AF_XDP socket 测试

最新推荐文章于 2024-06-12 09:40:44 发布
最新推荐文章于 2024-06-12 09:40:44 发布
阅读量1.1k 收藏 3
点赞数
分类专栏: 代码分享 代码分析 日常记录 文章标签: linux 运维 服务器
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u010643777/article/details/129230592
版权

 本篇是之前博客[1]的进阶篇,博客中给出了相关环境安装配置。
 功能:本篇通过bpf程序,将icmp数据包重定向到AF_XDP socket。
 内核侧程序片断,xdpsock_kern.c

// SPDX-License-Identifier: GPL-2.0
#include <linux/bpf.h>
#include <linux/in.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#include <linux/types.h>
#include <stddef.h>
#include <memory.h>
#include <sys/types.h>

#define RR_LB 0
#define MAX_SOCKS 4

#define SEC(NAME) __attribute__((section(NAME), used))

#define __uint(name, val) int(*(name))[val]
#define __type(name, val) typeof(val) *(name)
#define __array(name, val) typeof(val) *(name)[]
//https://raw.githubusercontent.com/torvalds/linux/v4.19/tools/testing/selftests/bpf/bpf_helpers.h
static void *(*bpf_map_lookup_elem)(void *map, void *key) =
	(void *) BPF_FUNC_map_lookup_elem;
static int (*bpf_redirect_map)(void *map, int key, int flags) =
	(void *) BPF_FUNC_redirect_map;
struct {
    __uint(type, BPF_MAP_TYPE_ARRAY);
    __uint(key_size, sizeof(int));
    __uint(value_size, sizeof(int));
    __uint(max_entries, 1);
}qidconf_map SEC(".maps");

struct{
    __uint(type, BPF_MAP_TYPE_XSKMAP);
    __uint(key_size, sizeof(int));
    __uint(value_size, sizeof(int));
	__uint(max_entries, MAX_SOCKS);
}xsks_map SEC(".maps");

struct{
    __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
    __uint(key_size, sizeof(int));
    __uint(value_size, sizeof(int));
    __uint(max_entries, 1);
}rr_map SEC(".maps");

SEC("xdp_sock")
int xdp_sock_prog(struct xdp_md *ctx)
{
    int ipsize = 0;
    void *data = (void *)(long)ctx->data;
    void *data_end = (void *)(long)ctx->data_end;
	int *qidconf, key = 0, idx=0;
	unsigned int *rr;
    struct ethhdr *eth = data;
    ipsize = sizeof(*eth);
    struct iphdr *ip = data + ipsize;
    ipsize += sizeof(struct iphdr);
    if (data + ipsize > data_end) {
    // not an ip packet, too short. Pass it on
        return XDP_PASS;
    }
    
    // technically, we should also check if it is an IP packet by
    // checking the ethernet header proto field ...
    if (ip->protocol == IPPROTO_ICMP) {
        /*
        qidconf = bpf_map_lookup_elem(&qidconf_map, &key);
        if (!qidconf)
            return XDP_ABORTED;
        if (*qidconf != ctx->rx_queue_index)
            return XDP_PASS;
        */
    #if RR_LB /* NB! RR_LB is configured in xdpsock.h */
        rr = bpf_map_lookup_elem(&rr_map, &key);
        if (!rr)
            return XDP_ABORTED;
        *rr = (*rr + 1) & (MAX_SOCKS - 1);
        idx = *rr;
    #endif
        return bpf_redirect_map(&xsks_map, idx, 0);    
    }
    return XDP_PASS;

}
char _license[] SEC("license") = "GPL";
//clang -g -c -O2 -target bpf -c xdpsock_kern.c -o xdpsock_kern.o

 编译命令:

clang -g -c -O2 -target bpf -c xdpsock_kern.c -o xdpsock_kern.o

 用户侧程序段,xdpsock_user.c

// SPDX-License-Identifier: GPL-2.0
/* Copyright(c) 2017 - 2018 Intel Corporation. */
//https://android.googlesource.com/kernel/common/+/30bac164aca7/samples/bpf/xdpsock_user.c
#include <assert.h>
#include <errno.h>
#include <getopt.h>
#include <libgen.h>
#include <linux/bpf.h>
#include <linux/if_link.h>
#include <linux/if_xdp.h>
#include <linux/if_ether.h>
#include <net/if.h>
#include <signal.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <net/ethernet.h>
#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/mman.h>
#include <time.h>
#include <unistd.h>
#include <pthread.h>
#include <locale.h>
#include <sys/types.h>
#include <poll.h>
#include "bpf/libbpf.h"
//#include "bpf_util.h"
#include <bpf/bpf.h>
/* Power-of-2 number of sockets */
#define MAX_SOCKS 4
/* Round-robin receive */
#define RR_LB 0
#ifndef SOL_XDP
#define SOL_XDP 283
#endif
#ifndef AF_XDP
#define AF_XDP 44
#endif
#ifndef PF_XDP
#define PF_XDP AF_XDP
#endif
#define NUM_FRAMES 131072
#define FRAME_HEADROOM 0
#define FRAME_SHIFT 11
#define FRAME_SIZE 2048
#define NUM_DESCS 1024
#define BATCH_SIZE 16
#define FQ_NUM_DESCS 1024
#define CQ_NUM_DESCS 1024
#define DEBUG_HEXDUMP 0
typedef __u64 u64;
typedef __u32 u32;
static unsigned long prev_time;
enum benchmark_type {
	BENCH_RXDROP = 0,
	BENCH_TXONLY = 1,
	BENCH_L2FWD = 2,
};
static enum benchmark_type opt_bench = BENCH_RXDROP;
static u32 opt_xdp_flags;
static const char *opt_if = "";
static int opt_ifindex;
static int opt_queue;
static int opt_poll;
static int opt_shared_packet_buffer;
static int opt_interval = 1;
static u32 opt_xdp_bind_flags;
struct xdp_umem_uqueue {
	u32 cached_prod;
	u32 cached_cons;
	u32 mask;
	u32 size;
	u32 *producer;
	u32 *consumer;
	u64 *ring;
	void *map;
};
struct xdp_umem {
	char *frames;
	struct xdp_umem_uqueue fq;
	struct xdp_umem_uqueue cq;
	int fd;
};
struct xdp_uqueue {
	u32 cached_prod;
	u32 cached_cons;
	u32 mask;
	u32 size;
	u32 *producer;
	u32 *consumer;
	struct xdp_desc *ring;
	void *map;
};
struct xdpsock {
	struct xdp_uqueue rx;
	struct xdp_uqueue tx;
	int sfd;
	struct xdp_umem *umem;
	u32 outstanding_tx;
	unsigned long rx_npkts;
	unsigned long tx_npkts;
	unsigned long prev_rx_npkts;
	unsigned long prev_tx_npkts;
};
static int num_socks;
struct xdpsock *xsks[MAX_SOCKS];
static unsigned long get_nsecs(void)
{
	struct timespec ts;
	clock_gettime(CLOCK_MONOTONIC, &ts);
	return ts.tv_sec * 1000000000UL + ts.tv_nsec;
}
static void dump_stats(void);
#define lassert(expr)							\
	do {								\
		if (!(expr)) {						\
			fprintf(stderr, "%s:%s:%i: Assertion failed: "	\
				#expr ": errno: %d/\"%s\"\n",		\
				__FILE__, __func__, __LINE__,		\
				errno, strerror(errno));		\
			dump_stats();					\
			exit(EXIT_FAILURE);				\
		}							\
	} while (0)
#define barrier() __asm__ __volatile__("": : :"memory")
#ifdef __aarch64__
#define u_smp_rmb() __asm__ __volatile__("dmb ishld": : :"memory")
#define u_smp_wmb() __asm__ __volatile__("dmb ishst": : :"memory")
#else
#define u_smp_rmb() barrier()
#define u_smp_wmb() barrier()
#endif
#define likely(x) __builtin_expect(!!(x), 1)
#define unlikely(x) __builtin_expect(!!(x), 0)
static const char pkt_data[] =
	"\x3c\xfd\xfe\x9e\x7f\x71\xec\xb1\xd7\x98\x3a\xc0\x08\x00\x45\x00"
	"\x00\x2e\x00\x00\x00\x00\x40\x11\x88\x97\x05\x08\x07\x08\xc8\x14"
	"\x1e\x04\x10\x92\x10\x92\x00\x1a\x6d\xa3\x34\x33\x1f\x69\x40\x6b"
	"\x54\x59\xb6\x14\x2d\x11\x44\xbf\xaf\xd9\xbe\xaa";
static inline u32 umem_nb_free(struct xdp_umem_uqueue *q, u32 nb)
{
	u32 free_entries = q->cached_cons - q->cached_prod;
	if (free_entries >= nb)
		return free_entries;
	/* Refresh the local tail pointer */
	q->cached_cons = *q->consumer + q->size;
	return q->cached_cons - q->cached_prod;
}
static inline u32 xq_nb_free(struct xdp_uqueue *q, u32 ndescs)
{
	u32 free_entries = q->cached_cons - q->cached_prod;
	if (free_entries >= ndescs)
		return free_entries;
	/* Refresh the local tail pointer */
	q->cached_cons = *q->consumer + q->size;
	return q->cached_cons - q->cached_prod;
}
static inline u32 umem_nb_avail(struct xdp_umem_uqueue *q, u32 nb)
{
	u32 entries = q->cached_prod - q->cached_cons;
	if (entries == 0) {
		q->cached_prod = *q->producer;
		entries = q->cached_prod - q->cached_cons;
	}
	return (entries > nb) ? nb : entries;
}
static inline u32 xq_nb_avail(struct xdp_uqueue *q, u32 ndescs)
{
	u32 entries = q->cached_prod - q->cached_cons;
	if (entries == 0) {
		q->cached_prod = *q->producer;
		entries = q->cached_prod - q->cached_cons;
	}
	return (entries > ndescs) ? ndescs : entries;
}
static inline int umem_fill_to_kernel_ex(struct xdp_umem_uqueue *fq,
					 struct xdp_desc *d,
					 size_t nb)
{
	u32 i;
	if (umem_nb_free(fq, nb) < nb)
		return -ENOSPC;
	for (i = 0; i < nb; i++) {
		u32 idx = fq->cached_prod++ & fq->mask;
		fq->ring[idx] = d[i].addr;
	}
	u_smp_wmb();
	*fq->producer = fq->cached_prod;
	return 0;
}
static inline int umem_fill_to_kernel(struct xdp_umem_uqueue *fq, u64 *d,
				      size_t nb)
{
	u32 i;
	if (umem_nb_free(fq, nb) < nb)
		return -ENOSPC;
	for (i = 0; i < nb; i++) {
		u32 idx = fq->cached_prod++ & fq->mask;
		fq->ring[idx] = d[i];
	}
	u_smp_wmb();
	*fq->producer = fq->cached_prod;
	return 0;
}
static inline size_t umem_complete_from_kernel(struct xdp_umem_uqueue *cq,
					       u64 *d, size_t nb)
{
	u32 idx, i, entries = umem_nb_avail(cq, nb);
	u_smp_rmb();
	for (i = 0; i < entries; i++) {
		idx = cq->cached_cons++ & cq->mask;
		d[i] = cq->ring[idx];
	}
	if (entries > 0) {
		u_smp_wmb();
		*cq->consumer = cq->cached_cons;
	}
	return entries;
}
static inline void *xq_get_data(struct xdpsock *xsk, u64 addr)
{
	return &xsk->umem->frames[addr];
}
static inline int xq_enq(struct xdp_uqueue *uq,
			 const struct xdp_desc *descs,
			 unsigned int ndescs)
{
	struct xdp_desc *r = uq->ring;
	unsigned int i;
	if (xq_nb_free(uq, ndescs) < ndescs)
		return -ENOSPC;
	for (i = 0; i < ndescs; i++) {
		u32 idx = uq->cached_prod++ & uq->mask;
		r[idx].addr = descs[i].addr;
		r[idx].len = descs[i].len;
	}
	u_smp_wmb();
	*uq->producer = uq->cached_prod;
	return 0;
}
static inline int xq_enq_tx_only(struct xdp_uqueue *uq,
				 unsigned int id, unsigned int ndescs)
{
	struct xdp_desc *r = uq->ring;
	unsigned int i;
	if (xq_nb_free(uq, ndescs) < ndescs)
		return -ENOSPC;
	for (i = 0; i < ndescs; i++) {
		u32 idx = uq->cached_prod++ & uq->mask;
		r[idx].addr	= (id + i) << FRAME_SHIFT;
		r[idx].len	= sizeof(pkt_data) - 1;
	}
	u_smp_wmb();
	*uq->producer = uq->cached_prod;
	return 0;
}
static inline int xq_deq(struct xdp_uqueue *uq,
			 struct xdp_desc *descs,
			 int ndescs)
{
	struct xdp_desc *r = uq->ring;
	unsigned int idx;
	int i, entries;
	entries = xq_nb_avail(uq, ndescs);
	u_smp_rmb();
	for (i = 0; i < entries; i++) {
		idx = uq->cached_cons++ & uq->mask;
		descs[i] = r[idx];
	}
	if (entries > 0) {
		u_smp_wmb();
		*uq->consumer = uq->cached_cons;
	}
	return entries;
}
static void swap_mac_addresses(void *data)
{
	struct ether_header *eth = (struct ether_header *)data;
	struct ether_addr *src_addr = (struct ether_addr *)&eth->ether_shost;
	struct ether_addr *dst_addr = (struct ether_addr *)&eth->ether_dhost;
	struct ether_addr tmp;
	tmp = *src_addr;
	*src_addr = *dst_addr;
	*dst_addr = tmp;
}
static void hex_dump(void *pkt, size_t length, u64 addr)
{
	const unsigned char *address = (unsigned char *)pkt;
	const unsigned char *line = address;
	size_t line_size = 32;
	unsigned char c;
	char buf[32];
	int i = 0;
	if (!DEBUG_HEXDUMP)
		return;
	sprintf(buf, "addr=%llu", addr);
	printf("length = %zu\n", length);
	printf("%s | ", buf);
	while (length-- > 0) {
		printf("%02X ", *address++);
		if (!(++i % line_size) || (length == 0 && i % line_size)) {
			if (length == 0) {
				while (i++ % line_size)
					printf("__ ");
			}
			printf(" | ");	/* right close */
			while (line < address) {
				c = *line++;
				printf("%c", (c < 33 || c == 255) ? 0x2E : c);
			}
			printf("\n");
			if (length > 0)
				printf("%s | ", buf);
		}
	}
	printf("\n");
}
static size_t gen_eth_frame(char *frame)
{
	memcpy(frame, pkt_data, sizeof(pkt_data) - 1);
	return sizeof(pkt_data) - 1;
}
static struct xdp_umem *xdp_umem_configure(int sfd)
{
	int fq_size = FQ_NUM_DESCS, cq_size = CQ_NUM_DESCS;
	struct xdp_mmap_offsets off;
	struct xdp_umem_reg mr;
	struct xdp_umem *umem;
	socklen_t optlen;
	void *bufs;
	umem = calloc(1, sizeof(*umem));
	lassert(umem);
	lassert(posix_memalign(&bufs, getpagesize(), /* PAGE_SIZE aligned */
			       NUM_FRAMES * FRAME_SIZE) == 0);
	mr.addr = (__u64)bufs;
	mr.len = NUM_FRAMES * FRAME_SIZE;
	mr.chunk_size = FRAME_SIZE;
	mr.headroom = FRAME_HEADROOM;
	lassert(setsockopt(sfd, SOL_XDP, XDP_UMEM_REG, &mr, sizeof(mr)) == 0);
	lassert(setsockopt(sfd, SOL_XDP, XDP_UMEM_FILL_RING, &fq_size,
			   sizeof(int)) == 0);
	lassert(setsockopt(sfd, SOL_XDP, XDP_UMEM_COMPLETION_RING, &cq_size,
			   sizeof(int)) == 0);
	optlen = sizeof(off);
	lassert(getsockopt(sfd, SOL_XDP, XDP_MMAP_OFFSETS, &off,
			   &optlen) == 0);
	umem->fq.map = mmap(0, off.fr.desc +
			    FQ_NUM_DESCS * sizeof(u64),
			    PROT_READ | PROT_WRITE,
			    MAP_SHARED | MAP_POPULATE, sfd,
			    XDP_UMEM_PGOFF_FILL_RING);
	lassert(umem->fq.map != MAP_FAILED);
	umem->fq.mask = FQ_NUM_DESCS - 1;
	umem->fq.size = FQ_NUM_DESCS;
	umem->fq.producer = umem->fq.map + off.fr.producer;
	umem->fq.consumer = umem->fq.map + off.fr.consumer;
	umem->fq.ring = umem->fq.map + off.fr.desc;
	umem->fq.cached_cons = FQ_NUM_DESCS;
	umem->cq.map = mmap(0, off.cr.desc +
			     CQ_NUM_DESCS * sizeof(u64),
			     PROT_READ | PROT_WRITE,
			     MAP_SHARED | MAP_POPULATE, sfd,
			     XDP_UMEM_PGOFF_COMPLETION_RING);
	lassert(umem->cq.map != MAP_FAILED);
	umem->cq.mask = CQ_NUM_DESCS - 1;
	umem->cq.size = CQ_NUM_DESCS;
	umem->cq.producer = umem->cq.map + off.cr.producer;
	umem->cq.consumer = umem->cq.map + off.cr.consumer;
	umem->cq.ring = umem->cq.map + off.cr.desc;
	umem->frames = bufs;
	umem->fd = sfd;
	if (opt_bench == BENCH_TXONLY) {
		int i;
		for (i = 0; i < NUM_FRAMES * FRAME_SIZE; i += FRAME_SIZE)
			(void)gen_eth_frame(&umem->frames[i]);
	}
	return umem;
}
static struct xdpsock *xsk_configure(struct xdp_umem *umem)
{
	struct sockaddr_xdp sxdp = {};
	struct xdp_mmap_offsets off;
	int sfd, ndescs = NUM_DESCS;
	struct xdpsock *xsk;
	bool shared = true;
	socklen_t optlen;
	u64 i;
	sfd = socket(PF_XDP, SOCK_RAW, 0);
	lassert(sfd >= 0);
	xsk = calloc(1, sizeof(*xsk));
	lassert(xsk);
	xsk->sfd = sfd;
	xsk->outstanding_tx = 0;
	if (!umem) {
		shared = false;
		xsk->umem = xdp_umem_configure(sfd);
	} else {
		xsk->umem = umem;
	}
	lassert(setsockopt(sfd, SOL_XDP, XDP_RX_RING,
			   &ndescs, sizeof(int)) == 0);
	lassert(setsockopt(sfd, SOL_XDP, XDP_TX_RING,
			   &ndescs, sizeof(int)) == 0);
	optlen = sizeof(off);
	lassert(getsockopt(sfd, SOL_XDP, XDP_MMAP_OFFSETS, &off,
			   &optlen) == 0);
	/* Rx */
	xsk->rx.map = mmap(NULL,
			   off.rx.desc +
			   NUM_DESCS * sizeof(struct xdp_desc),
			   PROT_READ | PROT_WRITE,
			   MAP_SHARED | MAP_POPULATE, sfd,
			   XDP_PGOFF_RX_RING);
	lassert(xsk->rx.map != MAP_FAILED);
	if (!shared) {
		for (i = 0; i < NUM_DESCS * FRAME_SIZE; i += FRAME_SIZE)
			lassert(umem_fill_to_kernel(&xsk->umem->fq, &i, 1)
				== 0);
	}
	/* Tx */
	xsk->tx.map = mmap(NULL,
			   off.tx.desc +
			   NUM_DESCS * sizeof(struct xdp_desc),
			   PROT_READ | PROT_WRITE,
			   MAP_SHARED | MAP_POPULATE, sfd,
			   XDP_PGOFF_TX_RING);
	lassert(xsk->tx.map != MAP_FAILED);
	xsk->rx.mask = NUM_DESCS - 1;
	xsk->rx.size = NUM_DESCS;
	xsk->rx.producer = xsk->rx.map + off.rx.producer;
	xsk->rx.consumer = xsk->rx.map + off.rx.consumer;
	xsk->rx.ring = xsk->rx.map + off.rx.desc;
	xsk->tx.mask = NUM_DESCS - 1;
	xsk->tx.size = NUM_DESCS;
	xsk->tx.producer = xsk->tx.map + off.tx.producer;
	xsk->tx.consumer = xsk->tx.map + off.tx.consumer;
	xsk->tx.ring = xsk->tx.map + off.tx.desc;
	xsk->tx.cached_cons = NUM_DESCS;
	sxdp.sxdp_family = PF_XDP;
	sxdp.sxdp_ifindex = opt_ifindex;
	sxdp.sxdp_queue_id = opt_queue;
	if (shared) {
		sxdp.sxdp_flags = XDP_SHARED_UMEM;
		sxdp.sxdp_shared_umem_fd = umem->fd;
	} else {
		sxdp.sxdp_flags = opt_xdp_bind_flags;
	}
	lassert(bind(sfd, (struct sockaddr *)&sxdp, sizeof(sxdp)) == 0);
	return xsk;
}
static void print_benchmark(bool running)
{
	const char *bench_str = "INVALID";
	if (opt_bench == BENCH_RXDROP)
		bench_str = "rxdrop";
	else if (opt_bench == BENCH_TXONLY)
		bench_str = "txonly";
	else if (opt_bench == BENCH_L2FWD)
		bench_str = "l2fwd";
	printf("%s:%d %s ", opt_if, opt_queue, bench_str);
	if (opt_xdp_flags & XDP_FLAGS_SKB_MODE)
		printf("xdp-skb ");
	else if (opt_xdp_flags & XDP_FLAGS_DRV_MODE)
		printf("xdp-drv ");
	else
		printf("	");
	if (opt_poll)
		printf("poll() ");
	if (running) {
		printf("running...");
		fflush(stdout);
	}
}
static void dump_stats(void)
{
	unsigned long now = get_nsecs();
	long dt = now - prev_time;
	int i;
	prev_time = now;
	for (i = 0; i < num_socks && xsks[i]; i++) {
		char *fmt = "%-15s %'-11.0f %'-11lu\n";
		double rx_pps, tx_pps;
		rx_pps = (xsks[i]->rx_npkts - xsks[i]->prev_rx_npkts) *
			 1000000000. / dt;
		tx_pps = (xsks[i]->tx_npkts - xsks[i]->prev_tx_npkts) *
			 1000000000. / dt;
		printf("\n sock%d@", i);
		print_benchmark(false);
		printf("\n");
		printf("%-15s %-11s %-11s %-11.2f\n", "", "pps", "pkts",
		       dt / 1000000000.);
		printf(fmt, "rx", rx_pps, xsks[i]->rx_npkts);
		printf(fmt, "tx", tx_pps, xsks[i]->tx_npkts);
		xsks[i]->prev_rx_npkts = xsks[i]->rx_npkts;
		xsks[i]->prev_tx_npkts = xsks[i]->tx_npkts;
	}
}
static volatile bool g_running=true;
static void *poller(void *arg)
{
	(void)arg;
	while(g_running) {
		sleep(opt_interval);
		dump_stats();
	}
	return NULL;
}
static void sig_handler(int signo)
{
    (void)signo;
	g_running=false;
	dump_stats();
}
static int do_attach(int fd,u32 xdp_flags,int if_index){
    struct bpf_prog_info info = {};
    uint32_t info_len = sizeof(info);
    int prog_id=-1,err = 0;
    err = bpf_xdp_attach(if_index, fd, xdp_flags, NULL);
    if (err < 0) {
        printf("ERROR: failed to attach program to nic\n");
        return prog_id;
    }
    err = bpf_obj_get_info_by_fd(fd, &info, &info_len);
    if (err) {
        printf("can't get prog info - %s\n", strerror(errno));
        return prog_id;
    }
    prog_id = info.id;
    return prog_id;
}

static int do_detach(int prog_id,u32 xdp_flags,int if_index)
{
	u32 curr_prog_id = 0;
	int err = 0;
	err = bpf_xdp_query_id(if_index, xdp_flags, &curr_prog_id);
	if (err) {
		printf("bpf_xdp_query_id failed\n");
		return err;
	}
	if (prog_id == curr_prog_id) {
		err = bpf_xdp_detach(if_index, xdp_flags, NULL);
		if (err < 0)
			printf("ERROR: failed to detach prog from nic\n");
	} else if (!curr_prog_id) {
		printf("couldn't find a prog id on nic\n");
	} else {
		printf("program on interface changed, not removing\n");
	}
	return err;
}

static struct option long_options[] = {
	{"rxdrop", no_argument, 0, 'r'},
	{"txonly", no_argument, 0, 't'},
	{"l2fwd", no_argument, 0, 'l'},
	{"interface", required_argument, 0, 'i'},
	{"queue", required_argument, 0, 'q'},
	{"poll", no_argument, 0, 'p'},
	{"shared-buffer", no_argument, 0, 's'},
	{"xdp-skb", no_argument, 0, 'S'},
	{"xdp-native", no_argument, 0, 'N'},
	{"interval", required_argument, 0, 'n'},
	{"zero-copy", no_argument, 0, 'z'},
	{"copy", no_argument, 0, 'c'},
	{0, 0, 0, 0}
};
static void usage(const char *prog)
{
	const char *str =
		"  Usage: %s [OPTIONS]\n"
		"  Options:\n"
		"  -r, --rxdrop		Discard all incoming packets (default)\n"
		"  -t, --txonly		Only send packets\n"
		"  -l, --l2fwd		MAC swap L2 forwarding\n"
		"  -i, --interface=n	Run on interface n\n"
		"  -q, --queue=n	Use queue n (default 0)\n"
		"  -p, --poll		Use poll syscall\n"
		"  -s, --shared-buffer	Use shared packet buffer\n"
		"  -S, --xdp-skb=n	Use XDP skb-mod\n"
		"  -N, --xdp-native=n	Enfore XDP native mode\n"
		"  -n, --interval=n	Specify statistics update interval (default 1 sec).\n"
		"  -z, --zero-copy      Force zero-copy mode.\n"
		"  -c, --copy           Force copy mode.\n"
		"\n";
	fprintf(stderr, str, prog);
	exit(EXIT_FAILURE);
}
static void parse_command_line(int argc, char **argv)
{
	int option_index, c;
	opterr = 0;
	for (;;) {
		c = getopt_long(argc, argv, "rtli:q:psSNn:cz", long_options,
				&option_index);
		if (c == -1)
			break;
		switch (c) {
		case 'r':
			opt_bench = BENCH_RXDROP;
			break;
		case 't':
			opt_bench = BENCH_TXONLY;
			break;
		case 'l':
			opt_bench = BENCH_L2FWD;
			break;
		case 'i':
			opt_if = optarg;
			break;
		case 'q':
			opt_queue = atoi(optarg);
			break;
		case 's':
			opt_shared_packet_buffer = 1;
			break;
		case 'p':
			opt_poll = 1;
			break;
		case 'S':
			opt_xdp_flags |= XDP_FLAGS_SKB_MODE;
			opt_xdp_bind_flags |= XDP_COPY;
			break;
		case 'N':
			opt_xdp_flags |= XDP_FLAGS_DRV_MODE;
			break;
		case 'n':
			opt_interval = atoi(optarg);
			break;
		case 'z':
			opt_xdp_bind_flags |= XDP_ZEROCOPY;
			break;
		case 'c':
			opt_xdp_bind_flags |= XDP_COPY;
			break;
		default:
			usage(basename(argv[0]));
		}
	}
	opt_ifindex = if_nametoindex(opt_if);
	if (!opt_ifindex) {
		fprintf(stderr, "ERROR: interface \"%s\" does not exist\n",
			opt_if);
		usage(basename(argv[0]));
	}
}
static void kick_tx(int fd)
{
	int ret;
	ret = sendto(fd, NULL, 0, MSG_DONTWAIT, NULL, 0);
	if (ret >= 0 || errno == ENOBUFS || errno == EAGAIN || errno == EBUSY)
		return;
	lassert(0);
}
static inline void complete_tx_l2fwd(struct xdpsock *xsk)
{
	u64 descs[BATCH_SIZE];
	unsigned int rcvd;
	size_t ndescs;
	if (!xsk->outstanding_tx)
		return;
	kick_tx(xsk->sfd);
	ndescs = (xsk->outstanding_tx > BATCH_SIZE) ? BATCH_SIZE :
		 xsk->outstanding_tx;
	/* re-add completed Tx buffers */
	rcvd = umem_complete_from_kernel(&xsk->umem->cq, descs, ndescs);
	if (rcvd > 0) {
		umem_fill_to_kernel(&xsk->umem->fq, descs, rcvd);
		xsk->outstanding_tx -= rcvd;
		xsk->tx_npkts += rcvd;
	}
}
static inline void complete_tx_only(struct xdpsock *xsk)
{
	u64 descs[BATCH_SIZE];
	unsigned int rcvd;
	if (!xsk->outstanding_tx)
		return;
	kick_tx(xsk->sfd);
	rcvd = umem_complete_from_kernel(&xsk->umem->cq, descs, BATCH_SIZE);
	if (rcvd > 0) {
		xsk->outstanding_tx -= rcvd;
		xsk->tx_npkts += rcvd;
	}
}
//http://blog.chinaunix.net/uid-30012596-id-4729018.html
#include <net/ethernet.h>
#include <netinet/ether.h>//ether_ntoa
#include <netinet/ip.h>
#include<sys/socket.h>
static void print_pkt_info(const char *pkt, size_t sz){
    const struct ethhdr * eth_hdr=(const struct ethhdr*)pkt;
    int offset = sizeof(*eth_hdr);
    printf("recv packet length %d\n",sz);
    /*for (int i = 0; i <ETH_ALEN; ++i)
      printf(" %02x", (unsigned char)eth_hdr->h_source[i]);
    printf("\n");
    for (int i = 0; i <ETH_ALEN; ++i)
      printf(" %02x", (unsigned char)eth_hdr->h_dest[i]);
    printf("\n");
    */
    printf("src mac:%s,",ether_ntoa((struct ether_addr*)&(eth_hdr->h_source)));
    if(0==memcmp(eth_hdr->h_source,eth_hdr->h_dest,ETH_ALEN)){
        printf("dst mac=src mac");
    }
    if(sz>offset){
        const struct iphdr *ip_hdr = (const struct iphdr*)(pkt + offset);
        printf("ip version %d,proto %d\n",ip_hdr->version,ip_hdr->protocol);
    }
}
static void rx_drop(struct xdpsock *xsk)
{
	struct xdp_desc descs[BATCH_SIZE];
	unsigned int rcvd, i;
	rcvd = xq_deq(&xsk->rx, descs, BATCH_SIZE);
	if (!rcvd)
		return;
	for (i = 0; i < rcvd; i++) {
		char *pkt = xq_get_data(xsk, descs[i].addr);
		//hex_dump(pkt, descs[i].len, descs[i].addr);
        print_pkt_info(pkt,descs[i].len);
	}
	xsk->rx_npkts += rcvd;
	umem_fill_to_kernel_ex(&xsk->umem->fq, descs, rcvd);
}
static void rx_drop_all(void)
{
	struct pollfd fds[MAX_SOCKS + 1];
	int i, ret, timeout, nfds = 1;
	memset(fds, 0, sizeof(fds));
    printf("run %s\n",__FUNCTION__);
	for (i = 0; i < num_socks; i++) {
		fds[i].fd = xsks[i]->sfd;
		fds[i].events = POLLIN;
		timeout = 1000; /* 1sn */
	}
	while(g_running) {
		if (opt_poll) {
			ret = poll(fds, nfds, timeout);
			if (ret <= 0)
				continue;
		}
		for (i = 0; i < num_socks; i++)
			rx_drop(xsks[i]);
	}
}
static void tx_only(struct xdpsock *xsk)
{
	int timeout, ret, nfds = 1;
	struct pollfd fds[nfds + 1];
	unsigned int idx = 0;
	memset(fds, 0, sizeof(fds));
	fds[0].fd = xsk->sfd;
	fds[0].events = POLLOUT;
	timeout = 1000; /* 1sn */
	while(g_running) {
		if (opt_poll) {
			ret = poll(fds, nfds, timeout);
			if (ret <= 0)
				continue;
			if (fds[0].fd != xsk->sfd ||
			    !(fds[0].revents & POLLOUT))
				continue;
		}
		if (xq_nb_free(&xsk->tx, BATCH_SIZE) >= BATCH_SIZE) {
			lassert(xq_enq_tx_only(&xsk->tx, idx, BATCH_SIZE) == 0);
			xsk->outstanding_tx += BATCH_SIZE;
			idx += BATCH_SIZE;
			idx %= NUM_FRAMES;
		}
		complete_tx_only(xsk);
	}
}
static void l2fwd(struct xdpsock *xsk)
{
	while(g_running){
		struct xdp_desc descs[BATCH_SIZE];
		unsigned int rcvd, i;
		int ret;
		for (;;) {
			complete_tx_l2fwd(xsk);
			rcvd = xq_deq(&xsk->rx, descs, BATCH_SIZE);
			if (rcvd > 0)
				break;
		}
		for (i = 0; i < rcvd; i++) {
			char *pkt = xq_get_data(xsk, descs[i].addr);
			swap_mac_addresses(pkt);
			hex_dump(pkt, descs[i].len, descs[i].addr);
		}
		xsk->rx_npkts += rcvd;
		ret = xq_enq(&xsk->tx, descs, rcvd);
		lassert(ret == 0);
		xsk->outstanding_tx += rcvd;
	}
}
// ./xdpsock -r -i wlxe0e1a997ab49 -q 0 -n 5 -S
int main(int argc, char **argv)
{
	struct rlimit r = {RLIM_INFINITY, RLIM_INFINITY};
	int prog_fd, qidconf_map, xsks_map;
	struct bpf_object *obj=NULL;
	char xdp_filename[256];
	struct bpf_map *map;
	int i, ret, key = 0;
	pthread_t pt;

	if (signal(SIGINT, sig_handler) ||
	    signal(SIGHUP, sig_handler) ||
	    signal(SIGTERM, sig_handler)||
        signal(SIGTSTP,sig_handler)){
		perror("signal");
		return 1;
	}
	parse_command_line(argc, argv);
	if (setrlimit(RLIMIT_MEMLOCK, &r)) {
		fprintf(stderr, "ERROR: setrlimit(RLIMIT_MEMLOCK) \"%s\"\n",
			strerror(errno));
		exit(EXIT_FAILURE);
	}
	snprintf(xdp_filename, sizeof(xdp_filename), "%s_kern.o", argv[0]);
	if(opt_ifindex){
		struct bpf_program *prog;
		const char *qidconf_map_name="qidconf_map";
		const char *xsks_map_name="xsks_map";
        obj = bpf_object__open_file(xdp_filename, NULL);
        if (libbpf_get_error(obj)){
            return 1;
        }
        prog = bpf_object__next_program(obj, NULL);
        bpf_program__set_type(prog, BPF_PROG_TYPE_XDP);
        if(prog){
            const char *sec_name = bpf_program__section_name(prog);
            printf("sec:%s\n",sec_name);
        }
        int err = bpf_object__load(obj);
        if (err){
            bpf_object__close(obj);
            return 1;
        }
        prog_fd = bpf_program__fd(prog);
        map =bpf_object__find_map_by_name(obj,qidconf_map_name);
        if(map){
            printf("finding %s \n",qidconf_map_name);
        }else{
            printf("finding %s failed\n",qidconf_map_name);
            bpf_object__close(obj);
            return 1;
        }
        qidconf_map = bpf_map__fd(map);
        if(qidconf_map < 0){
    		fprintf(stderr, "ERROR: no qidconf map found: %s\n",
    			strerror(qidconf_map));
    		bpf_object__close(obj);
    		return 1;
        }
    	map = bpf_object__find_map_by_name(obj,xsks_map_name);
    	xsks_map = bpf_map__fd(map);
    	if (xsks_map < 0) {
    		fprintf(stderr, "ERROR: no xsks map found: %s\n",
    			strerror(xsks_map));
    		bpf_object__close(obj);
    		return 1;
    	}
	}else{
		printf("nic does not exist\n");
        bpf_object__close(obj);
        return 1;
	}
	int prog_id=-1;
    printf("%s,%d\n",opt_if,opt_ifindex);
	prog_id=do_attach(prog_fd,opt_xdp_flags,opt_ifindex);
	ret = bpf_map_update_elem(qidconf_map, &key, &opt_queue, 0);
	if (ret) {
		fprintf(stderr, "ERROR: bpf_map_update_elem qidconf\n");
		bpf_object__close(obj);
		exit(EXIT_FAILURE);
	}
	xsks[num_socks++] = xsk_configure(NULL);
#if RR_LB
	for (i = 0; i < MAX_SOCKS - 1; i++)
		xsks[num_socks++] = xsk_configure(xsks[0]->umem);
#endif
	// ...and insert them into the map. 
	for (i = 0; i < num_socks; i++) {
		key = i;
		ret = bpf_map_update_elem(xsks_map, &key, &xsks[i]->sfd, 0);
		if (ret) {
			fprintf(stderr, "ERROR: bpf_map_update_elem %d\n", i);
			bpf_object__close(obj);
			exit(EXIT_FAILURE);
		}
	}

	setlocale(LC_ALL, "");
	ret = pthread_create(&pt, NULL, poller, NULL);
	lassert(ret == 0);
	prev_time = get_nsecs();
	if (opt_bench == BENCH_RXDROP)
		rx_drop_all();
	else if (opt_bench == BENCH_TXONLY)
		tx_only(xsks[0]);
	else
		l2fwd(xsks[0]);
    do_detach(prog_id,opt_xdp_flags,opt_ifindex);
    bpf_object__close(obj);
	return 0;
}

 CMakeLists.txt

PROJECT(project)
cmake_minimum_required(VERSION 2.6)
SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -Wall  -O2")
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -Wall -O2")
SET(CMAKE_CXX_FLAGS "-fPIC")

#for libbpf
set(LIBBPF_DIR /build/root/usr)
include_directories(${LIBBPF_DIR}/include)
LINK_DIRECTORIES(${LIBBPF_DIR}/lib64)

set(EXECUTABLE_NAME "xdpsock")
add_executable(${EXECUTABLE_NAME} ${CMAKE_SOURCE_DIR}/xdpsock_user.c)
target_link_libraries(${EXECUTABLE_NAME} bpf pthread)
#cmake .. -DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++

 xdpsock_user.c的编译步骤:

mkdir build && cd build
cmake .. -DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++
make

 运行步骤,wlxe0e1a997ab49是我的网卡名字,请替换:

sudo su
./xdpsock -r -i wlxe0e1a997ab49 -q 0 -n 5 -S

Referenec
[1]xdp测试例子
[2]xdpsock_user.c in linux
[3]AF_XDP技术详解
[4]借助libbpf/libxdp使用AF_XDP,我们都需要做什么

Soonyang Zhang
关注
  • 0
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
DPDK AF_XDP
奋斗中拥有
05-26 3933
DPDK AF_XDP AF_XDP 是 kernel v4.18+ 新加入的一个协议族(如AF_INET), 主要使用 XDP 实现(下图是 XDP 的基本原理图). 核心原理是在 kernel NAPI poll 位置(网卡驱动内部实现, 为内核最早RX数据包位置)运行 BPF 程序, 通过不断调用 poll 方法, 最终将数据包送到正确的XDP程序处理. XDP 支持 3 种工作模式: Native XDP -运行在网卡驱动实现的 poll 函数中, 需网卡驱动支持; Offloaded X
Express UDP 是基于 XDP Socket 实现的 UDP 通信软件库.rar
06-01
1. 网络编程要素: 如何定位到网络上的一台或多台主机 IP地址和端口号 找到后如何通信 TCP/UDP JAVA,万物皆对象,去找相应的类 2. IP地址 ip地址的包: InetAddress 唯一定位一台网络上的计算机 ...
XDP的重定向工作原理
Free雅轩的博客
09-19 561
struct bpf_map_def SEC("maps") xsks_map​: 定义了一个BPF_MAP_TYPE_XSKMAP类型的映射表,当采用SEC("maps")方式来显示定义时,将在生成的bpf目标文件的ELF格式中看到相关描述,当BPF程序被加载到内核时,会自动创建名为“xsks_map”的描述符, 用户态可通过查找“xsks_map”来获取该map的描述符,这样用户态和内核BPF程序就可以共同访问该map。
AF_XDP
tunmang5421的博客
09-11 1942
目录前言AF_XDP概述 前言 本文翻译自https://www.kernel.org/doc/html/latest/networking/af_xdp.html,刚开始学AF_XDP,翻译或有纰漏,还请指出。 文中使用(斜体文字)标出了本人翻译中的疑问,后续围绕本文继续完善概念。 AF_XDP 概述 AF_XDP是优化的地址族,用于高性能包处理。 本文假定读者熟知BPF和XDP,如果对它们不熟悉,Cilium项目对其有一份优秀的指南cilium.readthedocs.io/en/latest/bpf/
网络编程之XDP技术应用
fpcc的专栏
06-10 933
在上文中介绍了XDP技术,XDP技术的基本原理已经明白,但有一个问题,一个技术如何落地,如何在实际中应用?这就需要有一个承载其的具体的形式。举一个例子,网络编程一般使用Socket方式,那么能不能够在这种方式里使用XDP技术呢?答案是肯定的。 Linux在内核中提供了AF_XDP套接字编程,这就意味着,大部分的编程方式仍然可以以原来的套接字编程为主。这样的好处显而易见,对开发者和维护者来说,都是相对要容易理解和支持。AF_XDP类似于AF_NET(TCP/IP等)等一样,是一个协议族,大家有没有记得在TCP
xdp测试例子
u010643777的专栏
02-07 1279
xdp,ebf测试
AF_XDP PMD in DPDK
weixin_37097605的博客
03-25 2219
“常通风、勤洗手、戴口罩、少聚集。”AF_XDP(AddressFamily eXpress Data Path) 和AF_INET,AF_PACKET...
基于eBPF/XDP快速转发
04-02
实验步骤通常包括加载eBPF程序到内核、配置XDP钩子以及监控和测试转发性能。 通过这些章节,我们可以深入理解eBPF/XDP技术如何提高网络性能,以及如何在实际环境中部署和使用。eBPF/XDP的高效转发能力使其成为现代...
xdp.rar_MC9S12XDP512 UC_XDP_ucos ii xga_ucos 飞思卡尔_双核
09-14
此外,为了调试和测试,他们可能还使用了诸如JTAG或串口通信等工具,以监控系统的运行状态。 总的来说,"xdp.rar"压缩包所代表的项目展示了飞思卡尔MC9S12XDP512在嵌入式系统领域的强大潜力,特别是结合UCOS-II实时...
XDP_DDoS_protecting_osd2017.pdf
10-10
XDP – eXpress Data Path Used for DDoS protection. 是基于 eBPF 实现的高性能、可编程的数据平面技术。
SCI.rar_MC9S12XDP512
09-14
【SCI.rar_MC9S12XDP512】是一个针对MC9S12XDP512单片机的串行通信接口(Serial Communication Interface, SCI)调试的压缩包文件。MC9S12XDP512是飞思卡尔(现为NXP半导体)公司生产的一款高性能16位微控制器,它...
AF_XDP技术简介
天翼云开发者社区
03-30 983
如果驱动程序不支持 XDP,或者在加载 XDP 程序时显式选择了 XDP_SKB,则采用 XDP_SKB 模式,该模式将 SKB复制到用户空间,适用于任何网络设备的后备模式,该模式在协议栈开始处运行。环是通过 _RING setsockopt 系统调用配置和创建的,然后使用 mmap() 的适当偏移量(XDP_PGOFF_RX_RING、XDP_PGOFF_TX_RING、XDP_UMEM_PGOFF_FILL_RING 和 XDP_UMEM_PGOFF_COMPLETION_RING)映射到用户空间。
借助libbpf/libxdp使用AF_XDP,我们都需要做什么——以一个简单程序为例
tunmang5421的博客
12-05 3284
AF_XDP是一种Linux提供的针对高性能数据包处理进行优化的地址族协议,为了进一步的理解和熟悉,我们以一个返回IPv4 ICMP Ping报文的程序为例,看看借助libbpf/libxdp使用AF_XDP,我们都需要做什么
kxdpgun ——AF_XDP使用的示例分析(二)
qq_45675153的博客
07-10 681
knot_xdp_send调用了prot_write_eth,而prot_write_eth又调用了prot_write_ipv6/prot_write_ipv4,以此类推写完了报文头部。knot_xdp_send函数首先调用xsk_prod_nb_free查看tx中有没有足够的空闲单元,然后向tx ring中写入msg不为空的报文,最后调用xsk_ring_prod__submit提交写操作。最后调用knot_xdp_send_finish,结束发送过程,本质上是调用了sento。
kxdpgun ——AF_XDP使用的示例分析(一)
qq_45675153的博客
07-07 726
[TOC] kxdpgun ——AF_XDP使用的示例分析(一)
探索高效网络处理:XDP Forwarding 开源项目解析
最新发布
gitblog_00043的博客
06-12 750
探索高效网络处理:XDP Forwarding 开源项目解析 项目地址:https://gitcode.com/gamemann/XDP-Forwarding 在网络安全与高性能网络领域,快速且精准的包处理是至关重要的。XDP Forwarding 是一个利用 Linux 内核 XDP(eXpress Data Path)扩展和 eBPF(Extended Berkeley Packet Filt...
inter cpu 测试软件,Intel官方CPU检测工具
weixin_36457551的博客
07-29 3120
Processor Identification Utility简称PIU是Intel官方出品的一款CPU检测识别工具,其检测结果准确,内容翔实,属于Intel处理器用户必备的CPU测试工具。PIU具体检测内容包括:1、处理器类型2、处理器系列3、处理器型号4、处理器制程5、高速缓存信息6、封装信息7、系统配置8、处理器特性PIU具体支持处理器型号包括:Intel Atom ProcessorIn...
深入彻底理解零拷贝技术
技术百宝箱
06-29 785
零拷贝(Zero-Copy)技术是一个思想,是一种 I/O 操作优化技术,可以快速高效地将数据在文件系统移动和网络接口之间传输数据,而不需要将其从内核空间复制到用户空间。但零拷贝并不代表一次数据复制都没有,而是尽最大可能的减少。实际上Zero-Copy中有一项核心技术即DMA,在IO操作中扮演十分重要的角色,具体原理不是本文范围,可自行查阅资料。 先看一个常规的IO操作,需要从磁盘中读取数据,通过网络传输出去。补充一个技术点💡 DMA技术是Direct Memory Access的缩写。..........
用c语言使用xdp协议写一个阻断ping包的功能
06-15
下面是一个使用C语言编写的xdp程序,可以阻断ping包的功能: ```c #include <linux/bpf.h> #include <linux/if_ether.h> #include <linux/ip.h> #include <linux/in.h> #include <linux/tcp.h> #include <linux/udp.h> #include <linux/filter.h> #include <linux/pkt_cls.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <errno.h> #include <net/if.h> #include <arpa/inet.h> #include <sys/socket.h> #include <unistd.h> static int xdp_sock = -1; #define BLOCK_ICMP 1 static const struct sock_filter icmp_filter[] = { // 检查数据包是否是ICMP类型 BPF_STMT(BPF_LD | BPF_H | BPF_ABS, offsetof(struct ethhdr, h_proto)), BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, htons(ETH_P_IP), 0, 2), BPF_STMT(BPF_LD | BPF_B | BPF_ABS, offsetof(struct iphdr, protocol)), BPF_JUMP(BPF_JMP | BPF_JEQ | BPF_K, IPPROTO_ICMP, 0, BLOCK_ICMP+1), // 如果是ICMP类型,直接丢弃 BPF_STMT(BPF_RET | BPF_K, XDP_DROP), BPF_STMT(BPF_RET | BPF_K, XDP_PASS), }; static const struct sock_fprog icmp_prog = { .len = sizeof(icmp_filter) / sizeof(icmp_filter[0]), .filter = (struct sock_filter *)icmp_filter, }; int main(int argc, char **argv) { int err; // 创建一个XDP socket xdp_sock = socket(AF_XDP, SOCK_RAW, 0); if (xdp_sock < 0) { perror("socket"); return -1; } // 绑定到网卡上 struct sockaddr_xdp sxdp = { .sxdp_family = AF_XDP, .sxdp_ifindex = if_nametoindex("eth0"), .sxdp_queue_id = 0, }; err = bind(xdp_sock, (struct sockaddr *)&sxdp, sizeof(sxdp)); if (err < 0) { perror("bind"); close(xdp_sock); return -1; } // 将BPF程序加载到内核中 err = setsockopt(xdp_sock, SOL_XDP, XDP_ATTACHED_PROG, &icmp_prog, sizeof(icmp_prog)); if (err < 0) { perror("setsockopt"); close(xdp_sock); return -1; } // 进入事件循环 while (1) { sleep(1); } // 卸载BPF程序 err = setsockopt(xdp_sock, SOL_XDP, XDP_ATTACHED_PROG, NULL, 0); if (err < 0) { perror("setsockopt"); } // 关闭socket close(xdp_sock); return 0; } ``` 在以上程序中,我们使用了BPF程序来过滤数据包,只允许通过TCP和UDP协议的数据包,阻止ICMP类型的数据包。可以看到,在BPF程序中,我们使用了BPF_JUMP指令来判断数据包的类型,如果是ICMP类型,就直接使用XDP_DROP指令来丢弃数据包。最后,将BPF程序加载到内核中,就可以开始拦截数据包了。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值