Added explanation, installing instructions and demo commands in the
README
This commit is contained in:
parent
8b3df61629
commit
340dc7f5a6
88
README.md
88
README.md
|
|
@ -1 +1,89 @@
|
|||
# Netcat eBPF Demo
|
||||
|
||||
This is a demo program showcasing a simple eBPF application
|
||||
|
||||
## Explanation
|
||||
|
||||
This demo shows how simple it is to do content-based redirection in eBPF (which means, directly in the kernel)
|
||||
|
||||
For this demo, two eBPF programs will be used:
|
||||
|
||||
+ one SOCKOPS program, that gets called each time a TCP event happens; this is used to intercept new connections and collect them in a map
|
||||
+ one SK_SKB verdict program, that analyzes the content of the packets and redirects them to the appropriate socket
|
||||
|
||||
The setup is simple: there are two "stable" sockets, one to port 4444 and one to port 5555
|
||||
|
||||
Each time a new connection is made on port 3333, the packets of that connection are checked:
|
||||
|
||||
+ if the message starts with 'a', it will be redirected on the socket to port 4444
|
||||
+ if the message starts with 'b', it will be redirected on the socket to port 5555
|
||||
+ otherwise it will not be redirected and it will be sent to the socket on port 3333
|
||||
|
||||
All the redirecting is done entirely in the kernel, the userspace program just creates the "stable" connections and keeps them alive
|
||||
|
||||
## Installing
|
||||
|
||||
To clone it, do
|
||||
|
||||
```bash
|
||||
git clone https://git.abbiamoundominio.org/palo/Netcat-eBPF-Demo --recurse-submodules
|
||||
```
|
||||
|
||||
this command will also include the library [liblog](https://github.com/rxi/log.c)
|
||||
|
||||
Other dependencies are:
|
||||
|
||||
+ libbpf
|
||||
+ bpftool
|
||||
+ clang+llvm
|
||||
|
||||
Just to be sure, on an (up-to-date, so at least kernel 5.18+) Debian/Ubuntu based machine do
|
||||
|
||||
```bash
|
||||
sudo apt install bptools libbpf-dev netcat clang llvm libelf-dev gcc-multilib build-essential linux-headers-$(uname -r) linux-tools-common linux-tools-generic
|
||||
```
|
||||
|
||||
To compile, just
|
||||
|
||||
```bash
|
||||
sudo make -j
|
||||
```
|
||||
|
||||
This will create a .output directory with all the intermediary files and the main executable, ``netcat_ebpf_demo``
|
||||
|
||||
## Demo Commands
|
||||
|
||||
Open a terminal and listen on netcat on port 4444:
|
||||
|
||||
```bash
|
||||
nc -lvp 4444
|
||||
```
|
||||
|
||||
Then do the same for port 5555:
|
||||
|
||||
```bash
|
||||
nc -lvp 5555
|
||||
```
|
||||
|
||||
And for port 3333:
|
||||
|
||||
```bash
|
||||
nc -lvp 3333
|
||||
```
|
||||
|
||||
Now, open a fourth terminal and start the program:
|
||||
|
||||
```bash
|
||||
sudo ./netcat_ebpf_demo
|
||||
```
|
||||
|
||||
This will open connections to both port 4444 and 5555
|
||||
|
||||
|
||||
On a fifth (and final) terminal connect to port 3333:
|
||||
|
||||
```bash
|
||||
nc 127.0.0.1 3333
|
||||
```
|
||||
|
||||
In this terminal, try sending some messages: if the message starts with 'a', it will be appear on the terminal with socket 4444; if it starts with 'b', the same but on 5555; otherwise it will go to 3333
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user