github.com/cilium/cilium@v1.16.2/bpf/lib/auth.h

github.com/cilium/cilium@v1.16.2/bpf/lib/auth.h (about)

     1  /* SPDX-License-Identifier: (GPL-2.0-only OR BSD-2-Clause) */
     2  /* Copyright Authors of Cilium */
     3  
     4  #pragma once
     5  
     6  #include "common.h"
     7  #include "maps.h"
     8  #include "utime.h"
     9  #include "signal.h"
    10  
    11  static __always_inline int
    12  auth_lookup(struct __ctx_buff *ctx, __u32 local_id, __u32 remote_id, __u32 remote_node_ip,
    13  	    __u8 auth_type)
    14  {
    15  	struct node_key node_ip = {};
    16  	struct node_value *node_value = NULL;
    17  	struct auth_info *auth;
    18  	struct auth_key key = {
    19  		.local_sec_label = local_id,
    20  		.remote_sec_label = remote_id,
    21  		.auth_type = auth_type,
    22  		.pad = 0,
    23  	};
    24  
    25  	if (remote_node_ip) {
    26  		node_ip.family = ENDPOINT_KEY_IPV4;
    27  		node_ip.ip4 = remote_node_ip;
    28  		node_value = map_lookup_elem(&NODE_MAP_V2, &node_ip);
    29  		if (!node_value || !node_value->id)
    30  			return DROP_NO_NODE_ID;
    31  		key.remote_node_id = node_value->id;
    32  	} else {
    33  		/* If remote_node_ip is 0.0.0.0, then this is the local node. */
    34  		key.remote_node_id = 0;
    35  	}
    36  
    37  	/* Check L3-proto policy */
    38  	auth = map_lookup_elem(&AUTH_MAP, &key);
    39  	if (likely(auth)) {
    40  		/* check that entry has not expired */
    41  		if (utime_get_time() < auth->expiration)
    42  			return CTX_ACT_OK;
    43  	}
    44  
    45  	send_signal_auth_required(ctx, &key);
    46  	return DROP_POLICY_AUTH_REQUIRED;
    47  }