This adventures starts with a simple eBPF program to transparently redirect DNS requests on port 53 for a single program (or docker container). To do this I used BPF_CGROUP_INET4_CONNECT on a cgroup. That lets me inspect and redirect traffic when syscall.connect occurs from within the cgroup. Here is a simplified version 👇 int handle_connect_redirect(struct bpf_sock_addr *ctx, __be32 original_ip, bool is_connect4, struct redirect_result *result) { __be32 new_ip = original_ip; __be16 new_port = ctx->user_port; if (ctx->user_port == bpf_htons(53)) { new_ip = const_mitm_proxy_address; // Our MITM DNS server we're using for intercept new_port = bpf_htons(const_dns_proxy_port); } result->is_redirected = did_redirect; result->ip = new_ip; result->port = new_port; return 1; } SEC("cgroup/connect4") int connect4(struct bpf_sock_addr *ctx) { struct redirect_result r = { .ip = ctx->user_ip4, .port = ctx->user_port, .is_redirected = false, }; handle_connect_redirect(ctx, ctx->user_ip4, true, &r); if (r.is_redirected) { // If we redirected the request then we need to update the socket // destination to the new IP and port ctx->user_ip4 = r.ip; ctx->user_port = r.port; } return 1; } The machines running the program don’t have IPv6 support, so my assumption was that I’d covered the bases.

Bootc and associated tools provide the basis for building a personalised desktop. This article will describe the process to build your own custom installation.

Do you know anyone who's still running a PC from the early 2000s?

If you want to make Linux as productive an environment as possible, the terminal window is where it's at. Here are five things that can be done efficiently from the command line.