github.com/cilium/cilium@v1.16.2/bpf/lib/auth.h (about) 1 /* SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) */ 2 /* Copyright Authors of Cilium */ 3 4 #pragma once 5 6 #include "common.h" 7 #include "maps.h" 8 #include "utime.h" 9 #include "signal.h" 10 11 static __always_inline int 12 auth_lookup(struct __ctx_buff *ctx, __u32 local_id, __u32 remote_id, __u32 remote_node_ip, 13 __u8 auth_type) 14 { 15 struct node_key node_ip = {}; 16 struct node_value *node_value = NULL; 17 struct auth_info *auth; 18 struct auth_key key = { 19 .local_sec_label = local_id, 20 .remote_sec_label = remote_id, 21 .auth_type = auth_type, 22 .pad = 0, 23 }; 24 25 if (remote_node_ip) { 26 node_ip.family = ENDPOINT_KEY_IPV4; 27 node_ip.ip4 = remote_node_ip; 28 node_value = map_lookup_elem(&NODE_MAP_V2, &node_ip); 29 if (!node_value || !node_value->id) 30 return DROP_NO_NODE_ID; 31 key.remote_node_id = node_value->id; 32 } else { 33 /* If remote_node_ip is 0.0.0.0, then this is the local node. */ 34 key.remote_node_id = 0; 35 } 36 37 /* Check L3-proto policy */ 38 auth = map_lookup_elem(&AUTH_MAP, &key); 39 if (likely(auth)) { 40 /* check that entry has not expired */ 41 if (utime_get_time() < auth->expiration) 42 return CTX_ACT_OK; 43 } 44 45 send_signal_auth_required(ctx, &key); 46 return DROP_POLICY_AUTH_REQUIRED; 47 }