config

package
v1.19.0-pre.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 3, 2025 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Overview

Package config contains objects used to configure the eBPF datapath.

Index

Constants

View Source 
const ConstantPrefix = "__config_"

ConstantPrefix is the prefix used to declare configuration constants in the datapath's BPF C code. Must match the prefix used by the CONFIG macro in static_data.h.

View Source 
const Section = ".rodata.config"

Section is the ELF section used to store configuration variables for the Cilium datapath. Must match the section used by the CONFIG macro in static_data.h.

View Source 
const TagName = "config"

TagName is the name of the struct tag used to annotate configuration fields.

Variables

This section is empty.

Functions

func StructToMap 

func StructToMap(obj any) (map[string]any, error)

StructToMap converts an instance of a Go struct generated by [varsToStruct] into a map of configuration values to be passed to LoadCollection.

Only struct members with a `config` tag are included. The tag value is used as the key in the map, and the map value is the runtime value of the member.

Types

type BPFHost 

type BPFHost struct {
	// MTU of the device the bpf program is attached to (default: MTU set in
	// node_config.h by agent).
	DeviceMTU uint16 `config:"device_mtu"`
	// Pass traffic with extended IP protocols.
	EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
	// Use netkit devices for pods.
	EnableNetkit bool `config:"enable_netkit"`
	// Enable routes when service has 0 endpoints.
	EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
	// Masquerade traffic to remote nodes.
	EnableRemoteNodeMasquerade bool `config:"enable_remote_node_masquerade"`
	// Length of the Ethernet header on this device. May be set to zero on L2-less
	// devices. (default __ETH_HLEN).
	EthHeaderLength uint8 `config:"eth_header_length"`
	// The host endpoint's security ID.
	HostEpID uint16 `config:"host_ep_id"`
	// Ifindex of the interface the bpf program is attached to.
	InterfaceIfindex uint32 `config:"interface_ifindex"`
	// MAC address of the interface the bpf program is attached to.
	InterfaceMAC [8]byte `config:"interface_mac"`
	// Masquerade address for IPv4 traffic.
	NATIPv4Masquerade [4]byte `config:"nat_ipv4_masquerade"`
	// Masquerade address for IPv6 traffic.
	NATIPv6Masquerade [16]byte `config:"nat_ipv6_masquerade"`
	// Pull security context from IP cache.
	SecctxFromIPCache bool `config:"secctx_from_ipcache"`
	// The endpoint's security label.
	SecurityLabel uint32 `config:"security_label"`
	// VXLAN tunnel endpoint network mask.
	VtepMask uint32 `config:"vtep_mask"`
	// Index of the WireGuard interface.
	WgIfindex uint32 `config:"wg_ifindex"`
	// Port for the WireGuard interface.
	WgPort uint16 `config:"wg_port"`

	Node
}

BPFHost is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewBPFHost to ensure the default values configured in the ELF are honored.

func NewBPFHost 

func NewBPFHost(node Node) *BPFHost

type BPFLXC 

type BPFLXC struct {
	// MTU of the device the bpf program is attached to (default: MTU set in
	// node_config.h by agent).
	DeviceMTU uint16 `config:"device_mtu"`
	// Pass traffic with extended IP protocols.
	EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
	// Use netkit devices for pods.
	EnableNetkit bool `config:"enable_netkit"`
	// Enable routes when service has 0 endpoints.
	EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
	// Masquerade traffic to remote nodes.
	EnableRemoteNodeMasquerade bool `config:"enable_remote_node_masquerade"`
	// The endpoint's security ID.
	EndpointID uint16 `config:"endpoint_id"`
	// The endpoint's IPv4 address.
	EndpointIPv4 [4]byte `config:"endpoint_ipv4"`
	// The endpoint's IPv6 address.
	EndpointIPv6 [16]byte `config:"endpoint_ipv6"`
	// The endpoint's network namespace cookie.
	EndpointNetNSCookie uint64 `config:"endpoint_netns_cookie"`
	// The host endpoint's security ID.
	HostEpID uint16 `config:"host_ep_id"`
	// Ifindex of the interface the bpf program is attached to.
	InterfaceIfindex uint32 `config:"interface_ifindex"`
	// MAC address of the interface the bpf program is attached to.
	InterfaceMAC [8]byte `config:"interface_mac"`
	// Masquerade address for IPv4 traffic.
	NATIPv4Masquerade [4]byte `config:"nat_ipv4_masquerade"`
	// Masquerade address for IPv6 traffic.
	NATIPv6Masquerade [16]byte `config:"nat_ipv6_masquerade"`
	// The log level for policy verdicts in workload endpoints.
	PolicyVerdictLogFilter uint32 `config:"policy_verdict_log_filter"`
	// Pull security context from IP cache.
	SecctxFromIPCache bool `config:"secctx_from_ipcache"`
	// The endpoint's security label.
	SecurityLabel uint32 `config:"security_label"`
	// VXLAN tunnel endpoint network mask.
	VtepMask uint32 `config:"vtep_mask"`

	Node
}

BPFLXC is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewBPFLXC to ensure the default values configured in the ELF are honored.

func NewBPFLXC 

func NewBPFLXC(node Node) *BPFLXC

type BPFNetwork 

type BPFNetwork struct {
	Node
}

BPFNetwork is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewBPFNetwork to ensure the default values configured in the ELF are honored.

func NewBPFNetwork 

func NewBPFNetwork(node Node) *BPFNetwork

type BPFOverlay 

type BPFOverlay struct {
	// MTU of the device the bpf program is attached to (default: MTU set in
	// node_config.h by agent).
	DeviceMTU uint16 `config:"device_mtu"`
	// Pass traffic with extended IP protocols.
	EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
	// Use netkit devices for pods.
	EnableNetkit bool `config:"enable_netkit"`
	// Enable routes when service has 0 endpoints.
	EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
	// Masquerade traffic to remote nodes.
	EnableRemoteNodeMasquerade bool `config:"enable_remote_node_masquerade"`
	// Ifindex of the interface the bpf program is attached to.
	InterfaceIfindex uint32 `config:"interface_ifindex"`
	// MAC address of the interface the bpf program is attached to.
	InterfaceMAC [8]byte `config:"interface_mac"`
	// Masquerade address for IPv4 traffic.
	NATIPv4Masquerade [4]byte `config:"nat_ipv4_masquerade"`
	// Masquerade address for IPv6 traffic.
	NATIPv6Masquerade [16]byte `config:"nat_ipv6_masquerade"`
	// Pull security context from IP cache.
	SecctxFromIPCache bool `config:"secctx_from_ipcache"`
	// VXLAN tunnel endpoint network mask.
	VtepMask uint32 `config:"vtep_mask"`

	Node
}

BPFOverlay is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewBPFOverlay to ensure the default values configured in the ELF are honored.

func NewBPFOverlay 

func NewBPFOverlay(node Node) *BPFOverlay

type BPFSock added in v1.19.0 

type BPFSock struct {
	// Pass traffic with extended IP protocols.
	EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
	// Enable routes when service has 0 endpoints.
	EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`

	Node
}

BPFSock is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewBPFSock to ensure the default values configured in the ELF are honored.

func NewBPFSock added in v1.19.0 

func NewBPFSock(node Node) *BPFSock

type BPFWireguard 

type BPFWireguard struct {
	// MTU of the device the bpf program is attached to (default: MTU set in
	// node_config.h by agent).
	DeviceMTU uint16 `config:"device_mtu"`
	// Pass traffic with extended IP protocols.
	EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
	// Use netkit devices for pods.
	EnableNetkit bool `config:"enable_netkit"`
	// Enable routes when service has 0 endpoints.
	EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
	// Masquerade traffic to remote nodes.
	EnableRemoteNodeMasquerade bool `config:"enable_remote_node_masquerade"`
	// Ifindex of the interface the bpf program is attached to.
	InterfaceIfindex uint32 `config:"interface_ifindex"`
	// MAC address of the interface the bpf program is attached to.
	InterfaceMAC [8]byte `config:"interface_mac"`
	// Masquerade address for IPv4 traffic.
	NATIPv4Masquerade [4]byte `config:"nat_ipv4_masquerade"`
	// Masquerade address for IPv6 traffic.
	NATIPv6Masquerade [16]byte `config:"nat_ipv6_masquerade"`
	// Pull security context from IP cache.
	SecctxFromIPCache bool `config:"secctx_from_ipcache"`

	Node
}

BPFWireguard is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewBPFWireguard to ensure the default values configured in the ELF are honored.

func NewBPFWireguard 

func NewBPFWireguard(node Node) *BPFWireguard

type BPFXDP 

type BPFXDP struct {
	// MTU of the device the bpf program is attached to (default: MTU set in
	// node_config.h by agent).
	DeviceMTU uint16 `config:"device_mtu"`
	// Pass traffic with extended IP protocols.
	EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
	// Enable routes when service has 0 endpoints.
	EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
	// Masquerade traffic to remote nodes.
	EnableRemoteNodeMasquerade bool `config:"enable_remote_node_masquerade"`
	// Ifindex of the interface the bpf program is attached to.
	InterfaceIfindex uint32 `config:"interface_ifindex"`
	// MAC address of the interface the bpf program is attached to.
	InterfaceMAC [8]byte `config:"interface_mac"`
	// Masquerade address for IPv4 traffic.
	NATIPv4Masquerade [4]byte `config:"nat_ipv4_masquerade"`
	// Masquerade address for IPv6 traffic.
	NATIPv6Masquerade [16]byte `config:"nat_ipv6_masquerade"`
	// Pull security context from IP cache.
	SecctxFromIPCache bool `config:"secctx_from_ipcache"`

	Node
}

BPFXDP is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewBPFXDP to ensure the default values configured in the ELF are honored.

func NewBPFXDP 

func NewBPFXDP(node Node) *BPFXDP

type Node 

type Node struct {
	// Index of the interface used to connect nodes in the cluster.
	DirectRoutingDevIfindex uint32 `config:"direct_routing_dev_ifindex"`
	// Enable ICMP responses for policy-denied traffic.
	PolicyDenyResponseEnabled bool `config:"policy_deny_response_enabled"`
	// Internal IPv6 router address assigned to the cilium_host interface.
	RouterIPv6 [16]byte `config:"router_ipv6"`
	// IPv4 source address used for SNAT when a Pod talks to itself over a Service.
	ServiceLoopbackIPv4 [4]byte `config:"service_loopback_ipv4"`
	// IPv6 source address used for SNAT when a Pod talks to itself over a Service.
	ServiceLoopbackIPv6 [16]byte `config:"service_loopback_ipv6"`
	// Whether or not BPF_FIB_LOOKUP_SKIP_NEIGH is supported.
	SupportsFibLookupSkipNeigh bool `config:"supports_fib_lookup_skip_neigh"`
	// Length of payload to capture when tracing native packets.
	TracePayloadLen uint32 `config:"trace_payload_len"`
	// Length of payload to capture when tracing overlay packets.
	TracePayloadLenOverlay uint32 `config:"trace_payload_len_overlay"`
	// The IP option type to use for packet tracing.
	TracingIPOptionType uint8 `config:"tracing_ip_option_type"`
}

Node is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewNode to ensure the default values configured in the ELF are honored.

func NewNode 

func NewNode() *Node

func NodeConfig added in v1.19.0 

func NodeConfig(lnc *datapath.LocalNodeConfiguration) Node

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.