His Shadow wrote:
> Resending to the list, since gmail only picks first responder :(
>
> >Are you saying the packets arrived before you put the socket into the sockmap?
> Yes, exactly!
>
> Could you elaborate on how BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB would
> be helpful? I assume I need to set up a sockops program and record
> passive ends pointers to bpf_sock somewhere, then redirect from
> passive to passive or passive->active?
Correct. The common way to build a bpf proxy here is to add sockets
to a sock{hash|map} from the sockops program when the connection
is established. This avoids missing bytes as you've noticed.
Alternatively, you can put the known sockets in the map from user
space and then monitor for new sockets with some tuple/key and
insert them based on whatever policy decides sockets need to
be redirected.
>
>
> --
> HisShadow
