mirror/xdp-project-bpf-examples
1
0
Fork 0
mirror of https://github.com/xdp-project/bpf-examples.git synced 2024-05-06 15:54:53 +00:00
Code Issues Projects Releases Wiki Activity
560 Commits 16 Branches 0 Tags
70f255cbf8a18e33762dbf706d69ca05ca38201e
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Simon Sundberg 70f255cbf8 pping: Ignore SYN packets by default 
Make ePPing ignore TCP SYN packets by default, so that the
initial handshake phase of the connection is ignored. Add an
option (--include-syn/-s) to explicitly include SYN packets.

The main reason it can be a good idea to avoid SYN-packets is to avoid
being affected by SYN-flood attacks. When ePPing also includes
SYN-packets it becomes quite vulnerable to SYN-flood attacks, which
will quickly fill up its flow_state table, blocking actual useful
flows from being tracked. As ePPing will consider the connection
opened as soon as it sees the SYN-ACK (it will not wait for final
ACK), flow-state created from SYN-flood attacks will also stay around
in the flow-state table for a long time (5 minutes currently) as no
RST/FIN will be sent that can be used to close it.

The drawback from ignoring SYN-packets is that no RTTs will be
collected during the handshake phase, and all connections will be
considered opened due to "first observed packet".

A more refined approach could be to properly track the full TCP
handshake (SYN + SYN-ACK + ACK) instead of the more generic "open once
we see reply in reverse direction" used now. However, this adds a fair
bit of additional protocol-specific logic. Furthermore, to track the
full handshake we will still need to store some flow-state before the
handshake is completed, and thus such a solution would still be
vulnerable to SYN-flood attacks (although the incomplete flow states
could potentially be cleaned up faster).

Signed-off-by: Simon Sundberg <simon.sundberg@kau.se>
2022-11-04 13:47:08 +01:00
AF_XDP-example
AF_XDP-example: move xdpsock example to bpf-examples repo
2022-09-23 06:06:57 +00:00
AF_XDP-forwarding
AF_XDP-forwarding: move xsk_fwd to bpf-examples
2022-09-21 11:58:41 +00:00
AF_XDP-interaction
refactor code test02_should_fail
2022-04-22 12:21:35 +02:00
bpf-link-hang
bpf-link-hang: Adjust for newer libbpf API
2022-09-02 16:11:09 +02:00
BTF-playground
BTF-playgroundi: Drop printing BTF object ID in btf_module_read
2022-09-02 14:03:27 +02:00
dhcp-relay
Add DHCP relay program.
2021-06-21 22:51:57 +02:00
encap-forward
encap-forward: Don't redefine AF_INET
2022-04-27 13:05:26 +02:00
headers
Update kernel-mirrored UAPI header file btf.h
2022-09-02 14:34:11 +02:00
include
xdp/parsing_helpers: Check IP protocol version when parsing
2021-06-18 00:56:08 +02:00
ktrace-CO-RE
ktrace-CO-RE: Adjust for newer libbpf API
2022-09-02 14:45:42 +02:00
lib
lib/xdp-tools: Update to latest master
2022-08-18 20:40:44 +02:00
lsm-nobpf
lsm-nobpf: Stop using deprecated helper
2022-01-17 13:11:27 +01:00
MTU-tests
MTU-tests: BPF-helper did make it upstream and in libbpf
2021-10-26 16:10:57 +02:00
nat64-bpf
nat64-bpf: rename bpf_map__resize() to bpf_map__set_max_entries()
2022-09-02 14:34:11 +02:00
pkt-loop-filter
pkt-loop-filter: Fix byte order of debug-printed MAC addresses
2022-07-15 01:41:13 +02:00
pping
pping: Ignore SYN packets by default
2022-11-04 13:47:08 +01:00
preserve-dscp
preserve-dscp: Adjust for newer libbpf API
2022-09-02 15:49:40 +02:00
tc-basic-classifier
Adding a basic TC eBPF Qdisc classifier example
2021-03-17 02:26:58 +01:00
tc-policy
tc-policy: Update README with info on inspecting loaded BPF-progs
2022-02-01 15:30:17 +01:00
traffic-pacing-edt
traffic-pacing-edt: Adjust for newer libbpf API
2022-09-02 14:34:11 +02:00
.gitignore
Ignore lib/libbpf-install/
2022-03-06 21:54:01 +08:00
.gitmodules
Integrate libxdp as a submodule
2022-04-20 13:12:45 +02:00
configure
configure: Make sure libxdp is before libbpf in linker arguments
2022-04-27 00:43:02 +02:00
Makefile
AF_XDP-example: move xdpsock example to bpf-examples repo
2022-09-23 06:06:57 +00:00
README.md
readme: fix typos
2021-11-06 12:33:09 +00:00

README.md

Practical BPF examples

This git repository contains a diverse set of practical BPF examples that solve (or demonstrate) a specific use-case using BPF.

It is meant to ease doing rapid prototyping and development, writing C-code BPF programs using libbpf. The goal is to make it easier for developers to get started coding.

Many developers struggle to get a working BPF build environment. The repo enviroment makes it easy to build/compile BPF programs by doing the necessary libbpf setup transparently and detect missing compile dependencies (via the configure script). It is a declared goal to make BPF programming more consumable by detecting and reporting issues (when possible).

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 25 MiB
Languages
C 93.6%
Shell 4.7%
Makefile 1.6%