Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/badboy/ebpf-icmp-ping
https://github.com/badboy/ebpf-icmp-ping
Last synced: 24 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/badboy/ebpf-icmp-ping
- Owner: badboy
- Created: 2017-03-04T15:40:42.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2017-04-16T11:40:23.000Z (almost 8 years ago)
- Last Synced: 2024-12-24T02:01:15.404Z (28 days ago)
- Language: C
- Homepage: https://fnordig.de/2017/03/04/send-icmp-echo-replies-using-ebpf/
- Size: 4.88 KB
- Stars: 55
- Watchers: 3
- Forks: 12
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Send ICMP Echo Replies using eBPF
The code parses the passed network packet into its Ethernet, IP and ICMP header,
swaps addresses (MAC and IP addresses), changes the ICMP type to `ICMP Echo Reply`,
re-calculates the ICMP checksum and sends the modified packet back out over the same interface.
## Requirements
* A recent kernel. Tested with 4.8 and 4.9
* `iproute2 v4.9`. v4.10 has a bug makig it unusable.
If your system does not provide it,
compile it from [git](https://wiki.linuxfoundation.org/networking/iproute2).
Installation is not needed, the `tc` binary is enough.
* Clang `>= 3.8`. eBPF backend required.
Code was tested on Ubuntu 16.10 with self-compiled iproute2 v4.9 and clang 4.0.
## Run
First create a qdisc, then attach the classification and action, and at last show logging information:
```
make bpf.o
make qdisc
make run
make show exec
```
Delete filters and qdiscs afterwards:
```
make delete
make qdisc-delete
```
## The code
The code in [`bpf.c`](bpf.c) is commented to explain each step.
## Resources
* [ebpf-trekking](https://github.com/muhammadzaheer/ebpf-trekking/blob/master/treks/ping_reply/ping_reply.py), an implementation using [bcc](https://github.com/iovisor/bcc)