github.com/cilium/cilium@v1.16.2/pkg/datapath/types/config.go (about)

     1  // SPDX-License-Identifier: Apache-2.0
     2  // Copyright Authors of Cilium
     3  
     4  package types
     5  
     6  import (
     7  	"io"
     8  	"net/netip"
     9  
    10  	"github.com/cilium/cilium/pkg/cidr"
    11  	"github.com/cilium/cilium/pkg/identity"
    12  	"github.com/cilium/cilium/pkg/mac"
    13  	"github.com/cilium/cilium/pkg/node"
    14  	nodeTypes "github.com/cilium/cilium/pkg/node/types"
    15  	"github.com/cilium/cilium/pkg/option"
    16  )
    17  
    18  // NodeNeighborEnqueuer provides an interface for clients to push node updates
    19  // for further processing.
    20  type NodeNeighborEnqueuer interface {
    21  	// Enqueue enqueues a node for processing node neighbors updates.
    22  	Enqueue(*nodeTypes.Node, bool)
    23  }
    24  
    25  // DeviceConfiguration is an interface for injecting configuration of datapath
    26  // options that affect lookups and logic applied at a per-device level, whether
    27  // those are devices associated with the endpoint or associated with the host.
    28  type DeviceConfiguration interface {
    29  	// GetOptions fetches the configurable datapath options from the owner.
    30  	GetOptions() *option.IntOptions
    31  }
    32  
    33  // LoadTimeConfiguration provides datapath implementations a clean interface
    34  // to access endpoint-specific configuration that can be changed at load time.
    35  type LoadTimeConfiguration interface {
    36  	// GetID returns a locally-significant endpoint identification number.
    37  	GetID() uint64
    38  	// StringID returns the string-formatted version of the ID from GetID().
    39  	StringID() string
    40  	// GetIdentity returns a globally-significant numeric security identity.
    41  	GetIdentity() identity.NumericIdentity
    42  
    43  	// GetIdentityLocked returns a globally-significant numeric security
    44  	// identity while assuming that the backing data structure is locked.
    45  	// This function should be removed in favour of GetIdentity()
    46  	GetIdentityLocked() identity.NumericIdentity
    47  
    48  	IPv4Address() netip.Addr
    49  	IPv6Address() netip.Addr
    50  	GetNodeMAC() mac.MAC
    51  	GetIfIndex() int
    52  }
    53  
    54  // CompileTimeConfiguration provides datapath implementations a clean interface
    55  // to access endpoint-specific configuration that can only be changed at
    56  // compile time.
    57  type CompileTimeConfiguration interface {
    58  	DeviceConfiguration
    59  
    60  	// TODO: Move this detail into the datapath
    61  	ConntrackLocalLocked() bool
    62  
    63  	// RequireARPPassthrough returns true if the datapath must implement
    64  	// ARP passthrough for this endpoint
    65  	RequireARPPassthrough() bool
    66  
    67  	// RequireEgressProg returns true if the endpoint requires an egress
    68  	// program attached to the InterfaceName() invoking the section
    69  	// "to-container"
    70  	RequireEgressProg() bool
    71  
    72  	// RequireRouting returns true if the endpoint requires BPF routing to
    73  	// be enabled, when disabled, routing is delegated to Linux routing
    74  	RequireRouting() bool
    75  
    76  	// RequireEndpointRoute returns true if the endpoint wishes to have a
    77  	// per endpoint route installed in the host's routing table to point to
    78  	// the endpoint's interface
    79  	RequireEndpointRoute() bool
    80  
    81  	// GetPolicyVerdictLogFilter returns the PolicyVerdictLogFilter for the endpoint
    82  	GetPolicyVerdictLogFilter() uint32
    83  
    84  	// IsHost returns true if the endpoint is the host endpoint.
    85  	IsHost() bool
    86  }
    87  
    88  // EndpointConfiguration provides datapath implementations a clean interface
    89  // to access endpoint-specific configuration when configuring the datapath.
    90  type EndpointConfiguration interface {
    91  	CompileTimeConfiguration
    92  	LoadTimeConfiguration
    93  }
    94  
    95  // ConfigWriter is anything which writes the configuration for various datapath
    96  // program types.
    97  type ConfigWriter interface {
    98  	// WriteNodeConfig writes the implementation-specific configuration of
    99  	// node-wide options into the specified writer.
   100  	WriteNodeConfig(io.Writer, *LocalNodeConfiguration) error
   101  
   102  	// WriteNetdevConfig writes the implementation-specific configuration
   103  	// of configurable options to the specified writer. Options specified
   104  	// here will apply to base programs and not to endpoints, though
   105  	// endpoints may have equivalent configurable options.
   106  	WriteNetdevConfig(io.Writer, *option.IntOptions) error
   107  
   108  	// WriteTemplateConfig writes the implementation-specific configuration
   109  	// of configurable options for BPF templates to the specified writer.
   110  	WriteTemplateConfig(w io.Writer, nodeCfg *LocalNodeConfiguration, cfg EndpointConfiguration) error
   111  
   112  	// WriteEndpointConfig writes the implementation-specific configuration
   113  	// of configurable options for the endpoint to the specified writer.
   114  	WriteEndpointConfig(w io.Writer, nodeCfg *LocalNodeConfiguration, cfg EndpointConfiguration) error
   115  }
   116  
   117  // RemoteSNATDstAddrExclusionCIDRv4 returns a CIDR for SNAT exclusion. Any
   118  // packet sent from a local endpoint to an IP address belonging to the CIDR
   119  // should not be SNAT'd.
   120  func RemoteSNATDstAddrExclusionCIDRv4() *cidr.CIDR {
   121  	if c := option.Config.GetIPv4NativeRoutingCIDR(); c != nil {
   122  		// ipv4-native-routing-cidr is set, so use it
   123  		return c
   124  	}
   125  
   126  	return node.GetIPv4AllocRange()
   127  }
   128  
   129  // RemoteSNATDstAddrExclusionCIDRv6 returns a IPv6 CIDR for SNAT exclusion. Any
   130  // packet sent from a local endpoint to an IP address belonging to the CIDR
   131  // should not be SNAT'd.
   132  func RemoteSNATDstAddrExclusionCIDRv6() *cidr.CIDR {
   133  	if c := option.Config.GetIPv6NativeRoutingCIDR(); c != nil {
   134  		// ipv6-native-routing-cidr is set, so use it
   135  		return c
   136  	}
   137  
   138  	return node.GetIPv6AllocRange()
   139  }