Skip to content

PaloAltoNetworks/ebpf-icmp-ping

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

.gitignore

.gitignore

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

bpf.c

bpf.c

 
 

bpf_helpers.h

bpf_helpers.h

 
 

Repository files navigation

Send ICMP Echo Replies using eBPF

The code parses the passed network packet into its Ethernet, IP and ICMP header, swaps addresses (MAC and IP addresses), changes the ICMP type to ICMP Echo Reply, re-calculates the ICMP checksum and sends the modified packet back out over the same interface.

Requirements

  • A recent kernel. Tested with 4.8 and 4.9
  • iproute2 v4.9. v4.10 has a bug makig it unusable. If your system does not provide it, compile it from git. Installation is not needed, the tc binary is enough.
  • Clang >= 3.8. eBPF backend required.

Code was tested on Ubuntu 16.10 with self-compiled iproute2 v4.9 and clang 4.0.

Run

First create a qdisc, then attach the classification and action, and at last show logging information:

make bpf.o
make qdisc
make run
make show exec

Delete filters and qdiscs afterwards:

make delete
make qdisc-delete

The code

The code in bpf.c is commented to explain each step.

Resources

About

No description, website, or topics provided.

Resources

Readme

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

12 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 88.4%
  • Makefile 11.6%