第一個 bpf 程式

只是做個筆記.

在目前的 Debian 上 (2016/1/11) 要用到 sid 中 4.3 版的 kernel, 並且得更新 libc headers

$ sudo apt-get install linux-image-4.3.0-1-amd64 linux-headers-4.3.0-1-amd64 linux-libc-dev

接著試 build 下例

#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <linux/bpf.h>
#include <linux/filter.h>

int main()
{
    int result = socket(AF_INET, SOCK_STREAM, 0);
    if(0 > result) {
        fprintf(stderr, "socket(): %s\n", strerror(errno));
        abort();
    }

    int sfd = result;

    struct sock_filter filter[] = {
        { BPF_RET, 0, 0, 0 }
    };
    struct sock_fprog bpf = {
        .len = sizeof(filter) / sizeof(filter[0]),
        .filter = filter
    };
    result = setsockopt(sfd, SOL_SOCKET, SO_ATTACH_FILTER, &bpf, sizeof(bpf));
    if(0 > result) {
        fprintf(stderr, "setsockopt(): %s\n", strerror(errno));
        abort();
    }

    struct sockaddr_in addr = {
        .sin_family = AF_INET,
        .sin_port = htons(1234),
        .sin_addr = { htonl(INADDR_LOOPBACK) }
    };
    result = connect(sfd, (const struct sockaddr *) &addr, sizeof(addr));
    if(0 > result) {
        fprintf(stderr, "connect(): %s\n", strerror(errno));
        abort();
    }

    close(sfd);

    return 0;
}

此例丟了所有的 packet, 所以 connect() 最終會 timeout.