cilium-arp.diff.txt

diff --git a/bpf/bpf_overlay.c b/bpf/bpf_overlay.c
index 52121bc7b..23d667425 100644
--- a/bpf/bpf_overlay.c
+++ b/bpf/bpf_overlay.c
@@ -23,6 +23,9 @@
 #include "lib/common.h"
 #include "lib/edt.h"
 #include "lib/maps.h"
+#include "lib/arp.h"
+#include "lib/encap.h"
+#include "lib/eps.h"
 #include "lib/ipv6.h"
 #include "lib/eth.h"
 #include "lib/dbg.h"
@@ -281,6 +284,41 @@ int tail_handle_ipv4(struct __ctx_buff *ctx)
                                              CTX_ACT_DROP, METRIC_INGRESS);
        return ret;
 }
+
+#ifdef ENABLE_ARP_RESPONDER
+/*
+ * ARP responder for ARP requests from overlay
+ * Respond to remote VTEP endpoint with cilium_vxlan MAC
+ */
+__section_tail(CILIUM_MAP_CALLS, CILIUM_CALL_ARP)
+int tail_handle_arp(struct __ctx_buff *ctx)
+{
+        union macaddr mac = NODE_MAC;
+        union macaddr smac;
+        __be32 sip;
+        __be32 tip;
+       __u32 monitor = 0;
+        struct endpoint_key key = {};
+       struct endpoint_key *tunnel;
+
+
+        if (!arp_validate(ctx, &mac, &smac, &sip, &tip))
+                return CTX_ACT_DROP;
+       if(!__lookup_ip4_endpoint(tip))
+               return CTX_ACT_DROP;
+       if (arp_prepare_response(ctx, &mac, tip, &smac, sip) < 0)
+                return CTX_ACT_DROP;
+
+        key.ip4 = sip & IPV4_MASK;
+        key.family = ENDPOINT_KEY_IPV4;
+        tunnel = map_lookup_elem(&TUNNEL_MAP, &key);
+        if (!tunnel)
+                return DROP_NO_TUNNEL_ENDPOINT;
+       if (tunnel->vni)
+               return __encap_and_redirect_with_nodeid(ctx, tunnel->ip4, tunnel->vni, monitor);
+
+       return CTX_ACT_OK;
+}
+#endif /* ENABLE_ARP_RESPONDER */
 #endif /* ENABLE_IPV4 */
 
 /* Attached to the ingress of cilium_vxlan/cilium_geneve to execute on packets
@@ -314,6 +352,12 @@ int from_overlay(struct __ctx_buff *ctx)
        }
 
        switch (proto) {
+#if defined(ENABLE_ARP_RESPONDER)
+       case bpf_htons(ETH_P_ARP):
+               ep_tail_call(ctx, CILIUM_CALL_ARP);
+                ret = DROP_MISSED_TAIL_CALL;
+                break;
+#endif
        case bpf_htons(ETH_P_IPV6):
 #ifdef ENABLE_IPV6
                ep_tail_call(ctx, CILIUM_CALL_IPV6_FROM_LXC);