fbe3310840
sockex2_kern.c is purposefully large eBPF program in C. llvm compiles ~200 lines of C code into ~300 eBPF instructions. It's similar to __skb_flow_dissect() to demonstrate that complex packet parsing can be done by eBPF. Then it uses (struct flow_keys)->dst IP address (or hash of ipv6 dst) to keep stats of number of packets per IP. User space loads eBPF program, attaches it to loopback interface and prints dest_ip->#packets stats every second. Usage: $sudo samples/bpf/sockex2 ip 127.0.0.1 count 19 ip 127.0.0.1 count 178115 ip 127.0.0.1 count 369437 ip 127.0.0.1 count 559841 ip 127.0.0.1 count 750539 Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Signed-off-by: David S. Miller <davem@davemloft.net>
45 lines
881 B
C
45 lines
881 B
C
#include <stdio.h>
|
|
#include <assert.h>
|
|
#include <linux/bpf.h>
|
|
#include "libbpf.h"
|
|
#include "bpf_load.h"
|
|
#include <unistd.h>
|
|
#include <arpa/inet.h>
|
|
|
|
int main(int ac, char **argv)
|
|
{
|
|
char filename[256];
|
|
FILE *f;
|
|
int i, sock;
|
|
|
|
snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]);
|
|
|
|
if (load_bpf_file(filename)) {
|
|
printf("%s", bpf_log_buf);
|
|
return 1;
|
|
}
|
|
|
|
sock = open_raw_sock("lo");
|
|
|
|
assert(setsockopt(sock, SOL_SOCKET, SO_ATTACH_BPF, prog_fd,
|
|
sizeof(prog_fd[0])) == 0);
|
|
|
|
f = popen("ping -c5 localhost", "r");
|
|
(void) f;
|
|
|
|
for (i = 0; i < 5; i++) {
|
|
int key = 0, next_key;
|
|
long long value;
|
|
|
|
while (bpf_get_next_key(map_fd[0], &key, &next_key) == 0) {
|
|
bpf_lookup_elem(map_fd[0], &next_key, &value);
|
|
printf("ip %s count %lld\n",
|
|
inet_ntoa((struct in_addr){htonl(next_key)}),
|
|
value);
|
|
key = next_key;
|
|
}
|
|
sleep(1);
|
|
}
|
|
return 0;
|
|
}
|