pilot
Reputation: 1
Trace the ip_recv() function using BPF, but only packets from the lo interface can be captured
I wrote a BPF program to trace the ip_rcv function, but it only captures packets from the lo interface.
#include "vmlinux.h"
#include <bpf/bpf_core_read.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_tracing.h>
char LICENSE[] SEC("license") = "Dual BSD/GPL";
SEC("kprobe/ip_rcv")
int BPF_KPROBE(ip_rcv,
struct sk_buff* skb,
struct net_device* dev,
struct packet_type* pt,
struct net_device* orig_dev) {
const char* devname;
devname = BPF_CORE_READ(dev, name);
if(devname[0] == 'l' && devname[1] == 'o') {
// bpf_printk("recv packet from lo device");
} else {
bpf_printk("recv packet from %s device", devname);
}
return 0;
}
I identify which network card it comes from by the name of the printing device.
Upvotes: 0
Views: 25
Answers (0)
Related Questions
- Can not call BPF kernel functions from BPF programs (Implicit Function Declaration Warning)
- Extract packet data using BPF from struct msghr
- How I can include the /kernel/sched/* into a BPF program?
- Get return address of a function using kretprobe or bpf
- BPF print the pid from task_struct
- Can I access the intermediate C code generated by BCC (BPF Compiler Collection)?
- How to trace a go function with BPF (BCC)
- How can I attached a BPF program to a kernel function via a kprobe?
- How can I work out the meaning of the return codes for BPF helper functions?