-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.c
84 lines (71 loc) · 2.05 KB
/
main.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <linux/bpf.h>
#include <bpf/bpf.h>
#include <bpf/libbpf.h>
#include <arpa/inet.h>
#include <net/if.h>
#include "main.h"
#include "main.skel.h"
void handle_sigint(int sig)
{
printf("Terminating\n");
exit(0);
}
int handle_event(void *ctx, void *data, size_t len)
{
struct event *e = (struct event *)data;
printf("%u.%u.%u.%u ", e->sip & 0xFF, e->sip >> 8 & 0xFF, e->sip >> 16 & 0xFF, e->sip >> 24 & 0xFF);
printf("%u.%u.%u.%u ", e->dip & 0xFF, e->dip >> 8 & 0xFF, e->dip >> 16 & 0xFF, e->dip >> 24 & 0xFF);
printf("%d %d %d %d %d %d %d\n", e->sport, e->dport, e->syn, e->fin, e->rst, e->psh, e->ack);
return 0;
}
int main(int argc, char *argv[])
{
int err;
unsigned int ifindex;
if (argc != 2)
{
printf("Provide interface name\n");
}
ifindex = if_nametoindex(argv[1]);
signal(SIGINT, handle_sigint);
struct main_bpf *skel = main_bpf__open_and_load();
if (!skel)
{
fprintf(stderr, "Failed to open BPF skeleton\n");
return 1;
}
struct bpf_link *link = bpf_program__attach_xdp(skel->progs.xdp_observ_prog, ifindex);
if (!link)
{
fprintf(stderr, "bpf_program__attach_xdp\n");
return 1;
}
struct bpf_map *ringbuf_map = bpf_object__find_map_by_name(skel->obj, "ringbuf");
if (!ringbuf_map)
{
fprintf(stderr, "Failed to get ring buffer map\n");
return 1;
}
struct ring_buffer *ringbuf = ring_buffer__new(bpf_map__fd(ringbuf_map), handle_event, NULL, NULL);
if (!ringbuf)
{
fprintf(stderr, "Failed to create ring buffer\n");
return 1;
}
printf("Successfully started! Please Ctrl+C to stop.\n");
printf("\033[1;31m");
printf("Source IP, Destination IP, Source Port, Destination Port, SIN, FIN, RST, PSH, ACK \n");
printf("\033[0m");
while (1)
{
if (ring_buffer__poll(ringbuf, 1000) < 0)
{
fprintf(stderr, "Error polling ring buffer\n");
break;
}
}
return 0;
}