bpf_metadata: introduce udp bpf_metadata factory & instance

Signed-off-by: Marco Hofstetter <marco.hofstetter@isovalent.com>
cilium · Dec 18, 2024 · bd183b5 · bd183b5
1 parent edc3b43
commit bd183b5
Show file tree

Hide file tree

Showing 2 changed files with 79 additions and 0 deletions.
diff --git a/cilium/bpf_metadata.cc b/cilium/bpf_metadata.cc
@@ -5,6 +5,7 @@
 
 #include <string>
 
+#include "envoy/api/io_error.h"
 #include "envoy/network/listen_socket.h"
 #include "envoy/registry/registry.h"
 #include "envoy/singleton/manager.h"
@@ -35,15 +36,18 @@ class BpfMetadataConfigFactory : public NamedListenerFilterConfigFactory {
       const Protobuf::Message& proto_config,
       const Network::ListenerFilterMatcherSharedPtr& listener_filter_matcher,
       Configuration::ListenerFactoryContext& context) override {
+
     auto config = std::make_shared<Cilium::BpfMetadata::Config>(
         MessageUtil::downcastAndValidate<const ::cilium::BpfMetadata&>(
             proto_config, context.messageValidationVisitor()),
         context);
+
     // Set the socket mark option for the listen socket.
     // Can use identity 0 on the listen socket option, as the bpf datapath is only interested
     // in whether the proxy is ingress, egress, or if there is no proxy at all.
     std::shared_ptr<Envoy::Network::Socket::Options> options =
         std::make_shared<Envoy::Network::Socket::Options>();
+
     uint32_t mark = (config->is_ingress_) ? 0x0A00 : 0x0B00;
     options->push_back(std::make_shared<Cilium::SocketMarkOption>(mark, 0));
     context.addListenSocketOptions(options);
@@ -69,6 +73,52 @@ class BpfMetadataConfigFactory : public NamedListenerFilterConfigFactory {
 REGISTER_FACTORY(BpfMetadataConfigFactory,
                  NamedListenerFilterConfigFactory){FACTORY_VERSION(1, 1, 0, {{}})};
 
+/**
+ * Config registration for the UDP bpf metadata filter. @see
+ * NamedUdpListenerFilterConfigFactory.
+ */
+class UdpBpfMetadataConfigFactory : public NamedUdpListenerFilterConfigFactory {
+public:
+  // NamedUdpListenerFilterConfigFactory
+  Network::UdpListenerFilterFactoryCb
+  createFilterFactoryFromProto(const Protobuf::Message& proto_config,
+                               Configuration::ListenerFactoryContext& context) override {
+
+    auto config = std::make_shared<Cilium::BpfMetadata::Config>(
+        MessageUtil::downcastAndValidate<const ::cilium::BpfMetadata&>(
+            proto_config, context.messageValidationVisitor()),
+        context);
+
+    // Set the socket mark option for the listen socket.
+    // Can use identity 0 on the listen socket option, as the bpf datapath is only interested
+    // in whether the proxy is ingress, egress, or if there is no proxy at all.
+    std::shared_ptr<Envoy::Network::Socket::Options> options =
+        std::make_shared<Envoy::Network::Socket::Options>();
+
+    uint32_t mark = (config->is_ingress_) ? 0x0A00 : 0x0B00;
+    options->push_back(std::make_shared<Cilium::SocketMarkOption>(mark, 0));
+    context.addListenSocketOptions(options);
+
+    return [config](Network::UdpListenerFilterManager& udp_listener_filter_manager,
+                    Network::UdpReadFilterCallbacks& callbacks) mutable -> void {
+      udp_listener_filter_manager.addReadFilter(
+          std::make_unique<Cilium::BpfMetadata::UdpInstance>(config, callbacks));
+    };
+  }
+
+  ProtobufTypes::MessagePtr createEmptyConfigProto() override {
+    return std::make_unique<::cilium::BpfMetadata>();
+  }
+
+  std::string name() const override { return "cilium.bpf_metadata"; }
+};
+
+/**
+ * Static registration for the UDP bpf metadata filter. @see RegisterFactory.
+ */
+REGISTER_FACTORY(UdpBpfMetadataConfigFactory,
+                 NamedUdpListenerFilterConfigFactory){FACTORY_VERSION(1, 1, 0, {{}})};
+
 } // namespace Configuration
 } // namespace Server
 
@@ -118,6 +168,7 @@ Config::Config(const ::cilium::BpfMetadata& config,
           Network::Utility::parseInternetAddressNoThrow(config.ipv6_source_address())),
       enforce_policy_on_l7lb_(config.enforce_policy_on_l7lb()),
       policy_update_warning_limit_ms_(std::chrono::milliseconds(100)) {
+
   const uint64_t limit = DurationUtil::durationToMilliseconds(config.policy_update_warning_limit());
   if (limit > 0) {
     policy_update_warning_limit_ms_ = std::chrono::milliseconds(limit);
@@ -517,6 +568,15 @@ Network::FilterStatus Instance::onData(Network::ListenerFilterBuffer&) {
 
 size_t Instance::maxReadBytes() const { return 0; }
 
+Network::FilterStatus UdpInstance::onData([[maybe_unused]] Network::UdpRecvData& data) {
+  return Network::FilterStatus::Continue;
+}
+
+Network::FilterStatus
+UdpInstance::onReceiveError([[maybe_unused]] Api::IoError::IoErrorCode error_code) {
+  return Network::FilterStatus::Continue;
+}
+
 } // namespace BpfMetadata
 } // namespace Cilium
 } // namespace Envoy
diff --git a/cilium/bpf_metadata.h b/cilium/bpf_metadata.h
@@ -1,5 +1,6 @@
 #pragma once
 
+#include "envoy/api/io_error.h"
 #include "envoy/json/json_object.h"
 #include "envoy/network/filter.h"
 #include "envoy/server/filter_config.h"
@@ -84,6 +85,24 @@ class Instance : public Network::ListenerFilter, Logger::Loggable<Logger::Id::fi
   const ConfigSharedPtr config_;
 };
 
+/**
+ * Implementation of a UDP bpf metadata listener filter.
+ */
+class UdpInstance : public Network::UdpListenerReadFilter, Logger::Loggable<Logger::Id::filter> {
+public:
+  UdpInstance(const ConfigSharedPtr& config, Network::UdpReadFilterCallbacks& callbacks)
+      : UdpListenerReadFilter(callbacks), config_(config) {}
+
+  // Network::UdpListenerReadFilter
+  Network::FilterStatus onData(Network::UdpRecvData& data) override;
+
+  // Network::UdpListenerReadFilter
+  Network::FilterStatus onReceiveError(Api::IoError::IoErrorCode error_code) override;
+
+private:
+  const ConfigSharedPtr config_;
+};
+
 } // namespace BpfMetadata
 } // namespace Cilium
 } // namespace Envoy