102 lines
2.8 KiB
Go
102 lines
2.8 KiB
Go
|
// This program demonstrates attaching an eBPF program to a network interface
|
||
|
// with XDP (eXpress Data Path). The program parses the IPv4 source address
|
||
|
// from packets and writes the packet count by IP to an LRU hash map.
|
||
|
// The userspace program (Go code in this file) prints the contents
|
||
|
// of the map to stdout every second.
|
||
|
// It is possible to modify the XDP program to drop or redirect packets
|
||
|
// as well -- give it a try!
|
||
|
// This example depends on bpf_link, available in Linux kernel version 5.7 or newer.
|
||
|
package main
|
||
|
|
||
|
import (
|
||
|
"bytes"
|
||
|
"encoding/binary"
|
||
|
"errors"
|
||
|
"log"
|
||
|
"net"
|
||
|
"os"
|
||
|
|
||
|
"github.com/cilium/ebpf/link"
|
||
|
"github.com/cilium/ebpf/ringbuf"
|
||
|
"github.com/cilium/ebpf/rlimit"
|
||
|
)
|
||
|
|
||
|
//go:generate go run github.com/cilium/ebpf/cmd/bpf2go --type knock_data hyp_bpf hyp_bpf.c -- -I../headers
|
||
|
|
||
|
func main() {
|
||
|
if len(os.Args) < 2 {
|
||
|
log.Fatalf("Please specify a network interface")
|
||
|
}
|
||
|
|
||
|
// Look up the network interface by name.
|
||
|
ifaceName := os.Args[1]
|
||
|
iface, err := net.InterfaceByName(ifaceName)
|
||
|
if err != nil {
|
||
|
log.Fatalf("lookup network iface %q: %s", ifaceName, err)
|
||
|
}
|
||
|
|
||
|
// Allow the current process to lock memory for eBPF resources.
|
||
|
if err := rlimit.RemoveMemlock(); err != nil {
|
||
|
log.Fatal(err)
|
||
|
}
|
||
|
|
||
|
// Load pre-compiled programs into the kernel.
|
||
|
objs := hyp_bpfObjects{}
|
||
|
if err := loadHyp_bpfObjects(&objs, nil); err != nil {
|
||
|
log.Fatalf("loading objects: %s", err)
|
||
|
}
|
||
|
defer objs.Close()
|
||
|
|
||
|
// Attach the program.
|
||
|
l, err := link.AttachXDP(link.XDPOptions{
|
||
|
Program: objs.XdpProgFunc,
|
||
|
Interface: iface.Index,
|
||
|
})
|
||
|
if err != nil {
|
||
|
log.Fatalf("could not attach XDP program: %s", err)
|
||
|
}
|
||
|
defer l.Close()
|
||
|
|
||
|
log.Printf("Attached XDP program to iface %q (index %d)", iface.Name, iface.Index)
|
||
|
log.Printf("Press Ctrl-C to exit and remove the program")
|
||
|
|
||
|
rd, err := ringbuf.NewReader(objs.Rb)
|
||
|
if err != nil {
|
||
|
log.Fatalf("could not open ring buffer reader: %s", err)
|
||
|
}
|
||
|
defer rd.Close()
|
||
|
|
||
|
var event hyp_bpfKnockData
|
||
|
for {
|
||
|
log.Print("waiting for event")
|
||
|
record, err := rd.Read()
|
||
|
log.Print("got event")
|
||
|
if err != nil {
|
||
|
if errors.Is(err, ringbuf.ErrClosed) {
|
||
|
log.Println("Received signal, exiting..")
|
||
|
return
|
||
|
}
|
||
|
log.Printf("reading from reader: %s", err)
|
||
|
continue
|
||
|
}
|
||
|
|
||
|
if err := binary.Read(bytes.NewBuffer(record.RawSample), binary.LittleEndian, &event); err != nil {
|
||
|
log.Printf("parsing ringbuf event: %s", err)
|
||
|
continue
|
||
|
}
|
||
|
|
||
|
//log.Printf("source IP: %v\nproto (int): %d\nproto (v): %v", intToIP(event.Srcip), event.Proto, event.Proto)
|
||
|
log.Printf("srcip (raw): %v\nsrcip (parsed): %v\ndstport: %v", event.Srcip, intToIP(event.Srcip), event.Dstport)
|
||
|
//log.Printf("dstport: %v", event.Dstport)
|
||
|
|
||
|
}
|
||
|
|
||
|
}
|
||
|
|
||
|
// intToIP converts IPv4 number to net.IP
|
||
|
func intToIP(ipNum uint32) net.IP {
|
||
|
ip := make(net.IP, 4)
|
||
|
binary.BigEndian.PutUint32(ip, ipNum)
|
||
|
return ip
|
||
|
}
|