Jump to content


[C] IPIP Direct via TC Egress Hook/Filter

Recommended Posts

Hey everyone,


I just wanted to share a big project I've been working hard on the last few days that will highly benefit GFL's Anycast network once fully completely. You can read the benefits of this program for GFL in this post.



A program made to attach to the TC hook using the egress filter. This program makes it so any outgoing IPIP packets are sent directly back to the client instead of back through the IPIP tunnel. In cases where you don't need the end-application replies to go back through the forwarding server/IPIP tunnel, this is very useful and will result in less load on the forwarding server. With that said, in other cases it can result in less latency and more.



Usage is as follows:


./IPIPDirect_Loader <Interface> [<Interface IP>]

You shouldn't need the second argument (Interface IP) since the program is supposed to get the interface's IP automatically.




./IPIPDirect_Loader ens18



Use the MAKE file to install the program. These commands should do:


make install

You may also clean the installation by executing:


make clean


Systemd File

A systemd file is located in the other/ directory and is installed via make install. You will need to edit the system file if you are using an interface other than ens18.


You may enable the service by executing so it'll start on bootup:


systemctl enable IPIPDirect

You may start/stop/restart the service by executing:


systemctl restart IPIPDirect # Restart service.
systemctl stop IPIPDirect # Stop service.
systemctl start IPIPDirect # Start service.

Kernel Requirements

Kernel >= 5.3 is required for this. Newer kernels add the BPF_ADJ_ROOM_MAC mode to the bpf_skb_adjust_room() function which is needed for this program to work correctly.



When compiling, you may need to copy /usr/src/linux-headers-xxx/include/uapi/linux/bpf.h to /usr/include/linux/bpf.h. For some reason, newer kernels don't have an up-to-date /usr/include/linux/bpf.h file. I'm unsure if this is intentional or a bug. However, I got the program to compile properly by copying that file.




GitHub Link/Download


Thank you!

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...