From de6e54b16dd3fcc58214f9ce6fd4adaafcfabbc5 Mon Sep 17 00:00:00 2001 From: gray Date: Wed, 7 Aug 2024 20:02:11 +0800 Subject: [PATCH] bpf: Get tuple from skb->sk at dae0 ingress This saves us from heavy duty of parse_transport and get_tuples. --- control/kern/tproxy.c | 37 +++++++++++++------------------------ 1 file changed, 13 insertions(+), 24 deletions(-) diff --git a/control/kern/tproxy.c b/control/kern/tproxy.c index 11d9b040c4..8cfc1771b1 100644 --- a/control/kern/tproxy.c +++ b/control/kern/tproxy.c @@ -126,7 +126,6 @@ union ip6 { struct redirect_tuple { union ip6 sip; union ip6 dip; - __u8 l4proto; }; struct redirect_entry { @@ -963,7 +962,6 @@ static __always_inline void prep_redirect_to_control_plane( __builtin_memcpy(&redirect_tuple.dip, &tuples->five.dip, IPV6_BYTE_LENGTH); } - redirect_tuple.l4proto = l4proto; struct redirect_entry redirect_entry = {}; redirect_entry.ifindex = skb->ifindex; @@ -1637,36 +1635,27 @@ int tproxy_dae0peer_ingress(struct __sk_buff *skb) SEC("tc/dae0_ingress") int tproxy_dae0_ingress(struct __sk_buff *skb) { - struct ethhdr ethh; - struct iphdr iph; - struct ipv6hdr ipv6h; - struct icmp6hdr icmp6h; - struct tcphdr tcph; - struct udphdr udph; - __u8 ihl; - __u8 l4proto; - __u32 link_h_len = 14; - - if (parse_transport(skb, link_h_len, ðh, &iph, &ipv6h, &icmp6h, - &tcph, &udph, &ihl, &l4proto)) + struct bpf_sock *sk = skb->sk; + if (!sk) return TC_ACT_OK; - struct tuples tuples; - - get_tuples(skb, &tuples, &iph, &ipv6h, &tcph, &udph, l4proto); // reverse the tuple! struct redirect_tuple redirect_tuple = {}; if (skb->protocol == bpf_htons(ETH_P_IP)) { - redirect_tuple.sip.u6_addr32[3] = tuples.five.dip.u6_addr32[3]; - redirect_tuple.dip.u6_addr32[3] = tuples.five.sip.u6_addr32[3]; + redirect_tuple.sip.u6_addr32[3] = sk->dst_ip4; + redirect_tuple.dip.u6_addr32[3] = sk->src_ip4; } else { - __builtin_memcpy(&redirect_tuple.sip, &tuples.five.dip, - IPV6_BYTE_LENGTH); - __builtin_memcpy(&redirect_tuple.dip, &tuples.five.sip, - IPV6_BYTE_LENGTH); + redirect_tuple.sip.u6_addr32[3] = sk->dst_ip6[3]; + redirect_tuple.sip.u6_addr32[2] = sk->dst_ip6[2]; + redirect_tuple.sip.u6_addr32[1] = sk->dst_ip6[1]; + redirect_tuple.sip.u6_addr32[0] = sk->dst_ip6[0]; + + redirect_tuple.dip.u6_addr32[3] = sk->src_ip6[3]; + redirect_tuple.dip.u6_addr32[2] = sk->src_ip6[2]; + redirect_tuple.dip.u6_addr32[1] = sk->src_ip6[1]; + redirect_tuple.dip.u6_addr32[0] = sk->src_ip6[0]; } - redirect_tuple.l4proto = l4proto; struct redirect_entry *redirect_entry = bpf_map_lookup_elem(&redirect_track, &redirect_tuple);