Re: Access packet payload in TC egress programs
Thanks for the answer, I wasn't aware of the existence of that helper.toggle quoted messageShow quoted text
I have two additional comments:
1. The documentation of the helper says that passing a length of zero should pull the whole length of the packet , however with that parameter the length of direct accessible data stays unchanged. I think there is a mismatch in the behavior and the documentation.
2. I'd like to avoid re-parsing all the headers after I have pulled new data. To do so I save the offset I just reached (the end of the TCP header), pull data, get the new data and data_end pointers and add the offset to data. However the verifier does not accept my accesses to the packet from this point on. Here is some example code:
unsigned payload_offset = (void *)tcph + (tcph->doff << 2) - data;
data = (void *)(long)ctx->data;
data_end = (void *)(long)ctx->data_end;
struct tls_record_hdr *rech = data + payload_offset;
if ((void *)(rech + 1) > data_end)
if (rech->type == TLS_CONTENT_TYPE_HANDSAHKE)
bpf_trace_printk("It's a handshake");
Running this code gives me the error "R1 offset is outside of the packet" even if I performed the correct check on packet boundaries. If I re-parse all header the code is accepted. Is there a way to solve the problem?
On 20/10/21 08:11, Y Song wrote:
On Tue, Oct 19, 2021 at 8:13 AM Federico Parola