Extending Cilium - cilium/cilium.io

Extending Cilium

Cilium is a powerful open-source tool for providing security, observability, scalability, and superior performance to cloud-native networking. It is built on eBPF (Extended Berkeley Packet Filter) technology and is a CNCF graduated project. Cilium can be extended in several ways, including custom BPF programs, plugins, and integrations with third-party tools. This document will explore the different options for extending Cilium and provide examples for each option.

Custom BPF Programs

BPF (Berkeley Packet Filter) is a technology that allows users to run sandboxed programs in the Linux kernel without changing kernel source code or loading kernel modules. Cilium uses BPF programs to enforce security policies and provide network functionality. Custom BPF programs can be added to Cilium to extend its functionality.

Here is an example of a simple BPF program that counts the number of packets that match a specific filter:

#include <linux/bpf.h>
#include <linux/pkt_cls.h>

struct xdp_md *ctx;

SEC("prog")
int handle_packet(struct xdp_md *ctx) {
bpf_trace_printk("Packet matched filter\\n");
return XDP_PASS;
}
char _license[] SEC("license") = "Dual BSD/GPL";

This program can be compiled and loaded into the kernel using the following command:

bpftool prog load prog.o /sys/fs/bpf/prog