* eBPF sockhash datastructure and stream_parser/stream_verdict programs @ 2022-01-03 12:53 His Shadow 2022-01-04 0:44 ` Cong Wang 0 siblings, 1 reply; 6+ messages in thread From: His Shadow @ 2022-01-03 12:53 UTC (permalink / raw) To: bpf Greeetings. Here's the problem. I've written a simple program, that, when a connection is established, it establishes a connection to a predetermined target and starts routing traffic between a user connection and a new connection. I've tried to use ebpf stream_parser/verdict programs for this, however there's a problem: when a connection to my program is established, client sends the data immediately, however there's a delay, while I establish a connection to the target. So stream_verdict never gets called, because the data is already in the socket receive queue(or maybe I'm misunderstanding something). Is there a way around this? Should I use something else, like skb_msg verdict? ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: eBPF sockhash datastructure and stream_parser/stream_verdict programs 2022-01-03 12:53 eBPF sockhash datastructure and stream_parser/stream_verdict programs His Shadow @ 2022-01-04 0:44 ` Cong Wang [not found] ` <CAK7W0xezGaA1TZcsxkt_hf+b0LU+396CmetejFBEXjqtvbmDkA@mail.gmail.com> 0 siblings, 1 reply; 6+ messages in thread From: Cong Wang @ 2022-01-04 0:44 UTC (permalink / raw) To: His Shadow; +Cc: bpf Hi, His On Mon, Jan 03, 2022 at 03:53:12PM +0300, His Shadow wrote: > Greeetings. Here's the problem. I've written a simple program, that, > when a connection is established, it establishes a connection to a > predetermined target and starts routing traffic between a user > connection and a new connection. > I've tried to use ebpf stream_parser/verdict programs for this, > however there's a problem: when a connection to my program is > established, client sends the data immediately, however there's a > delay, while I establish a connection to the target. So stream_verdict > never gets called, because the data is already in the socket receive > queue(or maybe I'm misunderstanding something). Is there a way around > this? Should I use something else, like skb_msg verdict? Are you saying the packets arrived before you put the socket into the sockmap? If so, you can consider BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB. Hope this helps. Thanks. ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <CAK7W0xezGaA1TZcsxkt_hf+b0LU+396CmetejFBEXjqtvbmDkA@mail.gmail.com>]
* Fwd: eBPF sockhash datastructure and stream_parser/stream_verdict programs [not found] ` <CAK7W0xezGaA1TZcsxkt_hf+b0LU+396CmetejFBEXjqtvbmDkA@mail.gmail.com> @ 2022-01-04 10:24 ` His Shadow 2022-01-04 21:09 ` John Fastabend 0 siblings, 1 reply; 6+ messages in thread From: His Shadow @ 2022-01-04 10:24 UTC (permalink / raw) To: bpf Resending to the list, since gmail only picks first responder :( >Are you saying the packets arrived before you put the socket into the sockmap? Yes, exactly! Could you elaborate on how BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB would be helpful? I assume I need to set up a sockops program and record passive ends pointers to bpf_sock somewhere, then redirect from passive to passive or passive->active? -- HisShadow ^ permalink raw reply [flat|nested] 6+ messages in thread
* RE: Fwd: eBPF sockhash datastructure and stream_parser/stream_verdict programs 2022-01-04 10:24 ` Fwd: " His Shadow @ 2022-01-04 21:09 ` John Fastabend 2022-01-06 7:47 ` His Shadow 0 siblings, 1 reply; 6+ messages in thread From: John Fastabend @ 2022-01-04 21:09 UTC (permalink / raw) To: His Shadow, bpf His Shadow wrote: > Resending to the list, since gmail only picks first responder :( > > >Are you saying the packets arrived before you put the socket into the sockmap? > Yes, exactly! > > Could you elaborate on how BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB would > be helpful? I assume I need to set up a sockops program and record > passive ends pointers to bpf_sock somewhere, then redirect from > passive to passive or passive->active? Correct. The common way to build a bpf proxy here is to add sockets to a sock{hash|map} from the sockops program when the connection is established. This avoids missing bytes as you've noticed. Alternatively, you can put the known sockets in the map from user space and then monitor for new sockets with some tuple/key and insert them based on whatever policy decides sockets need to be redirected. > > > -- > HisShadow ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Fwd: eBPF sockhash datastructure and stream_parser/stream_verdict programs 2022-01-04 21:09 ` John Fastabend @ 2022-01-06 7:47 ` His Shadow 2022-01-10 16:20 ` His Shadow 0 siblings, 1 reply; 6+ messages in thread From: His Shadow @ 2022-01-06 7:47 UTC (permalink / raw) To: John Fastabend; +Cc: bpf >Alternatively, you can put the known sockets in the map from user >space and then monitor for new sockets with some tuple/key and >insert them based on whatever policy decides sockets need to >be redirected. I think that's what I did. I put socket fds into a normal HASH, with keys being localip localport remoteip remoteport for the other socket, then in verdict I looked up the value for that socket's key, and redirected based on that. But that's exactly when I encountered that problem. Or are you talking about something else? ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Fwd: eBPF sockhash datastructure and stream_parser/stream_verdict programs 2022-01-06 7:47 ` His Shadow @ 2022-01-10 16:20 ` His Shadow 0 siblings, 0 replies; 6+ messages in thread From: His Shadow @ 2022-01-10 16:20 UTC (permalink / raw) To: bpf Let's say I'm writing a simple SOCKS4/4a server(yes, obsolete, but still does it's job), no authorization(although it wouldn't matter). So I need to read some data from the client: ip and port and maybe domain if it's 4A. Then I connect to the ip/domain:port and send a success response. Meanwhile the IP/Domain:port I connected to, before sending success to the client might send some data, like if the target was an SSH server, it sends a version string right away if you connect to it. So it could be missed if I then put client and target socket into a sockmap/hash and tell them to redirect traffic to each other. I've tried very hard to figure out a way to use eBPF stream_verdict or sk_msg_verdict to redirect traffic right when I need it, but I think it is impossible. Do I have to do SOCKS4/4A parsing inside stream_parser and communicate with my userspace program via a ring buffer about the results? But I'm not sure how that could help with missing bytes. I guess I got interested after I read that article on cloudflare blog about sockmap https://blog.cloudflare.com/sockmap-tcp-splicing-of-the-future/ , but their example of an echo server is plagued with the same problem, if you put a delay, before socket addition to a sockmap. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2022-01-10 16:21 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-01-03 12:53 eBPF sockhash datastructure and stream_parser/stream_verdict programs His Shadow
2022-01-04 0:44 ` Cong Wang
[not found] ` <CAK7W0xezGaA1TZcsxkt_hf+b0LU+396CmetejFBEXjqtvbmDkA@mail.gmail.com>
2022-01-04 10:24 ` Fwd: " His Shadow
2022-01-04 21:09 ` John Fastabend
2022-01-06 7:47 ` His Shadow
2022-01-10 16:20 ` His Shadow
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox