Tc

msune · msune · commit 48838c47e358 · 2025-04-05T22:33:17.000+02:00
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -36,39 +36,49 @@ NETNS=${NETNS:-}
 
 SEG_DEV_NAME=${SEG_DEV_NAME:-_seg}
 
-PROG=/opt/sfunnel/src/tc_sfunnel.o
+SRC_DIR=/opt/sfunnel/src
+PROG_DIR=/opt/sfunnel/bin
+PROG_INGRESS=${PROG_DIR}/tc_sfunnel_ingress.o
+PROG_EGRESS=${PROG_DIR}/tc_sfunnel_egress.o
 
-#Compile eBPF program only if rulesset are defined at load time
-#either via file or ENV
+#Compile eBPF programs (INGRESS/EGRESS)
 compile(){
-	cd /opt/sfunnel/src
-	SEG_DEV_IFINDEX=${SEG_DEV_IFINDEX} SEG_PAIR_DEV_IFINDEX=${SEG_PAIR_DEV_IFINDEX} SEG_PAIR_DEV_MAC="${SEG_PAIR_DEV_MAC}" DEBUG=${DEBUG} FILE=/etc/sfunnel/ruleset make
+	cd ${SRC_DIR}
+	mkdir -p ${PROG_DIR}
+
+	for INGRESS in 0 1; do
+		INGRESS=${INGRESS} SEG_DEV_IFINDEX=${SEG_DEV_IFINDEX} SEG_PAIR_DEV_IFINDEX=${SEG_PAIR_DEV_IFINDEX} SEG_PAIR_DEV_MAC="${SEG_PAIR_DEV_MAC}" DEBUG=${DEBUG} FILE=/etc/sfunnel/ruleset make
+		if [ "$INGRESS" -eq 1 ]; then
+			mv ${SRC_DIR}/tc_sfunnel.o ${PROG_INGRESS}
+		else
+			mv ${SRC_DIR}/tc_sfunnel.o ${PROG_EGRESS}
+		fi
+	done
 }
 
-#$1: PROG
-#$2: IFACE
-#$3: direction {ingress, egress}
+#$1: IFACE
+#$2: direction {ingress, egress}
 load_prog(){
+	PROG=$( [[ ${2} == "ingress" ]] && echo ${PROG_INGRESS} || echo ${PROG_EGRESS} )
 	for ((i=1; i<${N_ATTEMPTS}; i++)); do
-		echo "[INFO] Attaching BPF program '${1}' to '${2}' direction '${3}'..."
-		tc filter add dev ${2} ${3} bpf da obj ${1} verbose
+		echo "[INFO] Attaching BPF program '${PROG}' to '${1}' direction '${2}'..."
+		tc filter add dev ${1} ${2} bpf da obj ${PROG} verbose
 		if [[ "$?" == "1" ]]; then
-			echo "[WARNING] attempt ${i} failed on iface '${2}', direction '${3}', prog '${1}'. Retrying in ${RETRY_DELAY} seconds..."
+			echo "[WARNING] attempt ${i} failed on iface '${1}', direction '${2}', prog '${PROG}'. Retrying in ${RETRY_DELAY} seconds..."
 			sleep ${RETRY_DELAY}
 		else
 			break;
 		fi
 	done
 
 	if [[ ${i} -ge ${N_ATTEMPTS} ]]; then
-		echo "[ERROR] unable to attach BPF program to '${2}'!"
+		echo "[ERROR] unable to attach BPF program to '${1}'!"
 		exit 1
 	fi
 
 	echo ""
 }
 
-#$1: PROG
 #$2: IFACE
 #$3: direction {ingress, egress}
 clean_prog(){
@@ -160,7 +170,7 @@ else
 
 	OP=load_prog
 	OP_STR=attach
-	echo -e "[INFO] Attaching BPF program '${PROG}' on IFACES={$IFACES} DIRECTION=${DIRECTION} using clsact qdisc...\n"
+	echo -e "[INFO] Attaching BPF program on IFACES={$IFACES} DIRECTION=${DIRECTION} using clsact qdisc...\n"
 fi
 
 for IFACE in ${IFACES}; do
@@ -170,10 +180,10 @@ for IFACE in ${IFACES}; do
 	fi
 
 	if [[ ${DIRECTION} != "egress" ]]; then
-		${OP} ${PROG} ${IFACE} ingress
+		${OP} ${IFACE} ingress
 	fi
 	if [[ ${DIRECTION} != "ingress" ]]; then
-		${OP} ${PROG} ${IFACE} egress
+		${OP} ${IFACE} egress
 	fi
 
 	echo -e "[INFO] Successfully ${OP_STR}ed BPF program(s) on '${IFACE}' DIRECTION=${DIRECTION}.\n"
@@ -200,7 +210,7 @@ if [[ "${SEG_DEV_NAME}" != "" ]]; then
 	fi
 
 	if [[ ${DIRECTION} != "egress" ]]; then
-		${OP} ${PROG} ${SEG_DEV_NAME}_pair ingress
+		${OP} ${SEG_DEV_NAME}_pair ingress
 	fi
 fi
 
diff --git a/src/common.h b/src/common.h
@@ -15,8 +15,9 @@
 
 #define CHECK_SKB_PTR_VAL( SKB, PTR, VAL ) \
 	if (  (void*)(PTR) > ((void*)(unsigned long long) SKB -> data_end )) {	\
-		PRINTK("PTR: %p on pkt with length: %d out of bounds!\n",   \
-								PTR, SKB ->len);\
+		PRINTK("[%d:0x%p] PTR: 0x%p on pkt with length: %d out of bounds!\n",   \
+							SKB ->ifindex, SKB,	\
+							PTR, SKB ->len);	\
 		return VAL;							\
 	} do{}while(0)
 #define CHECK_SKB_PTR( SKB, PTR ) CHECK_SKB_PTR_VAL( SKB, PTR, TC_ACT_OK)
