Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I was just experimenting with eBPF and ran into a limitation: Is there a way to load the source IP into a register when working in userspace? When I SO_ATTACH_BPF to a SOCK_DGRAM it only makes the udp header accessible, per https://github.com/danielrh/bpf_buffer_per_source/blob/main/... I would love to be able to run logic based on both IP and port rather than being limited to port alone. Yet it's not worth the inconvenience/danger of running as root to operate with RAW sockets.


While I don't knwo the actual answer, a good place to look may be one of the eBPF load balancers like "Katran" from Facebook. I imagine it's needing to do that sort of thing. But no idea if it's attaching at the same level. I haven't really explained eBPF outside of tracing.

https://github.com/facebookincubator/katran


Katran is XDP. The XDP eBPF hooks get packets before they hit the TCP/IP stack --- you can use XDP to route packets without ever creating skbuffs for them. The previous commenter is explicitly trying to use socket eBPF code, because they don't want their code to have to run as root. Katran won't be helpful for them.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: