ebpf/block_chatgpt4.py at main · soham-b-github/ebpf · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/usr/bin/python3
from bcc import BPF
import time
import sys

# --- CONFIGURATION ---
device = "wlo1"

# --- Kernel Code ---
program = """
#include <uapi/linux/bpf.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#include <linux/in.h>

// ICMP Protocol Number is 1
#define IP_PROTO_ICMP 1

int drop_all_icmp(struct xdp_md *ctx) {
    void *data = (void *)(long)ctx->data;
    void *data_end = (void *)(long)ctx->data_end;

    // 1. Parse Ethernet
    struct ethhdr *eth = data;
    if (data + sizeof(*eth) > data_end) return XDP_PASS;

    // 2. Check if it's IP
    if (eth->h_proto != htons(ETH_P_IP)) return XDP_PASS;

    // 3. Parse IP
    struct iphdr *ip = data + sizeof(*eth);
    if (data + sizeof(*eth) + sizeof(*ip) > data_end) return XDP_PASS;

    // 4. CHECK PROTOCOL: Is it ICMP (Ping)?
    if (ip->protocol == IP_PROTO_ICMP) {
        bpf_trace_printk("Detected ICMP Ping -> DROPPING\\n");
        return XDP_DROP;
    }

    return XDP_PASS;
}
"""

# --- User Space ---
print(f"Loading 'Drop All Pings' on {device}...")
b = BPF(text=program)
fn = b.load_func("drop_all_icmp", BPF.XDP)

print("Attaching in Generic/SKB Mode...")
try:
    b.attach_xdp(device, fn, flags=BPF.XDP_FLAGS_SKB_MODE)
except Exception as e:
    print(f"Error: {e}")
    sys.exit(1)

print("Running! ALL Pings (IPv4) should now fail.")
print("Open another terminal and try: ping -4 8.8.8.8")
print("Check logs: sudo cat /sys/kernel/debug/tracing/trace_pipe")

try:
    while True:
        time.sleep(1)
except KeyboardInterrupt:
    print("\nDetaching...")
    b.remove_xdp(device, 0)
    print("Done.")