Package api defines the API of the Cilium network policy interface +groupName=policy.

CreateL4Filter creates an L4Filter for the specified api.PortProtocol in the direction ("ingress"/"egress") for a particular protocol.

GetConsumableCache returns the consumable cache.

GetPolicyEnabled returns the policy enablement configuration.

Init must be called to initialize the Consumables that represent the reserved identities.

JoinPath returns a joined path from a and b.

JSONMarshalRules returns a slice of policy rules as string in JSON representation.

NewCIDRPolicy creates a new CIDRPolicy.

NewConsumable creates a new consumable.

NewL4RuleContexts returns a new L4RuleContexts.

NewPolicyRepository allocates a new policy repository.

NewPreFilter returns prefilter handle.

SecurityIDContexts returns a new L4RuleContexts created.

ProbePreFilter checks whether XDP mode is supported on given device.

ResolveIdentityLabels resolves a numeric identity to the identity's labels or nil.

SetPolicyEnabled sets the policy enablement configuration.

ParserTypeHTTP specifies a HTTP parser type.

ParserTypeKafka specifies a Kafka parser type.

WildcardEndpointSelector is a selector that matches on all endpoints.

CIDRPolicy contains L3 (CIDR) policy maps for ingress and egress.

CIDRPolicyMap is a list of CIDR filters indexable by address/prefixlen key format: "address/prefixlen", e.g., "10.1.1.0/24" Each prefix struct also includes the rule labels that allowed it.

CIDRPolicyMapRule holds a L3 (CIDR) prefix and the rule labels that allow it.

Consumable holds all of the policies relevant to this security identity, including label-based policies, L4Policy, and L7 policy.

L4RuleContext represents a L4 rule Don't use pointers here since this structure is used as key on maps.

L7RuleContext represents a L7 rule.

PreFilter holds global info on related CIDR maps participating in prefilter.

Repository is a list of policy rules which in combination form the security policy.

SearchContext defines the context while evaluating policy.

Translator is an interface for altering policy rules.

L4PolicyMap is a list of L4 filters indexable by protocol/port key format: "port/proto".

L4RuleContexts maps a rule context to a L7RuleContext.

L7DataMap contains a map of L7 rules per endpoint where key is a hash of EndpointSelector.

L7ParserType is the type used to indicate what L7 parser to use and defines all supported types of L7 parsers.

SecurityIDContexts maps a security identity to a L4RuleContexts.