https://github.com/shreyaskarnik/ebpf-xdp
https://github.com/shreyaskarnik/ebpf-xdp
Last synced: about 1 year ago
JSON representation
- Host: GitHub
- URL: https://github.com/shreyaskarnik/ebpf-xdp
- Owner: shreyaskarnik
- License: mit
- Created: 2022-07-02T00:45:41.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2023-02-25T11:26:23.000Z (over 3 years ago)
- Last Synced: 2025-02-14T11:52:57.878Z (over 1 year ago)
- Language: Go
- Size: 704 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
README
# ebpf-xdp
* This repo contains code to build a tool to examine IP address a host is connecting to.
Here [eBPF](https://ebpf.io/) is used to write a program in kernel space using [XDP](https://docs.cilium.io/en/stable/concepts/ebpf/intro/) to examine the packets and extract the IP address.
* Since XDP is the earliest point where the packets can be intercepted it was very interesting to experiment with and learn.
* All sorts of interesting things such as filtering and re-shaping plus introspection into the packet data can be performed using XDP.
* Used Golang to write the userspace program to display the IP address with the count of packets.
* Used [Cilium eBPF](https://github.com/cilium/ebpf) to write the userspace Go code. There is a very handy tool [bpf2go](github.com/cilium/ebpf/cmd/bpf2go) which can be used to generate the Go code from the eBPF code.
* Used [Bubble-Table](https://github.com/Evertras/bubble-table) which is based on the [BubbleTea](https://github.com/charmbracelet/bubbletea) framework to product the TUI
## Development
Pre-requisites:
* Host OS with Docker installed
* Currently cannot be run on Docker for Mac
```bash
make docker-run
```
This will open up a shell with the Docker container that has all the dependencies installed
```bash
make build
# on amd64 machine (use ebpf-xdp-arm64 if you are on arm64)
./bin/ebpf-xdp
# ./bin/ebpf-xdp eth0
```
Example Output:
XDP Kernel program can be found [here](./ebpf/xdp.c)
The header files for the XDP kernel program are generated and downloaded by [update.sh](./ebpf/headers/update.sh) and [vmlinux.sh](./ebpf/headers/vmlinux.sh)
## TODOs
* Add support for IPv6 addresses