Continued working on first xdp filter, todo make bpf ring buffer work, check udp filter is up ans working

src/.output/xdp_filter.skel.h

@@ -0,0 +1,250 @@
+/* SPDX-License-Identifier: (LGPL-2.1 OR BSD-2-Clause) */
+
+/* THIS FILE IS AUTOGENERATED! */
+#ifndef __XDP_FILTER_BPF_SKEL_H__
+#define __XDP_FILTER_BPF_SKEL_H__
+
+#include <stdlib.h>
+#include <bpf/libbpf.h>
+
+struct xdp_filter_bpf {
+	struct bpf_object_skeleton *skeleton;
+	struct bpf_object *obj;
+	struct {
+		struct bpf_map *rb;
+	} maps;
+	struct {
+		struct bpf_program *xdp_receive;
+	} progs;
+	struct {
+		struct bpf_link *xdp_receive;
+	} links;
+};
+
+static void
+xdp_filter_bpf__destroy(struct xdp_filter_bpf *obj)
+{
+	if (!obj)
+		return;
+	if (obj->skeleton)
+		bpf_object__destroy_skeleton(obj->skeleton);
+	free(obj);
+}
+
+static inline int
+xdp_filter_bpf__create_skeleton(struct xdp_filter_bpf *obj);
+
+static inline struct xdp_filter_bpf *
+xdp_filter_bpf__open_opts(const struct bpf_object_open_opts *opts)
+{
+	struct xdp_filter_bpf *obj;
+
+	obj = (struct xdp_filter_bpf *)calloc(1, sizeof(*obj));
+	if (!obj)
+		return NULL;
+	if (xdp_filter_bpf__create_skeleton(obj))
+		goto err;
+	if (bpf_object__open_skeleton(obj->skeleton, opts))
+		goto err;
+
+	return obj;
+err:
+	xdp_filter_bpf__destroy(obj);
+	return NULL;
+}
+
+static inline struct xdp_filter_bpf *
+xdp_filter_bpf__open(void)
+{
+	return xdp_filter_bpf__open_opts(NULL);
+}
+
+static inline int
+xdp_filter_bpf__load(struct xdp_filter_bpf *obj)
+{
+	return bpf_object__load_skeleton(obj->skeleton);
+}
+
+static inline struct xdp_filter_bpf *
+xdp_filter_bpf__open_and_load(void)
+{
+	struct xdp_filter_bpf *obj;
+
+	obj = xdp_filter_bpf__open();
+	if (!obj)
+		return NULL;
+	if (xdp_filter_bpf__load(obj)) {
+		xdp_filter_bpf__destroy(obj);
+		return NULL;
+	}
+	return obj;
+}
+
+static inline int
+xdp_filter_bpf__attach(struct xdp_filter_bpf *obj)
+{
+	return bpf_object__attach_skeleton(obj->skeleton);
+}
+
+static inline void
+xdp_filter_bpf__detach(struct xdp_filter_bpf *obj)
+{
+	return bpf_object__detach_skeleton(obj->skeleton);
+}
+
+static inline int
+xdp_filter_bpf__create_skeleton(struct xdp_filter_bpf *obj)
+{
+	struct bpf_object_skeleton *s;
+
+	s = (struct bpf_object_skeleton *)calloc(1, sizeof(*s));
+	if (!s)
+		return -1;
+	obj->skeleton = s;
+
+	s->sz = sizeof(*s);
+	s->name = "xdp_filter_bpf";
+	s->obj = &obj->obj;
+
+	/* maps */
+	s->map_cnt = 1;
+	s->map_skel_sz = sizeof(*s->maps);
+	s->maps = (struct bpf_map_skeleton *)calloc(s->map_cnt, s->map_skel_sz);
+	if (!s->maps)
+		goto err;
+
+	s->maps[0].name = "rb";
+	s->maps[0].map = &obj->maps.rb;
+
+	/* programs */
+	s->prog_cnt = 1;
+	s->prog_skel_sz = sizeof(*s->progs);
+	s->progs = (struct bpf_prog_skeleton *)calloc(s->prog_cnt, s->prog_skel_sz);
+	if (!s->progs)
+		goto err;
+
+	s->progs[0].name = "xdp_receive";
+	s->progs[0].prog = &obj->progs.xdp_receive;
+	s->progs[0].link = &obj->links.xdp_receive;
+
+	s->data_sz = 3128;
+	s->data = (void *)"\
+\x7f\x45\x4c\x46\x02\x01\x01\0\0\0\0\0\0\0\0\0\x01\0\xf7\0\x01\0\0\0\0\0\0\0\0\
+\0\0\0\0\0\0\0\0\0\0\0\x38\x09\0\0\0\0\0\0\0\0\0\0\x40\0\0\0\0\0\x40\0\x0c\0\
+\x0b\0\x61\x12\0\0\0\0\0\0\x61\x11\x04\0\0\0\0\0\xbf\x23\0\0\0\0\0\0\x07\x03\0\
+\0\x0e\0\0\0\x2d\x13\x11\0\0\0\0\0\xbf\x23\0\0\0\0\0\0\x07\x03\0\0\x22\0\0\0\
+\x2d\x13\x0e\0\0\0\0\0\xbf\x23\0\0\0\0\0\0\x07\x03\0\0\x2a\0\0\0\x2d\x13\x0b\0\
+\0\0\0\0\x71\x24\x17\0\0\0\0\0\x55\x04\x09\0\x11\0\0\0\x69\x24\x24\0\0\0\0\0\
+\x55\x04\x07\0\x13\x8d\0\0\xbf\x24\0\0\0\0\0\0\x07\x04\0\0\x2e\0\0\0\x2d\x14\
+\x04\0\0\0\0\0\x69\x21\x26\0\0\0\0\0\x55\x01\x02\0\0\x0c\0\0\x71\x31\0\0\0\0\0\
+\0\x15\x01\x02\0\x74\0\0\0\xb7\0\0\0\x02\0\0\0\x95\0\0\0\0\0\0\0\x71\x21\x2b\0\
+\0\0\0\0\x15\x01\x01\0\x65\0\0\0\x05\0\xfb\xff\0\0\0\0\x71\x21\x2c\0\0\0\0\0\
+\x55\x01\xf9\xff\x73\0\0\0\x71\x21\x2d\0\0\0\0\0\xb7\0\0\0\x01\0\0\0\x15\x01\
+\x01\0\x74\0\0\0\xb7\0\0\0\x02\0\0\0\x95\0\0\0\0\0\0\0\x44\x75\x61\x6c\x20\x42\
+\x53\x44\x2f\x47\x50\x4c\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x9f\xeb\x01\0\
+\x18\0\0\0\0\0\0\0\xa0\x01\0\0\xa0\x01\0\0\x1c\x02\0\0\0\0\0\0\0\0\0\x02\x03\0\
+\0\0\x01\0\0\0\0\0\0\x01\x04\0\0\0\x20\0\0\x01\0\0\0\0\0\0\0\x03\0\0\0\0\x02\0\
+\0\0\x04\0\0\0\x1b\0\0\0\x05\0\0\0\0\0\0\x01\x04\0\0\0\x20\0\0\0\0\0\0\0\0\0\0\
+\x02\x06\0\0\0\0\0\0\0\0\0\0\x03\0\0\0\0\x02\0\0\0\x04\0\0\0\0\0\x04\0\0\0\0\0\
+\x02\0\0\x04\x10\0\0\0\x19\0\0\0\x01\0\0\0\0\0\0\0\x1e\0\0\0\x05\0\0\0\x40\0\0\
+\0\x2a\0\0\0\0\0\0\x0e\x07\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\x02\x0a\0\0\0\x2d\0\0\
+\0\x06\0\0\x04\x18\0\0\0\x34\0\0\0\x0b\0\0\0\0\0\0\0\x39\0\0\0\x0b\0\0\0\x20\0\
+\0\0\x42\0\0\0\x0b\0\0\0\x40\0\0\0\x4c\0\0\0\x0b\0\0\0\x60\0\0\0\x5c\0\0\0\x0b\
+\0\0\0\x80\0\0\0\x6b\0\0\0\x0b\0\0\0\xa0\0\0\0\x7a\0\0\0\0\0\0\x08\x0c\0\0\0\
+\x80\0\0\0\0\0\0\x01\x04\0\0\0\x20\0\0\0\0\0\0\0\x01\0\0\x0d\x02\0\0\0\x8d\0\0\
+\0\x09\0\0\0\x91\0\0\0\x01\0\0\x0c\x0d\0\0\0\x01\x02\0\0\0\0\0\x01\x01\0\0\0\
+\x08\0\0\x01\0\0\0\0\0\0\0\x03\0\0\0\0\x0f\0\0\0\x04\0\0\0\x0d\0\0\0\x06\x02\0\
+\0\0\0\0\x0e\x10\0\0\0\x01\0\0\0\x0e\x02\0\0\x01\0\0\x0f\0\0\0\0\x08\0\0\0\0\0\
+\0\0\x10\0\0\0\x14\x02\0\0\x01\0\0\x0f\0\0\0\0\x11\0\0\0\0\0\0\0\x0d\0\0\0\0\
+\x69\x6e\x74\0\x5f\x5f\x41\x52\x52\x41\x59\x5f\x53\x49\x5a\x45\x5f\x54\x59\x50\
+\x45\x5f\x5f\0\x74\x79\x70\x65\0\x6d\x61\x78\x5f\x65\x6e\x74\x72\x69\x65\x73\0\
+\x72\x62\0\x78\x64\x70\x5f\x6d\x64\0\x64\x61\x74\x61\0\x64\x61\x74\x61\x5f\x65\
+\x6e\x64\0\x64\x61\x74\x61\x5f\x6d\x65\x74\x61\0\x69\x6e\x67\x72\x65\x73\x73\
+\x5f\x69\x66\x69\x6e\x64\x65\x78\0\x72\x78\x5f\x71\x75\x65\x75\x65\x5f\x69\x6e\
+\x64\x65\x78\0\x65\x67\x72\x65\x73\x73\x5f\x69\x66\x69\x6e\x64\x65\x78\0\x5f\
+\x5f\x75\x33\x32\0\x75\x6e\x73\x69\x67\x6e\x65\x64\x20\x69\x6e\x74\0\x63\x74\
+\x78\0\x78\x64\x70\x5f\x72\x65\x63\x65\x69\x76\x65\0\x78\x64\x70\0\x2f\x68\x6f\
+\x6d\x65\x2f\x6f\x73\x62\x6f\x78\x65\x73\x2f\x54\x46\x47\x2f\x73\x72\x63\x2f\
+\x65\x62\x70\x66\x2f\x78\x64\x70\x5f\x66\x69\x6c\x74\x65\x72\x2e\x62\x70\x66\
+\x2e\x63\0\x20\x20\x20\x20\x76\x6f\x69\x64\x20\x2a\x64\x61\x74\x61\x20\x3d\x20\
+\x28\x76\x6f\x69\x64\x20\x2a\x29\x28\x6c\x6f\x6e\x67\x29\x63\x74\x78\x2d\x3e\
+\x64\x61\x74\x61\x3b\0\x20\x20\x20\x20\x76\x6f\x69\x64\x20\x2a\x64\x61\x74\x61\
+\x5f\x65\x6e\x64\x20\x3d\x20\x28\x76\x6f\x69\x64\x20\x2a\x29\x28\x6c\x6f\x6e\
+\x67\x29\x63\x74\x78\x2d\x3e\x64\x61\x74\x61\x5f\x65\x6e\x64\x3b\0\x20\x20\x20\
+\x20\x69\x66\x20\x28\x28\x76\x6f\x69\x64\x20\x2a\x29\x65\x74\x68\x20\x2b\x20\
+\x73\x69\x7a\x65\x6f\x66\x28\x2a\x65\x74\x68\x29\x20\x3e\x20\x64\x61\x74\x61\
+\x5f\x65\x6e\x64\x29\0\x20\x20\x20\x20\x69\x66\x20\x28\x69\x70\x2d\x3e\x70\x72\
+\x6f\x74\x6f\x63\x6f\x6c\x20\x21\x3d\x20\x49\x50\x50\x52\x4f\x54\x4f\x5f\x55\
+\x44\x50\x29\0\x20\x20\x20\x20\x69\x66\x20\x28\x75\x64\x70\x2d\x3e\x64\x65\x73\
+\x74\x20\x21\x3d\x20\x6e\x74\x6f\x68\x73\x28\x35\x30\x30\x35\x29\x29\0\x20\x20\
+\x20\x20\x69\x66\x20\x28\x70\x61\x79\x6c\x6f\x61\x64\x5f\x73\x69\x7a\x65\x20\
+\x21\x3d\x20\x73\x69\x7a\x65\x6f\x66\x28\x6d\x61\x74\x63\x68\x5f\x70\x61\x74\
+\x74\x65\x72\x6e\x29\x20\x2d\x20\x31\x29\x20\0\x20\x20\x20\x20\x20\x20\x20\x20\
+\x69\x66\x20\x28\x70\x61\x79\x6c\x6f\x61\x64\x5b\x69\x5d\x20\x21\x3d\x20\x6d\
+\x61\x74\x63\x68\x5f\x70\x61\x74\x74\x65\x72\x6e\x5b\x69\x5d\x29\0\x7d\0\x63\
+\x68\x61\x72\0\x4c\x49\x43\x45\x4e\x53\x45\0\x2e\x6d\x61\x70\x73\0\x6c\x69\x63\
+\x65\x6e\x73\x65\0\x9f\xeb\x01\0\x20\0\0\0\0\0\0\0\x14\0\0\0\x14\0\0\0\x1c\x01\
+\0\0\x30\x01\0\0\0\0\0\0\x08\0\0\0\x9d\0\0\0\x01\0\0\0\0\0\0\0\x0e\0\0\0\x10\0\
+\0\0\x9d\0\0\0\x11\0\0\0\0\0\0\0\xa1\0\0\0\xcd\0\0\0\x25\xd0\0\0\x08\0\0\0\xa1\
+\0\0\0\xf7\0\0\0\x29\xcc\0\0\x10\0\0\0\xa1\0\0\0\x29\x01\0\0\x15\x0c\x01\0\x20\
+\0\0\0\xa1\0\0\0\x29\x01\0\0\x09\x0c\x01\0\x50\0\0\0\xa1\0\0\0\x58\x01\0\0\x09\
+\x28\x01\0\x68\0\0\0\xa1\0\0\0\x7d\x01\0\0\x0e\x44\x01\0\x70\0\0\0\xa1\0\0\0\
+\x7d\x01\0\0\x09\x44\x01\0\x88\0\0\0\xa1\0\0\0\x9f\x01\0\0\x09\x5c\x01\0\xa0\0\
+\0\0\xa1\0\0\0\xd3\x01\0\0\x0d\x84\x01\0\xa8\0\0\0\xa1\0\0\0\xd3\x01\0\0\x0d\
+\x84\x01\0\xb0\0\0\0\xa1\0\0\0\xff\x01\0\0\x01\xbc\x01\0\xc0\0\0\0\xa1\0\0\0\
+\xd3\x01\0\0\x0d\x84\x01\0\xc8\0\0\0\xa1\0\0\0\xd3\x01\0\0\x0d\x84\x01\0\xd8\0\
+\0\0\xa1\0\0\0\xd3\x01\0\0\x0d\x84\x01\0\xe0\0\0\0\xa1\0\0\0\xd3\x01\0\0\x0d\
+\x84\x01\0\xe8\0\0\0\xa1\0\0\0\xd3\x01\0\0\x0d\x84\x01\0\xf8\0\0\0\xa1\0\0\0\
+\xd3\x01\0\0\x0d\x84\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
+\0\0\x7a\0\0\0\0\0\x02\0\xd8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x72\0\0\0\0\0\x02\0\
+\x08\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x6b\0\0\0\0\0\x02\0\xc0\0\0\0\0\0\0\0\0\0\
+\0\0\0\0\0\0\x64\0\0\0\0\0\x02\0\xb0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x03\
+\0\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x5c\0\0\0\x11\0\x03\0\0\0\0\0\0\0\0\0\
+\x0d\0\0\0\0\0\0\0\x40\0\0\0\x11\0\x04\0\0\0\0\0\0\0\0\0\x10\0\0\0\0\0\0\0\x2c\
+\0\0\0\x12\0\x02\0\0\0\0\0\0\0\0\0\x10\x01\0\0\0\0\0\0\x98\x01\0\0\0\0\0\0\0\0\
+\0\0\x07\0\0\0\xb0\x01\0\0\0\0\0\0\0\0\0\0\x06\0\0\0\x2c\0\0\0\0\0\0\0\0\0\0\0\
+\x05\0\0\0\x40\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\x50\0\0\0\0\0\0\0\0\0\0\0\x05\0\
+\0\0\x60\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\x70\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\
+\x80\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\x90\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\xa0\0\
+\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\xb0\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\xc0\0\0\0\0\
+\0\0\0\0\0\0\0\x05\0\0\0\xd0\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\xe0\0\0\0\0\0\0\0\
+\0\0\0\0\x05\0\0\0\xf0\0\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\
+\0\x05\0\0\0\x10\x01\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\x20\x01\0\0\0\0\0\0\0\0\0\0\
+\x05\0\0\0\x30\x01\0\0\0\0\0\0\0\0\0\0\x05\0\0\0\x40\x01\0\0\0\0\0\0\0\0\0\0\
+\x05\0\0\0\x0e\x0c\x0d\0\x2e\x74\x65\x78\x74\0\x2e\x72\x65\x6c\x2e\x42\x54\x46\
+\x2e\x65\x78\x74\0\x2e\x6d\x61\x70\x73\0\x78\x64\x70\0\x2e\x6c\x6c\x76\x6d\x5f\
+\x61\x64\x64\x72\x73\x69\x67\0\x78\x64\x70\x5f\x72\x65\x63\x65\x69\x76\x65\0\
+\x6c\x69\x63\x65\x6e\x73\x65\0\x72\x62\0\x2e\x73\x74\x72\x74\x61\x62\0\x2e\x73\
+\x79\x6d\x74\x61\x62\0\x2e\x72\x65\x6c\x2e\x42\x54\x46\0\x4c\x49\x43\x45\x4e\
+\x53\x45\0\x4c\x42\x42\x30\x5f\x39\0\x4c\x42\x42\x30\x5f\x37\0\x4c\x42\x42\x30\
+\x5f\x31\x33\0\x4c\x42\x42\x30\x5f\x31\x30\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
+\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
+\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\x01\0\0\0\x06\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
+\x40\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x04\0\0\0\0\0\0\0\0\0\0\0\0\
+\0\0\0\x1a\0\0\0\x01\0\0\0\x06\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x40\0\0\0\0\0\0\0\
+\x10\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x08\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x38\0\0\
+\0\x01\0\0\0\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x50\x01\0\0\0\0\0\0\x0d\0\0\0\0\
+\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x14\0\0\0\x01\0\0\0\
+\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x60\x01\0\0\0\0\0\0\x10\0\0\0\0\0\0\0\0\0\0\
+\0\0\0\0\0\x08\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x57\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\
+\0\0\0\0\0\0\0\0\0\x70\x01\0\0\0\0\0\0\xd4\x03\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\
+\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x0b\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\
+\0\0\x44\x05\0\0\0\0\0\0\x50\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\
+\0\0\0\0\0\0\0\0\x4b\0\0\0\x02\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x98\x06\0\
+\0\0\0\0\0\xd8\0\0\0\0\0\0\0\x0b\0\0\0\x06\0\0\0\x08\0\0\0\0\0\0\0\x18\0\0\0\0\
+\0\0\0\x53\0\0\0\x09\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x70\x07\0\0\0\0\0\0\
+\x20\0\0\0\0\0\0\0\x07\0\0\0\x05\0\0\0\x08\0\0\0\0\0\0\0\x10\0\0\0\0\0\0\0\x07\
+\0\0\0\x09\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x90\x07\0\0\0\0\0\0\x20\x01\0\
+\0\0\0\0\0\x07\0\0\0\x06\0\0\0\x08\0\0\0\0\0\0\0\x10\0\0\0\0\0\0\0\x1e\0\0\0\
+\x03\x4c\xff\x6f\0\0\0\x80\0\0\0\0\0\0\0\0\0\0\0\0\xb0\x08\0\0\0\0\0\0\x03\0\0\
+\0\0\0\0\0\0\0\0\0\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\x43\0\0\0\x03\0\0\
+\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\xb3\x08\0\0\0\0\0\0\x82\0\0\0\0\0\0\0\0\0\0\
+\0\0\0\0\0\x01\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+
+	return 0;
+err:
+	bpf_object__destroy_skeleton(s);
+	return -1;
+}
+
+#endif /* __XDP_FILTER_BPF_SKEL_H__ */

src/Makefile

@@ -5,17 +5,18 @@ LLVM_STRIP ?= llvm-strip
 BPFTOOL ?= $(abspath ./tools/bpftool)
 LIBBPF_SRC := $(abspath ./libbpf/src)
 LIBBPF_OBJ := $(abspath $(OUTPUT)/libbpf.a)
-VMLINUX := ./vmlinux/vmlinux.h
+VMLINUX := ./vmlinux/newvmlinux.h
 USER := user
 EBPF := ebpf
 # Use our own libbpf API headers and Linux UAPI headers distributed with
 # libbpf to avoid dependency on system-wide headers, which could be missing or
 # outdated
-INCLUDES := -I$(OUTPUT) -I./libbpf/include/uapi -I$(dir $(VMLINUX))
-CFLAGS := -g -Wall
+#INCLUDES := -I$(OUTPUT) -I./libbpf/include/uapi -I$(dir $(VMLINUX))
+INCLUDES := -I$(OUTPUT) -I./libbpf/include/uapi -I/lib/modules/5.11.0-40-generic/build #-I$(dir $(VMLINUX))
+CFLAGS := -g -Wall #-I/lib/modules/5.11.0-40-generic/build/include
 ARCH := $(shell uname -m | sed 's/x86_64/x86/')
 
-APPS = minimal bootstrap
+APPS = xdp_filter
 
 # Get Clang's default includes on this system. We'll explicitly add these dirs
 # to the includes list when compiling with `-target bpf` because otherwise some

src/ebpf/xdp_filter.bpf.c

@@ -0,0 +1,115 @@
+//#include "newvmlinux.h"
+#include <linux/ip.h>
+#include <linux/types.h>
+#include <unistd.h>
+#include <linux/tcp.h>
+#include <linux/udp.h>
+#include <linux/bpf.h>
+#include <stdbool.h>
+#include <linux/unistd.h>
+#include <linux/if_ether.h>
+#include <linux/pkt_cls.h>
+#include <arpa/inet.h>
+#include <net/if.h>
+#include <bpf/bpf_helpers.h>
+#include <bpf/bpf_tracing.h>
+#include <bpf/bpf_core_read.h>
+#include "../user/xdp_filter.h"
+#include <arpa/inet.h>
+#include <linux/bpf.h>
+#include <linux/if_ether.h>
+#include <linux/ip.h>
+#include <linux/udp.h>
+
+
+char LICENSE[] SEC("license") = "Dual BSD/GPL";
+
+/*//BPF map
+struct {
+	__uint(type, BPF_MAP_TYPE_HASH);
+	__uint(max_entries, 8192);
+	__type(key, pid_t);
+	__type(value, uint64_t);
+} exec_start SEC(".maps");*/
+
+//Ring buffer
+struct {
+	__uint(type, BPF_MAP_TYPE_RINGBUF);
+	__uint(max_entries, 256 * 1024);
+} rb SEC(".maps");
+
+//Ethernet frame struct
+struct eth_hdr {
+	unsigned char   h_dest[ETH_ALEN];
+	unsigned char   h_source[ETH_ALEN];
+	unsigned short  h_proto;
+};
+
+SEC("xdp")
+int xdp_receive(struct xdp_md *ctx)
+{
+    void *data_end = (void *)(long)ctx->data_end;
+    void *data = (void *)(long)ctx->data;
+    char match_pattern[] = "test";
+    unsigned int payload_size, i;
+    struct ethhdr *eth = data;
+    unsigned char *payload;
+    struct udphdr *udp;
+    struct iphdr *ip;
+
+	struct event *rb_event;
+
+	/* Reserve a ring buffer event from BPF ringbuf to be filled later*/
+	/*rb_event = bpf_ringbuf_reserve(&rb, sizeof(*rb_event), 0);
+	if (!rb_event)
+		return 0;*/
+
+    if ((void *)eth + sizeof(*eth) > data_end)
+        return XDP_PASS;
+
+    ip = data + sizeof(*eth);
+    if ((void *)ip + sizeof(*ip) > data_end)
+        return XDP_PASS;
+
+    if (ip->protocol != IPPROTO_UDP)
+        return XDP_PASS;
+
+    udp = (void *)ip + sizeof(*ip);
+    if ((void *)udp + sizeof(*udp) > data_end)
+        return XDP_PASS;
+
+    if (udp->dest != ntohs(5005))
+        return XDP_PASS;
+
+    payload_size = ntohs(udp->len) - sizeof(*udp);
+    // Here we use "size - 1" to account for the final '\0' in "test".
+    // This '\0' may or may not be in your payload, adjust if necessary.
+    if (payload_size != sizeof(match_pattern) - 1) 
+        return XDP_PASS;
+
+    // Point to start of payload.
+    payload = (unsigned char *)udp + sizeof(*udp);
+    if ((void *)payload + payload_size > data_end)
+        return XDP_PASS;
+
+    // Compare each byte, exit if a difference is found.
+    for (i = 0; i < payload_size; i++)
+        if (payload[i] != match_pattern[i])
+            return XDP_PASS;
+
+	/*if(!payload){
+		bpf_probe_read_str(&rb_event->payload, sizeof(rb_event->payload), (void *)payload);
+		bpf_ringbuf_submit(rb_event, 0);	
+	}else{
+		//Submit it to user-space for post-processing
+		bpf_probe_read_str(&rb_event->payload, sizeof(rb_event->payload), (void*)0);
+		bpf_ringbuf_submit(rb_event, 0);
+	}*/
+	
+	// Same payload as expected one received, drop.
+    return XDP_DROP;
+}
+
+
+
+

src/user/xdp_filter.c

@@ -0,0 +1,169 @@
+#include <argp.h>
+#include <stdio.h>
+#include <time.h>
+#include <signal.h>
+#include <sys/resource.h>
+#include <bpf/libbpf.h>
+#include "xdp_filter.skel.h"
+#include "xdp_filter.h"
+
+static struct env {
+	bool verbose;
+} env;
+
+const char *argp_program_version = "xdp_filter 0.1";
+const char *argp_program_bug_address = "<marcossanchezbajo@gmail.com>";
+const char argp_program_doc[] =
+"My first eBPF packet filter using Express Data Path (XDP)\n"
+"\n"
+"TODO DESCRIPTION\n"
+"\n"
+"USAGE: ./xdp_filter [-v]\n";
+
+/*Options for argp*/
+static const struct argp_option opts[] = {
+	{ "verbose", 'v', NULL, 0, "Verbose debug output" },
+	{},
+};
+
+/*Command argument parsing, similar to getopt*/
+static error_t parse_arg(int key, char *arg, struct argp_state *state){
+	switch (key) {
+	case 'v':
+		env.verbose = true;
+		break;
+	case ARGP_KEY_ARG:
+		argp_usage(state);
+		break;
+	default:
+		return ARGP_ERR_UNKNOWN;
+	}
+	return 0;
+}
+
+static const struct argp argp = {
+	.options = opts,
+	.parser = parse_arg,
+	.doc = argp_program_doc,
+};
+
+/*Wrapper for printing into stderr when debug active*/
+static int libbpf_print_fn(enum libbpf_print_level level, const char *format, va_list args){
+	if (level == LIBBPF_DEBUG && !env.verbose)
+		return 0;
+	return vfprintf(stderr, format, args);
+}
+
+/**
+* Increases kernel internal memory limit
+* necessary to allocate resouces like BPF maps.
+*/
+static void bump_memlock_rlimit(void){
+	struct rlimit rlim_new = {
+		.rlim_cur	= RLIM_INFINITY,
+		.rlim_max	= RLIM_INFINITY,
+	};
+
+	if (setrlimit(RLIMIT_MEMLOCK, &rlim_new)) {
+		fprintf(stderr, "Failed to increase RLIMIT_MEMLOCK limit!\n");
+		exit(1);
+	}
+}
+
+static volatile bool exiting = false;
+
+static void sig_handler(int sig){
+	exiting = true;
+}
+
+static int handle_event(void *ctx, void *data, size_t data_sz){
+	const struct event *e = data;
+	struct tm *tm;
+	char ts[32];
+	time_t t;
+
+	time(&t);
+	tm = localtime(&t);
+	strftime(ts, sizeof(ts), "%H:%M:%S", tm);
+
+    printf("NEW: %s\n",
+            e->payload);
+
+	return 0;
+}
+
+
+int main(int argc, char**argv){
+    struct ring_buffer *rb = NULL;
+    struct xdp_filter_bpf *skel;
+    int err;
+
+	/* Parse command line arguments */
+	err = argp_parse(&argp, argc, argv, 0, NULL, NULL);
+	if (err)
+		return err;
+
+	/* Set up libbpf errors and debug info callback */
+	libbpf_set_print(libbpf_print_fn);
+
+	/* Bump RLIMIT_MEMLOCK to create BPF maps */
+	bump_memlock_rlimit();
+
+	/* Cleaner handling of Ctrl-C */
+	signal(SIGINT, sig_handler);
+	signal(SIGTERM, sig_handler);
+
+    /* Load and verify BPF application */
+	skel = xdp_filter_bpf__open();
+	if (!skel) {
+		fprintf(stderr, "Failed to open and load BPF skeleton\n");
+		return 1;
+	}
+
+	/* Load & verify BPF programs */
+	err = xdp_filter_bpf__load(skel);
+	if (err) {
+		fprintf(stderr, "Failed to load and verify BPF skeleton\n");
+		goto cleanup;
+	}
+
+    /* Attach tracepoints */
+	err = xdp_filter_bpf__attach(skel);
+	if (err) {
+		fprintf(stderr, "Failed to attach BPF skeleton\n");
+		goto cleanup;
+	}
+
+    /* Set up ring buffer polling */
+	rb = ring_buffer__new(bpf_map__fd(skel->maps.rb), handle_event, NULL, NULL);
+	if (!rb) {
+		err = -1;
+		fprintf(stderr, "Failed to create ring buffer\n");
+		goto cleanup;
+	}
+
+    	/* Process events */
+	printf("%-8s %-5s %-16s %-7s %-7s %s\n",
+	       "TIME", "EVENT", "COMM", "PID", "PPID", "FILENAME/EXIT CODE");
+	while (!exiting) {
+		err = ring_buffer__poll(rb, 100 /* timeout, ms */);
+		/* Ctrl-C will cause -EINTR */
+		if (err == -EINTR) {
+			err = 0;
+			break;
+		}
+		if (err < 0) {
+			printf("Error polling perf buffer: %d\n", err);
+			break;
+		}
+	}
+
+    cleanup:
+        /* Clean up */
+        ring_buffer__free(rb);
+        xdp_filter_bpf__destroy(skel);
+
+        return err < 0 ? -err : 0;
+
+    return 0;
+}

src/user/xdp_filter.h

@@ -0,0 +1,11 @@
+#ifndef __XDP_FILTER_H
+#define __XDP_FILTER_H
+
+#define MAX_PAYLOAD_LEN 127
+
+struct event {
+	char payload[MAX_PAYLOAD_LEN];
+	bool exit_event;
+};
+
+#endif