eBPF Mystery: When is IPv4 not IPv4? When it's pretending to be IPv6!
This adventures starts with a simple eBPF program to transparently redirect DNS requests on port 53 for a single program (or docker container).
To do this I used BPF_CGROUP_INET4_CONNECT on a cgroup. That lets me inspect and redirect traffic when syscall.connect occurs from within the cgroup. Here is a simplified version 👇
int handle_connect_redirect(struct bpf_sock_addr *ctx, __be32 original_ip,
bool is_connect4, struct redirect_result *result) {
__be32 new_ip = original_ip;
__be16 new_port = ...
Read more at blog.gripdev.xyz
© News Score score the news, sort the news, rewrite the headlines