eBPF, Sockets, Hop Distance and manually writing eBPF assembly
The author was tasked with extracting IP TTL values from TCP connections established by a userspace program to ensure that the connections are routed outside of their datacenter. They initially considered using raw sockets or the IP_RECVTTL socket option, but ultimately decided on attaching an eBPF filtering program to a socket. The BPF map abstraction allowed them to store data and share it with userspace code. By creating an "eBPF map" and writing an eBPF program, they were able to extract the TTL values of passing packets and analyze the recorded values from userspace. They also discussed the calling convention for eBPF programs, accessing packet payloads, a magical Layer 3 offset, and the return value of BPF programs. The author concluded by recommending keeping dependencies small when working with eBPF and noting that there is more to explore beyond network packets and socket programming.
Company
Cloudflare
Date published
March 29, 2018
Author(s)
Marek Majkowski
Word count
2315
Language
English
Hacker News points
8