最简单的bpf程序使能

1、编写简单的xdp程序

#include <linux/bpf.h>

#ifndef __section
# define __section(NAME)                  \
   __attribute__((section(NAME), used))
#endif

__section("prog")
int xdp_drop(struct xdp_md *ctx)
{
    return XDP_DROP;
}

char __license[] __section("license") = "GPL";

2、编译
clang -O2 -target bpf -c xdp-drop-world.c -o xdp-drop-world.o

3、解决编译错误

CLANG xdpfilt_blk_udp.o
In file included from xdpfilt_blk_udp.c:10:
In file included from ./xdpfilt_prog.h:10:
In file included from ../lib/../headers/linux/bpf.h:11:
/usr/include/linux/types.h:5:10: fatal error: 'asm/types.h' file not found
#include <asm/types.h>
^~~~~~~~~~~~~
1 error generated.
../lib/common.mk:77: recipe for target 'xdpfilt_blk_udp.o' failed
I located the file "asm/types.h". It was under /usr/include/aarch64-linux-gnu/. I added the path to C_INCLUDE_PATH
export C_INCLUDE_PATH=/usr/include/aarch64-linux-gnu/

4、加载xdp程序
ip link set eno3 xdp obj xdp-drop-world.o sec xdp verbose
4.1解决加载错误

root@ubuntu:~/bcc/xdp# ip  link set dev eno3 xdp obj xdp-drop-world.o sec xdp verbose
Error: either "dev" is duplicate, or "xdp" is a garbage.
root@ubuntu:~/bcc/xdp# 

上述报错为ip的版本太低，需要下载iproute2源码，直接make,重新编译ip,使用新编译好的ip执行命令。

5、使用新的ip加载xdp程序，同时在eno3口进行ping操作，可以看到ping不通了。
~/work/iproute2/ip/ip link set dev eno3 xdp obj xdp-drop-world.o sec xdp verbose
6、取消xdp，看到可以ping通
~/work/iproute2/ip/ip link set dev eno3 xdp off