ebpf

package
v0.1.19 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 25, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package ebpf provides eBPF-based tunnel dataplane management.

TunnelMap loads and manages a single TC classifier program (unbounded_encap) generated by bpf2go from bpf/unbounded_encap.c. The program is attached on the egress hook of the underlay-facing interface (unbounded0) and routes overlay packets to the appropriate tunnel interface via a single LPM trie (unb_endpts) keyed on a 16-byte address. IPv4 destinations are stored in IPv4-mapped IPv6 form (::ffff:<v4>) so the trie's longest-prefix-match naturally segregates v4 from v6 entries.

Index

Constants

View Source 
const (
	TunnelProtoGENEVE    uint32 = 1
	TunnelProtoVXLAN     uint32 = 2
	TunnelProtoIPIP      uint32 = 3
	TunnelProtoWireGuard uint32 = 4
	TunnelProtoNone      uint32 = 5
)

Tunnel protocol constants matching BPF PROTO_* constants.

View Source 
const (
	MapName      = "unb_endpts"
	TraceMapName = "unb_trace"
	ProgramName  = "unbounded_encap"
)

Map and program names exported so cmd/unroute and other diagnostic tools agree on what to look for in the kernel.

View Source 
const MaxNexthops = 4

MaxNexthops is the maximum number of nexthops per tunnel endpoint, matching MAX_NEXTHOPS in the BPF program.

Variables

This section is empty.

Functions

func IsV4Mapped added in v0.1.6 

func IsV4Mapped(addr [16]byte) bool

IsV4Mapped reports whether a 16-byte address is in the IPv4-mapped IPv6 prefix ::ffff:0:0/96. Exported so cmd/unroute can classify entries.

func TunnelMACFromIP 

func TunnelMACFromIP(ip net.IP) net.HardwareAddr

TunnelMACFromIP derives a locally-administered MAC address from an IP. IPv4: 02:<ip[0]>:<ip[1]>:<ip[2]>:<ip[3]>:FF. IPv6: 02:<ip[12]>:<ip[13]>:<ip[14]>:<ip[15]>:FF (last 4 bytes).

Types

type LpmKey added in v0.1.6 

type LpmKey = unboundedEncapLpmKey

LpmKey is the on-the-wire LPM trie key. Prefixlen is the number of significant bits in Addr; Addr is always 16 bytes (v4 entries use the IPv4-mapped IPv6 form, ::ffff:<v4>).

type RawTraceEvent added in v0.1.6 

type RawTraceEvent = unboundedEncapUnbTraceEvent

RawTraceEvent is one record emitted to the unb_trace ringbuf per packet processed by unbounded_encap when a consumer is reading. cmd/unroute --trace decodes the stream into human-readable form.

type RawTunnelEndpoint added in v0.1.6 

type RawTunnelEndpoint = unboundedEncapTunnelEndpoint

RawTunnelEndpoint is the on-the-wire LPM trie value. It contains a fixed-size array of nexthops with Count set to the number of valid entries at the front of the array. cmd/unroute uses this to iterate the map without re-translating to the higher-level TunnelEndpoint type.

type TunnelEndpoint 

type TunnelEndpoint struct {
	Nexthops []TunnelNexthop
}

TunnelEndpoint holds all nexthops for a CIDR prefix.

type TunnelMap 

type TunnelMap struct {
	// contains filtered or unexported fields
}

TunnelMap manages the unbounded_encap eBPF program and its LPM trie.

func NewTunnelMap 

func NewTunnelMap(opts TunnelMapOptions) (*TunnelMap, error)

NewTunnelMap loads the unbounded_encap eBPF program and creates its LPM trie. The map and program are kept alive for the lifetime of the TunnelMap; call Close to release them.

func (*TunnelMap) AttachToInterface 

func (tm *TunnelMap) AttachToInterface(ifName string) error

AttachToInterface installs the unbounded_encap TC egress filter on the named interface. With NOARP on the dummy interface, no ARP responder is needed. Idempotent.

func (*TunnelMap) Attached 

func (tm *TunnelMap) Attached() bool

Attached reports whether the TC filter has been attached to at least one interface.

func (*TunnelMap) Close 

func (tm *TunnelMap) Close() error

Close detaches the TC filter from every registered interface and releases the eBPF program and map.

func (*TunnelMap) DeleteEndpoint 

func (tm *TunnelMap) DeleteEndpoint(cidr *net.IPNet) error

DeleteEndpoint removes an LPM trie entry for a destination CIDR. Missing entries are not an error.

func (*TunnelMap) Reconcile 

func (tm *TunnelMap) Reconcile(desired map[string]TunnelEndpoint) error

Reconcile sets the LPM trie to exactly match the desired state. Stale entries (present in the kernel but not in desired) are removed; new and changed entries are written.

func (*TunnelMap) SetPeerHealth 

func (tm *TunnelMap) SetPeerHealth(peerName string, healthy bool) int

SetPeerHealth toggles the Healthy field on all BPF map nexthops belonging to the named peer. When healthy is false, the BPF program skips the nexthop and falls through to kernel routing (effectively withdrawing the peer). Returns the number of map entries updated.

func (*TunnelMap) UpdateEndpoint 

func (tm *TunnelMap) UpdateEndpoint(cidr *net.IPNet, ep TunnelEndpoint) error

UpdateEndpoint adds or updates an LPM trie entry mapping a destination CIDR to a tunnel endpoint.

type TunnelMapOptions 

type TunnelMapOptions struct {
	// MaxEntries is the capacity of the LPM trie map. Default: 16384.
	MaxEntries uint32
}

TunnelMapOptions configures TunnelMap creation.

type TunnelNexthop 

type TunnelNexthop struct {
	RemoteIP net.IP // the peer's underlay IP (4 or 16 bytes)
	VNI      uint32
	IfIndex  uint32 // tunnel interface index to redirect to
	Healthy  bool   // false = withdrawn from selection
	Protocol uint32 // TunnelProto* constant
	PeerName string // peer hostname for healthcheck correlation (not stored in BPF)
}

TunnelNexthop describes a single nexthop within a tunnel endpoint.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.