// Once we stop returning errors from StartDNSProxy this should live in
 	// StartProxySupport
-	port, err := d.l7Proxy.GetProxyPort(proxy.DNSProxyName)
+	port, err := d.l7Proxy.GetProxyPort(proxytypes.DNSProxyName)
 	if err != nil {
 		return err
 	}
 	if option.Config.ToFQDNsProxyPort != 0 {
 		port = uint16(option.Config.ToFQDNsProxyPort)
 	} else if port == 0 {
 		// Try locate old DNS proxy port number from the datapath, and reuse it if it's not open
-		oldPort := d.datapath.GetProxyPort(proxy.DNSProxyName)
+		oldPort := d.datapath.GetProxyPort(proxytypes.DNSProxyName)
 		openLocalPorts := proxy.OpenLocalPorts()
 		if _, alreadyOpen := openLocalPorts[oldPort]; !alreadyOpen {
 			port = oldPort
@@ -381,7 +382,7 @@ func (d *Daemon) bootstrapFQDN(possibleEndpoints map[uint16]*endpoint.Endpoint,
 		d.notifyOnDNSMsg, option.Config.DNSProxyConcurrencyLimit, option.Config.DNSProxyConcurrencyProcessingGracePeriod)
 	if err == nil {
 		// Increase the ProxyPort reference count so that it will never get released.
-		err = d.l7Proxy.SetProxyPort(proxy.DNSProxyName, proxy.ProxyTypeDNS, proxy.DefaultDNSProxy.GetBindPort(), false)
+		err = d.l7Proxy.SetProxyPort(proxytypes.DNSProxyName, proxytypes.ProxyTypeDNS, proxy.DefaultDNSProxy.GetBindPort(), false)
 		if err == nil && port == proxy.DefaultDNSProxy.GetBindPort() {
 			log.Infof("Reusing previous DNS proxy port: %d", port)
 		}
@@ -405,7 +406,7 @@ func (d *Daemon) updateDNSDatapathRules(ctx context.Context) error {
 		return nil
 	}
 
-	return d.l7Proxy.AckProxyPort(ctx, proxy.DNSProxyName)
+	return d.l7Proxy.AckProxyPort(ctx, proxytypes.DNSProxyName)
 }
 
 // updateSelectors propagates the mapping of FQDNSelector to identity, as well

pkg/proxy/envoyproxy.go

@@ -13,6 +13,7 @@ import (
 	datapath "github.com/cilium/cilium/pkg/datapath/types"
 	"github.com/cilium/cilium/pkg/envoy"
 	"github.com/cilium/cilium/pkg/policy"
+	"github.com/cilium/cilium/pkg/proxy/types"
 	"github.com/cilium/cilium/pkg/revert"
 )
 
@@ -31,7 +32,7 @@ type envoyProxyIntegration struct {
 
 // createRedirect creates a redirect with corresponding proxy configuration. This will launch a proxy instance.
 func (p *envoyProxyIntegration) createRedirect(r *Redirect, wg *completion.WaitGroup) (RedirectImplementation, error) {
-	if r.listener.proxyType == ProxyTypeCRD {
+	if r.listener.proxyType == types.ProxyTypeCRD {
 		// CRD Listeners already exist, create a no-op implementation
 		return &CRDRedirect{}, nil
 	}

pkg/proxy/proxy.go

@@ -22,6 +22,7 @@ import (
 	"github.com/cilium/cilium/pkg/option"
 	"github.com/cilium/cilium/pkg/policy"
 	"github.com/cilium/cilium/pkg/proxy/endpoint"
+	"github.com/cilium/cilium/pkg/proxy/types"
 	"github.com/cilium/cilium/pkg/rand"
 	"github.com/cilium/cilium/pkg/revert"
 )
@@ -55,33 +56,14 @@ type IPCacheManager interface {
 	LookupByIP(IP string) (ipcache.Identity, bool)
 }
 
-type ProxyType string
-
-func (p ProxyType) String() string {
-	return (string)(p)
-}
-
-const (
-	// ProxyTypeAny represents the case where no proxy type is provided.
-	ProxyTypeAny ProxyType = ""
-	// ProxyTypeHTTP specifies the Envoy HTTP proxy type
-	ProxyTypeHTTP ProxyType = "http"
-	// ProxyTypeDNS specifies the staticly configured DNS proxy type
-	ProxyTypeDNS ProxyType = "dns"
-	// ProxyTypeCRD specifies a proxy configured via CiliumEnvoyConfig CRD
-	ProxyTypeCRD ProxyType = "crd"
-
-	DNSProxyName = "cilium-dns-egress"
-)
-
 type ProxyPort struct {
 	// isStatic is true when the listener on the proxy port is incapable
 	// of stopping and/or being reconfigured with a new proxy port once it has been
 	// first started. Set 'true' by SetProxyPort(), which is only called for
 	// static listeners (currently only DNS proxy).
 	isStatic bool
 	// proxy type this port applies to (immutable)
-	proxyType ProxyType
+	proxyType types.ProxyType
 	// 'true' for ingress, 'false' for egress (immutable)
 	ingress bool
 	// ProxyPort is the desired proxy listening port number.
@@ -154,27 +136,27 @@ func createProxy(minPort uint16, maxPort uint16, datapathUpdater DatapathUpdater
 func defaultProxyPortMap() map[string]*ProxyPort {
 	return map[string]*ProxyPort{
 		"cilium-http-egress": {
-			proxyType: ProxyTypeHTTP,
+			proxyType: types.ProxyTypeHTTP,
 			ingress:   false,
 			localOnly: true,
 		},
 		"cilium-http-ingress": {
-			proxyType: ProxyTypeHTTP,
+			proxyType: types.ProxyTypeHTTP,
 			ingress:   true,
 			localOnly: true,
 		},
-		DNSProxyName: {
-			proxyType: ProxyTypeDNS,
+		types.DNSProxyName: {
+			proxyType: types.ProxyTypeDNS,
 			ingress:   false,
 			localOnly: true,
 		},
 		"cilium-proxylib-egress": {
-			proxyType: ProxyTypeAny,
+			proxyType: types.ProxyTypeAny,
 			ingress:   false,
 			localOnly: true,
 		},
 		"cilium-proxylib-ingress": {
-			proxyType: ProxyTypeAny,
+			proxyType: types.ProxyTypeAny,
 			ingress:   true,
 			localOnly: true,
 		},
@@ -298,24 +280,24 @@ func (p *Proxy) releaseProxyPort(name string) error {
 
 // findProxyPortByType returns a ProxyPort matching the given type, listener name, and direction, if
 // found.  Must be called with mutex held!
-func (p *Proxy) findProxyPortByType(l7Type ProxyType, listener string, ingress bool) (string, *ProxyPort) {
+func (p *Proxy) findProxyPortByType(l7Type types.ProxyType, listener string, ingress bool) (string, *ProxyPort) {
 	portType := l7Type
 	switch l7Type {
-	case ProxyTypeCRD:
+	case types.ProxyTypeCRD:
 		// CRD proxy ports are dynamically created, look up by name
-		if pp, ok := p.proxyPorts[listener]; ok && pp.proxyType == ProxyTypeCRD {
+		if pp, ok := p.proxyPorts[listener]; ok && pp.proxyType == types.ProxyTypeCRD {
 			return listener, pp
 		}
 		log.Debugf("findProxyPortByType: can not find crd listener %s from %v", listener, p.proxyPorts)
 		return "", nil
-	case ProxyTypeDNS, ProxyTypeHTTP:
+	case types.ProxyTypeDNS, types.ProxyTypeHTTP:
 		// Look up by the given type
 	default:
 		// "Unknown" parsers are assumed to be Proxylib (TCP) parsers, which
 		// is registered with an empty string.
 		// This works also for explicit TCP and TLS parser types, which are backed by the
 		// TCP Proxy filter chain.
-		portType = ProxyTypeAny
+		portType = types.ProxyTypeAny
 	}
 	// proxyPorts is small enough to not bother indexing it.
 	for name, pp := range p.proxyPorts {
@@ -326,7 +308,7 @@ func (p *Proxy) findProxyPortByType(l7Type ProxyType, listener string, ingress b
 	return "", nil
 }
 
-func proxyTypeNotFoundError(proxyType ProxyType, listener string, ingress bool) error {
+func proxyTypeNotFoundError(proxyType types.ProxyType, listener string, ingress bool) error {
 	dir := "egress"
 	if ingress {
 		dir = "ingress"
@@ -362,7 +344,7 @@ func (p *Proxy) AllocateProxyPort(name string, ingress, localOnly bool) (uint16,
 	defer p.mutex.Unlock()
 	pp := p.proxyPorts[name]
 	if pp == nil {
-		pp = &ProxyPort{proxyType: ProxyTypeCRD, ingress: ingress, localOnly: localOnly}
+		pp = &ProxyPort{proxyType: types.ProxyTypeCRD, ingress: ingress, localOnly: localOnly}
 	}
 
 	// Allocate a new port only if a port was never allocated before.
@@ -402,7 +384,7 @@ func (p *Proxy) ReleaseProxyPort(name string) error {
 // Another call to AckProxyPort(name) is needed to update the datapath rules accordingly.
 // This should only be called for proxies that have a static listener that is already listening on
 // 'port'. May only be called once per proxy.
-func (p *Proxy) SetProxyPort(name string, proxyType ProxyType, port uint16, ingress bool) error {
+func (p *Proxy) SetProxyPort(name string, proxyType types.ProxyType, port uint16, ingress bool) error {
 	p.mutex.Lock()
 	defer p.mutex.Unlock()
 
@@ -498,7 +480,7 @@ func (p *Proxy) CreateOrUpdateRedirect(
 		existingRedirect.mutex.Lock()
 
 		// Only consider configured (but not necessarily acked) proxy ports for update
-		if existingRedirect.listener.configured && existingRedirect.listener.proxyType == ProxyType(l4.GetL7Parser()) {
+		if existingRedirect.listener.configured && existingRedirect.listener.proxyType == types.ProxyType(l4.GetL7Parser()) {
 			updateRevertFunc := existingRedirect.updateRules(l4)
 			revertStack.Push(updateRevertFunc)
 			implUpdateRevertFunc, err := existingRedirect.implementation.UpdateRules(wg)
@@ -557,9 +539,9 @@ func (p *Proxy) createNewRedirect(
 		WithField(logfields.Listener, l4.GetListener()).
 		WithField("l7parser", l4.GetL7Parser())
 
-	ppName, pp := p.findProxyPortByType(ProxyType(l4.GetL7Parser()), l4.GetListener(), l4.GetIngress())
+	ppName, pp := p.findProxyPortByType(types.ProxyType(l4.GetL7Parser()), l4.GetListener(), l4.GetIngress())
 	if pp == nil {
-		return 0, proxyTypeNotFoundError(ProxyType(l4.GetL7Parser()), l4.GetListener(), l4.GetIngress()), nil, nil
+		return 0, proxyTypeNotFoundError(types.ProxyType(l4.GetL7Parser()), l4.GetListener(), l4.GetIngress()), nil, nil
 	}
 
 	redirect := newRedirect(localEndpoint, ppName, pp, l4.GetPort())

pkg/proxy/proxy_test.go

@@ -15,6 +15,7 @@ import (
 	"github.com/cilium/cilium/pkg/identity"
 	"github.com/cilium/cilium/pkg/policy"
 	endpointtest "github.com/cilium/cilium/pkg/proxy/endpoint/test"
+	"github.com/cilium/cilium/pkg/proxy/types"
 )
 
 func Test(t *testing.T) { TestingT(t) }
@@ -56,9 +57,9 @@ func (s *ProxySuite) TestPortAllocator(c *C) {
 	c.Assert(err, IsNil)
 	c.Assert(port1a, Equals, port1)
 
-	name, pp := p.findProxyPortByType(ProxyTypeCRD, "listener1", false)
+	name, pp := p.findProxyPortByType(types.ProxyTypeCRD, "listener1", false)
 	c.Assert(name, Equals, "listener1")
-	c.Assert(pp.proxyType, Equals, ProxyTypeCRD)
+	c.Assert(pp.proxyType, Equals, types.ProxyTypeCRD)
 	c.Assert(pp.proxyPort, Equals, port)
 	c.Assert(pp.ingress, Equals, false)
 	c.Assert(pp.localOnly, Equals, true)
@@ -85,7 +86,7 @@ func (s *ProxySuite) TestPortAllocator(c *C) {
 	port2, err := p.AllocateProxyPort("listener1", true, false)
 	c.Assert(err, IsNil)
 	c.Assert(port2, Not(Equals), port)
-	c.Assert(pp.proxyType, Equals, ProxyTypeCRD)
+	c.Assert(pp.proxyType, Equals, types.ProxyTypeCRD)
 	c.Assert(pp.ingress, Equals, false)
 	c.Assert(pp.localOnly, Equals, true)
 	c.Assert(pp.proxyPort, Equals, port2)
@@ -138,7 +139,7 @@ func (s *ProxySuite) TestPortAllocator(c *C) {
 	c.Assert(port3, Not(Equals), uint16(0))
 	c.Assert(port3, Not(Equals), port2)
 	c.Assert(port3, Not(Equals), port1)
-	c.Assert(pp.proxyType, Equals, ProxyTypeCRD)
+	c.Assert(pp.proxyType, Equals, types.ProxyTypeCRD)
 	c.Assert(pp.ingress, Equals, false)
 	c.Assert(pp.localOnly, Equals, true)
 	c.Assert(pp.proxyPort, Equals, port3)
@@ -169,7 +170,7 @@ func (s *ProxySuite) TestPortAllocator(c *C) {
 	port4, err := p.AllocateProxyPort("listener1", true, true)
 	c.Assert(err, IsNil)
 	c.Assert(port4, Equals, port3)
-	c.Assert(pp.proxyType, Equals, ProxyTypeCRD)
+	c.Assert(pp.proxyType, Equals, types.ProxyTypeCRD)
 	c.Assert(pp.ingress, Equals, false)
 	c.Assert(pp.localOnly, Equals, true)
 	c.Assert(pp.proxyPort, Equals, port4)

pkg/proxy/types/types.go

@@ -0,0 +1,23 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Cilium
+
+package types
+
+const (
+	// ProxyTypeAny represents the case where no proxy type is provided.
+	ProxyTypeAny ProxyType = ""
+	// ProxyTypeHTTP specifies the Envoy HTTP proxy type
+	ProxyTypeHTTP ProxyType = "http"
+	// ProxyTypeDNS specifies the staticly configured DNS proxy type
+	ProxyTypeDNS ProxyType = "dns"
+	// ProxyTypeCRD specifies a proxy configured via CiliumEnvoyConfig CRD
+	ProxyTypeCRD ProxyType = "crd"
+
+	DNSProxyName = "cilium-dns-egress"
+)
+
+type ProxyType string
+
+func (p ProxyType) String() string {
+	return (string)(p)
+}