github.com/elfadel/cilium@v1.6.12/pkg/proxy/dns.go (about) 1 // Copyright 2018 Authors of Cilium 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package proxy 16 17 import ( 18 "github.com/cilium/cilium/pkg/completion" 19 "github.com/cilium/cilium/pkg/fqdn/dnsproxy" 20 "github.com/cilium/cilium/pkg/logging/logfields" 21 "github.com/cilium/cilium/pkg/policy" 22 "github.com/cilium/cilium/pkg/proxy/logger" 23 "github.com/cilium/cilium/pkg/revert" 24 "github.com/sirupsen/logrus" 25 ) 26 27 var ( 28 // DefaultDNSProxy is the global, shared, DNS Proxy singleton. 29 DefaultDNSProxy *dnsproxy.DNSProxy 30 ) 31 32 // dnsRedirect implements the Redirect interface for an l7 proxy 33 type dnsRedirect struct { 34 redirect *Redirect 35 endpointInfoRegistry logger.EndpointInfoRegistry 36 conf dnsConfiguration 37 currentRules policy.L7DataMap 38 } 39 40 type dnsConfiguration struct { 41 } 42 43 // setRules replaces old l7 rules of a redirect with new ones. 44 // TODO: Get rid of the duplication between 'currentRules' and 'r.rules' 45 func (dr *dnsRedirect) setRules(wg *completion.WaitGroup, newRules policy.L7DataMap) error { 46 log.WithFields(logrus.Fields{ 47 "newRules": newRules, 48 logfields.EndpointID: dr.redirect.endpointID, 49 }).Debug("DNS Proxy updating matchNames in allowed list during UpdateRules") 50 if err := DefaultDNSProxy.UpdateAllowed(dr.redirect.endpointID, dr.redirect.dstPort, newRules); err != nil { 51 return err 52 } 53 dr.currentRules = copyRules(dr.redirect.rules) 54 55 return nil 56 } 57 58 // UpdateRules atomically replaces the proxy rules in effect for this redirect. 59 // It is not aware of revision number and doesn't account for out-of-order 60 // calls to UpdateRules or the returned RevertFunc. 61 func (dr *dnsRedirect) UpdateRules(wg *completion.WaitGroup, l4 *policy.L4Filter) (revert.RevertFunc, error) { 62 oldRules := dr.currentRules 63 err := dr.setRules(wg, dr.redirect.rules) 64 revertFunc := func() error { 65 return dr.setRules(nil, oldRules) 66 } 67 return revertFunc, err 68 } 69 70 // Close the redirect. 71 func (dr *dnsRedirect) Close(wg *completion.WaitGroup) (revert.FinalizeFunc, revert.RevertFunc) { 72 return func() { 73 DefaultDNSProxy.UpdateAllowed(dr.redirect.endpointID, dr.redirect.dstPort, nil) 74 dr.currentRules = nil 75 }, nil 76 } 77 78 // creatednsRedirect creates a redirect to the dns proxy. The redirect structure passed 79 // in is safe to access for reading and writing. 80 func createDNSRedirect(r *Redirect, conf dnsConfiguration, endpointInfoRegistry logger.EndpointInfoRegistry) (RedirectImplementation, error) { 81 dr := &dnsRedirect{ 82 redirect: r, 83 conf: conf, 84 endpointInfoRegistry: endpointInfoRegistry, 85 } 86 87 log.WithFields(logrus.Fields{ 88 "dnsRedirect": dr, 89 "conf": conf, 90 }).Debug("Creating DNS Proxy redirect") 91 92 return dr, dr.setRules(nil, r.rules) 93 } 94 95 func copyRules(rules policy.L7DataMap) policy.L7DataMap { 96 currentRules := policy.L7DataMap{} 97 for key, val := range rules { 98 currentRules[key] = val 99 } 100 return currentRules 101 }