RE: Fwd: eBPF sockhash datastructure and stream_parser/stream_verdict programs

BPF List
 help / color / mirror / Atom feed

From: John Fastabend <john.fastabend@gmail.com>
To: His Shadow <shadowpilot34@gmail.com>, bpf@vger.kernel.org
Subject: RE: Fwd: eBPF sockhash datastructure and stream_parser/stream_verdict programs
Date: Tue, 04 Jan 2022 13:09:52 -0800	[thread overview]
Message-ID: <61d4b7a06ddea_460792081b@john.notmuch> (raw)
In-Reply-To: <CAK7W0xfX35NSKa_ExcpJkWoy1iX5mU7ogjHbr=T5sHJ9U+D0fQ@mail.gmail.com>

His Shadow wrote:
> Resending to the list, since gmail only picks first responder :(
> 
> >Are you saying the packets arrived before you put the socket into the sockmap?
> Yes, exactly!
> 
> Could you elaborate on how BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB would
> be helpful? I assume I need to set up a sockops program and record
> passive ends pointers to bpf_sock somewhere, then redirect from
> passive to passive or passive->active?

Correct. The common way to build a bpf proxy here is to add sockets
to a sock{hash|map} from the sockops program when the connection
is established. This avoids missing bytes as you've noticed.

Alternatively, you can put the known sockets in the map from user
space and then monitor for new sockets with some tuple/key and
insert them based on whatever policy decides sockets need to
be redirected.

> 
> 
> -- 
> HisShadow

next prev parent reply	other threads:[~2022-01-04 21:09 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-03 12:53 eBPF sockhash datastructure and stream_parser/stream_verdict programs His Shadow
2022-01-04  0:44 ` Cong Wang
     [not found]   ` <CAK7W0xezGaA1TZcsxkt_hf+b0LU+396CmetejFBEXjqtvbmDkA@mail.gmail.com>
2022-01-04 10:24     ` Fwd: " His Shadow
2022-01-04 21:09       ` John Fastabend [this message]
2022-01-06  7:47         ` His Shadow
2022-01-10 16:20           ` His Shadow

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=61d4b7a06ddea_460792081b@john.notmuch \
    --to=john.fastabend@gmail.com \
    --cc=bpf@vger.kernel.org \
    --cc=shadowpilot34@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox