Our great sponsors
-
bpf_buffer_per_source
This UDP library lets a user specify a maximum buffer per source address received, so a single source cannot overwhelm a shared socket buffer.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Is there a way to load the source IP into a register when working in userspace? When I SO_ATTACH_BPF to a SOCK_DGRAM it only makes the udp header accessible, per https://github.com/danielrh/bpf_buffer_per_source/blob/main/...
eBPF is amazing because it has such a broad scope and is relatively simple to implement.
I'd recommend anyone interested in a starting point look at ebpfkit, the eBPF rootkit. https://github.com/Gui774ume/ebpfkit
While I don't knwo the actual answer, a good place to look may be one of the eBPF load balancers like "Katran" from Facebook. I imagine it's needing to do that sort of thing. But no idea if it's attaching at the same level. I haven't really explained eBPF outside of tracing.
https://github.com/facebookincubator/katran