gamemann / ipipdirect-tc Goto Github PK

Sends outgoing IPIP packets back to the client directly instead of back through the IPIP tunnel/forwarding server. Uses TC egress filter for fast packet processing.

Home Page: https://moddingcommunity.com/

Makefile 7.03% C 92.97%

ipip direct tc bpf ebpf egress traffic-control linux-tc

ipipdirect-tc's Introduction

IPIP Direct (TC)

Description

A program made to attach to the TC hook using the egress filter. This program makes it so any outgoing IPIP packets are sent directly back to the client instead of back through the IPIP tunnel. In cases where you don't need the end-application replies to go back through the forwarding server/IPIP tunnel, this is very useful and will result in less load on the forwarding server. With that said, in other cases it can result in less latency and more.

Usage

Usage is as follows:

./IPIPDirect_Loader <Interface>

Example:

./IPIPDirect_Loader ens18

Installation

Use the MAKE file to install the program. These commands should do:

make
make install

You may also clean the installation by executing:

make clean

Systemd File

A systemd file is located in the other/ directory and is installed via make install. You will need to edit the system file if you are using an interface other than ens18.

You may enable the service by executing so it'll start on bootup:

systemctl enable IPIPDirect

You may start/stop/restart the service by executing:

systemctl restart IPIPDirect # Restart service.
systemctl stop IPIPDirect # Stop service.
systemctl start IPIPDirect # Start service.

Kernel Requirements

Kernel >= 5.3 is required for this. Newer kernels add the BPF_ADJ_ROOM_MAC mode to the bpf_skb_adjust_room() function which is needed for this program to work correctly.

Notes

When compiling, you may need to copy /usr/src/linux-headers-xxx/include/uapi/linux/bpf.h to /usr/include/linux/bpf.h. For some reason, newer kernels don't have an up-to-date /usr/include/linux/bpf.h file. I'm unsure if this is intentional or a bug. However, I got the program to compile properly by copying that file.

Update - Apparently this is only a bug on Ubuntu.

Credits

Christian Deacon - Creator

ipipdirect-tc's People

Contributors

Stargazers

Watchers

Forkers

dedimark

ipipdirect-tc's Issues

can u help me

How can I do that?

add the BPF_ADJ_ROOM_MAC mode to the bpf_skb_adjust_room() function

Kind Regard´s

Compile Error

Can you help please to compile on Debian 12?

lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 12 (bookworm)
Release: 12
Codename: bookworm

root@vultr:~# uname -a
Linux vultr 6.1.0-15-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.66-1 (2023-12-09) x86_64 GNU/Linux

make
make -C src/include/libbpf/src
make[1]: Entering directory '/root/IPIPDirect-TC/src/include/libbpf/src'
mkdir -p ./staticobjs
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -c bpf.c -o staticobjs/bpf.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -c btf.c -o staticobjs/btf.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -c libbpf.c -o staticobjs/libbpf.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -c libbpf_errno.c -o staticobjs/libbpf_errno.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -c netlink.c -o staticobjs/netlink.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -c nlattr.c -o staticobjs/nlattr.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -c str_error.c -o staticobjs/str_error.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -c libbpf_probes.c -o staticobjs/libbpf_probes.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -c bpf_prog_linfo.c -o staticobjs/bpf_prog_linfo.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -c xsk.c -o staticobjs/xsk.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -c btf_dump.c -o staticobjs/btf_dump.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64  -c hashmap.c -o staticobjs/hashmap.o
ar rcs libbpf.a staticobjs/bpf.o staticobjs/btf.o staticobjs/libbpf.o staticobjs/libbpf_errno.o staticobjs/netlink.o staticobjs/nlattr.o staticobjs/str_error.o staticobjs/libbpf_probes.o staticobjs/bpf_prog_linfo.o staticobjs/xsk.o staticobjs/btf_dump.o staticobjs/hashmap.o
mkdir -p ./sharedobjs
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fvisibility=hidden -DSHARED  -c bpf.c -o sharedobjs/bpf.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fvisibility=hidden -DSHARED  -c btf.c -o sharedobjs/btf.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fvisibility=hidden -DSHARED  -c libbpf.c -o sharedobjs/libbpf.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fvisibility=hidden -DSHARED  -c libbpf_errno.c -o sharedobjs/libbpf_errno.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fvisibility=hidden -DSHARED  -c netlink.c -o sharedobjs/netlink.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fvisibility=hidden -DSHARED  -c nlattr.c -o sharedobjs/nlattr.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fvisibility=hidden -DSHARED  -c str_error.c -o sharedobjs/str_error.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fvisibility=hidden -DSHARED  -c libbpf_probes.c -o sharedobjs/libbpf_probes.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fvisibility=hidden -DSHARED  -c bpf_prog_linfo.c -o sharedobjs/bpf_prog_linfo.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fvisibility=hidden -DSHARED  -c xsk.c -o sharedobjs/xsk.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fvisibility=hidden -DSHARED  -c btf_dump.c -o sharedobjs/btf_dump.o
cc -I. -I../include -I../include/uapi -g -O2 -Werror -Wall -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -fPIC -fvisibility=hidden -DSHARED  -c hashmap.c -o sharedobjs/hashmap.o
cc -shared -Wl,--version-script=libbpf.map \
              -Wl,-soname,libbpf.so.0 \
              sharedobjs/bpf.o sharedobjs/btf.o sharedobjs/libbpf.o sharedobjs/libbpf_errno.o sharedobjs/netlink.o sharedobjs/nlattr.o sharedobjs/str_error.o sharedobjs/libbpf_probes.o sharedobjs/bpf_prog_linfo.o sharedobjs/xsk.o sharedobjs/btf_dump.o sharedobjs/hashmap.o  -lelf  -o libbpf.so.0.0.8
ln -sf libbpf.so.0.0.8 libbpf.so.0
ln -sf libbpf.so.0 libbpf.so
sed -e "s|@PREFIX@|/usr|" \
        -e "s|@LIBDIR@|/usr/lib64|" \
        -e "s|@VERSION@|0.0.8|" \
        < libbpf.pc.template > libbpf.pc
make[1]: Leaving directory '/root/IPIPDirect-TC/src/include/libbpf/src'
clang -Isrc/include/libbpf/src -g -O2 -Wall -Werror   -c -o src/IPIPDirect_loader.o src/IPIPDirect_loader.c
clang -lelf -lz -o src/IPIPDirect_loader src/include/libbpf/src/staticobjs/bpf.o src/include/libbpf/src/staticobjs/btf.o src/include/libbpf/src/staticobjs/libbpf_errno.o src/include/libbpf/src/staticobjs/libbpf_probes.o src/include/libbpf/src/staticobjs/libbpf.o src/include/libbpf/src/staticobjs/netlink.o src/include/libbpf/src/staticobjs/nlattr.o src/include/libbpf/src/staticobjs/str_error.o src/include/libbpf/src/staticobjs/hashmap.o src/include/libbpf/src/staticobjs/bpf_prog_linfo.o  src/IPIPDirect_loader.o
clang -D__BPF__ -Wall -Wextra -O2 -emit-llvm -c src/IPIPDirect_kern.c -o src/IPIPDirect_kern.bc
src/IPIPDirect_kern.c:147:46: warning: cast to smaller integer type 'uint16_t' (aka 'unsigned short') from '__sum16 *' (aka 'unsigned short *') [-Wpointer-to-int-cast]
            offset = sizeof(struct ethhdr) + offsetof(struct iphdr, check);
                                             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/include/common.h:31:34: note: expanded from macro 'offsetof'
# define offsetof(TYPE, MEMBER) ((uint16_t)&((TYPE *)0)->MEMBER)
                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/IPIPDirect_kern.c:162:46: warning: cast to smaller integer type 'uint16_t' (aka 'unsigned short') from '__be32 *' (aka 'unsigned int *') [-Wpointer-to-int-cast]
            offset = sizeof(struct ethhdr) + offsetof(struct iphdr, saddr);
                                             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/include/common.h:31:34: note: expanded from macro 'offsetof'
# define offsetof(TYPE, MEMBER) ((uint16_t)&((TYPE *)0)->MEMBER)
                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/IPIPDirect_kern.c:197:22: warning: cast to smaller integer type 'uint16_t' (aka 'unsigned short') from 'unsigned char (*)[6]' [-Wpointer-to-int-cast]
            offset = offsetof(struct ethhdr, h_dest);
                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/include/common.h:31:34: note: expanded from macro 'offsetof'
# define offsetof(TYPE, MEMBER) ((uint16_t)&((TYPE *)0)->MEMBER)
                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/IPIPDirect_kern.c:228:73: warning: cast to smaller integer type 'uint16_t' (aka 'unsigned short') from '__sum16 *' (aka 'unsigned short *') [-Wpointer-to-int-cast]
                    offset = sizeof(struct ethhdr) + (iphdr->ihl * 4) + offsetof(struct udphdr, check);
                                                                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/include/common.h:31:34: note: expanded from macro 'offsetof'
# define offsetof(TYPE, MEMBER) ((uint16_t)&((TYPE *)0)->MEMBER)
                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/IPIPDirect_kern.c:248:73: warning: cast to smaller integer type 'uint16_t' (aka 'unsigned short') from '__sum16 *' (aka 'unsigned short *') [-Wpointer-to-int-cast]
                    offset = sizeof(struct ethhdr) + (iphdr->ihl * 4) + offsetof(struct tcphdr, check);
                                                                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/include/common.h:31:34: note: expanded from macro 'offsetof'
# define offsetof(TYPE, MEMBER) ((uint16_t)&((TYPE *)0)->MEMBER)
                                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5 warnings generated.
llc -march=bpf -filetype=obj src/IPIPDirect_kern.bc -o src/IPIPDirect_filter.o

update

uname -a
6.1.0-20-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.85-1 (2024-04-11) x86_64 GNU/Linux

lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 12 (bookworm)
Release: 12
Codename: bookworm

/usr/bin/IPIPDirect_loader eth0
libbpf: elf: legacy map definitions in 'maps' section are not supported by libbpf v1.0+
ERROR: opening BPF object file failed
Unable to load program
Error attaching TC egress filter. TC cannot attach to filter. Command => tc filter add dev eth0 egress prio 1 handle 1 bpf da obj /etc/IPIPDirect/IPIPDirect_filter.o sec egress and Return Error Number => 1.

https://github.com/libbpf/libbpf/wiki/Libbpf:-the-road-to-v1.0#drop-support-for-legacy-bpf-map-declaration-syntax

can you help recompile on newest OS?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.