diff options
author | Alexei Starovoitov <ast@plumgrid.com> | 2014-12-01 15:06:36 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-12-05 21:47:32 -0800 |
commit | 03f4723ed7a52bd31da26eefe2cdde563ea0f468 (patch) | |
tree | 4a3f1b2427c8bf1f2e86f4f1e842a32c5602b621 /samples/bpf/libbpf.h | |
parent | 89aa075832b0da4402acebd698d0411dcc82d03e (diff) | |
download | linux-03f4723ed7a52bd31da26eefe2cdde563ea0f468.tar.bz2 |
samples: bpf: example of stateful socket filtering
this socket filter example does:
- creates arraymap in kernel with key 4 bytes and value 8 bytes
- loads eBPF program which assumes that packet is IPv4 and loads one byte of
IP->proto from the packet and uses it as a key in a map
r0 = skb->data[ETH_HLEN + offsetof(struct iphdr, protocol)];
*(u32*)(fp - 4) = r0;
value = bpf_map_lookup_elem(map_fd, fp - 4);
if (value)
(*(u64*)value) += 1;
- attaches this program to raw socket
- every second user space reads map[IPPROTO_TCP], map[IPPROTO_UDP], map[IPPROTO_ICMP]
to see how many packets of given protocol were seen on loopback interface
Usage:
$sudo samples/bpf/sock_example
TCP 0 UDP 0 ICMP 0 packets
TCP 187600 UDP 0 ICMP 4 packets
TCP 376504 UDP 0 ICMP 8 packets
TCP 563116 UDP 0 ICMP 12 packets
TCP 753144 UDP 0 ICMP 16 packets
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'samples/bpf/libbpf.h')
-rw-r--r-- | samples/bpf/libbpf.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/samples/bpf/libbpf.h b/samples/bpf/libbpf.h index f8678e5f48bf..cc62ad4d95de 100644 --- a/samples/bpf/libbpf.h +++ b/samples/bpf/libbpf.h @@ -99,6 +99,16 @@ extern char bpf_log_buf[LOG_BUF_SIZE]; BPF_LD_IMM64_RAW(DST, BPF_PSEUDO_MAP_FD, MAP_FD) +/* Direct packet access, R0 = *(uint *) (skb->data + imm32) */ + +#define BPF_LD_ABS(SIZE, IMM) \ + ((struct bpf_insn) { \ + .code = BPF_LD | BPF_SIZE(SIZE) | BPF_ABS, \ + .dst_reg = 0, \ + .src_reg = 0, \ + .off = 0, \ + .imm = IMM }) + /* Memory load, dst_reg = *(uint *) (src_reg + off16) */ #define BPF_LDX_MEM(SIZE, DST, SRC, OFF) \ @@ -169,4 +179,7 @@ extern char bpf_log_buf[LOG_BUF_SIZE]; .off = 0, \ .imm = 0 }) +/* create RAW socket and bind to interface 'name' */ +int open_raw_sock(const char *name); + #endif |