ebpf

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2026 License: MIT Imports: 12 Imported by: 0

Documentation

Overview

Package ebpf provides eBPF-based tunnel dataplane management.

TunnelMap wraps a compiled eBPF TC classifier program and its LPM trie map. The TC filter is attached to the egress of the default route interface (underlay). It intercepts packets destined to overlay CIDRs, sets the tunnel key via bpf_skb_set_tunnel_key, and redirects them to a flow-based tunnel interface (geneve0 or vxlan0) via bpf_redirect.

Index

Constants

View Source 
const (
	TunnelFlagSetKey       uint32 = 0x01 // call bpf_skb_set_tunnel_key (GENEVE, VXLAN, IPIP)
	TunnelFlagHealthy      uint32 = 0x02 // peer is healthy; BPF skips if not set
	TunnelFlagIPv6Underlay uint32 = 0x04 // use IPv6 underlay (remote_ipv6 + BPF_F_TUNINFO_IPV6)
)

Tunnel endpoint flags matching BPF TUNNEL_F_* constants.

View Source 
const (
	TunnelProtoGENEVE    uint32 = 1
	TunnelProtoVXLAN     uint32 = 2
	TunnelProtoIPIP      uint32 = 3
	TunnelProtoWireGuard uint32 = 4
	TunnelProtoNone      uint32 = 5
)

Tunnel protocol constants matching BPF PROTO_* constants.

View Source 
const MaxNexthops = 4

MaxNexthops is the maximum number of nexthops per tunnel endpoint, matching MAX_NEXTHOPS in the BPF program.

Variables

This section is empty.

Functions

func TunnelMACFromIP 

func TunnelMACFromIP(ip net.IP) net.HardwareAddr

TunnelMACFromIP derives a locally-administered MAC address from an IP. IPv4: 02:<ip[0]>:<ip[1]>:<ip[2]>:<ip[3]>:FF. IPv6: 02:<ip[12]>:<ip[13]>:<ip[14]>:<ip[15]>:FF (last 4 bytes).

Types

type TunnelEndpoint 

type TunnelEndpoint struct {
	Nexthops []TunnelNexthop
}

TunnelEndpoint holds all nexthops for a CIDR prefix.

type TunnelMap 

type TunnelMap struct {
	// contains filtered or unexported fields
}

TunnelMap manages the eBPF tunnel encapsulation program and its LPM tries.

func NewTunnelMap 

func NewTunnelMap(opts TunnelMapOptions) (*TunnelMap, error)

NewTunnelMap loads the unbounded_encap eBPF program and creates the LPM tries.

func (*TunnelMap) AttachToInterface 

func (tm *TunnelMap) AttachToInterface(ifName string) error

AttachToInterface loads the unbounded_encap TC egress BPF program onto the named interface (unbounded0). With NOARP on the dummy interface, no ARP responder is needed.

func (*TunnelMap) Attached 

func (tm *TunnelMap) Attached() bool

Attached returns whether the TC filter has been successfully attached to at least one interface.

func (*TunnelMap) Close 

func (tm *TunnelMap) Close() error

Close detaches TC filters and releases eBPF resources.

func (*TunnelMap) DeleteEndpoint 

func (tm *TunnelMap) DeleteEndpoint(cidr *net.IPNet) error

DeleteEndpoint removes an LPM trie entry for a destination CIDR.

func (*TunnelMap) Reconcile 

func (tm *TunnelMap) Reconcile(desired map[string]TunnelEndpoint) error

Reconcile sets both LPM tries to exactly match the desired state.

func (*TunnelMap) SetPeerHealth 

func (tm *TunnelMap) SetPeerHealth(peerName string, healthy bool) int

SetPeerHealth toggles TUNNEL_F_HEALTHY on all BPF map nexthops belonging to the named peer. When healthy is false, the BPF program skips the nexthop and falls through to kernel routing (effectively withdrawing the peer). Returns the number of map entries updated.

func (*TunnelMap) UpdateEndpoint 

func (tm *TunnelMap) UpdateEndpoint(cidr *net.IPNet, ep TunnelEndpoint) error

UpdateEndpoint adds or updates an LPM trie entry mapping a destination CIDR to a tunnel endpoint. Automatically selects the v4 or v6 map.

type TunnelMapOptions 

type TunnelMapOptions struct {
	// MaxEntries is the capacity of the LPM trie map. Default: 16384.
	MaxEntries uint32
}

TunnelMapOptions configures TunnelMap creation.

type TunnelNexthop 

type TunnelNexthop struct {
	RemoteIP net.IP // the peer's underlay IP (4 or 16 bytes)
	VNI      uint32
	IfIndex  uint32 // tunnel interface index to redirect to
	Flags    uint32 // TunnelFlag* constants
	Protocol uint32 // TunnelProto* constant
	PeerName string // peer hostname for healthcheck correlation (not stored in BPF)
}

TunnelNexthop describes a single nexthop within a tunnel endpoint.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.