Skip to main content

Browse the archive

https://github.com/cilium/cilium
12 July 2024, 03:14:21 UTC
Raw File
Tip revision: c408445c13d34dcd8dba1663a16b0714aaf9814b authored by Michi Mutsuzaki on 26 January 2023, 00:25:46 UTC
Prepare for release v1.10.19
Tip revision: c408445
Makefile 
# Copyright 2017-2021 Authors of Cilium
# SPDX-License-Identifier: Apache-2.0

include ../Makefile.defs

.PHONY: all bpf_all build_all subdirs install clean

SUBDIRS = sockops custom

BPF_SIMPLE = bpf_network.o bpf_alignchecker.o
BPF_SIMPLE_C = $(patsubst %.o,%.c,${BPF_SIMPLE})
BPF_SIMPLE_LL = $(patsubst %.o,%.ll,${BPF_SIMPLE})
BPF_TEST=tests/bpf_ct_tests.o
BPF = bpf_lxc.o bpf_overlay.o bpf_sock.o bpf_host.o bpf_xdp.o $(BPF_SIMPLE)

TARGET=cilium-map-migrate cilium-probe-kernel-hz
KERNEL ?= "49"

include ./Makefile.bpf

ifeq ("$(PKG_BUILD)","")
all: $(TARGET) bpf_all

bpf_all: $(BPF) subdirs

build_all: force
	@touch $(BUILD_PERMUTATIONS_DEP)
	@$(ECHO_CHECK)/*.c BUILD_PERMUTATIONS=1
	$(QUIET) $(MAKE) $(SUBMAKEOPTS) bpf_all BUILD_PERMUTATIONS=1

BUILD_PERMUTATIONS ?= ""

BPF_SIMPLE_OPTIONS += \
	-DENABLE_IPV4=1 -DENABLE_IPV6=1 -DENABLE_IPSEC=1 -DIP_POOLS=1
ifneq ("$(KERNEL)","49")
BPF_SIMPLE_OPTIONS += -DHAVE_LPM_TRIE_MAP_TYPE -DHAVE_LRU_HASH_MAP_TYPE
endif

$(BPF_SIMPLE_LL): $(BPF_SIMPLE_C)
	@$(ECHO_CC)
	$(QUIET) ${CLANG} ${BPF_SIMPLE_OPTIONS} ${CLANG_FLAGS} -c $(patsubst %.ll,%.c,$@) -o $@

$(BPF_SIMPLE): $(BPF_SIMPLE_LL)
	@$(ECHO_CC)
	$(QUIET) ${LLC} ${LLC_FLAGS} -filetype=obj -o $@ $(patsubst %.o,%.ll,$@)

# Hack to get make to replace : with a space
null :=
space := ${null} ${null}

# The following option combinations are compile tested
LB_OPTIONS = \
	-DSKIP_DEBUG: \
	-DENABLE_IPV4: \
	-DENABLE_IPV4:-DENCAP_IFINDEX:-DTUNNEL_MODE: \
	-DENABLE_IPV4:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_IPV4_FRAGMENTS: \
	-DENABLE_IPV4:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_IPSEC:-DIP_POOLS: \
	-DENABLE_IPV6: \
	-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE: \
	-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_IPSEC:-DIP_POOLS: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_IPSEC:-DIP_POOLS: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_HOST_SERVICES_UDP: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_HOST_SERVICES_TCP: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_ENCAP_HOST_REMAP: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_HOST_SERVICES_UDP:-DENABLE_NODEPORT: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_NODEPORT_ACCELERATION: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_NODEPORT_ACCELERATION:-DENABLE_SESSION_AFFINITY: \
	-DENABLE_IPV4:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_NODEPORT_ACCELERATION:-DENABLE_SESSION_AFFINITY: \
	-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_NODEPORT_ACCELERATION:-DENABLE_SESSION_AFFINITY: \
	-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_NODEPORT_ACCELERATION:-DENABLE_SESSION_AFFINITY:-DENABLE_SRC_RANGE_CHECK: \
	-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_NODEPORT_ACCELERATION:-DENABLE_SESSION_AFFINITY:-DENABLE_BANDWIDTH_MANAGER: \
	-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_NODEPORT_ACCELERATION:-DENABLE_SESSION_AFFINITY:-DENABLE_BANDWIDTH_MANAGER:-DENABLE_SRC_RANGE_CHECK: \
	-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_NODEPORT_ACCELERATION:-DENABLE_SESSION_AFFINITY:-DENABLE_BANDWIDTH_MANAGER:-DENABLE_SRC_RANGE_CHECK:-DLB_SELECTION:-DLB_SELECTION_MAGLEV: \
	-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_NODEPORT_ACCELERATION:-DENABLE_SESSION_AFFINITY:-DENABLE_BANDWIDTH_MANAGER:-DENABLE_SRC_RANGE_CHECK:-DLB_SELECTION:-DLB_SELECTION_MAGLEV:-DENABLE_SOCKET_LB_HOST_ONLY

# These options are intended to max out the BPF program complexity. it is load
# tested as well.
MAX_BASE_OPTIONS = -DSKIP_DEBUG=1 -DENABLE_IPV4=1 -DENABLE_IPV6=1 \
	-DENABLE_HOST_SERVICES_TCP=1 -DENABLE_HOST_SERVICES_UDP=1 \
	-DENABLE_HOST_REDIRECT=1 -DENABLE_ROUTING=1 -DNO_REDIRECT=1 \
	-DPOLICY_VERDICT_NOTIFY=1 -DALLOW_ICMP_FRAG_NEEDED=1 -DENABLE_IDENTITY_MARK=1 \
	-DMONITOR_AGGREGATION=3 -DCT_REPORT_FLAGS=0x0002 -DENABLE_HOST_FIREWALL=1
ifeq ("$(KERNEL)","49")
# IPSec is incompatible with BPF NodePort so we only enable on 4.9.
MAX_BASE_OPTIONS += -DENABLE_IPSEC=1 -DIP_POOLS=1
else
MAX_BASE_OPTIONS += -DHAVE_LPM_TRIE_MAP_TYPE=1 -DHAVE_LRU_HASH_MAP_TYPE=1 \
	-DENABLE_MASQUERADE=1 -DENABLE_SRC_RANGE_CHECK=1 -DENABLE_NODEPORT=1 \
	-DENABLE_EXTERNAL_IP=1 -DENABLE_NODEPORT_ACCELERATION=1 \
	-DENABLE_SESSION_AFFINITY=1 -DENABLE_DSR_ICMP_ERRORS=1 -DENABLE_DSR=1 \
	-DENABLE_HOSTPORT=1 -DENABLE_LOADBALANCER -DENABLE_DSR_HYBRID=1 \
	-DENABLE_IPV4_FRAGMENTS=1
ifeq ("$(KERNEL)","54")
MAX_BASE_OPTIONS += -DENABLE_BANDWIDTH_MANAGER=1
else ifeq ("$(KERNEL)","netnext")
# We define ENABLE_CUSTOM_CALLS only for net-next (vs. net-next and 4.19) to work
# around program size issue #15539.
# We define ETH_HLEN only for net-next, as bpf_skb_change_head is non-available
# on 4.{9,19}.
MAX_BASE_OPTIONS += -DENABLE_TPROXY=1 -DENABLE_REDIRECT_FAST=1 -DENABLE_BANDWIDTH_MANAGER=1 \
	-DENABLE_CUSTOM_CALLS=1 -DETH_HLEN=0 -DENABLE_WIREGUARD
endif
endif

ifndef MAX_LB_OPTIONS
MAX_LB_OPTIONS = $(MAX_BASE_OPTIONS) -DENABLE_NAT46=1 -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1
ifneq ("$(KERNEL)","49")
MAX_LB_OPTIONS += -DLB_SELECTION=1 -DLB_SELECTION_MAGLEV=1
endif
endif

bpf_sock.ll: bpf_sock.c $(LIB)
	$(QUIET) set -e; \
	if [ $(BUILD_PERMUTATIONS) != "" ]; then \
		$(foreach OPTS,$(LB_OPTIONS), \
			$(ECHO_CC) " [$(subst :,=1$(space),$(OPTS))]"; \
			${CLANG} $(subst :,=1$(space),$(OPTS)) ${CLANG_FLAGS} -c $< -o $@; \
			${LLC} ${LLC_FLAGS} -o /dev/null $@; ) \
	fi
	@$(ECHO_CC)
	$(QUIET) ${CLANG} ${MAX_LB_OPTIONS} ${CLANG_FLAGS} -c $< -o $@

bpf_sock.o: bpf_sock.ll
	@$(ECHO_CC)
	$(QUIET) ${LLC} ${LLC_FLAGS} -filetype=obj -o $@ $(patsubst %.o,%.ll,$@)

ifndef MAX_OVERLAY_OPTIONS
MAX_OVERLAY_OPTIONS = $(MAX_BASE_OPTIONS) -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1
ifneq ("$(KERNEL)","49")
MAX_OVERLAY_OPTIONS += -DLB_SELECTION=1 -DLB_SELECTION_MAGLEV=1
endif
endif

bpf_overlay.ll: bpf_overlay.c $(LIB)
	$(QUIET) set -e; \
	if [ $(BUILD_PERMUTATIONS) != "" ]; then \
		$(foreach OPTS,$(LB_OPTIONS), \
			$(ECHO_CC) " [$(subst :,=1$(space),$(OPTS)) -DENCAP_IFINDEX=1]"; \
			${CLANG} $(subst :,=1$(space),$(OPTS)) -DENCAP_IFINDEX=1 ${CLANG_FLAGS} -c $< -o $@; \
			${LLC} ${LLC_FLAGS} -o /dev/null $@; ) \
	fi
	@$(ECHO_CC)
	$(QUIET) ${CLANG} ${MAX_OVERLAY_OPTIONS} ${CLANG_FLAGS} -c $< -o $@

bpf_overlay.o: bpf_overlay.ll
	@$(ECHO_CC)
	$(QUIET) ${LLC} ${LLC_FLAGS} -filetype=obj -o $@ $(patsubst %.o,%.ll,$@)

HOST_OPTIONS = $(LXC_OPTIONS) \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_HOST_FIREWALL: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_HOST_FIREWALL: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_EXTERNAL_IP:-DENABLE_DSR: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_EXTERNAL_IP:-DENABLE_DSR: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_IPSEC:-DHAVE_FIB_LOOKUP:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_EXTERNAL_IP:-DENABLE_DSR: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_HOSTPORT: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_MASQUERADE: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_MASQUERADE:-DENABLE_EGRESS_GATEWAY \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_MASQUERADE: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_IPSEC:-DHAVE_FIB_LOOKUP:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_MASQUERADE: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_DSR: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_DSR:-DENABLE_DSR_HYBRID: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_DSR:-DENABLE_DSR_HYBRID:-DENABLE_HOST_FIREWALL: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_NODEPORT_ACCELERATION:-DENABLE_EXTERNAL_IP:-DENABLE_DSR:-DENABLE_DSR_HYBRID:-DENABLE_PREFILTER: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_NODEPORT_ACCELERATION:-DENABLE_EXTERNAL_IP:-DENABLE_DSR:-DENABLE_DSR_HYBRID:-DENABLE_PREFILTER:-DENABLE_HOST_FIREWALL: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_NODEPORT_ACCELERATION:-DENABLE_EXTERNAL_IP:-DENABLE_DSR:-DENABLE_DSR_HYBRID:-DENABLE_PREFILTER:-DENABLE_SESSION_AFFINITY:-DENABLE_HOST_FIREWALL:

ifndef MAX_HOST_OPTIONS
MAX_HOST_OPTIONS = $(MAX_BASE_OPTIONS) -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1

# Egress Gateway should only be enabled for >= 5.2 kernels
ifneq (,$(filter $(KERNEL),"54" "netnext"))
MAX_HOST_OPTIONS += -DENABLE_EGRESS_GATEWAY=1
endif
endif

bpf_host.ll: bpf_host.c $(LIB)
	$(QUIET) set -e; \
	if [ $(BUILD_PERMUTATIONS) != "" ]; then \
		$(foreach OPTS,$(HOST_OPTIONS), \
			$(ECHO_CC) " [$(subst :,=1$(space),$(OPTS))]"; \
			${CLANG} $(subst :,=1$(space),$(OPTS)) ${CLANG_FLAGS} -c $< -o $@; \
			${LLC} ${LLC_FLAGS} -o /dev/null $@; ) \
	fi
	@$(ECHO_CC)
	$(QUIET) ${CLANG} ${MAX_HOST_OPTIONS} ${CLANG_FLAGS} -c $< -o $@

bpf_host.o: bpf_host.ll
	@$(ECHO_CC)
	$(QUIET) ${LLC} ${LLC_FLAGS} -filetype=obj -o $@ $(patsubst %.o,%.ll,$@)

XDP_OPTIONS = $(LB_OPTIONS) \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_EXTERNAL_IP:-DENABLE_DSR:-DFROM_HOST: \
	-DENABLE_IPV4:-DENABLE_IPV6:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_EXTERNAL_IP:-DENABLE_DSR:-DFROM_HOST: \
	-DENABLE_NODEPORT_ACCELERATION:-DENABLE_IPV4:-DENABLE_IPV6:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_HOSTPORT: \
	-DENABLE_NODEPORT_ACCELERATION:-DENABLE_IPV4:-DENABLE_IPV6:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_MASQUERADE: \
	-DENABLE_NODEPORT_ACCELERATION:-DENABLE_IPV4:-DENABLE_IPV6:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_MASQUERADE: \
	-DENABLE_NODEPORT_ACCELERATION:-DENABLE_IPV4:-DENABLE_IPV6:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_DSR: \
	-DENABLE_NODEPORT_ACCELERATION:-DENABLE_IPV4:-DENABLE_IPV6:-DENABLE_HOST_SERVICES_UDP:-DENABLE_HOST_SERVICES_TCP:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_DSR:-DENABLE_DSR_HYBRID: \
	-DENABLE_NODEPORT_ACCELERATION:-DENABLE_IPV4:-DENABLE_IPV6:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_DSR:-DDSR_ENCAP_MODE:-DDSR_ENCAP_NONE:-DDSR_ENCAP_IPIP=2 \
	-DENABLE_NODEPORT_ACCELERATION:-DENABLE_IPV4:-DENABLE_IPV6:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_DSR:-DDSR_ENCAP_MODE:-DDSR_ENCAP_IPIP:-DDSR_ENCAP_NONE=2 \
	-DENABLE_NODEPORT_ACCELERATION:-DENABLE_IPV4:-DENABLE_IPV6:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_DSR:-DENABLE_CAPTURE:-DDSR_ENCAP_MODE:-DDSR_ENCAP_NONE:-DDSR_ENCAP_IPIP=2 \
	-DENABLE_NODEPORT_ACCELERATION:-DENABLE_IPV4:-DENABLE_IPV6:-DENABLE_NODEPORT:-DENABLE_EXTERNAL_IP:-DENABLE_DSR:-DENABLE_CAPTURE:-DDSR_ENCAP_MODE:-DDSR_ENCAP_IPIP:-DDSR_ENCAP_NONE=2

ifndef MAX_XDP_OPTIONS
MAX_XDP_OPTIONS = $(MAX_BASE_OPTIONS) -DENABLE_PREFILTER=1
ifneq ("$(KERNEL)","49")
MAX_XDP_OPTIONS += -DLB_SELECTION=1 -DLB_SELECTION_MAGLEV=1
endif
endif

bpf_xdp.ll: bpf_xdp.c $(LIB)
	$(QUIET) set -e; \
	if [ $(BUILD_PERMUTATIONS) != "" ]; then \
		$(foreach OPTS,$(XDP_OPTIONS), \
			$(ECHO_CC) " [$(subst :,=1$(space),$(OPTS))]"; \
			${CLANG} $(subst :,=1$(space),$(OPTS)) ${CLANG_FLAGS} -c $< -o $@; \
			${LLC} ${LLC_FLAGS} -o /dev/null $@; ) \
	fi
	@$(ECHO_CC)
	$(QUIET) ${CLANG} ${MAX_XDP_OPTIONS} ${CLANG_FLAGS} -c $< -o $@

bpf_xdp.o: bpf_xdp.ll
	@$(ECHO_CC)
	$(QUIET) ${LLC} ${LLC_FLAGS} -filetype=obj -o $@ $(patsubst %.o,%.ll,$@)

# The following option combinations are compile tested
LXC_OPTIONS = \
	 -DHOST_REDIRECT_TO_INGRESS: \
	 -DALLOW_ICMP_FRAG_NEEDED: \
	 -DSKIP_DEBUG: \
	 -DHAVE_LPM_TRIE_MAP_TYPE: \
	 -DHAVE_LRU_HASH_MAP_TYPE: \
	 -DENABLE_IPV4: \
	 -DENABLE_IPV6: \
	 -DENABLE_IPV4:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY: \
	 -DENABLE_IPV4:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_IPSEC:-DIP_POOLS: \
	 -DENABLE_IPV4:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DHAVE_LPM_TRIE_MAP_TYPE: \
	 -DENABLE_IPV4:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DHAVE_LPM_TRIE_MAP_TYPE:-DENABLE_EGRESS_GATEWAY: \
	 -DENABLE_IPV4:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DHAVE_LPM_TRIE_MAP_TYPE:-DHAVE_LRU_HASH_MAP_TYPE: \
	 -DENABLE_IPV4:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_IPV4_FRAGMENTS: \
	 -DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY: \
	 -DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_IPSEC:-DIP_POOLS: \
	 -DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DHAVE_LPM_TRIE_MAP_TYPE: \
	 -DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DHAVE_LPM_TRIE_MAP_TYPE:-DHAVE_LRU_HASH_MAP_TYPE: \
	 -DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_IPV4: \
	 -DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_IPV4:-DENABLE_ROUTING: \
	 -DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_IPV4:-DENABLE_IPSEC:-DIP_POOLS:-DENABLE_ENCAP_HOST_REMAP: \
	 -DENABLE_IPV4:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_IPV6:-DHAVE_LPM_TRIE_MAP_TYPE:-DHAVE_LRU_HASH_MAP_TYPE: \
	 -DENABLE_IPV4:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DENABLE_IPV6:-DHAVE_LPM_TRIE_MAP_TYPE:-DHAVE_LRU_HASH_MAP_TYPE:-DENABLE_TPROXY: \
	 -DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_HOST_REDIRECT:-DENABLE_IPV4:-DENABLE_IPV6:-DPOLICY_VERDICT_NOTIFY: \
	 -DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_HOST_REDIRECT:-DENABLE_IPV4:-DENABLE_IPV6:-DPOLICY_VERDICT_NOTIFY:-DENABLE_NAT46: \
	 -DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_NODEPORT:-DENABLE_IPV4:-DENABLE_IPV6:-DPOLICY_VERDICT_NOTIFY: \
	 -DENCAP_IFINDEX:-DTUNNEL_MODE:-DENABLE_NODEPORT:-DENABLE_DSR:-DENABLE_IPV4:-DENABLE_IPV6:-DPOLICY_VERDICT_NOTIFY: \
	 -DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DPOLICY_VERDICT_NOTIFY:-DUSE_BPF_PROG_FOR_INGRESS_POLICY: \
	 -DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DHAVE_LPM_TRIE_MAP_TYPE:-DHAVE_LRU_HASH_MAP_TYPE:-DENABLE_TPROXY:-DENABLE_REDIRECT_FAST: \
	 -DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DHAVE_LPM_TRIE_MAP_TYPE:-DHAVE_LRU_HASH_MAP_TYPE:-DENABLE_TPROXY:-DENABLE_REDIRECT_FAST:-DENABLE_SKIP_FIB: \
	 -DENABLE_IPV4:-DENABLE_IPV6:-DENCAP_IFINDEX:-DTUNNEL_MODE:-DHAVE_LPM_TRIE_MAP_TYPE:-DHAVE_LRU_HASH_MAP_TYPE:-DENABLE_TPROXY:-DENABLE_REDIRECT_FAST:-DENABLE_SKIP_FIB:-DENABLE_WIREGUARD:

# These options are intended to max out the BPF program complexity. it is load
# tested as well.
ifndef MAX_LXC_OPTIONS
MAX_LXC_OPTIONS = $(MAX_BASE_OPTIONS) -DENCAP_IFINDEX=1 -DTUNNEL_MODE=1

# Egress Gateway should only be enabled for >= 5.2 kernels
ifneq (,$(filter $(KERNEL),"54" "netnext"))
MAX_LXC_OPTIONS += -DENABLE_EGRESS_GATEWAY=1
endif
endif

bpf_lxc.ll: bpf_lxc.c $(LIB)
	$(QUIET) set -e; \
	if [ $(BUILD_PERMUTATIONS) != "" ]; then \
		$(foreach OPTS,$(LXC_OPTIONS), \
			$(ECHO_CC) " [$(subst :,=1$(space),$(OPTS))]"; \
			${CLANG} $(subst :,=1$(space),$(OPTS)) ${CLANG_FLAGS} -c $< -o $@; \
			${LLC} ${LLC_FLAGS} -o /dev/null $@; ) \
	fi
	@$(ECHO_CC)
	$(QUIET) ${CLANG} ${MAX_LXC_OPTIONS} ${CLANG_FLAGS} -c $< -o $@

bpf_lxc.o: bpf_lxc.ll
	@$(ECHO_CC)
	$(QUIET) ${LLC} ${LLC_FLAGS} -filetype=obj -o $@ $(patsubst %.o,%.ll,$@)

CT_TEST_OPTIONS = -DENABLE_IPV4 -DENABLE_IPV6 -DENABLE_HOST_REDIRECT -DENABLE_NAT46 \
	-DENABLE_ROUTING -DENABLE_IPSEC -DIP_POOLS -DPOLICY_VERDICT_NOTIFY

tests/bpf_ct_tests.ll: tests/bpf_ct_tests.c $(LIB)
	@$(ECHO_CC)
	$(QUIET) ${CLANG} $(patsubst %,%=1,${CT_TEST_OPTIONS}) ${CLANG_FLAGS} -c $< -o $@

tests/bpf_ct_tests.o: tests/bpf_ct_tests.ll
	@$(ECHO_CC)
	$(QUIET) ${LLC} ${LLC_FLAGS} -filetype=obj -o $@ $(patsubst %.o,%.ll,$@)

.PHONY: go_prog_test
go_prog_test: $(BPF_TEST)
	$(GO) test -tags privileged_tests -exec sudo ./tests/prog_test

subdirs: $(SUBDIRS)
	$(QUIET) $(foreach TARGET,$(SUBDIRS), \
		$(MAKE) $(SUBMAKEOPTS) -C $(TARGET) &&) true

else
all: $(TARGET)
endif

$(TARGET): %: %.c
	@$(ECHO_CC)
	@# Due to gcc bug, -lelf needs to be at the end.
	$(QUIET) ${HOST_CC} -Wall -O2 -Wno-format-truncation -I include/ $@.c -lelf -o $@
	$(QUIET) ${HOST_STRIP} $@

install:
	$(QUIET)$(INSTALL) -m 0755 $(TARGET) $(DESTDIR)$(BINDIR)

install-binary: install

install-bash-completion:

clean:
	@$(ECHO_CLEAN)
	$(QUIET) $(foreach TARGET,$(SUBDIRS), \
		$(MAKE) $(SUBMAKEOPTS) -C $(TARGET) clean;)
	$(QUIET)rm -fr *.o *.ll *.i *.s
	$(QUIET)rm -f $(TARGET)
back to top