-
Notifications
You must be signed in to change notification settings - Fork 4
/
cilium-arp.diff.txt
71 lines (68 loc) · 2.13 KB
/
cilium-arp.diff.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
diff --git a/bpf/bpf_overlay.c b/bpf/bpf_overlay.c
index 52121bc7b..23d667425 100644
--- a/bpf/bpf_overlay.c
+++ b/bpf/bpf_overlay.c
@@ -23,6 +23,9 @@
#include "lib/common.h"
#include "lib/edt.h"
#include "lib/maps.h"
+#include "lib/arp.h"
+#include "lib/encap.h"
+#include "lib/eps.h"
#include "lib/ipv6.h"
#include "lib/eth.h"
#include "lib/dbg.h"
@@ -281,6 +284,41 @@ int tail_handle_ipv4(struct __ctx_buff *ctx)
CTX_ACT_DROP, METRIC_INGRESS);
return ret;
}
+
+#ifdef ENABLE_ARP_RESPONDER
+/*
+ * ARP responder for ARP requests from overlay
+ * Respond to remote VTEP endpoint with cilium_vxlan MAC
+ */
+__section_tail(CILIUM_MAP_CALLS, CILIUM_CALL_ARP)
+int tail_handle_arp(struct __ctx_buff *ctx)
+{
+ union macaddr mac = NODE_MAC;
+ union macaddr smac;
+ __be32 sip;
+ __be32 tip;
+ __u32 monitor = 0;
+ struct endpoint_key key = {};
+ struct endpoint_key *tunnel;
+
+
+ if (!arp_validate(ctx, &mac, &smac, &sip, &tip))
+ return CTX_ACT_DROP;
+ if(!__lookup_ip4_endpoint(tip))
+ return CTX_ACT_DROP;
+ if (arp_prepare_response(ctx, &mac, tip, &smac, sip) < 0)
+ return CTX_ACT_DROP;
+
+ key.ip4 = sip & IPV4_MASK;
+ key.family = ENDPOINT_KEY_IPV4;
+ tunnel = map_lookup_elem(&TUNNEL_MAP, &key);
+ if (!tunnel)
+ return DROP_NO_TUNNEL_ENDPOINT;
+ if (tunnel->vni)
+ return __encap_and_redirect_with_nodeid(ctx, tunnel->ip4, tunnel->vni, monitor);
+
+ return CTX_ACT_OK;
+}
+#endif /* ENABLE_ARP_RESPONDER */
#endif /* ENABLE_IPV4 */
/* Attached to the ingress of cilium_vxlan/cilium_geneve to execute on packets
@@ -314,6 +352,12 @@ int from_overlay(struct __ctx_buff *ctx)
}
switch (proto) {
+#if defined(ENABLE_ARP_RESPONDER)
+ case bpf_htons(ETH_P_ARP):
+ ep_tail_call(ctx, CILIUM_CALL_ARP);
+ ret = DROP_MISSED_TAIL_CALL;
+ break;
+#endif
case bpf_htons(ETH_P_IPV6):
#ifdef ENABLE_IPV6
ep_tail_call(ctx, CILIUM_CALL_IPV6_FROM_LXC);