github.com/cilium/cilium@v1.16.2/pkg/datapath/types/config.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Cilium 3 4 package types 5 6 import ( 7 "io" 8 "net/netip" 9 10 "github.com/cilium/cilium/pkg/cidr" 11 "github.com/cilium/cilium/pkg/identity" 12 "github.com/cilium/cilium/pkg/mac" 13 "github.com/cilium/cilium/pkg/node" 14 nodeTypes "github.com/cilium/cilium/pkg/node/types" 15 "github.com/cilium/cilium/pkg/option" 16 ) 17 18 // NodeNeighborEnqueuer provides an interface for clients to push node updates 19 // for further processing. 20 type NodeNeighborEnqueuer interface { 21 // Enqueue enqueues a node for processing node neighbors updates. 22 Enqueue(*nodeTypes.Node, bool) 23 } 24 25 // DeviceConfiguration is an interface for injecting configuration of datapath 26 // options that affect lookups and logic applied at a per-device level, whether 27 // those are devices associated with the endpoint or associated with the host. 28 type DeviceConfiguration interface { 29 // GetOptions fetches the configurable datapath options from the owner. 30 GetOptions() *option.IntOptions 31 } 32 33 // LoadTimeConfiguration provides datapath implementations a clean interface 34 // to access endpoint-specific configuration that can be changed at load time. 35 type LoadTimeConfiguration interface { 36 // GetID returns a locally-significant endpoint identification number. 37 GetID() uint64 38 // StringID returns the string-formatted version of the ID from GetID(). 39 StringID() string 40 // GetIdentity returns a globally-significant numeric security identity. 41 GetIdentity() identity.NumericIdentity 42 43 // GetIdentityLocked returns a globally-significant numeric security 44 // identity while assuming that the backing data structure is locked. 45 // This function should be removed in favour of GetIdentity() 46 GetIdentityLocked() identity.NumericIdentity 47 48 IPv4Address() netip.Addr 49 IPv6Address() netip.Addr 50 GetNodeMAC() mac.MAC 51 GetIfIndex() int 52 } 53 54 // CompileTimeConfiguration provides datapath implementations a clean interface 55 // to access endpoint-specific configuration that can only be changed at 56 // compile time. 57 type CompileTimeConfiguration interface { 58 DeviceConfiguration 59 60 // TODO: Move this detail into the datapath 61 ConntrackLocalLocked() bool 62 63 // RequireARPPassthrough returns true if the datapath must implement 64 // ARP passthrough for this endpoint 65 RequireARPPassthrough() bool 66 67 // RequireEgressProg returns true if the endpoint requires an egress 68 // program attached to the InterfaceName() invoking the section 69 // "to-container" 70 RequireEgressProg() bool 71 72 // RequireRouting returns true if the endpoint requires BPF routing to 73 // be enabled, when disabled, routing is delegated to Linux routing 74 RequireRouting() bool 75 76 // RequireEndpointRoute returns true if the endpoint wishes to have a 77 // per endpoint route installed in the host's routing table to point to 78 // the endpoint's interface 79 RequireEndpointRoute() bool 80 81 // GetPolicyVerdictLogFilter returns the PolicyVerdictLogFilter for the endpoint 82 GetPolicyVerdictLogFilter() uint32 83 84 // IsHost returns true if the endpoint is the host endpoint. 85 IsHost() bool 86 } 87 88 // EndpointConfiguration provides datapath implementations a clean interface 89 // to access endpoint-specific configuration when configuring the datapath. 90 type EndpointConfiguration interface { 91 CompileTimeConfiguration 92 LoadTimeConfiguration 93 } 94 95 // ConfigWriter is anything which writes the configuration for various datapath 96 // program types. 97 type ConfigWriter interface { 98 // WriteNodeConfig writes the implementation-specific configuration of 99 // node-wide options into the specified writer. 100 WriteNodeConfig(io.Writer, *LocalNodeConfiguration) error 101 102 // WriteNetdevConfig writes the implementation-specific configuration 103 // of configurable options to the specified writer. Options specified 104 // here will apply to base programs and not to endpoints, though 105 // endpoints may have equivalent configurable options. 106 WriteNetdevConfig(io.Writer, *option.IntOptions) error 107 108 // WriteTemplateConfig writes the implementation-specific configuration 109 // of configurable options for BPF templates to the specified writer. 110 WriteTemplateConfig(w io.Writer, nodeCfg *LocalNodeConfiguration, cfg EndpointConfiguration) error 111 112 // WriteEndpointConfig writes the implementation-specific configuration 113 // of configurable options for the endpoint to the specified writer. 114 WriteEndpointConfig(w io.Writer, nodeCfg *LocalNodeConfiguration, cfg EndpointConfiguration) error 115 } 116 117 // RemoteSNATDstAddrExclusionCIDRv4 returns a CIDR for SNAT exclusion. Any 118 // packet sent from a local endpoint to an IP address belonging to the CIDR 119 // should not be SNAT'd. 120 func RemoteSNATDstAddrExclusionCIDRv4() *cidr.CIDR { 121 if c := option.Config.GetIPv4NativeRoutingCIDR(); c != nil { 122 // ipv4-native-routing-cidr is set, so use it 123 return c 124 } 125 126 return node.GetIPv4AllocRange() 127 } 128 129 // RemoteSNATDstAddrExclusionCIDRv6 returns a IPv6 CIDR for SNAT exclusion. Any 130 // packet sent from a local endpoint to an IP address belonging to the CIDR 131 // should not be SNAT'd. 132 func RemoteSNATDstAddrExclusionCIDRv6() *cidr.CIDR { 133 if c := option.Config.GetIPv6NativeRoutingCIDR(); c != nil { 134 // ipv6-native-routing-cidr is set, so use it 135 return c 136 } 137 138 return node.GetIPv6AllocRange() 139 }