Skip to content

havok4u/xdp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
README.md
README.md
 
 
tcp_port.c
tcp_port.c
 
 

Repository files navigation

xdp

Given: This series of testing was done on 4.15.0-58-generic

Test Case 1

+-------------+              +-------------+
|             |              |             |
|   Myvm1     |              |   MyVm2     |
|             |              |             |
+------+------+              +------+------+
       | vnet1                      | vnet3
       |                            |
       |                            |
       |                            |
+------+----------------------------+------+
|               Bridge1                    |
+------------------------------------------+

Insert bpf code on vnet1:
sudo ip link set dev vnet1 xdpgeneric obj tcp_port.o sec tcpdropper

Outcome:
Drop on TCP port 80 worked.

Logs:
     vhost-14658-14673 [020] .... 257740.928266: 0x00000001: DEBUG: Entering tcpdropper
     vhost-14658-14673 [020] .... 257740.928287: 0x00000001: DEBUG: protocol tcp
     vhost-14658-14673 [020] .... 257740.928289: 0x00000001: DEBUG TCP: 80
     vhost-14658-14673 [020] .... 257740.928291: 0x00000001: DEBUG port 80 matched XDP_DROP

Test Case 2

   Namespace                    Namespace
+-------------+              +-------------+
|             |              |             |
|   myapp1    |              |    myapp2   |
|             |              |             |
+------+------+              +------+------+
       | veth2                      | veth4
       |                            |
       |                            |
       | veth1                      | veth3
+------+----------------------------+------+
|                 Bridge0                  |
+------------------------------------------+

2a) Insert bpf code on veth1
Kernel 4.15.0-58-generic command
sudo ip link set dev veth1 xdpgeneric obj tcp_port.o sec tcpdropper

Kernel 5.0.0-25-generic command
sudo ip link set dev veth1 xdp obj tcp_port.o sec tcpdropper


Outcome:
Kernel 4.15.0-58-generic -> Drop did not work
Kernel 5.0.0-25-generic -> Drop worked


Logs:
  iperf3-14425 [015] ..s1 256966.478443: 0x00000001: DEBUG: Entering tcpdropper
  iperf3-14425 [015] ..s1 256966.478443: 0x00000001: DEBUG: protocol tcp
  iperf3-14425 [015] ..s1 256966.478444: 0x00000001: DEBUG TCP: 80
  iperf3-14425 [015] ..s1 256966.478444: 0x00000001: DEBUG port 80 matched XDP_DROP

2b) Insert bpf code on veth2 in the namespace
sudo ip netns exec myapp1 ip link set dev veth2 xdpgeneric obj tcp_port.o sec tcpdropper

Outcome:
Drop did not work

Logs:
  iperf3-14425 [015] ..s1 256966.478443: 0x00000001: DEBUG: Entering tcpdropper
  iperf3-14425 [015] ..s1 256966.478443: 0x00000001: DEBUG: protocol tcp
  iperf3-14425 [015] ..s1 256966.478444: 0x00000001: DEBUG TCP: 80
  iperf3-14425 [015] ..s1 256966.478444: 0x00000001: DEBUG port 80 matched XDP_DROP

About

XDP sample application

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages