-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
The map is of type lpm_trie, so that it supports range query for destination CIDR. A packet that matches an entry in the map will return an egress_info which contains the IP address of a gateway node and an egress IP address. Gateway node IP represents the next hop for this packet, while the egress IP represents the masqueraded source IP address when the packet leaves the gateway node. The commit contains a set of util subcommands for cilium, which provides CRUD operations to the ebpf map: ``` cilium bpf egress {list,update,lookup,delete} ``` Signed-off-by: Yongkun Gui <ygui@google.com>
- Loading branch information
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
// Copyright 2021 Authors of Cilium | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package cmd | ||
|
||
import ( | ||
"github.com/spf13/cobra" | ||
) | ||
|
||
// bpfEgressCmd represents the bpf command | ||
var bpfEgressCmd = &cobra.Command{ | ||
Use: "egress", | ||
Short: "Manage the egress routing rules", | ||
} | ||
|
||
func init() { | ||
bpfCmd.AddCommand(bpfEgressCmd) | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
// Copyright 2021 Authors of Cilium | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package cmd | ||
|
||
import ( | ||
"net" | ||
|
||
"github.com/cilium/cilium/pkg/common" | ||
"github.com/cilium/cilium/pkg/maps/egressmap" | ||
|
||
"github.com/spf13/cobra" | ||
) | ||
|
||
const ( | ||
egressDeleteUsage = "Delete egress entries using source IP and destination CIDR.\n" | ||
) | ||
|
||
var bpfEgressDeleteCmd = &cobra.Command{ | ||
Args: cobra.ExactArgs(2), | ||
Use: "delete", | ||
Short: "Delete egress entries", | ||
Long: egressDeleteUsage, | ||
Run: func(cmd *cobra.Command, args []string) { | ||
common.RequireRootPrivilege("cilium bpf egress delete <src_ip> <dest_cidr>") | ||
|
||
sip := net.ParseIP(args[0]).To4() | ||
if sip == nil { | ||
Fatalf("Unable to parse IP '%s'", args[0]) | ||
} | ||
|
||
_, cidr, err := net.ParseCIDR(args[1]) | ||
if err != nil { | ||
Fatalf("error parsing cidr %s: %s", args[1], err) | ||
} | ||
|
||
key := egressmap.NewKey(sip, cidr.IP, cidr.Mask) | ||
|
||
if err := egressmap.EgressMap.Delete(&key); err != nil { | ||
Fatalf("error deleting contents of map: %s\n", err) | ||
} | ||
}, | ||
} | ||
|
||
func init() { | ||
bpfEgressCmd.AddCommand(bpfEgressDeleteCmd) | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
// Copyright 2021 Authors of Cilium | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
package cmd | ||
|
||
import ( | ||
"fmt" | ||
"net" | ||
|
||
"github.com/cilium/cilium/pkg/bpf" | ||
"github.com/cilium/cilium/pkg/common" | ||
"github.com/cilium/cilium/pkg/maps/egressmap" | ||
|
||
"github.com/spf13/cobra" | ||
) | ||
|
||
const ( | ||
egressGetUsage = "Get egress entries using source and destination IPs.\n" | ||
) | ||
|
||
var bpfEgressGetCmd = &cobra.Command{ | ||
Args: cobra.ExactArgs(2), | ||
Use: "get", | ||
Short: "Get egress entries", | ||
Aliases: []string{"lookup"}, | ||
Long: egressGetUsage, | ||
Run: func(cmd *cobra.Command, args []string) { | ||
common.RequireRootPrivilege("cilium bpf egress get <src_ip> <dest_ip>") | ||
|
||
var ( | ||
ipv4Mask = net.IPv4Mask(255, 255, 255, 255) | ||
err error | ||
value bpf.MapValue | ||
) | ||
|
||
sip := net.ParseIP(args[0]).To4() | ||
if sip == nil { | ||
Fatalf("Unable to parse IP '%s'", args[0]) | ||
} | ||
|
||
dip := net.ParseIP(args[1]).To4() | ||
if dip == nil { | ||
Fatalf("Unable to parse IP '%s'", args[1]) | ||
} | ||
|
||
key := egressmap.NewKey(sip, dip, ipv4Mask) | ||
|
||
if value, err = egressmap.EgressMap.Lookup(&key); err != nil { | ||
Fatalf("error lookup contents of map: %s\n", err) | ||
} | ||
|
||
fmt.Println(value.String()) | ||
}, | ||
} | ||
|
||
func init() { | ||
bpfEgressCmd.AddCommand(bpfEgressGetCmd) | ||
} |