You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: bpf-prog/ipv6-hp-bpf/README.md
+14-6Lines changed: 14 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,9 +4,17 @@
4
4
5
5
## Description
6
6
7
-
The goal of this bpf program is to fix the issue described [here](https://github.com/cilium/cilium/issues/31326). It includes both egress and ingress TC programs. These programs are meant to replace the nftable rules since they don't work on cilium clusters.
7
+
The goal of this bpf program is to fix the issue described [here](https://github.com/cilium/cilium/issues/31326). It includes both egress and ingress TC programs. These programs are meant to replace the nftable rules since they don't work on cilium clusters.
8
8
The egress bpf code converts the destination IPv6 of the packet from global unicast to link local, and ingress converts the source IPv6 from link local to global unicast.
9
9
10
+
## Dependencies
11
+
12
+
Leverage the below make recipe to install the required libraries.
13
+
14
+
```bash
15
+
make ipv6-hp-bpf-lib
16
+
```
17
+
10
18
## Usage
11
19
12
20
Follow the steps below to compile the program and install it onto your node:
@@ -20,9 +28,9 @@ Follow the steps below to compile the program and install it onto your node:
20
28
21
29
3. Remove the nftable rules for ipv6 with the following commands:
22
30
```bash
23
-
nft delete chain ip6 azureSLBProbe postrouting
24
-
nft delete chain ip6 azureSLBProbe prerouting
25
-
nft -n list table ip6 azureSLBProbe
31
+
nft delete chain ip6 azureSLBProbe postrouting
32
+
nft delete chain ip6 azureSLBProbe prerouting
33
+
nft -n list table ip6 azureSLBProbe
26
34
```
27
35
28
36
4. Start the program with:
@@ -43,7 +51,7 @@ To copy to the node you need to create a node-shell instance
43
51
kubectl cp egress.o nsenter-xxxxx:<path-in-node>
44
52
```
45
53
46
-
Since this is for cilium clusters, cilium already creates a qdisc on eth0 of type clsact (which allows both ingress and egress filters to be attached). If cilium is not installed, you would have to create the qdisc on your own by doing the following:
54
+
Since this is for cilium clusters, cilium already creates a qdisc on eth0 of type clsact (which allows both ingress and egress filters to be attached). If cilium is not installed, you would have to create the qdisc on your own by doing the following:
47
55
```bash
48
56
tc qdisc add dev eth0 clsact
49
57
```
@@ -56,4 +64,4 @@ tc filter add dev eth0 egress prio 1 bpf da obj egress.o sec classifier
0 commit comments