Overview¶
FPTUN-eBPF uses the Linux eBPF architecture to drive packets between the fast path and the Linux kernel stack.
It provides functionalities that used to be implemented in FPTUN kernel module:
special exception path to skip in Linux the work done in fast path: VLAN, GRE, VXLAN, …
metadata transfer like “skb->mark”
“tcpdump” to capture packets processed at fast path level
Features¶
The following exception types are supported:
FPTUN_BASIC_EXCEPT: exception used to inject a L2 packet in a fast path port interface at ingress.
FPTUN_ETH_INPUT_EXCEPT: exception used to inject a L2 packet in an interface at ingress.
FPTUN_IFACE_INPUT_EXCEPT: exception used to inject a L3 packet in an interface at ingress.
FPTUN_IPV4_IPSECDONE_INPUT_EXCEPT: exception used to inject a deciphered IPv4 packet in an interface at ingress.
FPTUN_IPV6_IPSECDONE_INPUT_EXCEPT: exception used to inject a deciphered IPv6 packet in an interface at ingress.
FPTUN_TAP: exception used to inject a packet for tcpdump capture.
FPTUN_ETH_SP_OUTPUT_REQ: used to inject packets from the Linux kernel stack to the fast path.
Dependencies¶
6WINDGate modules¶
Linux¶
tc eBPF support is a kernel patch (upstream 4.0).
tc eBPF bpf_skb_store_bytes support is a kernel patch (upstream 4.1).
tc eBPF bpf_redirect support is a kernel patch (upstream 4.2).
tc eBPF BPF_F_INGRESS redirect flag is a kernel patch (upstream 4.5).
tc eBPF bpf_redirect support from a L2 devive to a L3 device is a kernel patch (upstream 4.9).
tc eBPF bpf_skb_load_bytes support is a kernel patch (upstream 4.5).
tc eBPF bpf_skb_change_tail support is a kernel patch (upstream 4.9).
tc eBPF bpf_skb_adjust_room support is available since kernel version 5.2.