Categorygithub.com/cloudflare/cloudflare-blog2018-03-ebpf
package
0.0.0-20241223123140-b986ffcde9b0
Repository: https://github.com/cloudflare/cloudflare-blog.git
Documentation: pkg.go.dev
Overview
Dependencies
9
Dependents
0

# README

Using eBPF on SOCK_STREAM connections

This code does two things. First, it uses github.com/nathanjsweet/ebpf golang module to set up an eBPF filter and map on a SOCK_STREAM (aka: TCP) socket.

Then it hacks together a custom net.DialTCP implementation, which sets up the eBPF filter in the right place - to allow it capture SYN+ACK packet.

The result is that we can extract IP TTL values from the return SYN+ACK packet.

Example run:

go build -o ttl-ebpf .
./ttl-ebpf tcp4://google.com:80 tcp6://google.com:80
[+] All good. Measured TTL distance to tcp4://google.com:80 216.58.217.206:80 is 6
[+] All good. Measured TTL distance to tcp6://google.com:80 [2607:f8b0:4007:808::200e]:80 is 5