XDP get packet payload

174 views Asked by At

During the past few days I've been experimenting with XDP. I'm trying to access the payload of a packet but I've been unsuccessful so far.

The main problems I'm running into are the eBPF verifier and printing the output in the right format.

My end goal is to just simply print out the payload using the bpf_printk (bpf_trace_printk macro) function in hexadecimal (similar to wireshark), and eventually match the hex code of the packet inside of my c code.

I started by getting the location of the start of the payload by doing something like this:

void *payload = data + sizeof(struct ethhdr) + sizeof(struct iphdr) + sizeof(struct tcphdr);

(this would be something else for UDP packets)

I then just tried to simply use %.*s inside of my bpf_printk function but this didn't print anything.

A second approach I've tried is looping over the payload but I ran into eBPF verifier errors. (for example: invalid access to packet, off=36 size=2, R1(id=0,off=36,r=34) R1 offset is outside of the packet)

0

There are 0 answers