#include <stdio.h> #include <assert.h> #include <linux/bpf.h> #include "libbpf.h" #include "bpf_load.h" #include <unistd.h> #include <arpa/inet.h> struct flow_keys { __be32 src; __be32 dst; union { __be32 ports; __be16 port16[2]; }; __u32 ip_proto; }; struct pair { __u64 packets; __u64 bytes; }; int main(int argc, char **argv) { char filename[256]; FILE *f; int i, sock; snprintf(filename, sizeof(filename), "%s_kern.o", argv[0]); if (load_bpf_file(filename)) { printf("%s", bpf_log_buf); return 1; } sock = open_raw_sock("lo"); assert(setsockopt(sock, SOL_SOCKET, SO_ATTACH_BPF, &prog_fd[4], sizeof(__u32)) == 0); if (argc > 1) f = popen("ping -c5 localhost", "r"); else f = popen("netperf -l 4 localhost", "r"); (void) f; for (i = 0; i < 5; i++) { struct flow_keys key = {}, next_key; struct pair value; sleep(1); printf("IP src.port -> dst.port bytes packets\n"); while (bpf_get_next_key(map_fd[2], &key, &next_key) == 0) { bpf_lookup_elem(map_fd[2], &next_key, &value); printf("%s.%05d -> %s.%05d %12lld %12lld\n", inet_ntoa((struct in_addr){htonl(next_key.src)}), next_key.port16[0], inet_ntoa((struct in_addr){htonl(next_key.dst)}), next_key.port16[1], value.bytes, value.packets); key = next_key; } } return 0; }