pls. ignore this thread this how TCP behaves and matches what I see
with wireshark too
Thanks!
On Fri, Oct 27, 2023 at 8:47 AM Mohamed Mahmoud <mmahmoud@xxxxxxxxxx> wrote:
>
> Hi All:
>
> I have been looking at an issue while attempting to track DNS over TCP packets
> I am using "do dig www.google.com +tcp; sleep 10; done" to test the code
> I noticed the TC hook seeing inconsistent pkt length which causing my call to
> bpf_skb_load_bytes() sometimes return EFAULT
> I collected some info for working and non working cases
>
> working
> ======
> "dns_record": {
> "id": 40514,
> "flags": 34176,
> "latency": 185794,
> "errno": 0,
> "offset": 68,
> "tcp_len": 34,
> "skb_len": 291
> },
> none working
> ==========
> "dns_record": {
> "id": 0,
> "flags": 0,
> "latency": 0,
> "errno": 7,
> "offset": 68,
> "tcp_len": 34,
> "skb_len": 66
> },
>
> as u see in the failing cases sbk_len is only 66 bytes that explains
> why call to load bytes fails, IMHO this very odd behavior and inconsistent
> it's not clear what I can do in my application to get consistent behavior
> I am seeing this with RHEL9.2 kernel
> uname -r
> 5.14.0-284.36.1.el9_2.x86_64
> is this a known issue that was fixed in latest or this is expected behavior
>
> Thanks!
> Mohamed
