aya icon indicating copy to clipboard operation
aya copied to clipboard

Published 20 hours ago verified publisher icon aya-rs

How do I get the payload of tcp

Open YeautyYE opened this issue 1 year ago • 3 comments

I want to calculate tcp cheksum by tcp payload, but in my tests, ctx.data() & ctx.data_end() just point to headers (eth/ip/tcp) . I tried to get it from the function "bpf_xdp_load_bytes", but there was an error "invalid func unknown#189" on startup.

YeautyYE avatar Dec 20 '22 14:12 YeautyYE

Whenever I add ctx.data() to the calculated variable (for example: payload_len), I get an error: "math between pkt pointer and register with unbounded min value is not allowed."

YeautyYE avatar Dec 20 '22 14:12 YeautyYE

  1. You need to ensure that the verifier is happy by checking the data you intend to read is with the current boundaries. See this example for how that's done in ptr_at().
  2. If by "payload" you really mean the packets content besides the headers, be advised that, AFAIK, not all helpers/functions are allowed to access the payload. Look at these search results focusing on helpers.c and filter.c. Only functions with their prototypes having .pkt_access = true set will allow payload access. bpf_xdp_load_bytes() doesn't have it, so it won't be able to access the packet payload.

brevilo avatar Feb 08 '23 10:02 brevilo

Hi, there. I have managed to access part of the payload of tcp, just like below:

let start = Ipv4Hdr::LEN + TcpHdr::LEN;
       let end = ctx.len() as usize;
       if end - start <= 0 {
           info!(&ctx, "no payload");
           return Ok(1);
       }

I had ran into a lots trouble in the approaching to a working ebpf program, because of the official document is not specific enough for a beginner of eBPF.

For example, the showcase code of XDP is slightly different from the none XDP program.

The XDP program works on the level 2, so it needs to consider adding the length of ethhdr to offset, while other ebpf program working on the level 3, so they only consider adding the length of iphdr and tcphdr only.

And the official document does not mention about where to get the network_types crate, while other example guides me to do some code generation stuff, which has already done by network_types crate.

The last trouble is the inconsistence dependency of aya-rs template, the template contains 3 modules: xxx, xxx-common, xxx-ebpf, one of these modules uses aya-log = xxx, the other module uses aya-log = {git: xxx} .

zaoying avatar Jun 29 '23 08:06 zaoying