tcp_packet_dropper_4040.py

#!/usr/bin/python

from bcc import BPF
from bcc.utils import printb

F = """
#include <linux/bpf.h>
#include <linux/if_ether.h>
#include <linux/ip.h>
#include <linux/in.h>
#include <linux/tcp.h>

int filter(struct xdp_md *ctx){
  bpf_trace_printk("[DEBUG] Received Packet");
  void *data = (void *)(long)ctx -> data;
  void *data_end = (void *)(long)ctx -> data_end;
  struct ethhdr *eth = data;

  if ((void*)eth + sizeof(*eth) <= data_end) {
    struct iphdr *ip = data + sizeof(*eth);
    if ((void*)ip + sizeof(*ip) <= data_end) {
      if(ip -> protocol == IPPROTO_TCP) {
        struct tcphdr *tcp = (void*)ip + sizeof(*ip);
        if ((void*)tcp + sizeof(*tcp) <= data_end){
          if (tcp -> dest == ntohs(4040)) {
            bpf_trace_printk("[DEBUG] Got packet on port 4040");
            bpf_trace_printk("[INFO] Dropping Packet on port 4040");
            return XDP_DROP;
          }
        }
      }
    }
  }
  return XDP_PASS;
}"""
device = 'lo'
loader = BPF(text=F)
function = loader.load_func("filter", BPF.XDP)
loader.attach_xdp(device, function, 0)

try:
    (loader.trace_print())
except KeyboardInterrupt:
    print("Bye")
    pass

loader.remove_xdp(device, 0)