github.com/cilium/cilium@v1.16.2/pkg/datapath/prefilter/api.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Cilium 3 4 package prefilter 5 6 import ( 7 "fmt" 8 "net" 9 10 "github.com/go-openapi/runtime/middleware" 11 12 "github.com/cilium/cilium/api/v1/models" 13 "github.com/cilium/cilium/api/v1/server/restapi/prefilter" 14 "github.com/cilium/cilium/pkg/api" 15 datapath "github.com/cilium/cilium/pkg/datapath/types" 16 ) 17 18 type getPrefilterHandler struct { 19 preFilter datapath.PreFilter 20 } 21 22 func (h *getPrefilterHandler) Handle(_ prefilter.GetPrefilterParams) middleware.Responder { 23 var list []string 24 var revision int64 25 if !h.preFilter.Enabled() { 26 msg := fmt.Errorf("prefilter is not enabled in daemon") 27 return api.Error(prefilter.GetPrefilterFailureCode, msg) 28 } 29 list, revision = h.preFilter.Dump(list) 30 spec := &models.PrefilterSpec{ 31 Revision: revision, 32 Deny: list, 33 } 34 status := &models.Prefilter{ 35 Spec: spec, 36 Status: &models.PrefilterStatus{ 37 Realized: spec, 38 }, 39 } 40 return prefilter.NewGetPrefilterOK().WithPayload(status) 41 } 42 43 type patchPrefilterHandler struct { 44 preFilter datapath.PreFilter 45 } 46 47 func (h *patchPrefilterHandler) Handle(params prefilter.PatchPrefilterParams) middleware.Responder { 48 if !h.preFilter.Enabled() { 49 msg := fmt.Errorf("prefilter is not enabled in daemon") 50 return api.Error(prefilter.PatchPrefilterFailureCode, msg) 51 } 52 53 spec := params.PrefilterSpec 54 list := make([]net.IPNet, 0, len(spec.Deny)) 55 for _, cidrStr := range spec.Deny { 56 _, cidr, err := net.ParseCIDR(cidrStr) 57 if err != nil { 58 msg := fmt.Errorf("invalid CIDR string %s", cidrStr) 59 return api.Error(prefilter.PatchPrefilterInvalidCIDRCode, msg) 60 } 61 list = append(list, *cidr) 62 } 63 err := h.preFilter.Insert(spec.Revision, list) 64 if err != nil { 65 return api.Error(prefilter.PatchPrefilterFailureCode, err) 66 } 67 return prefilter.NewPatchPrefilterOK() 68 } 69 70 type deletePrefilterHandler struct { 71 preFilter datapath.PreFilter 72 } 73 74 func (h *deletePrefilterHandler) Handle(params prefilter.DeletePrefilterParams) middleware.Responder { 75 if !h.preFilter.Enabled() { 76 msg := fmt.Errorf("prefilter is not enabled in daemon") 77 return api.Error(prefilter.DeletePrefilterFailureCode, msg) 78 } 79 80 spec := params.PrefilterSpec 81 list := make([]net.IPNet, 0, len(spec.Deny)) 82 for _, cidrStr := range spec.Deny { 83 _, cidr, err := net.ParseCIDR(cidrStr) 84 if err != nil { 85 msg := fmt.Errorf("invalid CIDR string %s", cidrStr) 86 return api.Error(prefilter.DeletePrefilterInvalidCIDRCode, msg) 87 } 88 list = append(list, *cidr) 89 } 90 err := h.preFilter.Delete(spec.Revision, list) 91 if err != nil { 92 return api.Error(prefilter.DeletePrefilterFailureCode, err) 93 } 94 return prefilter.NewDeletePrefilterOK() 95 }