ebpf: document XDP iface redirect

diff --git a/ebpf/xdp_filter.c b/ebpf/xdp_filter.c
index 597ef4883bdfeeb37d35b480aa413ffa04623512..d9c5933a81ebdca83e759e450ea5fc6d3fcfde89 100644 (file)
--- a/ebpf/xdp_filter.c
+++ b/ebpf/xdp_filter.c
@@ -123,6 +123,9 @@ struct bpf_map_def SEC("maps") cpus_count = {
 };
 #endif
 
+/* Map has only one element as we don't handle any sort of
+ * routing for now. Key value set by user space is 0 and
+ * value is the peer interface. */
 struct bpf_map_def SEC("maps") tx_peer = {
        .type = BPF_MAP_TYPE_DEVMAP,
        .key_size = sizeof(int),
@@ -130,6 +133,9 @@ struct bpf_map_def SEC("maps") tx_peer = {
        .max_entries = 1,
 };
 
+/* single entry to indicate if we have peer, key value
+ * set in user space is 0. It is only used to see if
+ * a interface has a peer we need to send the information to */
 struct bpf_map_def SEC("maps") tx_peer_int = {
        .type = BPF_MAP_TYPE_ARRAY,
        .key_size = sizeof(int),

diff --git a/src/util-ebpf.c b/src/util-ebpf.c
index 2cf48ac451e52fc3abaa54acd4f750c43369a10c..cb9388a61c9a60df607f7b74eaabfb3ffdb05057 100644 (file)
--- a/src/util-ebpf.c
+++ b/src/util-ebpf.c
@@ -675,6 +675,18 @@ void EBPFBuildCPUSet(ConfNode *node, char *iface)
                         BPF_ANY);
 }
 
+/**
+ * Setup peer interface in XDP system
+ *
+ * Ths function set up the peer interface in the XDP maps used by the
+ * bypass filter. The first map tx_peer has  type device map and is
+ * used to store the peer. The second map tx_peer_int is used by the
+ * code to check if we have a peer defined for this interface.
+ *
+ * As the map are per device we just need maps with one single element.
+ * In both case, we use the key 0 to enter element so XDP kernel code
+ * is using the same key.
+ */
 int EBPFSetPeerIface(const char *iface, const char *out_iface)
 {
     int mapfd = EBPFGetMapFDByName(iface, "tx_peer");