optimize(bpf): Alternative way to avoid parsing packet at dae0

[jschwinger233]

Background

#562 caused more issues than benefits, such as #586. Unfortunately I failed to reproduce issues after several attempts. This PR reverts the changes, but introduced an alternative solution to avoid parsing packet at dae0_ingress.

The key idea is skbs at dae0_ingress are bound to be built from a local process (control plane process, dae), so we should be confident in using skb->sk->{local_ip4,dst_ip4,local_ip6,dst_ip6} to get tuples, instead of calling parse_transport() followed by get_tuples(). This doesn't work because udp listener socket always has zero value as sk->dst_ip4.

The key idea is to parse L3 by manually calling bpf_skb_load_bytes for twice only. The instruction number can be greatly reduced from 913 to 333 (jitted x64, kernel 6.5.0-1027-oem), -63% comparing to current main (using direct access). Before #562 the insn number can be as many as 1715, then it's -80%.

The subtle part is this PR deletes l4proto from redirect_tuple. This looks harmless as a TCP connection and a UDP "connection" with same src/dst ip should have same source, therefore they can safely share one redirect_entry.

One followup on me: review and fix ci kernel-test.

Checklist

• The Pull Request has been fully tested
• There's an entry in the CHANGELOGS
• There is a user-facing docs PR against https://github.com/daeuniverse/dae

Full Changelogs

• [Implement ...]

Issue Reference

Closes #586

Test Result

[mzz2017]

LGTM!

[umlka]

用了这个PR Build国内外(dae本机和局域网客户端)都上不了网了，通过抓包发现只有DNS请求，但收不到DNS应答，dae那边是劫持到了DNS请求了的

环境

debian@Copy-of-VM-debian:~$ uname -a
Linux Copy-of-VM-debian 6.1.0-23-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.99-1 (2024-07-15) x86_64 GNU/Linux
debian@Copy-of-VM-debian:~$ dae -v
dae version unstable-20240807.pr-600.r2.307338
go runtime go1.22.5 linux/amd64
Copyright (c) 2022-2024 @daeuniverse
License GNU AGPLv3 <https://github.com/daeuniverse/dae/blob/main/LICENSE>

测试

debian@Copy-of-VM-debian:~$ curl -v one.one.one.one
* Could not resolve host: one.one.one.one
* Closing connection 0
curl: (6) Could not resolve host: one.one.one.one
debian@Copy-of-VM-debian:~$ curl -v 1.1.1.1
*   Trying 1.1.1.1:80...
* Connected to 1.1.1.1 (1.1.1.1) port 80 (#0)
> GET / HTTP/1.1
> Host: 1.1.1.1
> User-Agent: curl/7.88.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: cloudflare
< Date: Thu, 08 Aug 2024 08:15:30 GMT
< Content-Type: text/html
< Content-Length: 167
< Connection: keep-alive
< Location: https://1.1.1.1/
< CF-RAY: 8afe0f17edaf2f7a-LAX
<
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>cloudflare</center>
</body>
</html>
* Connection #0 to host 1.1.1.1 left intact

[umlka]

现在正常了

[douglarek]

Is there something preventing this PR from being merged? The latest main branch cannot run on the OpenWrt 6.6 kernel without this PR. @jschwinger233 @mzz2017

I have tested this PR on OpenWrt, and it works well. Is there anything else that needs testing?

[dae-prow]

🧪 Since the PR has been fully tested, please consider merging it.