github.com/kubearmor/cilium@v1.6.12/pkg/proxy/redirect.go (about) 1 // Copyright 2016-2018 Authors of Cilium 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package proxy 16 17 import ( 18 "github.com/cilium/cilium/pkg/revert" 19 "time" 20 21 "github.com/cilium/cilium/pkg/completion" 22 "github.com/cilium/cilium/pkg/lock" 23 "github.com/cilium/cilium/pkg/policy" 24 "github.com/cilium/cilium/pkg/proxy/logger" 25 ) 26 27 // RedirectImplementation is the generic proxy redirect interface that each 28 // proxy redirect type must implement 29 type RedirectImplementation interface { 30 // UpdateRules notifies the proxy implementation that the new rules in 31 // parameter l4 are to be applied. The implementation should .Add to the 32 // WaitGroup if the update is asynchronous and the update should not return 33 // until it is complete. 34 // The returned RevertFunc must be non-nil. 35 // Note: UpdateRules is not called when a redirect is created. 36 UpdateRules(wg *completion.WaitGroup, l4 *policy.L4Filter) (revert.RevertFunc, error) 37 38 // Close closes and cleans up resources associated with the redirect 39 // implementation. The implementation should .Add to the WaitGroup if the 40 // update is asynchronous and the update should not return until it is 41 // complete. 42 Close(wg *completion.WaitGroup) (revert.FinalizeFunc, revert.RevertFunc) 43 } 44 45 type Redirect struct { 46 // The following fields are only written to during initialization, it 47 // is safe to read these fields without locking the mutex 48 listener *ProxyPort 49 dstPort uint16 50 endpointID uint64 51 localEndpoint logger.EndpointUpdater 52 created time.Time 53 implementation RedirectImplementation 54 55 // The following fields are updated while the redirect is alive, the 56 // mutex must be held to read and write these fields 57 mutex lock.RWMutex 58 lastUpdated time.Time 59 rules policy.L7DataMap 60 } 61 62 func newRedirect(localEndpoint logger.EndpointUpdater, listener *ProxyPort, dstPort uint16) *Redirect { 63 return &Redirect{ 64 listener: listener, 65 dstPort: dstPort, 66 endpointID: localEndpoint.GetID(), 67 localEndpoint: localEndpoint, 68 created: time.Now(), 69 lastUpdated: time.Now(), 70 } 71 } 72 73 // updateRules updates the rules of the redirect, Redirect.mutex must be held 74 // 'implementation' is not initialized when this is called the first time. 75 // TODO: Replace this with RedirectImplementation UpdateRules method! 76 func (r *Redirect) updateRules(l4 *policy.L4Filter) revert.RevertFunc { 77 oldRules := r.rules 78 r.rules = make(policy.L7DataMap, len(l4.L7RulesPerEp)) 79 for key, val := range l4.L7RulesPerEp { 80 r.rules[key] = val 81 } 82 return func() error { 83 r.mutex.Lock() 84 r.rules = oldRules 85 r.mutex.Unlock() 86 return nil 87 } 88 }