github.com/elfadel/cilium@v1.6.12/pkg/datapath/linux/linux_defaults/linux_defaults.go (about) 1 // Copyright 2019 Authors of Cilium 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package linux_defaults 16 17 import ( 18 "time" 19 ) 20 21 // Linux specific constants used in Linux datapath 22 const ( 23 // RouteTableIPSec is the default table ID to use for IPSec routing rules 24 RouteTableIPSec = 200 25 26 // RouteMarkDecrypt is the default route mark to use to indicate datapath 27 // needs to decrypt a packet. 28 RouteMarkDecrypt = 0x0D00 29 30 // RouteMarkEncrypt is the default route mark to use to indicate datapath 31 // needs to encrypt a packet. 32 RouteMarkEncrypt = 0x0E00 33 34 // RouteMarkMask is the mask required for the route mark value 35 RouteMarkMask = 0xF00 36 37 // IPSecProtocolID IP protocol ID for IPSec defined in RFC4303 38 RouteProtocolIPSec = 50 39 40 // TunnelDeviceName the default name of the tunnel device when using vxlan 41 TunnelDeviceName = "cilium_vxlan" 42 43 // IPSec offset value for node rules 44 IPsecMaxKeyVersion = 16 45 46 // IPsecMarkMask is the mask required for the IPsec SPI and encrypt/decrypt bits 47 IPsecMarkMask = 0xFF00 48 49 // IPsecMarkMaskIn is the mask required for IPsec to lookup encrypt/decrypt bits 50 IPsecMarkMaskIn = 0x0F00 51 52 // IPsecKeyDeleteDelay is the time to wait before removing old keys when 53 // the IPsec key is changing. 54 IPsecKeyDeleteDelay = 5 * time.Minute 55 )