I am trying to reroute packets with destination port 80 to 5432 using ebpf. I am locally running nginx on port 80 and postgresql on port 5432. What I would like is whenever I execute curl localhost:80, my program will change the port number to 5432 and I will get the results of executing curl localhost:5432. Both nginx and postgresql are installed and deployed locally without using any containers. All I am changing is the port number. No ip address is changed.
I have written an ebpf program to be attached to the TC hook. Since the three way handshake is established in the lo interface on my device, This program is attached on iface=lo and attempts to rewrite any packet with destination port=80. I used two methods to recalculate the checksum after the port rewrite, but both methods produce the same error:
static __always_inline __u16 csum_fold_helper(__u32 csum) {
__u32 sum;
sum = (csum>>16) + (csum & 0xffff);
sum += (sum>>16);
return ~sum;
}
SEC("tc_cls")
int tc_egress(struct __sk_buff *skb) {
void *data_end = (void *)(long)skb->data_end;
void *data = (void *)(long)skb->data;
struct ethhdr *eth;
struct iphdr *iph;
struct tcphdr *tcph;
eth = data;
if ((void *)eth + sizeof(*eth) > data_end) {
return TC_ACT_OK;
}
if (eth->h_proto != __bpf_htons(0x0800)) {
return TC_ACT_OK;
}
iph = data + sizeof(*eth);
if ((void *)iph + sizeof(*iph) > data_end) {
return TC_ACT_OK;
}
if (iph->protocol != IPPROTO_TCP) {
return TC_ACT_OK;
}
tcph = data + sizeof(*eth) + sizeof(*iph);
if ((void *)tcph + sizeof(*tcph) > data_end) {
return TC_ACT_OK;
}
if (tcph->dest == __bpf_htons(80)) {
// update checksum method #1
// __u64 from = tcph->dest;
// __u16 new_port = __bpf_htons(5432);
// tcph->dest = new_port;
// __u64 res = bpf_skb_store_bytes(skb, ETH_HLEN + sizeof(struct iphdr) + 2, &(new_port), 2, BPF_F_RECOMPUTE_CSUM);
// update checksum method #2
__u16 new_port = __bpf_htons(5432);
__u16 old_csum = tcph->check;
__u32 sum = bpf_csum_diff(&tcph->dest, 2, &new_port, 2, 0);
__u16 csum = csum_fold_helper(sum);
tcph->dest = new_port;
bpf_l4_csum_replace(skb, ETH_HLEN + sizeof(struct iphdr) + 16, old_csum, csum, BPF_F_PSEUDO_HDR);
}
return TC_ACT_OK;
}
I have seen some posts regarding this issue (most of them involve changing ip addresses) and I have tried to follow the advice, but none of it worked on my program. Tcpdump is used to verify activity on port 5432, and I can see that packets are arriving. All packets with the S flag show incorrect checksum, and R show correct checksum. However, when I detach the ebpf program and run a simple curl on localhost:5432, all packets seem to show an incorrect checksum even if I do get a curl response. Hence, I would like some help checking whether the checksum is correctly updated and whether I am missing other steps to complete the program.
Any advice is greatly appreciated!