I looked and played your example a little bit. Your observation is correct. The user space is not able to see the dropped the packet and the ping still works. From the kernel, the packet going to the user sock is a cloned socket, which gets the dropped and the original icmp packet still walks through the kernel ip stack, hence ping still working.
Maybe some networking people can give more explanation here. On Mon, Dec 18, 2017 at 3:41 AM, Avi Cohen (A) via iovisor-dev <[email protected]> wrote: > Thank you Paul > > Pls see inline marked [Avi Cohen (A)] > > > > From: Paul Chaignon [mailto:[email protected]] > Sent: Monday, 18 December, 2017 12:15 PM > To: Avi Cohen (A) > Cc: [email protected] > Subject: Re: [iovisor-dev] Simple example to start XDP/eBPF programming > > > > > > On Mon, Dec 18, 2017 at 10:23 AM, Avi Cohen (A) <[email protected]> > wrote: > > [Avi Cohen (A)] > > Thank you Paul and Y. Song > I have 2 questions: > 1. I’m already running some ‘packet filtering’ , e.g ICMP pkts, I try to > ’DROP’ > all ICMP pkts (return 0) Indeed it is not sent to userspace (python > program) , > but pass the whole ip-stack and [Avi Cohen (A)] ping is working (I expect > that ping will fail) – I thought that the > packet is dropped also from the ip-stack > > > > We really can't do much to help without the source code. > > [Avi Cohen (A)] - attached c and py files – I’ve override existing files > (http-parse_simple.*) with icmp filter [btw – what are the steps to create > new c , py file?] > > > > 2. I understand that eBPF function is invoked before sk-buff is allocated > for the pkt in the ip-stack (i.e. before the > DMA) – so where is the packet being read from by the eBPF? from the > physical device buffer ? > > > > I'm guessing you're referring to the XDP hook. The eBPF program is > executed on the packets before the skbuff is allocated but after > the DMA. The DMA writes the packet in memory, so without it the eBPF > program won't run. > > [Avi Cohen (A)] - Yes XDP, so the DMA writes to a pre-allocated memory , > and then we further allocate an sk-buff and copy the packet from DMA area to > the sk-buff ? this doesn’t make sense unless I miss something here > > Best Regards > > Avi > > > > > Best Regards > Avi > > >> From: Paul Chaignon [mailto:[email protected]] >> Sent: Monday, 18 December, 2017 10:52 AM >> To: Avi Cohen (A) >> Cc: [email protected] >> Subject: Re: [iovisor-dev] Simple example to start XDP/eBPF programming >> >> >> On Sun, Dec 17, 2017 at 12:55 PM, Avi Cohen (A) via iovisor-dev <iovisor- >> [email protected]> wrote: >> I've installed (packaged) bcc as per >> https://github.com/iovisor/bcc/blob/master/INSTALL.md >> Now I want to start playing. a simple one like 'hello-world' . I couldn't >> find a >> guide for this simple example in this tutorial >> [https://github.com/iovisor/bcc/blob/master/docs/reference_guide.md] >> Can you refer to a step by step tutorial ? >> >> If bcc is correctly installed, to run the hello_world example, you should >> only need to run ./examples/hello_world.py as root. >> This tutorial is probably a better source of information in your case: >> >> https://github.com/iovisor/bcc/blob/master/docs/tutorial_bcc_python_develop >> er.md >> >> Best Regards >> Avi >> _______________________________________________ >> iovisor-dev mailing list >> [email protected] >> https://lists.iovisor.org/mailman/listinfo/iovisor-dev > > > > > _______________________________________________ > iovisor-dev mailing list > [email protected] > https://lists.iovisor.org/mailman/listinfo/iovisor-dev > _______________________________________________ iovisor-dev mailing list [email protected] https://lists.iovisor.org/mailman/listinfo/iovisor-dev
