config

package
v1.19.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2026 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package config contains objects used to configure the eBPF datapath.

Index

Constants

View Source 
const ConstantPrefix = "__config_"

ConstantPrefix is the prefix used to declare configuration constants in the datapath's BPF C code. Must match the prefix used by the CONFIG macro in static_data.h.

View Source 
const Section = ".rodata.config"

Section is the ELF section used to store configuration variables for the Cilium datapath. Must match the section used by the CONFIG macro in static_data.h.

View Source 
const TagName = "config"

TagName is the name of the struct tag used to annotate configuration fields.

Variables

This section is empty.

Functions

func CiliumHost added in v1.19.0 

func CiliumHost(ep datapath.EndpointConfiguration, lnc *datapath.LocalNodeConfiguration) any

CiliumHost returns a BPFHost for attaching bpf_host.c to cilium_host.

func CiliumNet added in v1.19.0 

func CiliumNet(ep datapath.EndpointConfiguration, lnc *datapath.LocalNodeConfiguration, link netlink.Link) any

CiliumNet returns a BPFHost for attaching bpf_host.c to cilium_net.

func Encryption added in v1.19.0 

func Encryption(lnc *datapath.LocalNodeConfiguration) any

Encryption returns a BPFNetwork.

func Endpoint added in v1.19.0 

func Endpoint(ep datapath.EndpointConfiguration, lnc *datapath.LocalNodeConfiguration) any

Endpoint returns a BPFLXC for an Endpoint.

func Map added in v1.19.0 

func Map(obj any) (map[string]any, error)

Map converts an instance of a Go struct generated by [varsToStruct], or a slice of such structs, into a map of configuration values to be passed to LoadCollection.

Only struct members with a `config` tag are included. The tag value is used as the key in the map, and the map value is the runtime value of the member.

Duplicate variables (e.g. by specifying the same object twice) are not allowed.

func Netdev added in v1.19.0 

func Netdev(ep datapath.EndpointConfiguration, lnc *datapath.LocalNodeConfiguration, link netlink.Link, masq4, masq6 netip.Addr) any

Netdev returns a BPFHost for attaching bpf_host.c to an externally-facing network device.

func Overlay added in v1.19.0 

func Overlay(lnc *datapath.LocalNodeConfiguration, link netlink.Link) any

Overlay returns a BPFOverlay.

func Wireguard added in v1.19.0 

func Wireguard(lnc *datapath.LocalNodeConfiguration, link netlink.Link) any

Wireguard returns a BPFWireguard.

func XDP added in v1.19.0 

func XDP(lnc *datapath.LocalNodeConfiguration, link netlink.Link) any

XDP returns a BPFXDP.

Types

type BPFHost 

type BPFHost struct {
	// Allow ICMP_FRAG_NEEDED messages when applying Network Policy.
	AllowICMPFragNeeded bool `config:"allow_icmp_frag_needed"`
	// MTU of the device the bpf program is attached to (default: MTU set in
	// node_config.h by agent).
	DeviceMTU uint16 `config:"device_mtu"`
	// Pass traffic with extended IP protocols.
	EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
	// Apply Network Policy for ICMP packets.
	EnableICMPRule bool `config:"enable_icmp_rule"`
	// Enable L2 Announcements.
	EnableL2Announcements bool `config:"enable_l2_announcements"`
	// Use netkit devices for pods.
	EnableNetkit bool `config:"enable_netkit"`
	// Enable routes when service has 0 endpoints.
	EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
	// Masquerade traffic to remote nodes.
	EnableRemoteNodeMasquerade bool `config:"enable_remote_node_masquerade"`
	// Ephemeral port range minimun.
	EphemeralMin uint16 `config:"ephemeral_min"`
	// Length of the Ethernet header on this device. May be set to zero on L2-less
	// devices. (default __ETH_HLEN).
	EthHeaderLength uint8 `config:"eth_header_length"`
	// The host endpoint ID.
	HostEPID uint16 `config:"host_ep_id"`
	// Ifindex of the interface the bpf program is attached to.
	InterfaceIfIndex uint32 `config:"interface_ifindex"`
	// MAC address of the interface the bpf program is attached to.
	InterfaceMAC [8]byte `config:"interface_mac"`
	// If the agent is down for longer than the lease duration, stop responding.
	L2AnnouncementsMaxLiveness uint64 `config:"l2_announcements_max_liveness"`
	// Masquerade address for IPv4 traffic.
	NATIPv4Masquerade [4]byte `config:"nat_ipv4_masquerade"`
	// Masquerade address for IPv6 traffic.
	NATIPv6Masquerade [16]byte `config:"nat_ipv6_masquerade"`
	// The endpoint's security label.
	SecurityLabel uint32 `config:"security_label"`
	// VXLAN tunnel endpoint network mask.
	VTEPMask uint32 `config:"vtep_mask"`
	// Index of the WireGuard interface.
	WGIfIndex uint32 `config:"wg_ifindex"`
	// Port for the WireGuard interface.
	WGPort uint16 `config:"wg_port"`

	Node
}

BPFHost is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewBPFHost to ensure the default values configured in the ELF are honored.

func NewBPFHost 

func NewBPFHost(node Node) *BPFHost

type BPFLXC 

type BPFLXC struct {
	// Allow ICMP_FRAG_NEEDED messages when applying Network Policy.
	AllowICMPFragNeeded bool `config:"allow_icmp_frag_needed"`
	// MTU of the device the bpf program is attached to (default: MTU set in
	// node_config.h by agent).
	DeviceMTU uint16 `config:"device_mtu"`
	// Pass traffic with extended IP protocols.
	EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
	// Apply Network Policy for ICMP packets.
	EnableICMPRule bool `config:"enable_icmp_rule"`
	// Enable support for Local Redirect Policy.
	EnableLRP bool `config:"enable_lrp"`
	// Use netkit devices for pods.
	EnableNetkit bool `config:"enable_netkit"`
	// Enable routes when service has 0 endpoints.
	EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
	// Masquerade traffic to remote nodes.
	EnableRemoteNodeMasquerade bool `config:"enable_remote_node_masquerade"`
	// The endpoint's security ID.
	EndpointID uint16 `config:"endpoint_id"`
	// The endpoint's IPv4 address.
	EndpointIPv4 [4]byte `config:"endpoint_ipv4"`
	// The endpoint's IPv6 address.
	EndpointIPv6 [16]byte `config:"endpoint_ipv6"`
	// The endpoint's network namespace cookie.
	EndpointNetNSCookie uint64 `config:"endpoint_netns_cookie"`
	// Ephemeral port range minimun.
	EphemeralMin uint16 `config:"ephemeral_min"`
	// The host endpoint ID.
	HostEPID uint16 `config:"host_ep_id"`
	// Ifindex of the interface the bpf program is attached to.
	InterfaceIfIndex uint32 `config:"interface_ifindex"`
	// MAC address of the interface the bpf program is attached to.
	InterfaceMAC [8]byte `config:"interface_mac"`
	// Masquerade address for IPv4 traffic.
	NATIPv4Masquerade [4]byte `config:"nat_ipv4_masquerade"`
	// Masquerade address for IPv6 traffic.
	NATIPv6Masquerade [16]byte `config:"nat_ipv6_masquerade"`
	// The log level for policy verdicts in workload endpoints.
	PolicyVerdictLogFilter uint32 `config:"policy_verdict_log_filter"`
	// The endpoint's security label.
	SecurityLabel uint32 `config:"security_label"`
	// VXLAN tunnel endpoint network mask.
	VTEPMask uint32 `config:"vtep_mask"`

	Node
}

BPFLXC is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewBPFLXC to ensure the default values configured in the ELF are honored.

func NewBPFLXC 

func NewBPFLXC(node Node) *BPFLXC

type BPFNetwork 

type BPFNetwork struct {
	Node
}

BPFNetwork is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewBPFNetwork to ensure the default values configured in the ELF are honored.

func NewBPFNetwork 

func NewBPFNetwork(node Node) *BPFNetwork

type BPFOverlay 

type BPFOverlay struct {
	// MTU of the device the bpf program is attached to (default: MTU set in
	// node_config.h by agent).
	DeviceMTU uint16 `config:"device_mtu"`
	// Pass traffic with extended IP protocols.
	EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
	// Use netkit devices for pods.
	EnableNetkit bool `config:"enable_netkit"`
	// Enable routes when service has 0 endpoints.
	EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
	// Masquerade traffic to remote nodes.
	EnableRemoteNodeMasquerade bool `config:"enable_remote_node_masquerade"`
	// Enable strict encryption for ingress traffic.
	EncryptionStrictIngress bool `config:"encryption_strict_ingress"`
	// Ephemeral port range minimun.
	EphemeralMin uint16 `config:"ephemeral_min"`
	// Ifindex of the interface the bpf program is attached to.
	InterfaceIfIndex uint32 `config:"interface_ifindex"`
	// MAC address of the interface the bpf program is attached to.
	InterfaceMAC [8]byte `config:"interface_mac"`
	// Masquerade address for IPv4 traffic.
	NATIPv4Masquerade [4]byte `config:"nat_ipv4_masquerade"`
	// Masquerade address for IPv6 traffic.
	NATIPv6Masquerade [16]byte `config:"nat_ipv6_masquerade"`
	// VXLAN tunnel endpoint network mask.
	VTEPMask uint32 `config:"vtep_mask"`

	Node
}

BPFOverlay is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewBPFOverlay to ensure the default values configured in the ELF are honored.

func NewBPFOverlay 

func NewBPFOverlay(node Node) *BPFOverlay

type BPFSock added in v1.19.0 

type BPFSock struct {
	// Pass traffic with extended IP protocols.
	EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
	// Enable support for Local Redirect Policy.
	EnableLRP bool `config:"enable_lrp"`
	// Enable routes when service has 0 endpoints.
	EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`

	Node
}

BPFSock is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewBPFSock to ensure the default values configured in the ELF are honored.

func NewBPFSock added in v1.19.0 

func NewBPFSock(node Node) *BPFSock

type BPFWireguard 

type BPFWireguard struct {
	// MTU of the device the bpf program is attached to (default: MTU set in
	// node_config.h by agent).
	DeviceMTU uint16 `config:"device_mtu"`
	// Pass traffic with extended IP protocols.
	EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
	// Use netkit devices for pods.
	EnableNetkit bool `config:"enable_netkit"`
	// Enable routes when service has 0 endpoints.
	EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
	// Masquerade traffic to remote nodes.
	EnableRemoteNodeMasquerade bool `config:"enable_remote_node_masquerade"`
	// Ephemeral port range minimun.
	EphemeralMin uint16 `config:"ephemeral_min"`
	// Ifindex of the interface the bpf program is attached to.
	InterfaceIfIndex uint32 `config:"interface_ifindex"`
	// MAC address of the interface the bpf program is attached to.
	InterfaceMAC [8]byte `config:"interface_mac"`
	// Masquerade address for IPv4 traffic.
	NATIPv4Masquerade [4]byte `config:"nat_ipv4_masquerade"`
	// Masquerade address for IPv6 traffic.
	NATIPv6Masquerade [16]byte `config:"nat_ipv6_masquerade"`

	Node
}

BPFWireguard is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewBPFWireguard to ensure the default values configured in the ELF are honored.

func NewBPFWireguard 

func NewBPFWireguard(node Node) *BPFWireguard

type BPFXDP 

type BPFXDP struct {
	// MTU of the device the bpf program is attached to (default: MTU set in
	// node_config.h by agent).
	DeviceMTU uint16 `config:"device_mtu"`
	// Pass traffic with extended IP protocols.
	EnableExtendedIPProtocols bool `config:"enable_extended_ip_protocols"`
	// Enable routes when service has 0 endpoints.
	EnableNoServiceEndpointsRoutable bool `config:"enable_no_service_endpoints_routable"`
	// Masquerade traffic to remote nodes.
	EnableRemoteNodeMasquerade bool `config:"enable_remote_node_masquerade"`
	// Ephemeral port range minimun.
	EphemeralMin uint16 `config:"ephemeral_min"`
	// Ifindex of the interface the bpf program is attached to.
	InterfaceIfIndex uint32 `config:"interface_ifindex"`
	// MAC address of the interface the bpf program is attached to.
	InterfaceMAC [8]byte `config:"interface_mac"`
	// Masquerade address for IPv4 traffic.
	NATIPv4Masquerade [4]byte `config:"nat_ipv4_masquerade"`
	// Masquerade address for IPv6 traffic.
	NATIPv6Masquerade [16]byte `config:"nat_ipv6_masquerade"`

	Node
}

BPFXDP is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewBPFXDP to ensure the default values configured in the ELF are honored.

func NewBPFXDP 

func NewBPFXDP(node Node) *BPFXDP

type Node 

type Node struct {
	// Cluster ID.
	ClusterID uint32 `config:"cluster_id"`
	// Max number of clusters that can be connected in Clustermesh.
	ClusterIDMax uint32 `config:"cluster_id_max"`
	// Index of the interface used to connect nodes in the cluster.
	DirectRoutingDevIfIndex uint32 `config:"direct_routing_dev_ifindex"`
	// Use jiffies (count of timer ticks since boot).
	EnableJiffies bool `config:"enable_jiffies"`
	// Enable hybrid mode routing based on subnet IDs.
	HybridRoutingEnabled bool `config:"hybrid_routing_enabled"`
	// Number of timer ticks per second.
	KernelHz uint32 `config:"kernel_hz"`
	// Enable ICMP responses for policy-denied traffic.
	PolicyDenyResponseEnabled bool `config:"policy_deny_response_enabled"`
	// Internal IPv6 router address assigned to the cilium_host interface.
	RouterIPv6 [16]byte `config:"router_ipv6"`
	// IPv4 source address used for SNAT when a Pod talks to itself over a Service.
	ServiceLoopbackIPv4 [4]byte `config:"service_loopback_ipv4"`
	// IPv6 source address used for SNAT when a Pod talks to itself over a Service.
	ServiceLoopbackIPv6 [16]byte `config:"service_loopback_ipv6"`
	// Whether or not BPF_FIB_LOOKUP_SKIP_NEIGH is supported.
	SupportsFIBLookupSkipNeigh bool `config:"supports_fib_lookup_skip_neigh"`
	// Length of payload to capture when tracing native packets.
	TracePayloadLen uint32 `config:"trace_payload_len"`
	// Length of payload to capture when tracing overlay packets.
	TracePayloadLenOverlay uint32 `config:"trace_payload_len_overlay"`
	// The IP option type to use for packet tracing.
	TracingIPOptionType uint8 `config:"tracing_ip_option_type"`
}

Node is a configuration struct for a Cilium datapath object. Warning: do not instantiate directly! Always use NewNode to ensure the default values configured in the ELF are honored.

func NewNode 

func NewNode() *Node

func NodeConfig added in v1.19.0 

func NodeConfig(lnc *datapath.LocalNodeConfiguration) Node

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.