cilium · aditighag · May 18, 2023 · May 11, 2023 · May 11, 2023 · May 11, 2023
diff --git a/cilium/cmd/bpf_policy_get.go b/cilium/cmd/bpf_policy_get.go
@@ -10,6 +10,7 @@ import (
 	"path/filepath"
 	"sort"
 	"strconv"
+	"strings"
 	"text/tabwriter"
 
 	"github.com/spf13/cobra"
@@ -20,6 +21,7 @@ import (
 	"github.com/cilium/cilium/pkg/identity"
 	identitymodel "github.com/cilium/cilium/pkg/identity/model"
 	"github.com/cilium/cilium/pkg/maps/policymap"
+	"github.com/cilium/cilium/pkg/policy"
 	"github.com/cilium/cilium/pkg/policy/trafficdirection"
 )
 
@@ -64,13 +66,37 @@ func listAllMaps() {
 		return
 	}
 
+	maps := []policyMap{}
 	for _, file := range matchFiles {
-		fmt.Printf("%s:\n", file)
-		fmt.Println()
-		dumpMap(file)
-		fmt.Println()
-		fmt.Println()
+		endpointSplit := strings.Split(file, "_")
+		endpoint := strings.TrimLeft(endpointSplit[len(endpointSplit)-1], "0")
+		maps = append(maps, policyMap{
+			EndpointID: endpoint,
+			Path:       file,
+			Content:    mapContent(file),
+		})
 	}
+
+	if command.OutputOption() {
+		if err := command.PrintOutput(maps); err != nil {
+			os.Exit(1)
+		}
+	} else {
+		for _, m := range maps {
+			fmt.Printf("Endpoint ID: %s\n", m.EndpointID)
+			fmt.Printf("Path: %s\n", m.Path)
+			fmt.Println()
+			printTable(m.Content)
+			fmt.Println()
+			fmt.Println()
+		}
+	}
+}
+
+type policyMap struct {
+	EndpointID string
+	Path       string
+	Content    policymap.PolicyEntriesDump
 }
 
 func listMap(args []string) {
@@ -80,10 +106,18 @@ func listMap(args []string) {
 	if err != nil {
 		Fatalf("Failed to parse endpointID %q", lbl)
 	}
-	dumpMap(mapPath)
+
+	contentDump := mapContent(mapPath)
+	if command.OutputOption() {
+		if err := command.PrintOutput(contentDump); err != nil {
+			os.Exit(1)
+		}
+	} else {
+		printTable(contentDump)
+	}
 }
 
-func dumpMap(file string) {
+func mapContent(file string) policymap.PolicyEntriesDump {
 	m, err := policymap.Open(file)
 	if err != nil {
 		Fatalf("Failed to open map: %s\n", err)
@@ -96,19 +130,16 @@ func dumpMap(file string) {
 	}
 	sort.Slice(statsMap, statsMap.Less)
 
-	if command.OutputOption() {
-		if err := command.PrintOutput(statsMap); err != nil {
-			os.Exit(1)
-		}
-	} else {
-		w := tabwriter.NewWriter(os.Stdout, 5, 0, 3, ' ', 0)
-		formatMap(w, statsMap)
-		w.Flush()
-		if len(statsMap) == 0 {
-			fmt.Printf("Policy stats empty. Perhaps the policy enforcement is disabled?\n")
-		}
-	}
+	return statsMap
+}
 
+func printTable(contentDump policymap.PolicyEntriesDump) {
+	w := tabwriter.NewWriter(os.Stdout, 5, 0, 3, ' ', 0)
+	formatMap(w, contentDump)
+	w.Flush()
+	if len(contentDump) == 0 {
+		fmt.Printf("Policy stats empty. Perhaps the policy enforcement is disabled?\n")
+	}
 }
 
 func formatMap(w io.Writer, statsMap []policymap.PolicyEntryDump) {
@@ -119,6 +150,7 @@ func formatMap(w io.Writer, statsMap []policymap.PolicyEntryDump) {
 		labelsDesTitle        = "LABELS (source:key[=value])"
 		portTitle             = "PORT/PROTO"
 		proxyPortTitle        = "PROXY PORT"
+		authTypeTitle         = "AUTH TYPE"
 		bytesTitle            = "BYTES"
 		packetsTitle          = "PACKETS"
 		prefixTitle           = "PREFIX"
@@ -139,11 +171,11 @@ func formatMap(w io.Writer, statsMap []policymap.PolicyEntryDump) {
 	}
 
 	if printIDs {
-		fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t\n",
-			policyTitle, trafficDirectionTitle, labelsIDTitle, portTitle, proxyPortTitle, bytesTitle, packetsTitle, prefixTitle)
+		fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t\n",
+			policyTitle, trafficDirectionTitle, labelsIDTitle, portTitle, proxyPortTitle, authTypeTitle, bytesTitle, packetsTitle, prefixTitle)
 	} else {
-		fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t\n",
-			policyTitle, trafficDirectionTitle, labelsDesTitle, portTitle, proxyPortTitle, bytesTitle, packetsTitle, prefixTitle)
+		fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t%s\t\n",
+			policyTitle, trafficDirectionTitle, labelsDesTitle, portTitle, proxyPortTitle, authTypeTitle, bytesTitle, packetsTitle, prefixTitle)
 	}
 	for _, stat := range statsMap {
 		prefixLen := stat.Key.Prefixlen - policymap.StaticPrefixBits
@@ -163,22 +195,22 @@ func formatMap(w io.Writer, statsMap []policymap.PolicyEntryDump) {
 			policyStr = "Allow"
 		}
 		if printIDs {
-			fmt.Fprintf(w, "%s\t%s\t%d\t%s\t%s\t%d\t%d\t%d\t\n",
-				policyStr, trafficDirectionString, id, port, proxyPort, stat.Bytes, stat.Packets, prefixLen)
+			fmt.Fprintf(w, "%s\t%s\t%d\t%s\t%s\t%s\t%d\t%d\t%d\t\n",
+				policyStr, trafficDirectionString, id, port, proxyPort, policy.AuthType(stat.AuthType), stat.Bytes, stat.Packets, prefixLen)
 		} else if lbls := labelsID[id]; lbls != nil && len(lbls.Labels) > 0 {
 			first := true
 			for _, lbl := range lbls.Labels.GetPrintableModel() {
 				if first {
-					fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t\n",
-						policyStr, trafficDirectionString, lbl, port, proxyPort, stat.Bytes, stat.Packets, prefixLen)
+					fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%s\t%s\t%d\t%d\t%d\t\n",
+						policyStr, trafficDirectionString, lbl, port, proxyPort, policy.AuthType(stat.AuthType), stat.Bytes, stat.Packets, prefixLen)
 					first = false
 				} else {
-					fmt.Fprintf(w, "\t\t%s\t\t\t\t\t\t\n", lbl)
+					fmt.Fprintf(w, "\t\t%s\t\t\t\t\t\t\t\n", lbl)
 				}
 			}
 		} else {
-			fmt.Fprintf(w, "%s\t%s\t%d\t%s\t%s\t%d\t%d\t%d\t\n",
-				policyStr, trafficDirectionString, id, port, proxyPort, stat.Bytes, stat.Packets, prefixLen)
+			fmt.Fprintf(w, "%s\t%s\t%d\t%s\t%s\t%s\t%d\t%d\t%d\t\n",
+				policyStr, trafficDirectionString, id, port, proxyPort, policy.AuthType(stat.AuthType), stat.Bytes, stat.Packets, prefixLen)
 		}
 	}
 }