bpf

问题 sock = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); setsockopt(sock, SOL_SOCKET, SO_ATTACH_FILTER, &f, sizeof (f)) With this simple BPF/LPF attach code, when I try to receive packet on the socket, will get some wrong packets that doesn't match with the filter. Seems those packets got into the socket before I call setsockopt(). Seems like should first create the AF_PACKET SOCK_RAW socket, then attach the filter, then flush the socket to get rid of those wrong packets. So the question is, how

来源： https://stackoverflow.com/questions/62936008/attaching-ebpf-to-kprobe

来源： https://stackoverflow.com/questions/62936008/attaching-ebpf-to-kprobe

来源： https://stackoverflow.com/questions/57242204/ebpf-reading-the-result-of-getaddrinfo

来源： https://stackoverflow.com/questions/57242204/ebpf-reading-the-result-of-getaddrinfo

问题 I try to get into XDP , for this I have this very small program: // SPDX-License-Identifier: GPL-2.0 #include <linux/bpf.h> #include "bpf/bpf_helpers.h" #include "xdpsock.h" struct { __uint(type, BPF_MAP_TYPE_ARRAY); __uint(max_entries, MAX_SOCKS); __uint(key_size, sizeof(int)); __uint(value_size, sizeof(int)); } xsks_map SEC(".maps"); SEC("xdp_sock") int xdp_sock_prog(struct xdp_md *ctx) { return XDP_DROP; } But if I try to load it into a virtual interface veth-basic02 , I get this error: $

问题 I try to get into XDP , for this I have this very small program: // SPDX-License-Identifier: GPL-2.0 #include <linux/bpf.h> #include "bpf/bpf_helpers.h" #include "xdpsock.h" struct { __uint(type, BPF_MAP_TYPE_ARRAY); __uint(max_entries, MAX_SOCKS); __uint(key_size, sizeof(int)); __uint(value_size, sizeof(int)); } xsks_map SEC(".maps"); SEC("xdp_sock") int xdp_sock_prog(struct xdp_md *ctx) { return XDP_DROP; } But if I try to load it into a virtual interface veth-basic02 , I get this error: $

问题 I am still playing with the AF_XDP socket and my program is still largely based on: https://github.com/xdp-project/xdp-tutorial/tree/master/advanced03-AF_XDP I now want to receive multiple multicast streams (which works fine the way I register the multicast IPs because I have tested it with the default Linux socket thus I am not sharing the code unless you guys say it is necessary to solve the issue). Because I don't want to change my program to work on multiple RX-Queues of the NIC just yet

问题 What is the correct BPF filter for only recieving packets where the source MAC address is equal to the transmission MAC address? Looking at the documentation, it seems like the fields should be available through either wlan[21:12] or wlan.addr2 but I'm unable to get those to work. 回答1: According to the pcap-filter manpage, capture filters for tshark or Wireshark don't support comparing packet fields against each other . You can, however, do that with the display filter (top bar in Wireshark,

问题 Idea is to use argdist to measure latency duration of napi_poll() which returns number of packet processed (called work). Ratio of execution latency of napi_poll() to number of packets processed would give me average amount of time it took to process each packet in form of histogram. I am using following command argdist -H 'r:c:napi_poll():u64:$latency/$retval#avg time per packet (ns)' which end up giving me error Failed to attach BPF to kprobe and in dmesg I get message like Could not insert