I have this on eBPF side. I want to manipulate and modify a packet at the Ethernet/IPv4/TCP layers and then send it to the kernel. This way, for example, I can block it. Can I block the packet at user space using AF_XDP modifying packet. I just need some information about it to continue trying.
Not: I can receive packets, can decode layers on the user space. Can you guide me at this point?
SEC("xdp_sock")
int xdp_sock_prog(struct xdp_md *ctx) {
int index = ctx->rx_queue_index;
// L2
__u32 *pkt_count;
pkt_count = bpf_map_lookup_elem(&xdp_stats_map, &index);
if (pkt_count) {
/* We pass every other packet */
if ((*pkt_count)++ & 1)
return XDP_PASS;
}
/* A set entry here means that the correspnding queue_id
* has an active AF_XDP socket bound to it. */
if (bpf_map_lookup_elem(&xsks_map, &index)){
return bpf_redirect_map(&xsks_map, index, 0);
}
return XDP_PASS;
}
I have this on eBPF side. I want to manipulate and modify a packet at the Ethernet/IPv4/TCP layers and then send it to the kernel. This way, for example, I can block it. Can I block the packet at user space using AF_XDP modifying packet. I just need some information about it to continue trying.
Not: I can receive packets, can decode layers on the user space. Can you guide me at this point?