facebook / bpfilter Goto Github PK
View Code? Open in Web Editor NEWBPF-based packet filtering framework
License: GNU General Public License v2.0
BPF-based packet filtering framework
License: GNU General Public License v2.0
๐ I would like to point out that identifiers like โ_bf_opts_parser
โ and โ_stop_received
โ do eventually not fit to the expected naming convention of the C language standard.
๐ญ Would you like to adjust your selection for unique names?
i have a dream, where all nftables rules are tested statically before insertion into the kernel.
reading the bpfilter documentation, it seems that the daemon can be used (transparently?) as a backend for nftables userspace tools. did i understand that correctly?
if that's possible, i'd like to pull the generated BPF bytecode from bpfilter and pass it through uBPF in order to perform analysis against simulated packets.
does this seem like something that would work well with bpfilter as currently implemented?
Potentially pairs with the new README.md note about libbpf 1.0 requirement.
This could also simply be a listing of the the earliest known-working/developer-tested version(s) of the kernel.
As of PR #12 I can't build on my kernel 5.15.x-based system. It seems the bpf_dynptr was introduced to bpf-next in May 2022. Guessing that puts a minimum kernel for dynptr somewhere around 5.18 or 5.19, which is past that of stock Ubuntu, RHEL, and SLE/SUSE releases according to wikipedia. libbpf 1.0.0 was August 22, 2022, so if libbpf and kernel need to move in-step, perhaps the required kernel is 6.0 or newer?
Totally understand if maintainers want to focus on current kernel releases rather than optional configs and work-around for old kernels, but might help avoid further "issue" reports to document a known minimum.
Hello @qdeslandes,
I have just compiled the bpfilter module on both the linux-6.1.14 branch and the bpf-next branch, both times I get the following output in dmesg:
[ 4.619942] bpfilter: Loaded bpfilter_umh pid 971
[ 4.622811] bpfilter: generate forward packet assessment
[ 4.622823] bpfilter: generate forward packet assessment
[ 4.625250] bpfilter: failed to create TC hook: No such file or directory
[ 4.625348] bpfilter: failed to load chain INPUT in table filter: processed 73 insns (limit 1000000) max_states_per_insn 0 total_states 4 peak_states 4 mark_read 3
[ 4.625455] bpfilter: failed to install new table 'filter': No such file or directory
[ 4.625578] bpfilter: failed to created filter table: No such file or directory
[ 4.625807] bpfilter: read fail 0
Would you happen to know if I did something wrong?
Thanks a lot,
Mr. Hax
Hi , I install it but when i use iptables with option i have error iptables v1.8.9 (nf_tables): unknown option "--bpf".
How to install it correctly and using it?
i already start it @bpfilter/build/src# ./bpfilter
info : restored new codegen at 0x8006f0
info : restored new codegen at 0x800bb0
info : restored new codegen at 0x801070
info : cache already initialised, skipping initialisation
info : waiting for requests...
The original kernel introduction of bpfilter includes a series of usage examples via iptables
ping
and bpftool
. A similar example set of commands (and perhaps expected log output from the bpfilter
daemon) would be a huge help in confirming things are hooked in properly after building/loading the binary.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.