diff options
| author | Alexei Starovoitov <ast@plumgrid.com> | 2014-12-01 18:06:36 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-12-06 00:47:32 -0500 |
| commit | 03f4723ed7a52bd31da26eefe2cdde563ea0f468 (patch) | |
| tree | 4a3f1b2427c8bf1f2e86f4f1e842a32c5602b621 /samples/bpf/sock_example.c | |
| parent | 89aa075832b0da4402acebd698d0411dcc82d03e (diff) | |
samples: bpf: example of stateful socket filtering
this socket filter example does:
- creates arraymap in kernel with key 4 bytes and value 8 bytes
- loads eBPF program which assumes that packet is IPv4 and loads one byte of
IP->proto from the packet and uses it as a key in a map
r0 = skb->data[ETH_HLEN + offsetof(struct iphdr, protocol)];
*(u32*)(fp - 4) = r0;
value = bpf_map_lookup_elem(map_fd, fp - 4);
if (value)
(*(u64*)value) += 1;
- attaches this program to raw socket
- every second user space reads map[IPPROTO_TCP], map[IPPROTO_UDP], map[IPPROTO_ICMP]
to see how many packets of given protocol were seen on loopback interface
Usage:
$sudo samples/bpf/sock_example
TCP 0 UDP 0 ICMP 0 packets
TCP 187600 UDP 0 ICMP 4 packets
TCP 376504 UDP 0 ICMP 8 packets
TCP 563116 UDP 0 ICMP 12 packets
TCP 753144 UDP 0 ICMP 16 packets
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'samples/bpf/sock_example.c')
| -rw-r--r-- | samples/bpf/sock_example.c | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/samples/bpf/sock_example.c b/samples/bpf/sock_example.c new file mode 100644 index 000000000000..c8ad0404416f --- /dev/null +++ b/samples/bpf/sock_example.c | |||
| @@ -0,0 +1,101 @@ | |||
| 1 | /* eBPF example program: | ||
| 2 | * - creates arraymap in kernel with key 4 bytes and value 8 bytes | ||
| 3 | * | ||
| 4 | * - loads eBPF program: | ||
| 5 | * r0 = skb->data[ETH_HLEN + offsetof(struct iphdr, protocol)]; | ||
| 6 | * *(u32*)(fp - 4) = r0; | ||
| 7 | * // assuming packet is IPv4, lookup ip->proto in a map | ||
| 8 | * value = bpf_map_lookup_elem(map_fd, fp - 4); | ||
| 9 | * if (value) | ||
| 10 | * (*(u64*)value) += 1; | ||
| 11 | * | ||
| 12 | * - attaches this program to eth0 raw socket | ||
| 13 | * | ||
| 14 | * - every second user space reads map[tcp], map[udp], map[icmp] to see | ||
| 15 | * how many packets of given protocol were seen on eth0 | ||
| 16 | */ | ||
| 17 | #include <stdio.h> | ||
| 18 | #include <unistd.h> | ||
| 19 | #include <assert.h> | ||
| 20 | #include <linux/bpf.h> | ||
| 21 | #include <string.h> | ||
| 22 | #include <stdlib.h> | ||
| 23 | #include <errno.h> | ||
| 24 | #include <sys/socket.h> | ||
| 25 | #include <arpa/inet.h> | ||
| 26 | #include <linux/if_ether.h> | ||
| 27 | #include <linux/ip.h> | ||
| 28 | #include <stddef.h> | ||
| 29 | #include "libbpf.h" | ||
| 30 | |||
| 31 | static int test_sock(void) | ||
| 32 | { | ||
| 33 | int sock = -1, map_fd, prog_fd, i, key; | ||
| 34 | long long value = 0, tcp_cnt, udp_cnt, icmp_cnt; | ||
| 35 | |||
| 36 | map_fd = bpf_create_map(BPF_MAP_TYPE_ARRAY, sizeof(key), sizeof(value), | ||
| 37 | 256); | ||
| 38 | if (map_fd < 0) { | ||
| 39 | printf("failed to create map '%s'\n", strerror(errno)); | ||
| 40 | goto cleanup; | ||
| 41 | } | ||
| 42 | |||
| 43 | struct bpf_insn prog[] = { | ||
| 44 | BPF_MOV64_REG(BPF_REG_6, BPF_REG_1), | ||
| 45 | BPF_LD_ABS(BPF_B, ETH_HLEN + offsetof(struct iphdr, protocol) /* R0 = ip->proto */), | ||
| 46 | BPF_STX_MEM(BPF_W, BPF_REG_10, BPF_REG_0, -4), /* *(u32 *)(fp - 4) = r0 */ | ||
| 47 | BPF_MOV64_REG(BPF_REG_2, BPF_REG_10), | ||
| 48 | BPF_ALU64_IMM(BPF_ADD, BPF_REG_2, -4), /* r2 = fp - 4 */ | ||
| 49 | BPF_LD_MAP_FD(BPF_REG_1, map_fd), | ||
| 50 | BPF_RAW_INSN(BPF_JMP | BPF_CALL, 0, 0, 0, BPF_FUNC_map_lookup_elem), | ||
| 51 | BPF_JMP_IMM(BPF_JEQ, BPF_REG_0, 0, 2), | ||
| 52 | BPF_MOV64_IMM(BPF_REG_1, 1), /* r1 = 1 */ | ||
| 53 | BPF_RAW_INSN(BPF_STX | BPF_XADD | BPF_DW, BPF_REG_0, BPF_REG_1, 0, 0), /* xadd r0 += r1 */ | ||
| 54 | BPF_MOV64_IMM(BPF_REG_0, 0), /* r0 = 0 */ | ||
| 55 | BPF_EXIT_INSN(), | ||
| 56 | }; | ||
| 57 | |||
| 58 | prog_fd = bpf_prog_load(BPF_PROG_TYPE_SOCKET_FILTER, prog, sizeof(prog), | ||
| 59 | "GPL"); | ||
| 60 | if (prog_fd < 0) { | ||
| 61 | printf("failed to load prog '%s'\n", strerror(errno)); | ||
| 62 | goto cleanup; | ||
| 63 | } | ||
| 64 | |||
| 65 | sock = open_raw_sock("lo"); | ||
| 66 | |||
| 67 | if (setsockopt(sock, SOL_SOCKET, SO_ATTACH_BPF, &prog_fd, | ||
| 68 | sizeof(prog_fd)) < 0) { | ||
| 69 | printf("setsockopt %s\n", strerror(errno)); | ||
| 70 | goto cleanup; | ||
| 71 | } | ||
| 72 | |||
| 73 | for (i = 0; i < 10; i++) { | ||
| 74 | key = IPPROTO_TCP; | ||
| 75 | assert(bpf_lookup_elem(map_fd, &key, &tcp_cnt) == 0); | ||
| 76 | |||
| 77 | key = IPPROTO_UDP; | ||
| 78 | assert(bpf_lookup_elem(map_fd, &key, &udp_cnt) == 0); | ||
| 79 | |||
| 80 | key = IPPROTO_ICMP; | ||
| 81 | assert(bpf_lookup_elem(map_fd, &key, &icmp_cnt) == 0); | ||
| 82 | |||
| 83 | printf("TCP %lld UDP %lld ICMP %lld packets\n", | ||
| 84 | tcp_cnt, udp_cnt, icmp_cnt); | ||
| 85 | sleep(1); | ||
| 86 | } | ||
| 87 | |||
| 88 | cleanup: | ||
| 89 | /* maps, programs, raw sockets will auto cleanup on process exit */ | ||
| 90 | return 0; | ||
| 91 | } | ||
| 92 | |||
| 93 | int main(void) | ||
| 94 | { | ||
| 95 | FILE *f; | ||
| 96 | |||
| 97 | f = popen("ping -c5 localhost", "r"); | ||
| 98 | (void)f; | ||
| 99 | |||
| 100 | return test_sock(); | ||
| 101 | } | ||