Skip to main content

Browse the archive

https://github.com/cilium/cilium
31 August 2024, 23:00:30 UTC
Revision 0e19149f655148e527a53a5ab02e2f99f819b9b0 authored by Jarno Rajahalme on 08 December 2020, 20:21:08 UTC, committed by Maciej Kwiek on 11 December 2020, 11:06:40 UTC 
policy: Track selectors that contribute to MapStateEntries
 
[ upstream commit 04840b96530031a84bc359c476a59d320617d2db ]

Track which selectors in policy require a specific bpf policy map key to
be present, and keep policy entries in the map as long as any selector
requires it's presence. Without this it is possible for a timed-out
DNS cache entry to clear a policy cache key that is still required by
another selector (FQDN or CIDR).

To implement this, each MapStateEntry is now equipped with a set of
(cached) selectors through which the policy map key/value was
added. 'nil' has the special significance that it is used as the
CachedSelector in cases where the policy map entry is added due to
some administrative or configuration reason. Currently incremental
updates will never remove such entries.

Incremental policy updates now simply collect the requested map
changes. When the endpoint then pulls the changes they are first
applied the desired policy map (MapState), while tallying which
selectors still need the map entries to be present. The actual bpf map
diffs are recorded based on the total count of selectors on each map
entry.

Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
1 parent 5665303
History
Tip revision: 0e19149f655148e527a53a5ab02e2f99f819b9b0 authored by Jarno Rajahalme on 08 December 2020, 20:21:08 UTC
policy: Track selectors that contribute to MapStateEntries
Tip revision: 0e19149
File Mode Size
.github
.travis
Documentation
api
bpf
bugtool
cilium
cilium-health
common
contrib
daemon
envoy
examples
hack
install
jenkinsfiles
operator
pkg
plugins
proxylib
test
tests
tools
vendor
.authors.aux -rw-r--r-- 416 bytes
.dockerignore -rw-r--r-- 884 bytes
.gitignore -rw-r--r-- 818 bytes
.gitmodules -rw-r--r-- 0 bytes
.mailmap -rw-r--r-- 1.5 KB
.travis.yml -rw-r--r-- 367 bytes
.travis.yml.tmpl -rw-r--r-- 387 bytes
AUTHORS -rw-r--r-- 11.8 KB
CHANGELOG.md -rw-r--r-- 90.8 KB
CODEOWNERS -rw-r--r-- 1.3 KB
CONTRIBUTING.md -rw-r--r-- 208 bytes
Dockerfile -rw-r--r-- 2.3 KB
Dockerfile.builder -rw-r--r-- 1.7 KB
FURTHER_READINGS.rst -rw-r--r-- 4.4 KB
GO_VERSION -rw-r--r-- 8 bytes
Jenkinsfile.nightly l--------- 32 bytes
LICENSE -rw-r--r-- 11.1 KB
MAINTAINERS.rst -rw-r--r-- 1.4 KB
Makefile -rw-r--r-- 17.9 KB
Makefile.defs -rw-r--r-- 2.5 KB
Makefile.quiet -rw-r--r-- 626 bytes
README.rst -rw-r--r-- 12.7 KB
SECURITY.md -rw-r--r-- 615 bytes
USERS.md -rw-r--r-- 3.5 KB
VERSION -rw-r--r-- 7 bytes
Vagrantfile -rw-r--r-- 11.8 KB
cilium-docker-plugin.Dockerfile -rw-r--r-- 553 bytes
cilium-operator.Dockerfile -rw-r--r-- 706 bytes
docs.Jenkinsfile l--------- 29 bytes
flannel.Jenkinsfile l--------- 32 bytes
ginkgo-kubernetes-all.Jenkinsfile l--------- 46 bytes
ginkgo.Jenkinsfile l--------- 31 bytes
go.mod -rw-r--r-- 41.2 KB
go.sum -rw-r--r-- 67.7 KB
kubernetes-upstream.Jenkinsfile l--------- 44 bytes
vagrant_box_defaults.rb -rw-r--r-- 270 bytes

README.rst

back to top