Via load_bpf_file() API, and followed by open_raw_sock() and setsockopt() to execute the kernel module.īpf_prog2()->flow_dissector()->which will probe into the SKB packets and identify the protocols bits to be filtered. So this means that sockex2 is compiled from sockex2_user.c and the libbpf.a library, which I compiled earlier separately at the tools subsidrectory.Īnd we can see that it is loading a sockex2_kern.o file ( ): Sudo apt-get install gcc-multilib libc6-i386 libc6-dev-i386Ĭd to the linux kernel source’s sample directory and “make all”:ĭoing a “make V=1 all” let you see the details of compilation: Sudo apt-get install libnuma-dev libfuse-dev ![]() Sudo apt-get install linux-headers-4.15.0-43-generic Sudo apt-get install bcc-tools libbcc-examples linux-headers-$(uname -r) Sudo apt-key adv –keyserver –recv-keys 4052245BD4284CDDĮcho “deb $(lsb_release -cs) $(lsb_release -cs) main” | sudo tee /etc/apt//iovisor.list Sudo apt-get install elfutils-libelf-devel Sudo apt-get install build-essential bison flex Summarizing the installation needed before running make on the kernel source: How to turn any syscall into an event: Introducing eBPF Kernel probes: What are all the technologies/foundation which BPF used: Network packet analysis and processing (with speed): ![]() Stracing and understanding the flow of syscalls + bpf() calls + argument: complimenting stracing via BPF? Essentially, Linux allows non-root programs to configure their own little private firewall." ![]() Unlike in BSD, where Berkeley Packet Filter is implemented as a root-only device that attaches to entire network interfaces, on Linux it is implemented in terms of a socket optionthat usually attaches to AF_PACKET or AF_RAW sockets, however it is a little known fact you can also attach such filters to AF_INET sockets, and better yet, the ability to do so does not require root. "It is a rare situation where decades of undisciplined tinkering with Linux esoterica occasionally pay out, but this was such an occasion. Allowing non-root, user-customizable firewall:
0 Comments
Leave a Reply. |