Liking cljdoc? Tell your friends :D
Clojure only.

lb.programs.tc-ingress

TC ingress program for PROXY protocol v2 header injection.

This program runs on the TC ingress path (after XDP DNAT) and injects PROXY protocol v2 headers into the first data packet of each connection that has proxy-protocol enabled.

Flow:

  1. Parse packet headers (Ethernet, IPv4/IPv6, TCP)
  2. Lookup conntrack entry by 5-tuple
  3. Check if proxy_enabled flag is set
  4. Track TCP state (NEW -> SYN_SENT -> SYN_RECV -> ESTABLISHED)
  5. On first DATA packet in ESTABLISHED: inject PROXY v2 header
  6. Set header_injected flag and seq_offset for subsequent packets
TC ingress program for PROXY protocol v2 header injection.

This program runs on the TC ingress path (after XDP DNAT) and injects
PROXY protocol v2 headers into the first data packet of each connection
that has proxy-protocol enabled.

Flow:
1. Parse packet headers (Ethernet, IPv4/IPv6, TCP)
2. Lookup conntrack entry by 5-tuple
3. Check if proxy_enabled flag is set
4. Track TCP state (NEW -> SYN_SENT -> SYN_RECV -> ESTABLISHED)
5. On first DATA packet in ESTABLISHED: inject PROXY v2 header
6. Set header_injected flag and seq_offset for subsequent packets
raw docstring

attach-to-interfaceclj

(attach-to-interface prog iface & {:keys [priority] :or {priority 1}})

Attach TC program to interface ingress. Returns true on success.

Attach TC program to interface ingress.
Returns true on success.
sourceraw docstring

attach-to-interfacesclj

(attach-to-interfaces prog interfaces & opts)

Attach TC ingress program to multiple interfaces.

Attach TC ingress program to multiple interfaces.
sourceraw docstring

BPF-F-INVALIDATE-HASHclj

source

BPF-F-PSEUDO-HDRclj

source

BPF-F-RECOMPUTE-CSUMclj

source

BPF-FUNC-ktime-get-nsclj

source

BPF-FUNC-l3-csum-replaceclj

source

BPF-FUNC-l4-csum-replaceclj

source

BPF-FUNC-map-lookup-elemclj

source

BPF-FUNC-map-update-elemclj

source

BPF-FUNC-skb-change-tailclj

source

BPF-FUNC-skb-load-bytesclj

source

BPF-FUNC-skb-store-bytesclj

source

build-tc-ingress-proxy-programclj

(build-tc-ingress-proxy-program map-fds)

Build the TC ingress program for PROXY protocol v2 header injection.

This program:

  1. Parses Ethernet/IP/TCP headers
  2. Looks up conntrack entry by 5-tuple
  3. Checks proxy_enabled flag
  4. Tracks TCP state machine
  5. Injects PROXY v2 header on first data packet in ESTABLISHED state
  6. Adjusts sequence numbers for subsequent packets

map-fds: Map containing :conntrack-map from unified maps

Returns assembled TC program bytecode.

Build the TC ingress program for PROXY protocol v2 header injection.

This program:
1. Parses Ethernet/IP/TCP headers
2. Looks up conntrack entry by 5-tuple
3. Checks proxy_enabled flag
4. Tracks TCP state machine
5. Injects PROXY v2 header on first data packet in ESTABLISHED state
6. Adjusts sequence numbers for subsequent packets

map-fds: Map containing :conntrack-map from unified maps

Returns assembled TC program bytecode.
sourceraw docstring

build-tc-pass-programclj

(build-tc-pass-program)

Build a simple TC program that passes all packets.

Build a simple TC program that passes all packets.
sourceraw docstring

CONN-STATE-ESTABLISHEDclj

source

CONN-STATE-NEWclj

source

CONN-STATE-SYN-RECVclj

source

CONN-STATE-SYN-SENTclj

source

CT-OFF-CONN-STATEclj

source

CT-OFF-ORIG-CLIENT-IPclj

source

CT-OFF-ORIG-CLIENT-PORTclj

source

CT-OFF-PADclj

source

CT-OFF-PROXY-FLAGSclj

source

CT-OFF-SEQ-OFFSETclj

source

detach-from-interfaceclj

(detach-from-interface iface & {:keys [priority] :or {priority 1}})

Detach TC ingress program from interface.

Detach TC ingress program from interface.
sourceraw docstring

detach-from-interfacesclj

(detach-from-interfaces interfaces & opts)

Detach TC ingress program from multiple interfaces.

Detach TC ingress program from multiple interfaces.
sourceraw docstring

load-programclj

(load-program maps)

Load TC ingress program into kernel. Returns a BpfProgram record or throws on error.

Load TC ingress program into kernel.
Returns a BpfProgram record or throws on error.
sourceraw docstring

PROXY-FLAG-ENABLEDclj

source

PROXY-FLAG-HEADER-INJECTEDclj

source

PROXY-V2-ADDR-LEN-IPV4clj

source

PROXY-V2-ADDR-LEN-IPV6clj

source

PROXY-V2-FAMILY-TCP-IPV4clj

source

PROXY-V2-FAMILY-TCP-IPV6clj

source

PROXY-V2-HEADER-SIZE-IPV4clj

source

PROXY-V2-HEADER-SIZE-IPV6clj

source

PROXY-V2-SIG-WORD0clj

source

PROXY-V2-SIG-WORD1clj

source

PROXY-V2-SIG-WORD2clj

source

PROXY-V2-VERSION-CMDclj

source

SHIFT-CHUNK-SIZEclj

source

SHIFT-MAX-CHUNKSclj

source

tc-load-skb-dataclj

(tc-load-skb-data)

Load SKB data and data_end pointers. SKB structure: data at offset 76, data_end at offset 80 Saves: SKB -> r6, data -> r7, data_end -> r8

Load SKB data and data_end pointers.
SKB structure: data at offset 76, data_end at offset 80
Saves: SKB -> r6, data -> r7, data_end -> r8
sourceraw docstring

tc-reload-data-ptrsclj

(tc-reload-data-ptrs)

Reload data pointers from saved SKB context (r6). Required after helpers that may invalidate pointers.

Reload data pointers from saved SKB context (r6).
Required after helpers that may invalidate pointers.
sourceraw docstring

TCP-FLAG-ACKclj

source

TCP-FLAG-FINclj

source

TCP-FLAG-PSHclj

source

TCP-FLAG-RSTclj

source

TCP-FLAG-SYNclj

source

cljdoc builds & hosts documentation for Clojure/Script libraries

Keyboard shortcuts
Ctrl+kJump to recent docs
Move to previous article
Move to next article
Ctrl+/Jump to the search field
Raise an issueBrowse cljdoc sourceChat on Slack
× close