7410d5cc2c
Perform various fixes and tweaks: - Rename several defines to make them more informative - Remove unrolling of loop in BPF programs - Reuse defines for program sections between userspace and kernel space programs - Perform fork+exec to run bpf_egress_loader script instead of system() - Add comment to copied scripts indicating I've modified them - Add pping.h and pping_helpers.h as dependencies in Makefile Also, add a brief description of what PPing is and how it works to README Signed-off-by: Simon Sundberg <simon.sundberg@kau.se>
PPing using XDP and TC-BPF
An implementation of the passive ping (pping) utility based on XDP (for ingress) and TC-BPF (for egress)
Simple description
Passive Ping (PPing) makes use of the TCP Timestamp option to calculate the RTT for TCP traffic passing through. PPing can be used on measure RTTs on end hosts or any device which sees both directions of the TCP flow.
For outgoing packets, it checks for TCP timestamp TSval in the TCP header. If it finds one it creates a timestamp for when it saw that TSval in a particular flow. On incomming packets it parses the TCP timestamp TSecr (which is the TSval echoed by the receiving host) and checks it has seen any previous outgoing packets with that TCP timestamp. If it has, an RTT is calculated as the difference in time between when it saw an outgoing packet with a TSval, and when it received an incomming packet from the reverse flow with a matching TSecr.
Note that TCP timestamps may not be unique for every packet in a flow, therefore it only matches the first outgoing packet with a particular TSval with the first incomming packet with a matching TSecr. Duplicate TSval/TSecr are ignored.
Planned design
