eBPF program to forward HTTP requests to different port

Question

I'm trying to implement a feature where depending on the path of the HTTP request I can forward the request to a different port.

For example if the request GET /foo, I would like to forward it to port 81, and if it's /bar I would like to forward it to port 82. And if it's something else, I'd like to continue to forward it to port 80 as it was incoming.

Is there an example eBPF program like this?

I'm trying to figure out how I will determine what HTTP request is because eBPF will apply at packet level

Answer 1

I am not aware of such example at this time. I know that the Cilium project uses BPF to create filters at the HTTP API level, but they generate the BPF programs on the fly and I do not believe the repo has pre-compiled examples.

As you mentioned, eBPF programs process the whole packet, including L2/L3/L4 headers. So in order to determine the HTTP request you have, you would have to do something like this:

• Get the ethertype
• If ethertype is not IPv4 or IPv6, exit (e.g. pass or drop the packet), otherwise, carry on
• Get IP protocol type
• If IP protocol type is not TCP, exit
• Get TCP destination port
• If this port is not 80, exit
• Get first 4 bytes of app layer
• Are those bytes GET␣? If not, exit.
• If yes, try matching the following bytes with your paths /foo and /bar
• If it matches, change destination port to 81 or 82 accordingly

For the first steps at least (processing of Ethernet, IP, TCP) you have available examples on the web. From parse_simple.c in kernel samples to more complex ones such as this L4 load balancer on Netronome's samples repository.