pkg.gl

Categorygithub.com/cilium/ciliumpkgdatapathlinuxlinux_defaults

package

1.17.1

Repository: https://github.com/cilium/cilium.git

Documentation: pkg.go.dev

# Constants

IPsecFwdPriority

IPsecFwdPriority is the priority of the fwd rules placed by IPsec.

IPsecMarkBitMask

IPsecMarkBitMask is the mask used for the encrypt and decrypt bits.

IPsecMarkMaskIn

IPsecMarkMaskIn is the mask required for the IPsec node ID and encrypt/decrypt bits.

IPsecMarkMaskNodeID

IPsecMarkMaskNodeID is the mask used for the node ID.

IPsecMarkMaskOut

IPsecMarkMask is the mask required for the IPsec SPI, node ID, and encrypt/decrypt bits.

IPsecMaxKeyVersion

IPSec offset value for node rules.

IPsecXFRMMarkSPIShift

IPsecXFRMMarkSPIShift defines how many bits the SPI is shifted when encoded in a XfrmMark.

MagicMarkDecrypt

MagicMarkDecrypt is the packet mark used to indicate the datapath needs to decrypt a packet.

MagicMarkDecryptedOverlay

MagicMarkDecryptedOverlay indicates to the datapath that the packet was IPsec decrypted and now contains a vxlan header.

MagicMarkEgress

MagicMarkEgress determines that the traffic is sourced from the proxy which is applying Egress policy.

MagicMarkEncrypt

MagicMarkEncrypt is the packet mark to use to indicate datapath needs to encrypt a packet.

MagicMarkHost

MagicMarkHost determines that the traffic is sourced from the local host and not from a proxy.

MagicMarkHostMask

MagicMarkHostMask can be used to fetch the host/proxy-relevant magic bits from a mark.

MagicMarkIdentity

MagicMarkIdentity determines that the traffic carries a security identity in the skb->mark.

MagicMarkIngress

MagicMarkIngress determines that the traffic is sourced from the proxy which is applying Ingress policy.

MagicMarkIsProxy

MagicMarkIsProxy can be used in conjunction with MagicMarkProxyMask to determine whether the mark is indicating that traffic is sourced from a proxy.

MagicMarkIsProxyEPID

MagicMarkIsProxyEPID can be used in conjunction with MagicMarkProxyMask to determine whether the mark is indicating that traffic is sourced from a proxy prior to endpoint policy enforcement.

MagicMarkIsToProxy

MagicMarkIsToProxy can be used in conjunction with MagicMarkHostMask to determine whether the mark is indicating that traffic is destined to a proxy.

MagicMarkK8sDrop

MagicMarkK8sDrop determines that the traffic should be dropped in kubernetes environments.

MagicMarkK8sMasq

MagicMarkK8sMasq determines that the traffic should be masqueraded by kube-proxy in kubernetes environments.

MagicMarkOverlay

MagicMarkOverlay is set by the to-overlay program, and can be used to identify cilium-managed overlay traffic.

MagicMarkProxyEgressEPID

MagicMarkProxyEgressEPID determines that the traffic is sourced from the proxy which is capturing traffic before it is subject to egress policy enforcement that must be done after the proxy.

MagicMarkProxyMask

MagicMarkProxyMask can be used to fetch the proxy-relevant magic bits from a mark.

MagicMarkProxyNoIDMask

MagicMarkProxyNoIDMask can be used to fetch the proxy-relevant magic bits from a mark for proxy reply traffic.

MagicMarkSNATDone

The skb mark is used to transmit both identity and special markers to identify traffic from and to proxies.

MagicMarkWireGuardEncrypted

MagicMarkWireGuardEncrypted is set by the WireGuard tunnel device in order to indicate that a packet has been encrypted, and that there is no need to forward it again to the WG tunnel netdev.

MarkMultinodeNodeport

MarkMultinodeNodeport is used for AWS ENI to mark traffic from another node, so that it gets routed back through the relevant interface.

MarkProxyToWorld

MarkProxyToWorld is the default mark to use to indicate that a packet from proxy needs to be sent to the world.

MaskMultinodeNodeport

MaskMultinodeNodeport is the mask associated with the RouterMarkNodePort.

OutputMarkMask

OutputMarkMask is the mask to use in output-mark of XFRM states.

RouteMarkDecrypt

RouteMarkDecrypt is the default route mark to use to indicate datapath needs to decrypt a packet.

RouteMarkEncrypt

RouteMarkEncrypt is the default route mark to use to indicate datapath needs to encrypt a packet.

RouteMarkMask

RouteMarkMask is the mask required for the route mark value.

RouteMarkToProxy

RouteMarkToProxy is the default route mark to use to indicate datapath needs to send the packet to the proxy.

RouteTableFromProxy

RouteTableFromProxy is the default table ID to use routing rules from the proxy.

RouteTableInterfacesOffset

RouteTableInterfacesOffset is the offset for the per-ENI routing tables.

RouteTableIPSec

RouteTableIPSec is the default table ID to use for IPSec routing rules.

RouteTableToProxy

RouteTableToProxy is the default table ID to use routing rules to the proxy.

RouteTableVtep

RouteTableVtep is the default table ID to use for VTEP routing rules.

RTProto

RTProto is the protocol we install our fib rules and routes with.

RulePriorityEgress

RulePriorityEgress is the priority of the rule used for egress routing of endpoints.

RulePriorityEgressv2

RulePriorityEgress is the v2 of the priority of the rule used for egress routing of endpoints.

RulePriorityFromProxy

RulePriorityFromProxy is the priority of the routing rule installed by the proxy package for redirecting packets from the proxy.

RulePriorityIngress

RulePriorityIngress is the priority of the rule used for ingress routing of endpoints.

RulePriorityLocalLookup

RulePriorityLocalLookup is the priority for the local lookup rule which is moved on init from 0.

RulePriorityNodeport

RulePriorityNodeport is the priority of the rule used with AWS ENI to make sure that lookups for multi-node NodePort traffic are NOT done from the table for the VPC to which the endpoint's CIDR is associated, but from the main routing table instead.

RulePriorityToProxyIngress

RulePriorityToProxyIngress is the priority of the routing rule installed by the proxy package for redirecting inbound packets to the proxy.

RulePriorityVtep

RulePriorityVtep is the priority of the rule used for routing packets to VTEP device.