Created
August 9, 2021 17:50
-
-
Save Saruspete/4beb03761cd3e97cafa0d0121b5c9e11 to your computer and use it in GitHub Desktop.
xdp prog to drop unknown ethertype 0xcafe frm Veritas Cluster that increments bond interfaces drop counter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <linux/if_ether.h> | |
| #include <linux/bpf.h> | |
| #include <arpa/inet.h> | |
| #define SEC(NAME) __attribute__((section(NAME), used)) | |
| SEC("xdpdropcafe") | |
| int xdp_dropcafe(struct xdp_md *xdp) { | |
| void *data_end = (void *)(long)xdp->data_end; | |
| void *data = (void *)(long)xdp->data; | |
| struct ethhdr *eth = data; | |
| // Require to pass the ebpf validation tests | |
| if (eth + 1 > data_end) | |
| return XDP_DROP; | |
| // Just drop it | |
| if (eth->h_proto == htons(0xcafe)) | |
| return XDP_DROP; | |
| // Let the stack process it | |
| return XDP_PASS; | |
| } | |
| char _license[] SEC("license") = "GPL"; | |
| // Compile with: | |
| // PROG="xdpdropcafe" | |
| // clang -O2 -Wall -Wno-compare-distinct-pointer-types -target bpf -c "${PROG}.c" -o "${PROG}.o" | |
| // Load with: | |
| // PIN="/sys/fs/bpf/$PROG" | |
| // bpftool prog load "./${PROG}.o" "$PIN" | |
| // List target ifaces: | |
| // typeset -a IFACES | |
| // for bondmaster in $(</sys/class/net/bonding_masters); do | |
| // IFACES+=($bondmaster) | |
| // for iface in /sys/class/net/$bondmaster/lower_*; do | |
| // slave="${iface##*lower_}" | |
| // IFACES+=($slave) | |
| // done | |
| // done | |
| // Attach with: | |
| // for iface in "${IFACES[@]}"; do | |
| // bpftool net attach xdp pinned $PIN dev $iface | |
| // done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment