cilium · vincentmli · Aug 9, 2021
diff --git a/bpf/bpf_alignchecker.c b/bpf/bpf_alignchecker.c
@@ -56,6 +56,7 @@ int main(void)
 	DECLARE(struct, lb6_service, iter);
 	DECLARE(struct, lb6_backend, iter);
 	DECLARE(struct, endpoint_key, iter);
+	DECLARE(struct, tunnel_endpoint_info, iter);
 	DECLARE(struct, endpoint_info, iter);
 	DECLARE(struct, metrics_key, iter);
 	DECLARE(struct, metrics_value, iter);

diff --git a/bpf/lib/common.h b/bpf/lib/common.h
@@ -215,9 +215,24 @@ __revalidate_data_pull(struct __ctx_buff *ctx, void **data, void **data_end,
 /* Structure representing an IPv4 or IPv6 address, being used for:
  *  - key as endpoints map
  *  - key for tunnel endpoint map
- *  - value for tunnel endpoint map
  */
 struct endpoint_key {
+	union {
+		struct {
+			__u32		ip4;
+			__u32		pad1;
+			__u32		pad2;
+			__u32		pad3;
+		};
+		union v6addr	ip6;
+	};
+	__u8 family;
+	__u8 pad4;
+	__u16 pad5;
+} __packed;
+
+/*  - value for tunnel endpoint map */
+struct tunnel_endpoint_info {
 	union {
 		struct {
 			__u32		ip4;

diff --git a/bpf/lib/encap.h b/bpf/lib/encap.h
@@ -186,7 +186,7 @@ encap_and_redirect_lxc(struct __ctx_buff *ctx, __u32 tunnel_endpoint,
 		       __u8 encrypt_key __maybe_unused,
 		       struct endpoint_key *key, __u32 seclabel, __u32 monitor)
 {
-	struct endpoint_key *tunnel;
+	struct tunnel_endpoint_info *tunnel;
 
 	if (tunnel_endpoint) {
 #ifdef ENABLE_IPSEC
@@ -228,7 +228,7 @@ static __always_inline int
 encap_and_redirect_netdev(struct __ctx_buff *ctx, struct endpoint_key *k,
 			  __u32 seclabel, __u32 monitor)
 {
-	struct endpoint_key *tunnel;
+	struct tunnel_endpoint_info *tunnel;
 
 	tunnel = map_lookup_elem(&TUNNEL_MAP, k);
 	if (!tunnel)

diff --git a/bpf/lib/maps.h b/bpf/lib/maps.h
@@ -91,7 +91,7 @@ struct bpf_elf_map __section_maps CALLS_MAP = {
 struct bpf_elf_map __section_maps TUNNEL_MAP = {
 	.type		= BPF_MAP_TYPE_HASH,
 	.size_key	= sizeof(struct endpoint_key),
-	.size_value	= sizeof(struct endpoint_key),
+	.size_value	= sizeof(struct tunnel_endpoint_info),
 	.pinning	= PIN_GLOBAL_NS,
 	.max_elem	= TUNNEL_ENDPOINT_MAP_SIZE,
 	.flags		= CONDITIONAL_PREALLOC,

diff --git a/pkg/bpf/endpoint.go b/pkg/bpf/endpoint.go
@@ -4,7 +4,6 @@
 package bpf
 
 import (
-	"fmt"
 	"net"
 	"unsafe"
 
@@ -25,7 +24,7 @@ type EndpointKey struct {
 	// represents both IPv6 and IPv4 (in the lowest four bytes)
 	IP     types.IPv6 `align:"$union0"`
 	Family uint8      `align:"family"`
-	Key    uint8      `align:"key"`
+	Pad1   uint8      `align:"pad4"`
 	Pad2   uint16     `align:"pad5"`
 }
 
@@ -48,7 +47,6 @@ func NewEndpointKey(ip net.IP) EndpointKey {
 		result.Family = EndpointKeyIPv6
 		copy(result.IP[:], ip)
 	}
-	result.Key = 0
 
 	return result
 }
@@ -67,7 +65,7 @@ func (k EndpointKey) ToIP() net.IP {
 // String provides a string representation of the EndpointKey.
 func (k EndpointKey) String() string {
 	if ip := k.ToIP(); ip != nil {
-		return net.JoinHostPort(ip.String(), fmt.Sprintf("%d", k.Key))
+		return ip.String()
 	}
 	return "nil"
 }
diff --git a/pkg/datapath/alignchecker/alignchecker.go b/pkg/datapath/alignchecker/alignchecker.go
@@ -50,6 +50,7 @@ func CheckStructAlignments(path string) error {
 		"lb6_service":          {reflect.TypeOf(lbmap.Service6Value{})},
 		"lb6_backend":          {reflect.TypeOf(lbmap.Backend6Value{})},
 		"endpoint_info":        {reflect.TypeOf(lxcmap.EndpointInfo{})},
+		"tunnel_endpoint_info": {reflect.TypeOf(tunnel.TunnelEndpointInfo{})},
 		"metrics_key":          {reflect.TypeOf(metricsmap.Key{})},
 		"metrics_value":        {reflect.TypeOf(metricsmap.Value{})},
 		"policy_key":           {reflect.TypeOf(policymap.PolicyKey{})},

diff --git a/pkg/maps/tunnel/tunnel.go b/pkg/maps/tunnel/tunnel.go
@@ -4,10 +4,12 @@
 package tunnel
 
 import (
+	"fmt"
 	"net"
 	"unsafe"
 
 	"github.com/cilium/cilium/pkg/bpf"
+	"github.com/cilium/cilium/pkg/types"
 
 	"github.com/sirupsen/logrus"
 )
@@ -35,8 +37,8 @@ func NewTunnelMap(name string) *Map {
 		bpf.MapTypeHash,
 		&TunnelEndpoint{},
 		int(unsafe.Sizeof(TunnelEndpoint{})),
-		&TunnelEndpoint{},
-		int(unsafe.Sizeof(TunnelEndpoint{})),
+		&TunnelEndpointInfo{},
+		int(unsafe.Sizeof(TunnelEndpointInfo{})),
 		MaxEntries,
 		0, 0,
 		bpf.ConvertKeyValue,
@@ -50,23 +52,72 @@ func init() {
 
 // +k8s:deepcopy-gen=true
 // +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapKey
-// +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapValue
 type TunnelEndpoint struct {
 	bpf.EndpointKey
 }
 
+// +k8s:deepcopy-gen=true
+// +k8s:deepcopy-gen:interfaces=github.com/cilium/cilium/pkg/bpf.MapValue
+type TunnelEndpointInfo struct {
+	// represents both IPv6 and IPv4 (in the lowest four bytes)
+	IP     types.IPv6 `align:"$union0"`
+	Family uint8      `align:"family"`
+	Key    uint8      `align:"key"`
+	Pad2   uint16     `align:"pad5"`
+}
+
+// String returns the human readable representation of an TunnelEndpointInfo
+func (v TunnelEndpointInfo) String() string {
+	if ip := v.ToIP(); ip != nil {
+		return fmt.Sprintf("ip=%s family=%-3d key=%-3d",
+			ip,
+			v.Family,
+			v.Key,
+		)
+	}
+	return "nil"
+}
+
+// GetValuePtr returns the unsafe pointer to the BPF value
+func (v *TunnelEndpointInfo) GetValuePtr() unsafe.Pointer { return unsafe.Pointer(v) }
+
 func newTunnelEndpoint(ip net.IP) *TunnelEndpoint {
 	return &TunnelEndpoint{
 		EndpointKey: bpf.NewEndpointKey(ip),
 	}
 }
 
-func (v TunnelEndpoint) NewValue() bpf.MapValue { return &TunnelEndpoint{} }
+func (k TunnelEndpoint) NewValue() bpf.MapValue { return &TunnelEndpointInfo{} }
+
+func newTunnelEndpointInfo(ip net.IP) *TunnelEndpointInfo {
+	result := TunnelEndpointInfo{}
+
+	if ip4 := ip.To4(); ip4 != nil {
+		result.Family = bpf.EndpointKeyIPv4
+		copy(result.IP[:], ip4)
+	} else {
+		result.Family = bpf.EndpointKeyIPv6
+		copy(result.IP[:], ip)
+	}
+
+	return &result
+}
+
+// ToIP converts the TunnelEndpointInfo IP field into a net.IP structure.
+func (v TunnelEndpointInfo) ToIP() net.IP {
+	switch v.Family {
+	case bpf.EndpointKeyIPv4:
+		return v.IP[:4]
+	case bpf.EndpointKeyIPv6:
+		return v.IP[:]
+	}
+	return nil
+}
 
 // SetTunnelEndpoint adds/replaces a prefix => tunnel-endpoint mapping
 func (m *Map) SetTunnelEndpoint(encryptKey uint8, prefix, endpoint net.IP) error {
-	key, val := newTunnelEndpoint(prefix), newTunnelEndpoint(endpoint)
-	val.EndpointKey.Key = encryptKey
+	key, val := newTunnelEndpoint(prefix), newTunnelEndpointInfo(endpoint)
+	val.Key = encryptKey
 	log.WithFields(logrus.Fields{
 		fieldPrefix:   prefix,
 		fieldEndpoint: endpoint,
@@ -83,7 +134,7 @@ func (m *Map) GetTunnelEndpoint(prefix net.IP) (net.IP, error) {
 		return net.IP{}, err
 	}
 
-	return val.(*TunnelEndpoint).ToIP(), nil
+	return val.(*TunnelEndpointInfo).ToIP(), nil
 }
 
 // DeleteTunnelEndpoint removes a prefix => tunnel-endpoint mapping

diff --git a/pkg/maps/tunnel/zz_generated.deepcopy.go b/pkg/maps/tunnel/zz_generated.deepcopy.go