github.com/cilium/cilium@v1.16.2/pkg/endpoint/cache.go (about) 1 // SPDX-License-Identifier: Apache-2.0 2 // Copyright Authors of Cilium 3 4 package endpoint 5 6 import ( 7 "net/netip" 8 "strconv" 9 10 "github.com/sirupsen/logrus" 11 12 "github.com/cilium/cilium/pkg/identity" 13 "github.com/cilium/cilium/pkg/mac" 14 "github.com/cilium/cilium/pkg/option" 15 ) 16 17 // epInfoCache describes the set of lxcmap entries necessary to describe an Endpoint 18 // in the BPF maps. It is generated while holding the Endpoint lock, then used 19 // after releasing that lock to push the entries into the datapath. 20 // Functions below implement the EndpointFrontend interface with this cached information. 21 type epInfoCache struct { 22 // revision is used by the endpoint regeneration code to determine 23 // whether this cache is out-of-date wrt the underlying endpoint. 24 revision uint64 25 26 // For datapath.loader.endpoint 27 epdir string 28 id uint64 29 ifName string 30 31 // For datapath.EndpointConfiguration 32 identity identity.NumericIdentity 33 mac mac.MAC 34 ipv4 netip.Addr 35 ipv6 netip.Addr 36 conntrackLocal bool 37 requireARPPassthrough bool 38 requireEgressProg bool 39 requireRouting bool 40 requireEndpointRoute bool 41 policyVerdictLogFilter uint32 42 options *option.IntOptions 43 lxcMAC mac.MAC 44 ifIndex int 45 46 // endpoint is used to get the endpoint's logger. 47 // 48 // Do NOT use this for fetching endpoint data directly; this structure 49 // is intended as a safe cache of endpoint data that is assembled while 50 // holding the endpoint lock, for use beyond the holding of that lock. 51 // Dereferencing fields in this endpoint is not guaranteed to be safe. 52 endpoint *Endpoint 53 } 54 55 // Must be called when endpoint is still locked. 56 func (e *Endpoint) createEpInfoCache(epdir string) *epInfoCache { 57 ep := &epInfoCache{ 58 revision: e.nextPolicyRevision, 59 60 epdir: epdir, 61 id: e.GetID(), 62 ifName: e.ifName, 63 identity: e.getIdentity(), 64 mac: e.GetNodeMAC(), 65 ipv4: e.IPv4Address(), 66 ipv6: e.IPv6Address(), 67 conntrackLocal: e.ConntrackLocalLocked(), 68 requireARPPassthrough: e.RequireARPPassthrough(), 69 requireEgressProg: e.RequireEgressProg(), 70 requireRouting: e.RequireRouting(), 71 requireEndpointRoute: e.RequireEndpointRoute(), 72 policyVerdictLogFilter: e.GetPolicyVerdictLogFilter(), 73 options: e.Options.DeepCopy(), 74 lxcMAC: e.mac, 75 ifIndex: e.ifIndex, 76 77 endpoint: e, 78 } 79 return ep 80 } 81 82 func (ep *epInfoCache) GetIfIndex() int { 83 return ep.ifIndex 84 } 85 86 func (ep *epInfoCache) LXCMac() mac.MAC { 87 return ep.lxcMAC 88 } 89 90 // InterfaceName returns the name of the link-layer interface used for 91 // communicating with the endpoint. 92 func (ep *epInfoCache) InterfaceName() string { 93 return ep.ifName 94 } 95 96 // GetID returns the endpoint's ID. 97 func (ep *epInfoCache) GetID() uint64 { 98 return ep.id 99 } 100 101 // StringID returns the endpoint's ID in a string. 102 func (ep *epInfoCache) StringID() string { 103 return strconv.FormatUint(ep.id, 10) 104 } 105 106 // GetIdentity returns the security identity of the endpoint. 107 func (ep *epInfoCache) GetIdentity() identity.NumericIdentity { 108 return ep.identity 109 } 110 111 // GetIdentityLocked returns the security identity of the endpoint. 112 func (ep *epInfoCache) GetIdentityLocked() identity.NumericIdentity { 113 return ep.identity 114 } 115 116 // Logger returns the logger for the endpoint that is being cached. 117 func (ep *epInfoCache) Logger(subsystem string) *logrus.Entry { 118 return ep.endpoint.Logger(subsystem) 119 } 120 121 // IPv4Address returns the cached IPv4 address for the endpoint. 122 func (ep *epInfoCache) IPv4Address() netip.Addr { 123 return ep.ipv4 124 } 125 126 // IPv6Address returns the cached IPv6 address for the endpoint. 127 func (ep *epInfoCache) IPv6Address() netip.Addr { 128 return ep.ipv6 129 } 130 131 // StateDir returns the directory for the endpoint's (next) state. 132 func (ep *epInfoCache) StateDir() string { return ep.epdir } 133 func (ep *epInfoCache) GetNodeMAC() mac.MAC { return ep.mac } 134 135 func (ep *epInfoCache) ConntrackLocalLocked() bool { 136 return ep.conntrackLocal 137 } 138 139 func (ep *epInfoCache) GetOptions() *option.IntOptions { 140 return ep.options 141 } 142 143 // RequireARPPassthrough returns true if the datapath must implement ARP 144 // passthrough for this endpoint 145 func (ep *epInfoCache) RequireARPPassthrough() bool { 146 return ep.requireARPPassthrough 147 } 148 149 // RequireEgressProg returns true if the endpoint requires bpf_lxc with section 150 // "to-container" to be attached at egress on the host facing veth pair 151 func (ep *epInfoCache) RequireEgressProg() bool { 152 return ep.requireEgressProg 153 } 154 155 // RequireRouting returns true if the endpoint requires BPF routing to be 156 // enabled, when disabled, routing is delegated to Linux routing 157 func (ep *epInfoCache) RequireRouting() bool { 158 return ep.requireRouting 159 } 160 161 // RequireEndpointRoute returns if the endpoint wants a per endpoint route 162 func (ep *epInfoCache) RequireEndpointRoute() bool { 163 return ep.requireEndpointRoute 164 } 165 166 func (ep *epInfoCache) GetPolicyVerdictLogFilter() uint32 { 167 return ep.policyVerdictLogFilter 168 } 169 170 func (ep *epInfoCache) IsHost() bool { 171 return ep.endpoint.IsHost() 172 }