Skip to content

Commit

Permalink
gh-787 Added support for whitelisting eBPF load objects
Browse files Browse the repository at this point in the history
  • Loading branch information
TrekkieCoder committed Sep 4, 2024
1 parent b7f720a commit 263c0f6
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 2 deletions.
11 changes: 10 additions & 1 deletion api/loxinlp/nlp.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,8 @@ type NlH struct {
IMap map[string]Intf
BlackList string
BLRgx *regexp.Regexp
WhiteList string
WLRgx *regexp.Regexp
}

var (
Expand All @@ -98,6 +100,11 @@ func NlpRegister(hook cmn.NetHookInterface) {
}

func iSBlackListedIntf(name string, masterIdx int) bool {
if nNl.WhiteList != "none" {
filter := nNl.WLRgx.MatchString(name)
return !filter
}

if name == "lo" {
return true
}
Expand Down Expand Up @@ -1669,12 +1676,14 @@ func LbSessionGet(done bool) int {
return 0
}

func NlpInit(bgpPeerMode bool, blackList string, ipvsCompat bool) *NlH {
func NlpInit(bgpPeerMode bool, blackList, whitelist string, ipvsCompat bool) *NlH {

nNl = new(NlH)

nNl.BlackList = blackList
nNl.BLRgx = regexp.MustCompile(blackList)
nNl.WhiteList = whitelist
nNl.WLRgx = regexp.MustCompile(whitelist)
checkInit := make(chan bool)
waitInit := make(chan bool)

Expand Down
1 change: 1 addition & 0 deletions options/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,5 @@ var Opts struct {
CloudInstance string `long:"cloudinstance" description:"instance-name to distinguish instance sets running in a same cloud-region"`
ConfigPath string `long:"config-path" description:"Config file path" default:"/etc/loxilb/"`
ProxyModeOnly bool `long:"proxyonlymode" description:"Run loxilb in proxy mode only, no Datapath"`
WhiteList string `long:"whitelist" description:"Regex string of whitelisted interface(experimental)" default:"none"`
}
2 changes: 1 addition & 1 deletion pkg/loxinet/loxinet.go
Original file line number Diff line number Diff line change
Expand Up @@ -317,7 +317,7 @@ func loxiNetInit() {
// Initialize the nlp subsystem
if !opts.Opts.NoNlp {
nlp.NlpRegister(NetAPIInit(opts.Opts.BgpPeerMode))
nlp.NlpInit(opts.Opts.BgpPeerMode, opts.Opts.BlackList, opts.Opts.IPVSCompat)
nlp.NlpInit(opts.Opts.BgpPeerMode, opts.Opts.BlackList, opts.Opts.WhiteList, opts.Opts.IPVSCompat)
}

// Initialize the k8s subsystem
Expand Down

0 comments on commit 263c0f6

Please sign in to comment.