personal_interest_mirrors/nebula
1
0
Fork 0
mirror of https://github.com/slackhq/nebula.git synced 2026-05-16 04:47:38 +02:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

SPICY

Browse Source
This commit is contained in:
JackDoan
2026-05-07 12:00:41 -05:00
parent 5bdf645b0b
commit 01b31360df
5 changed files with 112 additions and 113 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
firewall/cache_test.go
View File

@@ -23,7 +23,7 @@ func newFixedTicker(t *testing.T, l *slog.Logger, cacheLen int) *ConntrackCacheT
cache: make(ConntrackCache, cacheLen),
}
for i := 0; i < cacheLen; i++ {
c.cache[PacketKey{TransportTuple: TransportTuple{LocalPort: uint16(i) + 1}}] = struct{}{}
c.cache[PacketKey{LocalPort: uint16(i) + 1}] = struct{}{}
}
c.cacheTick.Store(1) // cacheV starts at 0, so Get() takes the reset path
return c

33
firewall/packet.go
View File

@@ -19,19 +19,6 @@ const (
PortFragment = -1 // Special value for matching `port: fragment`
)
// TransportTuple is the dense 5-tuple shape shared between the coalescer's
// flowKey-equivalent and the firewall's PacketKey. Stored in Local/Remote
// orientation so a flow's incoming and outgoing packets share the same
// tuple identity. v4 addresses occupy the low 4 bytes of LocalAddr/
// RemoteAddr (NOT v4-mapped form) so v4 vs v6 tuples never collide.
type TransportTuple struct {
LocalAddr [16]byte
RemoteAddr [16]byte
LocalPort uint16
RemotePort uint16
IsV6 bool
}
// PacketKey is the firewall's conntrack and ConntrackCache map key — the
// dense form of the 5-tuple plus the protocol and fragment flag the
// firewall actually discriminates flows on. Kept separate from Packet so
@@ -42,9 +29,13 @@ type TransportTuple struct {
// Superset of the coalescer's flowKey shape (same 5-tuple, just in
// Local/Remote orientation rather than wire src/dst).
type PacketKey struct {
TransportTuple
Protocol uint8
Fragment bool
LocalAddr [16]byte
RemoteAddr [16]byte
LocalPort uint16
RemotePort uint16
IsV6 bool
Protocol uint8
Fragment bool
}
type Packet struct {
@@ -104,6 +95,16 @@ func (k *PacketKey) Hydrate(fp *Packet) {
}
}
func (k *PacketKey) GetRemoteAddr() netip.Addr {
if k.IsV6 {
return netip.AddrFrom16(k.RemoteAddr)
} else {
var v4 [4]byte
copy(v4[:], k.RemoteAddr[:4])
return netip.AddrFrom4(v4)
}
}
func (fp *Packet) Copy() *Packet {
return &Packet{
LocalAddr: fp.LocalAddr,