github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/libnetwork/drivers/overlay/encryption_bpf.go

github.com/kaisenlinux/docker.io@v0.0.0-20230510090727-ea55db55fac7/libnetwork/drivers/overlay/encryption_bpf.go (about)

     1  package overlay
     2  
     3  import (
     4  	"strconv"
     5  )
     6  
     7  // matchVXLANWithBPF returns an iptables rule fragment which matches VXLAN
     8  // datagrams with the given destination port and VXLAN Network ID utilizing the
     9  // xt_bpf netfilter kernel module. The returned slice's backing array is
    10  // guaranteed not to alias any other slice's.
    11  func matchVXLANWithBPF(port, vni uint32) []string {
    12  	dport := strconv.FormatUint(uint64(port), 10)
    13  	vniMatch := marshalXTBPF(vniMatchBPF(vni))
    14  
    15  	// https://ipset.netfilter.org/iptables-extensions.man.html#lbAH
    16  	return []string{"-p", "udp", "--dport", dport, "-m", "bpf", "--bytecode", vniMatch}
    17  }