chez-shanpu

GSoC 2021 Explicit Allow-Listing for ICMP @Cilium

Introduction

Kubernetes is a container orchestration platform and it has emerged as the de-facto tool for managing a large number of containers. In Kubernetes, networking functions, such as managing communication between applications and network policies, are delegated to CNI plugins.

Cilium is a CNI plugin for Kubernetes which provides secure network connectivity and load-balancing between applications using eBPF. Cilium can manage network access by using network policy functions, called “CiliumNetworkPolicy” (CNP). Users can allow or deny specific traffic by applying a CNP.
However, currently, any traffic except for TCP/UDP (including ICMP) is denied if an L4 CNP is present, and there is no way for users to explicitly allow ICMP traffic. Therefore, my project aims to implement a CNP for explicitly allowing ICMP traffic.

chez-shanpu

#include <chrono>
#include <iostream>
#include <random>

const int N = 1000;
const int TRIALS = 10;

// [memo] When "N" equals 1000, # of flops is 2000000000
const double nFlops = 2.0 * 1000 * 1000 * 1000;

chez-shanpu

// refer https://www.geeksforgeeks.org/maximum-bipartite-matching/

package main

import "fmt"

func BPM(graph [][]bool, m, n int) []int {
	matchR := make([]int, n)
	matchR, _ = fill(matchR, -1, 0, len(matchR))
	for u := 0; u < m; u++ {

chez-shanpu

package main

import (
	"fmt"
	"math"
)

type binaryTree struct {
	root *node
}

chez-shanpu

package main

import "fmt"

type binaryTree struct {
	root *node
}

type node struct {
	value int

chez-shanpu

package main

import "fmt"

type bloomFilter struct {
	bits          uint
	hashFunctions []hashFunction
}

type hashFunction struct {

chez-shanpu

class UsersController < ActionController
  def show
    user = User.find(params[:id].to_i)
    render json: user.as_json(except: :crypted_password)
  end
end