Proxy your raw TCP requests
proxifyis a simple tool, which routes connection on specific port to given targets.
- It supports
eBPF steeringwhich routes connections on any configured port to proxifies’s listener port.
You’ll need a Linux host running kernel >= 5.9 (when they introduced sk_lookup) to build and run your BPF program. Linux in Docker on an M1 Mac will not work. If you don’t have access to a Linux box and can’t run a VM you can spin up a dev VM.
You’ll need the following tools and libraries installed:
bpftoolcompiled for a >= 5.9 kernel, because pre-5.9
bpftooldoesn’t know what an sk_lookup program is.
libbpfsource code, which you can get from Github, because it has a recent
bpf_sk_assignin it, which you need to make this program work.
clang>10 to generate ELF .o’s that new bpftool will load from.
➜ ./proxify --help Usage of ./proxify: -b enable bpf steering -p int listener port for bpf steering (default 8080)
Running the code
# Build the proxify binary make proxify # To run in normal mode. Open up terminal and run the following command ./proxify # To run in eBPF steering mode. Open up terminal and run the following. sudo ./proxify -b # On a different termial, run the following command echo "hello there general kenobi" | nc -N -4 localhost 5001
# Run in eBPF steering mode. Open up terminal and run the following. sudo ./proxify -b # On a different termial, run the following command echo "hello there general kenobi" | nc -N -4 localhost 5001 # Check bpfmaps sudo bpftool map # Dump map data from id sudo bptfool map dump id <id_number> # Update new data to proxy_ports map. This adds port 7 to it. sudo bpftool map update id <id_number> key 0x07 0x00 value 0x00 # Test the connection, it should work echo "hello there general kenobi" | nc -N -4 localhost 7 # Check link sudo bpftool link
- Add tests
- Add github actions
- Update bpf maps on reload
- Add monitoring
- Add structured logging
- Background Health checks for unhealthy targets.
- Filter requests from the start from unverified sources.
- Encryption/decryption support for requests.
- Caching support.
- Support batch request instead of just single request.
- Add security by adding authentication for client requests using certificates.