Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Avoid the need for iptables rules. Splice traffic from client/server directly into icept egress socket. Attach a bpf program to the client/server cgroups to intercept all connection establishment. Insert the new sockets into a sockmap. Attach a bpf program to this sockmap to intercept all send calls. Call bpf_skb_redirect_msg to redirect to the icept egress socket. Signed-off-by: Willem de Bruijn <willemb@google.com>
- Loading branch information
Showing
3 changed files
with
78 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters