Skip to content

Commit

Permalink
bpf: Get tuple from skb->sk at dae0 ingress
Browse files Browse the repository at this point in the history
This saves us from heavy duty of parse_transport and get_tuples.
  • Loading branch information
jschwinger233 committed Aug 7, 2024
1 parent 29604ac commit de6e54b
Showing 1 changed file with 13 additions and 24 deletions.
37 changes: 13 additions & 24 deletions control/kern/tproxy.c
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,6 @@ union ip6 {
struct redirect_tuple {
union ip6 sip;
union ip6 dip;
__u8 l4proto;
};

struct redirect_entry {
Expand Down Expand Up @@ -963,7 +962,6 @@ static __always_inline void prep_redirect_to_control_plane(
__builtin_memcpy(&redirect_tuple.dip, &tuples->five.dip,
IPV6_BYTE_LENGTH);
}
redirect_tuple.l4proto = l4proto;
struct redirect_entry redirect_entry = {};

redirect_entry.ifindex = skb->ifindex;
Expand Down Expand Up @@ -1637,36 +1635,27 @@ int tproxy_dae0peer_ingress(struct __sk_buff *skb)
SEC("tc/dae0_ingress")
int tproxy_dae0_ingress(struct __sk_buff *skb)
{
struct ethhdr ethh;
struct iphdr iph;
struct ipv6hdr ipv6h;
struct icmp6hdr icmp6h;
struct tcphdr tcph;
struct udphdr udph;
__u8 ihl;
__u8 l4proto;
__u32 link_h_len = 14;

if (parse_transport(skb, link_h_len, &ethh, &iph, &ipv6h, &icmp6h,
&tcph, &udph, &ihl, &l4proto))
struct bpf_sock *sk = skb->sk;
if (!sk)
return TC_ACT_OK;
struct tuples tuples;

get_tuples(skb, &tuples, &iph, &ipv6h, &tcph, &udph, l4proto);

// reverse the tuple!
struct redirect_tuple redirect_tuple = {};

if (skb->protocol == bpf_htons(ETH_P_IP)) {
redirect_tuple.sip.u6_addr32[3] = tuples.five.dip.u6_addr32[3];
redirect_tuple.dip.u6_addr32[3] = tuples.five.sip.u6_addr32[3];
redirect_tuple.sip.u6_addr32[3] = sk->dst_ip4;
redirect_tuple.dip.u6_addr32[3] = sk->src_ip4;
} else {
__builtin_memcpy(&redirect_tuple.sip, &tuples.five.dip,
IPV6_BYTE_LENGTH);
__builtin_memcpy(&redirect_tuple.dip, &tuples.five.sip,
IPV6_BYTE_LENGTH);
redirect_tuple.sip.u6_addr32[3] = sk->dst_ip6[3];
redirect_tuple.sip.u6_addr32[2] = sk->dst_ip6[2];
redirect_tuple.sip.u6_addr32[1] = sk->dst_ip6[1];
redirect_tuple.sip.u6_addr32[0] = sk->dst_ip6[0];

redirect_tuple.dip.u6_addr32[3] = sk->src_ip6[3];
redirect_tuple.dip.u6_addr32[2] = sk->src_ip6[2];
redirect_tuple.dip.u6_addr32[1] = sk->src_ip6[1];
redirect_tuple.dip.u6_addr32[0] = sk->src_ip6[0];
}
redirect_tuple.l4proto = l4proto;
struct redirect_entry *redirect_entry =
bpf_map_lookup_elem(&redirect_track, &redirect_tuple);

Expand Down

0 comments on commit de6e54b

Please sign in to comment.