I need to write an application that sits between two servers and modifies HTTP packets sent from one server to another by adding a specific HTTP header to each packet.
Apparently it has to be done as fast as possible, I have found that by using eBFP and XDP, I can capture packets with high performance, but as far as I can see XDP verdicts are either abort, drop, pass, and tx.
Using tx verdict I can send the captured packet to a user space program to modify it, but I couldn't figure out how to send the packet after header modification? This video here is an explanation of what can be done using eBPF and XDP, and it states that it can be done, but I couldn't find out how.
Any help would be appreciated.
Asked
Active
Viewed 1,025 times
0
Sam
- 489
- 5
- 22
-
Did you find out something? I may have several inputs. – Aif Oct 08 '18 at 08:57
-
@Aif No, I didn't find anything helpful. – Sam Oct 09 '18 at 00:43
2 Answers
2
As far as I know, XDP_TX will not let the packet through user-space. It will return the packet on the same NIC it comes from. Also, you can modify the packet, but I don't see easy way to expand the packet. Hence, to write additional header, you would have to override some datas.
It looks like you have two options:
- Rely on a L7 HTTP reverse proxy (to add the header)
- Use an nfqueue if you want to prevent packets from reaching your host and send them back.
Aif
- 11,015
- 1
- 30
- 44
-
"It will return the packet on the same NIC it comes from." Can you send to any NIC now according to this: https://lwn.net/Articles/887184/ – user2233706 Feb 25 '23 at 04:04
0
If you still interested in the topic, the answer is no. However, XDP socket can be use to forward/send new packet from kernel space or user space. Checkout XDP tutorial on github, or look at code in the Linux kernel samples/bpf.
Que0Le
- 84
- 5
-
1
-
https://github.com/xdp-project/xdp-tutorial Best source, but also you can take a look at samples in kernel tree. – Que0Le Mar 11 '20 at 11:37