{"id":13758803,"url":"https://github.com/InfobloxOpen/ebpf","last_synced_at":"2025-05-10T08:30:49.845Z","repository":{"id":57614313,"uuid":"379991270","full_name":"infobloxopen/ebpf","owner":"infobloxopen","description":"A CoreDNS plugin that will attach an eBPF XDP program to a specified interface","archived":false,"fork":false,"pushed_at":"2021-12-22T15:50:45.000Z","size":243,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-02-11T16:52:10.048Z","etag":null,"topics":["coredns","ebpf","plugin","xdp"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/infobloxopen.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-06-24T16:41:50.000Z","updated_at":"2024-02-02T20:05:49.000Z","dependencies_parsed_at":"2022-09-11T01:01:35.093Z","dependency_job_id":null,"html_url":"https://github.com/infobloxopen/ebpf","commit_stats":null,"previous_names":["chrisohaver/ebpf"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infobloxopen%2Febpf","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infobloxopen%2Febpf/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infobloxopen%2Febpf/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/infobloxopen%2Febpf/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/infobloxopen","download_url":"https://codeload.github.com/infobloxopen/ebpf/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253389563,"owners_count":21900775,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["coredns","ebpf","plugin","xdp"],"created_at":"2024-08-03T13:00:37.404Z","updated_at":"2025-05-10T08:30:49.312Z","avatar_url":"https://github.com/infobloxopen.png","language":"C","funding_links":[],"categories":["External Plguins"],"sub_categories":[],"readme":"# ebpf\n\n## Name\n\n*ebpf* - attach an eBPF XDP program to a specified interface.\n\n## Description\n\nThis *experimental* plugin allows you to use an eBPF XDP program to analyze and filter traffic before it reaches CoreDNS,\nand report very basic Prometheus metrics. When CoreDNS exits, the program will be detached from the interface. \n\nThis generic solution serves in part as an example of how you can integrate an eBPF XDP program with CoreDNS with a\ncustom plugin. But due to the generic nature, map entry is somewhat cryptic and metrics must be defined in the Corefile,\nlimiting their scope. When writing your own plugin, you can tailor it to work with a specific XDP program, for example,\nto enable easier human-readable data entry or publish more advanced metrics.\n\n## Syntax\n\n~~~ txt\nebpf {\n  elf PROGRAM\n  if INTERFACE\n  map [KEY] VALUE\n  metric NAME KEY POS LEN \"HELP\"\n}\n~~~\n\n* `elf` **PROGRAM** - the ELF program to attach.  See notes below on program requirements.\n* `if` **INTERFACE** - the interface to attach to\n* `map` **KEY** **VALUE** - the hexidecimal string representations of the **KEY** and **VALUE** of\n  an entry to load into the eBPF map. You may specify the `map` option more than once to add multiple\n  items to the map. If **KEY** is not specified, the entry is treated as an array value.  To make multi-field\n  values easier to visually digest, **VALUE** may be delimited by dots.  e.g. `012345678.0000000000000000.9ABCDEF0`\n  This is for legibility of the Corefile only; any dots in **VALUE** are ignored by the parser.  When *debug* is used\n  the values written to log are not delimited.\n* `metric` **NAME** **KEY** **POS** **LEN** \"**HELP**\" - when used in conjunction with the *prometheus* plugin, register\n  a Prometheus \"gauge\" metric to expose a eBPF map value as an integer metric. The metric is named **NAME** with help\n  text of **HELP**.  The map value to use is determined by the **KEY**, byte position **POS**, and length **LEN** in\n  bytes.  **LEN** can be at most 8 bytes (64 bits).  The integer value should be little endian.\n  \nPlease be aware of the considerable footgun potential of this plugin.  An XDP program attached to an interface will act\non _all_ ingress packets to the interface - not just packets bound for CoreDNS.\n\n## eBPF Program and Map Requirements\n\nThe program must be an XDP program, and main function named `xdp_prog`.\nThe map must be named `xdp_map`.\n\nSome example programs written in C are included in https://github.com/infobloxopen/ebpf/tree/master/example_programs.\n\n## Examples\n\nIf `my_xdp_program.o` defines a map with a 4 byte key, and the following struct as a value ...\n```\nstruct maprec {\n  __be32  ip4net;  // ipv4 network\n  __be32  ip4mask; // ipv4 mask\n  __be32  count;   // packet count\n};\n```\n\nThe following will attach `my_xdp_program.o` to `eth0`, and load data for IP network `10.11.0.0` ,\nIP mask `255.255.0.0`, and a count of zero (`0A0B0000`, `FFFF0000`, and `00000000` respectively) into key `00000000` of\nthe map.\n\n```\n. {\n  ebpf {\n    if eth0\n    elf my_xdp_program.o\n    map 00000000 0A0B0000FFFF000000000000\n  }\n}\n```\nThe following adds dots to the map value to make it easier to read.\n\n```\n. {\n  ebpf {\n    if eth0\n    elf my_xdp_program.o\n    map 00000000 0A0B0000.FFFF0000.00000000\n  }\n}\n```\n\nThe following will enable debug to monitor map values and log when they change.\n\n```\n. {\n  debug\n  ebpf {\n    if eth0\n    elf my_xdp_program.o\n    map 00000000 0A0B0000.FFFF0000.00000000\n  }\n}\n```\n\nThe following adds map entries without specifying keys.  Each map entry is inserted as an array value, with an \nautomatically incrementing key.\n\n```\n. {\n  ebpf {\n    if eth0\n    elf my_xdp_program.o\n    map 0A0B0000.FFFF0000.00000000\n    map 0A0C0000.FFFF0000.00000000\n    map 0A0D0000.FFFF0000.00000000\n  }\n}\n```\n\nThe example above is equivalent to the following but with keys specified.  Note that the keys are little endian in\nthis example.\n\n```\n. {\n  ebpf {\n    if eth0\n    elf my_xdp_program.o\n    map 00000000 0A0B0000.FFFF0000.00000000\n    map 01000000 0A0C0000.FFFF0000.00000000\n    map 02000000 0A0D0000.FFFF0000.00000000\n  }\n}\n```\n\nThe following exposes a Prometheus metric.  The metric is named `coredns_ebpf_example_total` and the value will reflect\nthe rightmost 4 bytes from map entry `02000000`.\n\n```\n. {\n  prometheus :9153\n  ebpf {\n    if eth0\n    elf my_xdp_program.o\n    map 00000000 0A0B0000.FFFF0000.00000000\n    map 01000000 0A0C0000.FFFF0000.00000000\n    map 02000000 0A0D0000.FFFF0000.00000000\n    metric example_total 02000000 8 4 \"Example count.\"\n  }\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FInfobloxOpen%2Febpf","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FInfobloxOpen%2Febpf","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FInfobloxOpen%2Febpf/lists"}