{"id":15057074,"url":"https://github.com/fbac/skproxy","last_synced_at":"2025-04-10T11:11:50.830Z","repository":{"id":61624654,"uuid":"534632131","full_name":"fbac/skproxy","owner":"fbac","description":"eBPF proxy with loadbalancing capabilities","archived":false,"fork":false,"pushed_at":"2022-09-24T21:30:22.000Z","size":114,"stargazers_count":6,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-24T10:03:53.749Z","etag":null,"topics":["cilium","cilium-ebpf","ebpf","ebpf-programs","golang","linux","networking","proxy","tcp","tcp-proxy"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fbac.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-09-09T12:24:32.000Z","updated_at":"2024-06-27T02:01:28.000Z","dependencies_parsed_at":"2022-10-18T18:00:22.002Z","dependency_job_id":null,"html_url":"https://github.com/fbac/skproxy","commit_stats":null,"previous_names":["fbac/proxy-tcp-roundrobin"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbac%2Fskproxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbac%2Fskproxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbac%2Fskproxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fbac%2Fskproxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fbac","download_url":"https://codeload.github.com/fbac/skproxy/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248208563,"owners_count":21065202,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cilium","cilium-ebpf","ebpf","ebpf-programs","golang","linux","networking","proxy","tcp","tcp-proxy"],"created_at":"2024-09-24T22:01:45.565Z","updated_at":"2025-04-10T11:11:50.809Z","avatar_url":"https://github.com/fbac.png","language":"Go","readme":"# skproxy\n\n## Usage and Requirements\n\n**IMPORTANT!**\n\n- To run the proxy manually, run `sudo go run cmd/main.go` or `sudo make run`.\n- To run a full e2e test, run `sudo make all`\n\n### Versions tested\n\nThe proxy has been tested in the following OS, with the respective kernel and bpf tools versions.\n\nAlso, it's **required** to run it as **root** user.\n\nThe system must be able to run BPF programs.\n\n#### **Ubuntu 22.04.1 LTS - Jammy**\n\n- Kernel `5.15.0-47-generic`\n\n- golang 1.18\n\n- BPF packages:\n\n```bash\nbinutils-bpf/jammy 2.38-2ubuntu1+3 amd64\nbpftrace/jammy 0.14.0-1 amd64\nlibbpf-dev/jammy 1:0.5.0-1 amd64\nlibbpf0/jammy,now 1:0.5.0-1 amd64 [installed,automatic]\n```\n\n#### **Fedora release 36 (Thirty Six)**\n\n- Kernel `5.18.17-200.fc36.x86_64`\n- golang 1.18\n- BPF packages:\n\n```bash\nlibbpf-0.7.0-3.fc36.x86_64\nlibbpf-devel-0.7.0-3.fc36.x86_64\nbpftrace-0.14.1-1.fc36.x86_64\nbpftool-5.19.4-200.fc36.x86_64\n```\n\n##### Demonstration\n\n- Create a new vm (ubuntu 22.04), and scan it with nmap\n\n```bash\n$ nmap -sT -p 1-10000 192.168.122.172 \nStarting Nmap 7.92 ( https://nmap.org ) at 2022-09-16 00:51 CEST\nNmap scan report for 192.168.122.172\nHost is up (0.00024s latency).\nNot shown: 9999 closed tcp ports (conn-refused)\nPORT STATE SERVICE\n22/tcp open ssh\n\nNmap done: 1 IP address (1 host up) scanned in 0.57 seconds\n```\n\n- This is an ubuntu 22.04\n\n```bash\nroot@proxy-last:~# cat /etc/os-release \nPRETTY_NAME=\"Ubuntu 22.04.1 LTS\"\n```\n\n- Install required packages (commands extracted from Dockerfile, it includes more pkg than needed)\n\n```bash\n$ apt-get update \u0026\u0026 export DEBIAN_FRONTEND=noninteractive \u0026\u0026 apt-get install --no-install-recommends -y ca-certificates clang curl git llvm libelf-dev make netcat openssh-server openssl golang \u0026\u0026 rm -rf /var/lib/apt/lists/*\n\n$ apt-get update \u0026\u0026 export DEBIAN_FRONTEND=noninteractive \u0026\u0026 apt-get install --no-install-recommends -y autoconf bison cmake dkms flex gawk gcc python3 rsync libiberty-dev libncurses-dev libpci-dev libssl-dev libudev-dev \\\n \u0026\u0026 curl https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.13.tar.gz | tar -xz \\\n \u0026\u0026 make -C /linux-5.13 headers_install INSTALL_HDR_PATH=/usr \\\n \u0026\u0026 make -C /linux-5.13/tools/lib/bpf install INSTALL_HDR_PATH=/usr \\\n \u0026\u0026 make -C /linux-5.13/tools/bpf/bpftool install \\\n \u0026\u0026 apt-get remove -y \\\n autoconf bison cmake dkms flex gawk gcc python3 rsync \\\n libiberty-dev libncurses-dev libpci-dev libssl-dev libudev-dev \\\n \u0026\u0026 apt autoremove -y \\\n \u0026\u0026 rm -rf /var/lib/apt/lists/* \\\n \u0026\u0026 rm -rf /linux-5.13\n```\n\n- Clone the repository\n\n```bash\ngit clone https://github.com/fbac/proxy-tcp-roundrobin/\nCloning into 'proxy-tcp-roundrobin'...\nremote: Enumerating objects: 78, done.\n```\n\n- Run as a background process\n Notice the debug messages, these are for checking the backends ignored/added, and also the pinning of ebpf programs, maps and fd's\n\n```bash\nroot@proxy-last:~/proxy-tcp-roundrobin# make run\n\n-e # fly-proxy build started\ngo build -o bin/fly-proxy cmd/proxy/*.go\n-e \n# running fly-proxy\nbin/fly-proxy \u0026\n-e \n# wait until all listeners are ready\n2022/09/15 22:58:35 started listener in :5001\n2022/09/15 22:58:35 DEBUG Prog SkLookup(echo_dispatch)#17 is pinned: true\n2022/09/15 22:58:35 DEBUG Map SockMap(echo_socket)#16 is pinned: true\n2022/09/15 22:58:35 DEBUG Map Hash(echo_ports)#15 is pinned: true\n2022/09/15 22:58:35 DEBUG: App: five-thousand listener FD: 14\n2022/09/15 22:58:35 DEBUG: App: five-thousand adding port: 5200\n2022/09/15 22:58:35 DEBUG: App: five-thousand adding port: 5300\n2022/09/15 22:58:35 DEBUG: App: five-thousand adding port: 5400\n2022/09/15 22:58:35 skipping unhealthy backend: bad.target.for.testing: lookup bad.target.for.testing: no such host\n2022/09/15 22:58:35 started listener in :6001\n2022/09/15 22:58:35 DEBUG Prog SkLookup(echo_dispatch)#26 is pinned: true\n2022/09/15 22:58:35 DEBUG Map SockMap(echo_socket)#25 is pinned: true\n2022/09/15 22:58:35 DEBUG Map Hash(echo_ports)#24 is pinned: true\n2022/09/15 22:58:35 DEBUG: App: six-thousand listener FD: 23\n2022/09/15 22:58:35 DEBUG: App: six-thousand adding port: 6200\n2022/09/15 22:58:35 DEBUG: App: six-thousand adding port: 6300\n2022/09/15 22:58:35 DEBUG: App: six-thousand adding port: 6400\n2022/09/15 22:58:35 started listener in :7001\n2022/09/15 22:58:35 DEBUG Prog SkLookup(echo_dispatch)#34 is pinned: true\n2022/09/15 22:58:35 DEBUG Map SockMap(echo_socket)#33 is pinned: true\n2022/09/15 22:58:35 DEBUG Map Hash(echo_ports)#32 is pinned: true\n2022/09/15 22:58:35 DEBUG: App: seven-thousand listener FD: 31\n2022/09/15 22:58:35 DEBUG: App: seven-thousand adding port: 7200\n2022/09/15 22:58:35 DEBUG: App: seven-thousand adding port: 7300\n2022/09/15 22:58:35 DEBUG: App: seven-thousand adding port: 7400\nroot@proxy-last:~/proxy-tcp-roundrobin#\n```\n\n- Scan ports again\n\n```bash\n[aranda@hyperion :: ~ ] $ nmap -sT -p 1-10000 192.168.122.172 \n\nStarting Nmap 7.92 ( https://nmap.org ) at 2022-09-16 00:59 CEST\nNmap scan report for 192.168.122.172\nHost is up (0.00023s latency).\nNot shown: 9987 closed tcp ports (conn-refused)\nPORT STATE SERVICE\n22/tcp open ssh\n5001/tcp open commplex-link\n5200/tcp open targus-getdata\n5300/tcp open hacl-hb\n5400/tcp open pcduo-old\n6001/tcp open X11:1\n6200/tcp open lm-x\n6300/tcp open bmc-grx\n6400/tcp open crystalreports\n7001/tcp open afs3-callback\n7200/tcp open fodms\n7300/tcp open swx\n7400/tcp open rtps-discovery\n\nNmap done: 1 IP address (1 host up) scanned in 0.60 seconds\n```\n\n- Also, on the proxy vm, some tcp connection debug messages will popup\n This is just for debugging purposes, here we can also check the load balancing is working properly in round robin fashion.\n\n```bash\nroot@proxy-last:~/proxy-tcp-roundrobin# \n2022/09/15 22:59:31 proxying data from :7001 to tcp-echo.fly.dev:7001\n2022/09/15 22:59:31 proxying data from :6001 to tcp-echo.fly.dev:6001\n2022/09/15 22:59:31 proxying data from :5001 to tcp-echo.fly.dev:5001\n2022/09/15 22:59:31 proxying data from :7001 to tcp-echo.fly.dev:7002\n2022/09/15 22:59:31 proxying data from :7001 to tcp-echo.fly.dev:7001\n2022/09/15 22:59:31 proxying data from :5001 to tcp-echo.fly.dev:5002\n2022/09/15 22:59:31 proxying data from :7001 to tcp-echo.fly.dev:7002\n2022/09/15 22:59:31 proxying data from :6001 to tcp-echo.fly.dev:6002\n2022/09/15 22:59:31 proxying data from :6001 to tcp-echo.fly.dev:6001\n2022/09/15 22:59:31 proxying data from :6001 to tcp-echo.fly.dev:6002\n2022/09/15 22:59:31 proxying data from :5001 to tcp-echo.fly.dev:5001\n2022/09/15 22:59:31 proxying data from :5001 to tcp-echo.fly.dev:5002\n```\n\n- Test manually with netcat from your localhost\n\n```bash\n[aranda@hyperion :: ~ ] $ echo \"test\" | nc -v -4 192.168.122.172 7200\n\nNcat: Version 7.92 ( https://nmap.org/ncat )\nNcat: Connected to 192.168.122.172:7200.\nTEST\n```\n\n- The debug message will popup as well\n\n```bash\n2022/09/15 23:03:14 proxying data from :7001 to tcp-echo.fly.dev:7001\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffbac%2Fskproxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffbac%2Fskproxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffbac%2Fskproxy/lists"}