Package api defines the API of the Cilium network policy interface +groupName=policy.

package trafficdirection specifies the directionality of policy in a numeric representation.

GetCIDRPrefixes runs through the specified 'rules' to find every reference to a CIDR in the rules, and returns a slice containing all of these CIDRs.

GetDefaultPrefixLengths returns the set of prefix lengths for handling CIDRs that are unconditionally mapped to identities, ie for the reserved identities 'host', 'world'.

GetPolicyEnabled returns the policy enablement configuration.

GetPrefixesFromCIDRSet fetches all CIDRs referred to by the specified slice and returns them as regular golang CIDR objects.

JoinPath returns a joined path from a and b.

JSONMarshalRules returns a slice of policy rules as string in JSON representation.

NewCIDRPolicy creates a new CIDRPolicy.

NewEndpointPolicy returns an empty EndpointPolicy stub.

NewEndpointSet returns an EndpointSet with the given Endpoints map.

NewL4Policy creates a new L4Policy.

NewPolicyCache creates a new cache of SelectorPolicy.

NewPolicyRepository allocates a new policy repository.

NewSelectorCache creates a new SelectorCache with the given identities.

ParseProxyID parses a proxy ID returned by ProxyID and returns its components.

ProxyID returns a unique string to identify a proxy mapping.

ProxyIDFromFilter returns a unique string to identify a proxy mapping.

ProxyIDFromKey returns a unique string to identify a proxy mapping.

SetPolicyEnabled sets the policy enablement configuration.

ParserTypeDNS specifies a DNS parser type.

ParserTypeHTTP specifies a HTTP parser type.

ParserTypeKafka specifies a Kafka parser type.

ParserTypeNone represents the case where no parser type is provided.

CIDRPolicy contains L3 (CIDR) policy maps for ingress.

CIDRPolicyMap is a list of CIDR filters indexable by address/prefixlen key format: "address/prefixlen", e.g., "10.1.1.0/24" Each prefix struct also includes the rule labels that allowed it.

CIDRPolicyMapRule holds a L3 (CIDR) prefix and the rule labels that allow it.

EndpointPolicy is a structure which contains the resolved policy across all layers (L3, L4, and L7), distilled against a set of identities.

EndpointSet is used to be able to group together a given set of Endpoints that need to have a specific operation performed upon them (e.g., policy revision updates).

Key is the userspace representation of a policy key in BPF.

L4Filter represents the policy (allowed remote sources / destinations of traffic) that applies at a specific L4 port/protocol combination (including all ports and protocols), at either ingress or egress.

MapChanges collects updates to the endpoint policy on the granularity of individual mapstate key-value pairs for both adds and deletes.

MapStateEntry is the configuration associated with a Key in a MapState.

PolicyCache represents a cache of resolved policies for identities.

Repository is a list of policy rules which in combination form the security policy.

SearchContext defines the context while evaluating policy.

SelectorCache caches identities, identity selectors, and the subsets of identities each selector selects.

TranslationResult contains the results of the rule translation.

CachedSelectionUser inserts selectors into the cache and gets update callbacks whenever the set of selected numeric identities change for the CachedSelectors pushed by it.

CachedSelector represents an identity selector owned by the selector cache.

Endpoint refers to any structure which has the following properties: * a node-local ID stored as a uint16 * a security identity * a means of incrementing its policy revision.

PolicyOwner is anything which consumes a EndpointPolicy.

SelectorPolicy represents a cached selectorPolicy, previously resolved from the policy repository and ready to be distilled against a set of identities to compute datapath-level policy configuration.

Translator is an interface for altering policy rules.

CachedSelectorSlice is a slice of CachedSelectors that can be sorted.

L4PolicyMap is a list of L4 filters indexable by protocol/port key format: "port/proto".

L7DataMap contains a map of L7 rules per endpoint where key is a CachedSelector.

L7ParserType is the type used to indicate what L7 parser to use.

MapState is a state of a policy map.