我有以下BPF计划:
#include <uapi/linux/bpf.h>
#include <linux/version.h>
#include "bpf_helpers.h"
#include "bpf_map.h"
struct bpf_map_def SEC("maps/sock_ops") sock_ops = {
.type = BPF_MAP_TYPE_SOCKMAP,
.key_size = sizeof(int),
.value_size = sizeof(unsigned int),
.max_entries = 2,
.pinning = 0,
.namespace = "",
};
SEC("cgroup/sock_ops/sock_map_update")
int sock_ops_sock_map_update(struct bpf_sock_ops *ops)
{
int op;
op = (int) ops->op;
if (op == BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB || op == BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB) {
uint32_t idx = 0;
bpf_sock_map_update(ops, &sock_ops, &idx, BPF_ANY);
}
return 0;
}
char _license[] SEC("license") = "GPL";
u32 _version SEC("version") = LINUX_VERSION_CODE;
sockmap
. 然后我把这个程序作为
BPF_PROG_TYPE_SOCK_OPS
程序,将其附加到v2 cgroup并在该cgroup中运行shell。
但是,这似乎会破坏SSL:
$ curl https://www.google.com/
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.google.com:443
$ curl http://www.google.com/
<!doctype html><html...
这是为什么?
uname -a
:Linux ubuntu bionic 4.18.0-16-generic#17~18.04.1-ubuntu SMP Tue 2月12日13:35:51 UTC 2019 x86_x86_x86_GNU/Linux
