tidy

Signed-off-by: Jarno Rajahalme <[email protected]>

cilium/accesslog.cc

@@ -28,13 +28,14 @@ namespace Cilium {
 Thread::MutexBasicLockable AccessLog::logs_mutex;
 std::map<std::string, std::weak_ptr<AccessLog>> AccessLog::logs;
 
-AccessLogSharedPtr AccessLog::Open(const std::string& path, TimeSource& time_source) {
+AccessLogSharedPtr AccessLog::open(const std::string& path, TimeSource& time_source) {
   Thread::LockGuard guard(logs_mutex);
   auto it = logs.find(path);
   if (it != logs.end()) {
     auto log = it->second.lock();
-    if (log)
+    if (log) {
       return log;
+    }
     // expired, remove
     logs.erase(path);
   }
@@ -51,7 +52,7 @@ AccessLog::~AccessLog() {
   logs.erase(path_);
 }
 
-void AccessLog::Log(AccessLog::Entry& log_entry, ::cilium::EntryType entry_type) {
+void AccessLog::log(AccessLog::Entry& log_entry, ::cilium::EntryType entry_type) {
   ::cilium::LogEntry& entry = log_entry.entry_;
   entry.set_entry_type(entry_type);
 
@@ -66,7 +67,7 @@ void AccessLog::Log(AccessLog::Entry& log_entry, ::cilium::EntryType entry_type)
   std::string msg;
   entry.SerializeToString(&msg);
 
-  UDSClient::Log(msg);
+  UDSClient::log(msg);
 }
 
 #define CONST_STRING_VIEW(NAME, STR) const absl::string_view NAME = {STR, sizeof(STR) - 1}
@@ -78,7 +79,7 @@ CONST_STRING_VIEW(xForwardedProtoSV, "x-forwarded-proto");
 CONST_STRING_VIEW(xRequestIdSV, "x-request-id");
 CONST_STRING_VIEW(statusSV, ":status");
 
-void AccessLog::Entry::InitFromConnection(
+void AccessLog::Entry::initFromConnection(
     const std::string& policy_name, uint32_t proxy_id, bool ingress, uint32_t source_identity,
     const Network::Address::InstanceConstSharedPtr& source_address, uint32_t destination_identity,
     const Network::Address::InstanceConstSharedPtr& destination_address, TimeSource* time_source) {
@@ -103,7 +104,7 @@ void AccessLog::Entry::InitFromConnection(
   }
 }
 
-bool AccessLog::Entry::UpdateFromMetadata(const std::string& l7proto,
+bool AccessLog::Entry::updateFromMetadata(const std::string& l7proto,
                                           const ProtobufWkt::Struct& metadata) {
   bool changed = false;
 
@@ -140,14 +141,14 @@ bool AccessLog::Entry::UpdateFromMetadata(const std::string& l7proto,
   return changed;
 }
 
-void AccessLog::Entry::InitFromRequest(const std::string& policy_name, uint32_t proxy_id,
+void AccessLog::Entry::initFromRequest(const std::string& policy_name, uint32_t proxy_id,
                                        bool ingress, uint32_t source_identity,
                                        const Network::Address::InstanceConstSharedPtr& src_address,
                                        uint32_t destination_identity,
                                        const Network::Address::InstanceConstSharedPtr& dst_address,
                                        const StreamInfo::StreamInfo& info,
                                        const Http::RequestHeaderMap& headers) {
-  InitFromConnection(policy_name, proxy_id, ingress, source_identity, src_address,
+  initFromConnection(policy_name, proxy_id, ingress, source_identity, src_address,
                      destination_identity, dst_address, nullptr);
 
   auto time = info.startTime();
@@ -170,10 +171,10 @@ void AccessLog::Entry::InitFromRequest(const std::string& policy_name, uint32_t
   ::cilium::HttpLogEntry* http_entry = entry_.mutable_http();
   http_entry->set_http_protocol(proto);
 
-  UpdateFromRequest(destination_identity, dst_address, headers);
+  updateFromRequest(destination_identity, dst_address, headers);
 }
 
-void AccessLog::Entry::UpdateFromRequest(
+void AccessLog::Entry::updateFromRequest(
     uint32_t destination_identity, const Network::Address::InstanceConstSharedPtr& dst_address,
     const Http::RequestHeaderMap& headers) {
   // Destination may have changed
@@ -214,7 +215,7 @@ void AccessLog::Entry::UpdateFromRequest(
   });
 }
 
-void AccessLog::Entry::UpdateFromResponse(const Http::ResponseHeaderMap& headers,
+void AccessLog::Entry::updateFromResponse(const Http::ResponseHeaderMap& headers,
                                           TimeSource& time_source) {
   auto time = time_source.systemTime();
   entry_.set_timestamp(
@@ -263,19 +264,23 @@ void AccessLog::Entry::UpdateFromResponse(const Http::ResponseHeaderMap& headers
       });
 }
 
-void AccessLog::Entry::AddRejected(absl::string_view key, absl::string_view value) {
-  for (auto entry : entry_.http().rejected_headers())
-    if (entry.key() == key && entry.value() == value)
+void AccessLog::Entry::addRejected(absl::string_view key, absl::string_view value) {
+  for (const auto& entry : entry_.http().rejected_headers()) {
+    if (entry.key() == key && entry.value() == value) {
       return;
+    }
+  }
   ::cilium::KeyValue* kv = entry_.mutable_http()->add_rejected_headers();
   kv->set_key(key.data(), key.size());
   kv->set_value(value.data(), value.size());
 }
 
-void AccessLog::Entry::AddMissing(absl::string_view key, absl::string_view value) {
-  for (auto entry : entry_.http().missing_headers())
-    if (entry.key() == key && entry.value() == value)
+void AccessLog::Entry::addMissing(absl::string_view key, absl::string_view value) {
+  for (const auto& entry : entry_.http().missing_headers()) {
+    if (entry.key() == key && entry.value() == value) {
       return;
+    }
+  }
   ::cilium::KeyValue* kv = entry_.mutable_http()->add_missing_headers();
   kv->set_key(key.data(), key.size());
   kv->set_value(value.data(), value.size());

cilium/accesslog.h

@@ -26,38 +26,38 @@ constexpr absl::string_view AccessLogKey = "cilium.accesslog.entry";
 
 class AccessLog : public UDSClient {
 public:
-  static std::shared_ptr<AccessLog> Open(const std::string& path, TimeSource& time_source);
+  static std::shared_ptr<AccessLog> open(const std::string& path, TimeSource& time_source);
   ~AccessLog();
 
   // wrapper for protobuf
   class Entry : public StreamInfo::FilterState::Object {
   public:
-    void InitFromRequest(const std::string& policy_name, uint32_t proxy_id, bool ingress,
+    void initFromRequest(const std::string& policy_name, uint32_t proxy_id, bool ingress,
                          uint32_t source_identity,
                          const Network::Address::InstanceConstSharedPtr& source_address,
                          uint32_t destination_identity,
                          const Network::Address::InstanceConstSharedPtr& destination_address,
                          const StreamInfo::StreamInfo&, const Http::RequestHeaderMap&);
-    void UpdateFromRequest(uint32_t destination_identity,
+    void updateFromRequest(uint32_t destination_identity,
                            const Network::Address::InstanceConstSharedPtr& destination_address,
                            const Http::RequestHeaderMap&);
-    void UpdateFromResponse(const Http::ResponseHeaderMap&, TimeSource&);
+    void updateFromResponse(const Http::ResponseHeaderMap&, TimeSource&);
 
-    void InitFromConnection(const std::string& policy_name, uint32_t proxy_id, bool ingress,
+    void initFromConnection(const std::string& policy_name, uint32_t proxy_id, bool ingress,
                             uint32_t source_identity,
                             const Network::Address::InstanceConstSharedPtr& source_address,
                             uint32_t destination_identity,
                             const Network::Address::InstanceConstSharedPtr& destination_address,
                             TimeSource* time_source);
-    bool UpdateFromMetadata(const std::string& l7proto, const ProtobufWkt::Struct& metadata);
-    void AddRejected(absl::string_view key, absl::string_view value);
-    void AddMissing(absl::string_view key, absl::string_view value);
+    bool updateFromMetadata(const std::string& l7proto, const ProtobufWkt::Struct& metadata);
+    void addRejected(absl::string_view key, absl::string_view value);
+    void addMissing(absl::string_view key, absl::string_view value);
 
     ::cilium::LogEntry entry_{};
     bool request_logged_ = false;
   };
 
-  void Log(Entry& entry, ::cilium::EntryType);
+  void log(Entry& entry, ::cilium::EntryType);
 
 private:
   explicit AccessLog(const std::string& path, TimeSource& time_source)

cilium/bpf.cc

@@ -18,7 +18,7 @@ namespace Envoy {
 namespace Cilium {
 
 enum {
-  BPF_KEY_MAX_LEN = 64,
+  BpfKeyMaxLen = 64,
 };
 
 Bpf::Bpf(uint32_t map_type, uint32_t key_size, uint32_t value_size)
@@ -27,8 +27,9 @@ Bpf::Bpf(uint32_t map_type, uint32_t key_size, uint32_t value_size)
 Bpf::~Bpf() { close(); }
 
 void Bpf::close() {
-  if (fd_ >= 0)
+  if (fd_ >= 0) {
     ::close(fd_);
+  }
   fd_ = -1;
 }
 
@@ -39,11 +40,12 @@ bool Bpf::open(const std::string& path) {
   close();
 
   // store the path for later
-  if (path != path_)
+  if (path != path_) {
     path_ = path;
+  }
 
   auto& cilium_calls = PrivilegedService::Singleton::get();
-  auto ret = cilium_calls.bpf_open(path.c_str());
+  auto ret = cilium_calls.bpfOpen(path.c_str());
   fd_ = ret.return_value_;
   if (fd_ >= 0) {
     // Open fdinfo to check the map type and key and value size.
@@ -116,12 +118,13 @@ bool Bpf::open(const std::string& path) {
 bool Bpf::lookup(const void* key, void* value) {
   // Try reopen if open failed previously
   if (fd_ < 0) {
-    if (!open(path_))
+    if (!open(path_)) {
       return false;
+    }
   }
 
   auto& cilium_calls = PrivilegedService::Singleton::get();
-  auto result = cilium_calls.bpf_lookup(fd_, key, key_size_, value, value_size_);
+  auto result = cilium_calls.bpfLookup(fd_, key, key_size_, value, value_size_);
 
   if (result.return_value_ == 0) {
     return true;

cilium/bpf_metadata.cc

@@ -236,7 +236,7 @@ Config::Config(const ::cilium::BpfMetadata& config,
           // later.
           return std::make_shared<Cilium::CtMap>(bpf_root);
         });
-    ipcache_ = IPCache::NewIPCache(context.serverFactoryContext(), bpf_root);
+    ipcache_ = IPCache::newIpCache(context.serverFactoryContext(), bpf_root);
     if (bpf_root != ct_maps_->bpfRoot()) {
       // bpf root may not change during runtime
       throw EnvoyException(fmt::format("cilium.bpf_metadata: Invalid bpf_root: {}", bpf_root));
@@ -273,15 +273,16 @@ uint32_t Config::resolvePolicyId(const Network::Address::Ip* ip) const {
 
 uint32_t Config::resolveSourceIdentity(const PolicyInstance& policy,
                                        const Network::Address::Ip* sip,
-                                       const Network::Address::Ip* dip, bool ingress, bool isL7LB) {
+                                       const Network::Address::Ip* dip, bool ingress,
+                                       bool is_l7_lb) {
   uint32_t source_identity = 0;
 
   // Resolve the source security ID from conntrack map, or from ip cache
   if (ct_maps_ != nullptr) {
     const std::string& ct_name = policy.conntrackName();
     if (ct_name.length() > 0) {
       source_identity = ct_maps_->lookupSrcIdentity(ct_name, sip, dip, ingress);
-    } else if (isL7LB) {
+    } else if (is_l7_lb) {
       // non-local source should be in the global conntrack
       source_identity = ct_maps_->lookupSrcIdentity("global", sip, dip, ingress);
     }
@@ -297,24 +298,24 @@ uint32_t Config::resolveSourceIdentity(const PolicyInstance& policy,
 // Returns a new IPAddressPair that keeps the source address and fills in the other address version
 // from the given IPAddressPair.
 IPAddressPair
-Config::getIPAddressPairFrom(const Network::Address::InstanceConstSharedPtr sourceAddress,
+Config::getIPAddressPairFrom(const Network::Address::InstanceConstSharedPtr source_address,
                              const IPAddressPair& addresses) {
   auto addressPair = IPAddressPair();
 
-  switch (sourceAddress->ip()->version()) {
+  switch (source_address->ip()->version()) {
   case Network::Address::IpVersion::v4:
-    addressPair.ipv4_ = sourceAddress;
+    addressPair.ipv4_ = source_address;
     if (addresses.ipv6_) {
       sockaddr_in6 sa6 = *reinterpret_cast<const sockaddr_in6*>(addresses.ipv6_->sockAddr());
-      sa6.sin6_port = htons(sourceAddress->ip()->port());
+      sa6.sin6_port = htons(source_address->ip()->port());
       addressPair.ipv6_ = std::make_shared<Network::Address::Ipv6Instance>(sa6);
     }
     break;
   case Network::Address::IpVersion::v6:
-    addressPair.ipv6_ = sourceAddress;
+    addressPair.ipv6_ = source_address;
     if (addresses.ipv4_) {
       sockaddr_in sa4 = *reinterpret_cast<const sockaddr_in*>(addresses.ipv4_->sockAddr());
-      sa4.sin_port = htons(sourceAddress->ip()->port());
+      sa4.sin_port = htons(source_address->ip()->port());
       addressPair.ipv4_ = std::make_shared<Network::Address::Ipv4Instance>(&sa4);
     }
     break;
@@ -347,11 +348,12 @@ const PolicyInstance& Config::getPolicy(const std::string& pod_ip) const {
   // This is the case for L7 LB listeners only. This is needed to allow traffic forwarded by Cilium
   // Ingress (which is implemented as an egress listener!).
   bool allow_egress = !enforce_policy_on_l7lb_ && !is_ingress_ && is_l7lb_;
-  if (npmap_ == nullptr)
-    return allow_egress ? NetworkPolicyMap::GetAllowAllEgressPolicy()
-                        : NetworkPolicyMap::GetDenyAllPolicy();
+  if (npmap_ == nullptr) {
+    return allow_egress ? NetworkPolicyMap::getAllowAllEgressPolicy()
+                        : NetworkPolicyMap::getDenyAllPolicy();
+  }
 
-  return npmap_->GetPolicyInstance(pod_ip, allow_egress);
+  return npmap_->getPolicyInstance(pod_ip, allow_egress);
 }
 
 absl::optional<Cilium::BpfMetadata::SocketMetadata>
@@ -457,8 +459,9 @@ Config::extractSocketMetadata(Network::ConnectionSocket& socket) {
     }
 
     // Enforce ingress policy on the incoming Ingress traffic?
-    if (enforce_policy_on_l7lb_)
+    if (enforce_policy_on_l7lb_) {
       ingress_source_identity = source_identity;
+    }
 
     source_identity = new_source_identity;
 
@@ -507,11 +510,11 @@ Config::extractSocketMetadata(Network::ConnectionSocket& socket) {
     uint32_t identity_id = (source_identity & 0xFFFF) << 16;
     mark = ((is_ingress_) ? 0x0A00 : 0x0B00) | cluster_id | identity_id;
   }
-  return absl::optional(Cilium::BpfMetadata::SocketMetadata(
+  return {Cilium::BpfMetadata::SocketMetadata(
       mark, ingress_source_identity, source_identity, is_ingress_, is_l7lb_, dip->port(),
       std::move(pod_ip), std::move(src_address), std::move(source_addresses.ipv4_),
       std::move(source_addresses.ipv6_), std::move(dst_address), weak_from_this(), proxy_id_,
-      std::move(proxylib_l7proto), sni));
+      std::move(proxylib_l7proto), sni)};
 }
 
 Network::FilterStatus Instance::onAccept(Network::ListenerFilterCallbacks& cb) {

cilium/bpf_metadata.h

@@ -68,6 +68,7 @@ struct SocketMetadata : public Logger::Loggable<Logger::Id::filter> {
     if (!proxylib_l7_proto_.empty()) {
       const auto& old_protocols = socket.requestedApplicationProtocols();
       std::vector<absl::string_view> protocols;
+      protocols.reserve(old_protocols.size());
       for (const auto& old_protocol : old_protocols) {
         protocols.emplace_back(old_protocol);
       }
@@ -128,7 +129,7 @@ class Config : public Cilium::PolicyResolver,
 public:
   Config(const ::cilium::BpfMetadata& config,
          Server::Configuration::ListenerFactoryContext& context);
-  virtual ~Config() {}
+  ~Config() override = default;
 
   // PolicyResolver
   uint32_t resolvePolicyId(const Network::Address::Ip*) const override;
@@ -155,13 +156,13 @@ class Config : public Cilium::PolicyResolver,
 
 private:
   uint32_t resolveSourceIdentity(const PolicyInstance& policy, const Network::Address::Ip* sip,
-                                 const Network::Address::Ip* dip, bool ingress, bool isL7LB);
+                                 const Network::Address::Ip* dip, bool ingress, bool is_l7_lb);
 
-  IPAddressPair getIPAddressPairFrom(const Network::Address::InstanceConstSharedPtr sourceAddress,
+  IPAddressPair getIPAddressPairFrom(const Network::Address::InstanceConstSharedPtr source_address,
                                      const IPAddressPair& addresses);
 
   const Network::Address::Ip* selectIPVersion(const Network::Address::IpVersion version,
-                                              const IPAddressPair& sourceAddresses);
+                                              const IPAddressPair& source_addresses);
 };
 
 using ConfigSharedPtr = std::shared_ptr<Config>;

cilium/conntrack.cc

@@ -58,7 +58,7 @@ PACKED_STRUCT(struct ipv4_ct_tuple {
   __u8 flags;
 });
 
-struct ct_entry {
+struct CtEntry {
   __u64 rx_packets;
   __u64 rx_bytes;
   __u64 tx_packets;
@@ -82,10 +82,10 @@ struct ct_entry {
 };
 
 CtMap::CtMap4::CtMap4()
-    : Bpf(BPF_MAP_TYPE_HASH, sizeof(struct ipv4_ct_tuple), sizeof(struct ct_entry)) {}
+    : Bpf(BPF_MAP_TYPE_HASH, sizeof(struct ipv4_ct_tuple), sizeof(struct CtEntry)) {}
 
 CtMap::CtMap6::CtMap6()
-    : Bpf(BPF_MAP_TYPE_HASH, sizeof(struct ipv6_ct_tuple), sizeof(struct ct_entry)) {}
+    : Bpf(BPF_MAP_TYPE_HASH, sizeof(struct ipv6_ct_tuple), sizeof(struct CtEntry)) {}
 
 CtMap::CtMaps4::CtMaps4(const std::string& bpf_root, const std::string& map_name) : ok_(false) {
   // Open the IPv4 bpf maps from Cilium specific paths
@@ -190,7 +190,7 @@ uint32_t CtMap::lookupSrcIdentity(const std::string& map_name, const Network::Ad
 
   struct ipv4_ct_tuple key4 {};
   struct ipv6_ct_tuple key6 {};
-  struct ct_entry value {};
+  struct CtEntry value {};
 
   if (sip->version() == Network::Address::IpVersion::v4 &&
       dip->version() == Network::Address::IpVersion::v4) {