• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/usr/bin/python
2#
3# xdp_macswap_count.py Swap Source and Destination MAC addresses on
4#                      incoming packets and transmit packets back on
5#                      same interface in XDP layer and count for which
6#                      protocol type
7#
8# Copyright (c) 2016 PLUMgrid
9# Copyright (c) 2016 Jan Ruth
10# Copyright (c) 2018 Andy Gospodarek
11# Licensed under the Apache License, Version 2.0 (the "License")
12
13from bcc import BPF
14import pyroute2
15import time
16import sys
17
18flags = 0
19def usage():
20    print("Usage: {0} [-S] <ifdev>".format(sys.argv[0]))
21    print("       -S: use skb mode\n")
22    print("e.g.: {0} eth0\n".format(sys.argv[0]))
23    exit(1)
24
25if len(sys.argv) < 2 or len(sys.argv) > 3:
26    usage()
27
28if len(sys.argv) == 2:
29    device = sys.argv[1]
30
31if len(sys.argv) == 3:
32    if "-S" in sys.argv:
33        # XDP_FLAGS_SKB_MODE
34        flags |= BPF.XDP_FLAGS_SKB_MODE
35
36    if "-S" == sys.argv[1]:
37        device = sys.argv[2]
38    else:
39        device = sys.argv[1]
40
41mode = BPF.XDP
42#mode = BPF.SCHED_CLS
43
44if mode == BPF.XDP:
45    ret = "XDP_TX"
46    ctxtype = "xdp_md"
47else:
48    ret = "TC_ACT_SHOT"
49    ctxtype = "__sk_buff"
50
51# load BPF program
52b = BPF(text = """
53#include <uapi/linux/bpf.h>
54#include <linux/in.h>
55#include <linux/if_ether.h>
56#include <linux/if_packet.h>
57#include <linux/if_vlan.h>
58#include <linux/ip.h>
59#include <linux/ipv6.h>
60
61
62BPF_PERCPU_ARRAY(dropcnt, long, 256);
63
64static inline int parse_ipv4(void *data, u64 nh_off, void *data_end) {
65    struct iphdr *iph = data + nh_off;
66
67    if ((void*)&iph[1] > data_end)
68        return 0;
69    return iph->protocol;
70}
71
72static inline int parse_ipv6(void *data, u64 nh_off, void *data_end) {
73    struct ipv6hdr *ip6h = data + nh_off;
74
75    if ((void*)&ip6h[1] > data_end)
76        return 0;
77    return ip6h->nexthdr;
78}
79
80static void swap_src_dst_mac(void *data)
81{
82    unsigned short *p = data;
83    unsigned short dst[3];
84
85    dst[0] = p[0];
86    dst[1] = p[1];
87    dst[2] = p[2];
88    p[0] = p[3];
89    p[1] = p[4];
90    p[2] = p[5];
91    p[3] = dst[0];
92    p[4] = dst[1];
93    p[5] = dst[2];
94}
95
96int xdp_prog1(struct CTXTYPE *ctx) {
97
98    void* data_end = (void*)(long)ctx->data_end;
99    void* data = (void*)(long)ctx->data;
100
101    struct ethhdr *eth = data;
102
103    // drop packets
104    int rc = RETURNCODE; // let pass XDP_PASS or redirect to tx via XDP_TX
105    long *value;
106    uint16_t h_proto;
107    uint64_t nh_off = 0;
108    uint32_t index;
109
110    nh_off = sizeof(*eth);
111
112    if (data + nh_off  > data_end)
113        return rc;
114
115    h_proto = eth->h_proto;
116
117    if (h_proto == htons(ETH_P_8021Q) || h_proto == htons(ETH_P_8021AD)) {
118        struct vlan_hdr *vhdr;
119
120        vhdr = data + nh_off;
121        nh_off += sizeof(struct vlan_hdr);
122        if (data + nh_off > data_end)
123            return rc;
124            h_proto = vhdr->h_vlan_encapsulated_proto;
125    }
126    if (h_proto == htons(ETH_P_8021Q) || h_proto == htons(ETH_P_8021AD)) {
127        struct vlan_hdr *vhdr;
128
129        vhdr = data + nh_off;
130        nh_off += sizeof(struct vlan_hdr);
131        if (data + nh_off > data_end)
132            return rc;
133            h_proto = vhdr->h_vlan_encapsulated_proto;
134    }
135
136    if (h_proto == htons(ETH_P_IP))
137        index = parse_ipv4(data, nh_off, data_end);
138    else if (h_proto == htons(ETH_P_IPV6))
139       index = parse_ipv6(data, nh_off, data_end);
140    else
141        index = 0;
142
143    if (index == IPPROTO_UDP) {
144        swap_src_dst_mac(data);
145        rc = XDP_TX;
146    }
147
148    value = dropcnt.lookup(&index);
149    if (value)
150        *value += 1;
151
152    return rc;
153}
154""", cflags=["-w", "-DRETURNCODE=%s" % ret, "-DCTXTYPE=%s" % ctxtype])
155
156fn = b.load_func("xdp_prog1", mode)
157
158if mode == BPF.XDP:
159    b.attach_xdp(device, fn, flags)
160else:
161    ip = pyroute2.IPRoute()
162    ipdb = pyroute2.IPDB(nl=ip)
163    idx = ipdb.interfaces[device].index
164    ip.tc("add", "clsact", idx)
165    ip.tc("add-filter", "bpf", idx, ":1", fd=fn.fd, name=fn.name,
166          parent="ffff:fff2", classid=1, direct_action=True)
167
168dropcnt = b.get_table("dropcnt")
169prev = [0] * 256
170print("Printing drops per IP protocol-number, hit CTRL+C to stop")
171while 1:
172    try:
173        for k in dropcnt.keys():
174            val = dropcnt.sum(k).value
175            i = k.value
176            if val:
177                delta = val - prev[i]
178                prev[i] = val
179                print("{}: {} pkt/s".format(i, delta))
180        time.sleep(1)
181    except KeyboardInterrupt:
182        print("Removing filter from device")
183        break
184
185if mode == BPF.XDP:
186    b.remove_xdp(device, flags)
187else:
188    ip.tc("del", "clsact", idx)
189    ipdb.release()
190