github.com/datadog/cilium@v1.6.12/bpf/lib/maps.h (about) 1 /* 2 * Copyright (C) 2016-2018 Authors of Cilium 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation; either version 2 of the License, or 7 * (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, write to the Free Software 16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17 */ 18 #ifndef __LIB_MAPS_H_ 19 #define __LIB_MAPS_H_ 20 21 #include "common.h" 22 #include "ipv6.h" 23 24 #define CILIUM_MAP_POLICY 1 25 #define CILIUM_MAP_CALLS 2 26 27 struct bpf_elf_map __section_maps ENDPOINTS_MAP = { 28 .type = BPF_MAP_TYPE_HASH, 29 .size_key = sizeof(struct endpoint_key), 30 .size_value = sizeof(struct endpoint_info), 31 .pinning = PIN_GLOBAL_NS, 32 .max_elem = ENDPOINTS_MAP_SIZE, 33 .flags = CONDITIONAL_PREALLOC, 34 }; 35 36 struct bpf_elf_map __section_maps METRICS_MAP = { 37 .type = BPF_MAP_TYPE_PERCPU_HASH, 38 .size_key = sizeof(struct metrics_key), 39 .size_value = sizeof(struct metrics_value), 40 .pinning = PIN_GLOBAL_NS, 41 .max_elem = METRICS_MAP_SIZE, 42 .flags = CONDITIONAL_PREALLOC, 43 }; 44 45 #ifndef SKIP_POLICY_MAP 46 /* Global map to jump into policy enforcement of receiving endpoint */ 47 struct bpf_elf_map __section_maps POLICY_CALL_MAP = { 48 .type = BPF_MAP_TYPE_PROG_ARRAY, 49 .id = CILIUM_MAP_POLICY, 50 .size_key = sizeof(__u32), 51 .size_value = sizeof(__u32), 52 .pinning = PIN_GLOBAL_NS, 53 .max_elem = POLICY_PROG_MAP_SIZE, 54 }; 55 #endif /* SKIP_POLICY_MAP */ 56 57 /* Map to link endpoint id to per endpoint cilium_policy map */ 58 #ifdef SOCKMAP 59 struct bpf_elf_map __section_maps EP_POLICY_MAP = { 60 .type = BPF_MAP_TYPE_HASH_OF_MAPS, 61 .size_key = sizeof(struct endpoint_key), 62 .size_value = sizeof(int), 63 .pinning = PIN_GLOBAL_NS, 64 .max_elem = ENDPOINTS_MAP_SIZE, 65 }; 66 #endif 67 68 #ifdef POLICY_MAP 69 /* Per-endpoint policy enforcement map */ 70 struct bpf_elf_map __section_maps POLICY_MAP = { 71 .type = BPF_MAP_TYPE_HASH, 72 .size_key = sizeof(struct policy_key), 73 .size_value = sizeof(struct policy_entry), 74 .pinning = PIN_GLOBAL_NS, 75 .max_elem = POLICY_MAP_SIZE, 76 .flags = CONDITIONAL_PREALLOC, 77 }; 78 #endif 79 80 #ifdef CONFIG_MAP 81 struct bpf_elf_map __section_maps CONFIG_MAP = { 82 .type = BPF_MAP_TYPE_ARRAY, 83 .size_key = sizeof(__u32), 84 .size_value = sizeof(struct ep_config), 85 .pinning = PIN_GLOBAL_NS, 86 .max_elem = 1, 87 }; 88 #endif 89 90 #ifndef SKIP_CALLS_MAP 91 /* Private per EP map for internal tail calls */ 92 struct bpf_elf_map __section_maps CALLS_MAP = { 93 .type = BPF_MAP_TYPE_PROG_ARRAY, 94 .id = CILIUM_MAP_CALLS, 95 .size_key = sizeof(__u32), 96 .size_value = sizeof(__u32), 97 .pinning = PIN_GLOBAL_NS, 98 .max_elem = CILIUM_CALL_SIZE, 99 }; 100 #endif /* SKIP_CALLS_MAP */ 101 102 #ifdef ENCAP_IFINDEX 103 104 struct bpf_elf_map __section_maps TUNNEL_MAP = { 105 .type = BPF_MAP_TYPE_HASH, 106 .size_key = sizeof(struct endpoint_key), 107 .size_value = sizeof(struct endpoint_key), 108 .pinning = PIN_GLOBAL_NS, 109 .max_elem = TUNNEL_ENDPOINT_MAP_SIZE, 110 .flags = CONDITIONAL_PREALLOC, 111 }; 112 113 #endif 114 115 #ifdef HAVE_LPM_MAP_TYPE 116 #define LPM_MAP_TYPE BPF_MAP_TYPE_LPM_TRIE 117 #else 118 #define LPM_MAP_TYPE BPF_MAP_TYPE_HASH 119 #endif 120 121 #ifndef HAVE_LPM_MAP_TYPE 122 /* Define a function with the following NAME which iterates through PREFIXES 123 * (a list of integers ordered from high to low representing prefix length), 124 * performing a lookup in MAP using LOOKUP_FN to find a provided IP of type 125 * IPTYPE. */ 126 #define LPM_LOOKUP_FN(NAME, IPTYPE, PREFIXES, MAP, LOOKUP_FN) \ 127 static __always_inline int __##NAME(IPTYPE addr) \ 128 { \ 129 int prefixes[] = { PREFIXES }; \ 130 const int size = (sizeof(prefixes) / sizeof(prefixes[0])); \ 131 int i; \ 132 \ 133 _Pragma("unroll") \ 134 for (i = 0; i < size; i++) \ 135 if (LOOKUP_FN(&MAP, addr, prefixes[i])) \ 136 return 1; \ 137 \ 138 return 0; \ 139 } 140 #endif /* HAVE_LPM_MAP_TYPE */ 141 142 #ifndef SKIP_UNDEF_LPM_LOOKUP_FN 143 #undef LPM_LOOKUP_FN 144 #endif 145 146 struct ipcache_key { 147 struct bpf_lpm_trie_key lpm_key; 148 __u16 pad1; 149 __u8 pad2; 150 __u8 family; 151 union { 152 struct { 153 __u32 ip4; 154 __u32 pad4; 155 __u32 pad5; 156 __u32 pad6; 157 }; 158 union v6addr ip6; 159 }; 160 } __attribute__((packed)); 161 162 /* Global IP -> Identity map for applying egress label-based policy */ 163 struct bpf_elf_map __section_maps IPCACHE_MAP = { 164 .type = LPM_MAP_TYPE, 165 .size_key = sizeof(struct ipcache_key), 166 .size_value = sizeof(struct remote_endpoint_info), 167 .pinning = PIN_GLOBAL_NS, 168 .max_elem = IPCACHE_MAP_SIZE, 169 .flags = BPF_F_NO_PREALLOC, 170 }; 171 172 struct bpf_elf_map __section_maps ENCRYPT_MAP = { 173 .type = BPF_MAP_TYPE_ARRAY, 174 .size_key = sizeof(struct encrypt_key), 175 .size_value = sizeof(struct encrypt_config), 176 .pinning = PIN_GLOBAL_NS, 177 .max_elem = 1, 178 }; 179 180 #ifndef SKIP_CALLS_MAP 181 static __always_inline void ep_tail_call(struct __sk_buff *skb, uint32_t index) 182 { 183 tail_call(skb, &CALLS_MAP, index); 184 } 185 #endif /* SKIP_CALLS_MAP */ 186 #endif