Hi Xin Long,
Just confirmed from other ebpf experts, there are no in-kernel interfaces for loading and interacting with BPF maps/programs(other than from BPF itself). It seems that we have to do this match in QUIC stack. In the latest QUIC code, I added quic_packet_get_alpn(), a 59-line function, to parse ALPNs and then it will search for the listen sock with these ALPNs in quic_sock_lookup(). I introduced 'alpn_match' module param, and it can be enabled when loading the module QUIC by: # modprobe quic alpn_match=1 You can test it by tests/sample_test in the latest code: Start 3 servers: # ./sample_test server 0.0.0.0 1234 \ ./keys/server-key.pem ./keys/server-cert.pem smbd # ./sample_test server 0.0.0.0 1234 \ ./keys/server-key.pem ./keys/server-cert.pem h3 # ./sample_test server 0.0.0.0 1234 \ ./keys/server-key.pem ./keys/server-cert.pem ksmbd Try to connect on clients with: # ./sample_test client 127.0.0.1 1234 ksmbd # ./sample_test client 127.0.0.1 1234 smbd # ./sample_test client 127.0.0.1 1234 h3 to see if the corresponding server responds. There might be some concerns but it's also a useful feature that can not be implemented in userland QUICs. The commit is here: https://github.com/lxin/quic/commit/de82f8135f4e9196b503b4ab5b359d88f2b2097f Please check if this is enough for SMB applications.
It look great thanks!
Note as a listen socket is now identified by [address + port + ALPN] when alpn_match=1, this feature does NOT require SO_REUSEPORT socket option to be set, unless one wants multiple sockets to listen to the same [address + port + ALPN].
I'd argue that this should be the default and be required before listen() or maybe before bind(), so that it can return EADDRINUSE. As EADDRINUSE should only happen for servers it might be useful to have a QUIC_SOCKOPT_LISTEN_ALPN instead of QUIC_SOCKOPT_ALPN. As QUIC_SOCKOPT_ALPN on a client socket should not generate let bind() care about the alpn value at all. For listens on tcp you also need to specify an explicit port (at least in order to be useful). And it would mean that all application would use it and not block other applications from using an explicit alpn. Also an module parameter for this means the administrator would have to take care of it, which means it might be unuseable if loaded with it. I hope to find some time in the next weeks to play with this. Should be relatively trivial create a prototype for samba's smbd. Thanks! metze
