I built this program to get information, namely the ethernet header out of packets with XDP, and while I was using the bpf_trace_printk function everything worked fine.
When i tried to swap to perf buffers and print the MAC addresses they are always the same, as if they were hard-coded. The code is as follows:
C code
struct data_t{
//ETH
u16 type;
unsigned char src_mac[ETH_ALEN];
unsigned char dst_mac[ETH_ALEN];
BPF_PERF_OUTPUT(packets);
int xdp(struct xdp_md *ctx) {
void *data = (void *)(long)ctx->data;
void *data_end = (void *)(long)ctx->data_end;
struct data_t packet = {};
if (is_tcp_packet(data, data_end)) {
//eth
struct ethhdr *eth = data;
//bpf_trace_printk("tamos ai lol %p, %p", eth->h_source, eth->h_dest);
packet.type = eth->h_proto;
__builtin_memcpy(packet.src_mac, eth->h_source, ETH_ALEN);
__builtin_memcpy(packet.dst_mac, eth->h_dest, ETH_ALEN);
packets.perf_submit(ctx, &packet, sizeof(packet));
}
PYTHON
def callback(ctx, data, size):
packet = bpf["packets"].event(data)
result = bytes(packet.src_mac)
src_mac = ':'.join(format(byte, '02x') for byte in result)
result = bytes(packet.dst_mac)
dst_mac = ':'.join(format(byte, '02x') for byte in result)
print("TYPE=%d;SRC_MAC=%s;DST_MAC=%s" % (packet.type, src_mac, dst_mac))
bpf["packets"].open_perf_buffer(callback)
try:
print("Listening on IP:", ip)
#bpf.trace_print()
while True:
bpf.perf_buffer_poll()
except KeyboardInterrupt:
print("\n Unloading")
exit()
Am i doing anything wrong or is there a better way to do what i am attempting to do?
