TC egress program for the load balancer. Handles reply packets from backends: performs SNAT to restore original destination.
TC egress program for the load balancer. Handles reply packets from backends: performs SNAT to restore original destination.
(attach-to-interface prog iface & {:keys [priority] :or {priority 1}})Attach TC egress program to a network interface.
prog: BpfProgram record or program FD iface: Interface name (e.g., "eth0") priority: Filter priority (lower = higher priority)
Attach TC egress program to a network interface. prog: BpfProgram record or program FD iface: Interface name (e.g., "eth0") priority: Filter priority (lower = higher priority)
(attach-to-interfaces prog interfaces & opts)Attach TC egress program to multiple interfaces.
Attach TC egress program to multiple interfaces.
(build-tc-egress-program map-fds)Build the TC egress program.
Performs SNAT on reply packets from backends:
map-fds: Map containing :conntrack-map
Build the TC egress program. Performs SNAT on reply packets from backends: 1. Parses IPv4/TCP/UDP headers 2. Builds reverse 5-tuple key from reply packet 3. Looks up conntrack map to find original destination 4. If found, rewrites source IP/port to original destination 5. Updates checksums using kernel helpers 6. Returns TC_ACT_OK map-fds: Map containing :conntrack-map
(build-tc-ipv4-filter-program)Build TC program that passes IPv4 packets and drops others. Uses clj-ebpf.net primitives for packet parsing.
Build TC program that passes IPv4 packets and drops others. Uses clj-ebpf.net primitives for packet parsing.
(build-tc-pass-program)Build a simple TC program that passes all packets. This is useful for initial testing of program loading/attachment.
Build a simple TC program that passes all packets. This is useful for initial testing of program loading/attachment.
(build-tc-snat-program conntrack-map-fd)Build TC egress program that performs SNAT on reply packets.
This program:
For a reply packet from backend to client:
Register allocation: r6 = saved SKB context (callee-saved) r7 = data pointer (callee-saved) r8 = data_end pointer (callee-saved) r9 = IP header pointer / map value ptr (callee-saved) r0-r5 = scratch, clobbered by helpers
Uses clj-ebpf.asm label-based assembly for automatic jump offset resolution.
Build TC egress program that performs SNAT on reply packets.
This program:
1. Parses IPv4/TCP or IPv4/UDP packets
2. Builds reverse 5-tuple key from reply packet
3. Looks up conntrack map to find original destination
4. If found, performs SNAT (rewrites src IP and port to original dest)
5. Updates IP and L4 checksums using kernel helpers
6. Returns TC_ACT_OK to continue processing
For a reply packet from backend to client:
- Reply: src=backend_ip:backend_port, dst=client_ip:client_port
- Reverse key: {client_ip, backend_ip, client_port, backend_port, proto}
- This matches the conntrack entry created by XDP DNAT
- SNAT rewrites: src=backend -> src=orig_dst (the proxy address)
Register allocation:
r6 = saved SKB context (callee-saved)
r7 = data pointer (callee-saved)
r8 = data_end pointer (callee-saved)
r9 = IP header pointer / map value ptr (callee-saved)
r0-r5 = scratch, clobbered by helpers
Uses clj-ebpf.asm label-based assembly for automatic jump offset resolution.(detach-from-interface iface & {:keys [priority] :or {priority 1}})Detach TC egress program from an interface.
Detach TC egress program from an interface.
(detach-from-interfaces interfaces & opts)Detach TC egress program from multiple interfaces.
Detach TC egress program from multiple interfaces.
(dump-program-bytecode maps)Dump program bytecode for debugging.
Dump program bytecode for debugging.
(load-program maps)Load the TC egress program. Returns a BpfProgram record.
Load the TC egress program. Returns a BpfProgram record.
(setup-tc-qdisc iface)Set up clsact qdisc on an interface (required for TC attachment).
Set up clsact qdisc on an interface (required for TC attachment).
(tc-load-data-ptrs-32 data-reg data-end-reg ctx-reg)Load data and data_end pointers from SKB context using 32-bit loads.
data-reg: Register to store data pointer data-end-reg: Register to store data_end pointer ctx-reg: SKB context register (typically :r1)
Load data and data_end pointers from SKB context using 32-bit loads. data-reg: Register to store data pointer data-end-reg: Register to store data_end pointer ctx-reg: SKB context register (typically :r1)
(teardown-tc-qdisc iface)Remove clsact qdisc from an interface.
Remove clsact qdisc from an interface.
(verify-program maps)Verify the TC program can be loaded (dry run). Returns {:valid true} or {:valid false :error <message>}
Verify the TC program can be loaded (dry run).
Returns {:valid true} or {:valid false :error <message>}cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |