filter2xdp

filter2xdp will take a pcap/tcpdump filter expression, compile it to classical BPF (cBPF) using libpcap, convert it to extended BPF (eBPF) and load it as an XDP BPF program. By default, the XDP program will only pass packets to the Linux network stack which match the filter expression. If the XDP program is loaded using the --invert option, the filter is reversed and the program will drop all packets matching the filter expression.

Note: This is work in progress and not working yet as intended (i.e. no valid XDP eBPF programs are generated). However, Feedback, suggestions and patches are already welcome!

Usage

Usage: filter2xdp [OPTIONS...] -i <dev> FILTER
Options:
  -i/--interface <dev>  Network device (required)
  -n/--invert           Invert filter, drop matching packets
  -v/--verbose          Verbose mode
  -h/--help             Show this help message

Prerequisites

Linux Kernel 4.8+
libpcap (development library and headers)

License

filter2xdp is subject to the GPL, version 2.

Please see the COPYING file for the full license text.

Resources

eBPF docs and XDP docs in the Linux Networking Subsystem documentation by Jesper Dangaard Brouer
BPF and XDP Reference Guide from the Cilium developer's guide

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
include/linux		include/linux
.gitignore		.gitignore
COPYING		COPYING
Makefile		Makefile
README.md		README.md
bpf_convert.c		bpf_convert.c
bpf_load.c		bpf_load.c
bpf_load.h		bpf_load.h
cbpf.c		cbpf.c
cbpf.h		cbpf.h
ebpf.c		ebpf.c
ebpf.h		ebpf.h
filter2xdp.c		filter2xdp.c
filter_comp.c		filter_comp.c
pcap_helpers.h		pcap_helpers.h
utils.c		utils.c
utils.h		utils.h

License

tklauser/filter2xdp

Folders and files

Latest commit

History

Repository files navigation

filter2xdp

Usage

Prerequisites

License

Resources

About

Topics

Resources

License

Stars

Watchers

Forks

Languages