Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/florianl/tc-skeleton

Simple project to demonstrate the loading of eBPF programs via florianl/go-tc.
https://github.com/florianl/tc-skeleton

ebpf kernel linux network-programming

Last synced: 8 days ago
JSON representation

Simple project to demonstrate the loading of eBPF programs via florianl/go-tc.

Awesome Lists containing this project

README 

        
tc-skeleton

===========



Simple project to demonstrate the loading of eBPF programs via [florianl/go-tc](https://github.com/florianl/go-tc).



```

  $ cd ebpf

  $ make clean

  $ make drop

  $ cd ..

  $ go run main.go

```



Overview

--------

After the eBPF code is loaded from `ebpf/drop` the eBPF program `ingress_drop` is loaded into the kernel. In a next step this PoC creates a dummy interface. So it does not alter existing configurations or network interfaces. Then a [qdisc and filter](https://man7.org/linux/man-pages/man8/tc.8.html) are attached via the [netlink interface](https://man7.org/linux/man-pages/man7/netlink.7.html) of the kernel to this dummy interface. The file descriptor of the eBPF program `ingress_drop` is passed as argument of the filter to the kernel. With attaching the filter to the interface the eBPF program `ingress_drop` will run on every packet on the interface.



Privileges

----------

This PoC uses the [`netlink`](https://man7.org/linux/man-pages/man7/netlink.7.html) and [`eBPF`](https://man7.org/linux/man-pages/man2/bpf.2.html) interface of the kernel and therefore it requires special privileges. You can provide this privileges by adjusting the `CAP_NET_ADMIN` capabilities.