a80857822b
this example does the same task as previous socket example in assembler, but this one does it in C. eBPF program in kernel does: /* assume that packet is IPv4, load one byte of IP->proto */ int index = load_byte(skb, ETH_HLEN + offsetof(struct iphdr, protocol)); long *value; value = bpf_map_lookup_elem(&my_map, &index); if (value) __sync_fetch_and_add(value, 1); Corresponding user space reads map[tcp], map[udp], map[icmp] and prints protocol stats every second Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net>
50 lines
981 B
C
50 lines
981 B
C
#include <stdio.h>
|
|
#include <assert.h>
|
|
#include <linux/bpf.h>
|
|
#include "libbpf.h"
|
|
#include "bpf_load.h"
|
|
#include <unistd.h>
|
|
#include <arpa/inet.h>
|
|
|
|
int main(int ac, char **argv)
|
|
{
|
|
char filename[256];
|
|
FILE *f;
|
|
int i, sock;
|
|
|
|
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
|
|
|
|
if (load_bpf_file(filename)) {
|
|
printf("%s", bpf_log_buf);
|
|
return 1;
|
|
}
|
|
|
|
sock = open_raw_sock("lo");
|
|
|
|
assert(setsockopt(sock, SOL_SOCKET, SO_ATTACH_BPF, prog_fd,
|
|
sizeof(prog_fd[0])) == 0);
|
|
|
|
f = popen("ping -c5 localhost", "r");
|
|
(void) f;
|
|
|
|
for (i = 0; i < 5; i++) {
|
|
long long tcp_cnt, udp_cnt, icmp_cnt;
|
|
int key;
|
|
|
|
key = IPPROTO_TCP;
|
|
assert(bpf_lookup_elem(map_fd[0], &key, &tcp_cnt) == 0);
|
|
|
|
key = IPPROTO_UDP;
|
|
assert(bpf_lookup_elem(map_fd[0], &key, &udp_cnt) == 0);
|
|
|
|
key = IPPROTO_ICMP;
|
|
assert(bpf_lookup_elem(map_fd[0], &key, &icmp_cnt) == 0);
|
|
|
|
printf("TCP %lld UDP %lld ICMP %lld packets\n",
|
|
tcp_cnt, udp_cnt, icmp_cnt);
|
|
sleep(1);
|
|
}
|
|
|
|
return 0;
|
|
}
|