CODEWITHSUNDEEP
xdp-bpf
Yağmur Oymak
Yağmur Oymak

Reputation: 477

Cannot drop outgoing traffic using XDP

I'm just learning about XDP. During my journey, I came across a case which I could not make any sense of. I was trying some fancy things on certain UDP packets when I noticed nothing was changing. So I tried to reproduce the problem with a minimal example. Here is the minimal example:

#include <linux/bpf.h>
#include <linux/in.h>                             
#include <linux/if_ether.h>                       
#include <linux/ip.h>
#include <linux/udp.h>
                                                         
#define SEC(NAME) __attribute__((section(NAME), used))
                                                                                                                      
SEC("obfuscator_main")
int dropper(struct xdp_md *ctx) {
    return XDP_DROP;        
}
char _license[] SEC("license") = "GPL";

(Don't mind the "obfuscator" name, it's a leftover from the rest of the code).

I compile and load this:

clang -Wall -O2 -target bpf -c obfuscate.c -o obfuscate.o
sudo ip link set dev enp3s0 xdp obj obfuscate.o sec obfuscator_main

I confirm that the incoming traffic to my computer is totally dropped. However, packets can still go out. I ping a remote server which I run tcpdump on, and it sees the ICMP requests. But I get no response on my local computer.

Why could it not be doing anything about outgoing packets?

Upvotes: 2

Views: 1366

Answers (1)

Yağmur Oymak
Yağmur Oymak

Reputation: 477

While digging through Google searches, I came across this issue on GitHub: https://github.com/iptraf-ng/iptraf-ng/pull/33

... since XDP doesn't handle outgoing traffic.

As it turns out, XDP does not handle outgoing packets. I have no idea why it took me this long to come across this. Turns out I've been misunderstanding things.

Upvotes: 7

Related Questions