Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lbirchler/ip6hole
eBPF based tool to drop IPv6 traffic
https://github.com/lbirchler/ip6hole
ebpf ipv6 traffic-control xdp
Last synced: 5 days ago
JSON representation
eBPF based tool to drop IPv6 traffic
- Host: GitHub
- URL: https://github.com/lbirchler/ip6hole
- Owner: lbirchler
- License: mit
- Created: 2023-11-06T04:01:32.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2023-11-06T04:19:50.000Z (about 1 year ago)
- Last Synced: 2024-11-11T09:12:51.103Z (2 months ago)
- Topics: ebpf, ipv6, traffic-control, xdp
- Language: C
- Homepage:
- Size: 1.89 MB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# ip6hole
eBPF based tool to drop IPv6 trafficOverview
--------ip6hole attaches XDP and tc programs to a specified network device. The XDP program drops ingress traffic and the tc program drops egress traffic. All programs and maps are pinned allowing devices/interfaces to be added or removed on the fly.
Dependencies
------------Ubuntu/Debian:
```
# apt install clang libelf1 libelf-dev zlib1g-dev
```RHEL/CentOS/Fedora:
```
# dnf install clang elfutils-libelf elfutils-libelf-devel zlib-devel
```Build
-----### Initialize libbpf and bpftool submodules
When cloning the repository:
```
$ git clone --recurse-submodules https://github.com/lbirchler/ip6hole.git
```If you have already cloned the repository:
```
$ git submodule update --init
```### Build ip6hole
To build only:
```
$ cd src
$ make
```To build and install:
```
$ cd src
$ sudo make install
```Usage
-----```
Usage: ip6hole [OPTION...]
Drop IPv6 Traffic.USAGE: ip6hole [-a DEV] [-A] [-r DEV] [-R] [-s] [-d]
-a, --add=DEV Add device
-A, --add-all Add all devices
-d, --display Display dropped IPv6 traffic
-r, --remove=DEV Remove device
-R, --remove-all Remove all devices
-s, --status Display devices dropping IPv6 traffic
-v, --verbose Verbose debug output
-?, --help Give this help list
--usage Give a short usage message
```### Examples
#### Drop IPv6 traffic on specific device:
```
# ip6hole -a ens18
```#### Drop IPv6 traffic on all devices:
```
# ip6hole -A
```#### Display devices currently dropping IPv6 traffic:
```
# ip6hole -s
```
```
dev: 1 ingress prog id: 108 egress prog id: 106
dev: 2 ingress prog id: 108 egress prog id: 106
```#### Display dropped IPv6 traffic:
```
# ip6hole -d
```
```
[2] UDP INGRESS fe80::54fb:6523:f105:1143 > ff02::1:3, pkt_bytes 41
[2] UDP INGRESS fe80::54fb:6523:f105:1143 > ff02::1:3, pkt_bytes 41
[2] UDP INGRESS fe80::a55:31ff:fe6d:9892.5678 > ff02::1.5678, pkt_bytes 183
[2] UDP INGRESS fe80::54fb:6523:f105:1143 > ff02::1:3, pkt_bytes 41
[2] UDP INGRESS fe80::54fb:6523:f105:1143 > ff02::1:3, pkt_bytes 41
[2] ICMPV6 EGRESS 2605:ad80:20:3009:349f:b0ff:fee9:2795 > 2607:f8b0:4002:c2c::65, pkt_bytes 64
[2] ICMPV6 EGRESS 2605:ad80:20:3009:349f:b0ff:fee9:2795 > 2607:f8b0:4002:c2c::65, pkt_bytes 64
[2] ICMPV6 EGRESS 2605:ad80:20:3009:349f:b0ff:fee9:2795 > 2607:f8b0:4002:c2c::65, pkt_bytes 64
[2] ICMPV6 EGRESS 2605:ad80:20:3009:349f:b0ff:fee9:2795 > 2607:f8b0:4002:c2c::65, pkt_bytes 64
[2] ICMPV6 EGRESS 2605:ad80:20:3009:349f:b0ff:fee9:2795 > 2607:f8b0:4002:c2c::65, pkt_bytes 64
[2] ICMPV6 EGRESS fe80::349f:b0ff:fee9:2795 > fe80::a55:31ff:fe6d:9892, pkt_bytes 32
[2] ICMPV6 EGRESS fe80::349f:b0ff:fee9:2795 > fe80::a55:31ff:fe6d:9892, pkt_bytes 32
[2] ICMPV6 EGRESS fe80::349f:b0ff:fee9:2795 > fe80::a55:31ff:fe6d:9892, pkt_bytes 32
...
```#### Remove specific device (allow IPv6 traffic):
```
# ip6hole -r ens18
```#### Remove all devices (allow all IPv6 traffic):
```
# ip6hole -R
```note: `-R` will also unpin all programs and maps