bcc 0.0.34

Idiomatic Rust bindings for BPF Compiler Collection (BCC)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

use bcc::SocketBuilder;
use bcc::BPF;
use clap::{App, Arg};
use std::io::Read;
use std::{thread, time};

const DEFAULT_DURATION: u64 = 120; // Seconds

pub fn recv_loop(mut socket_wrapper: bcc::SocketWrapper) {
    loop {
        let mut buf: [u8; 2048] = [0; 2048];
        match socket_wrapper.socket.read(&mut buf) {
            Ok(bytes) => println!(
                "read {} bytes on interface {}",
                bytes, &socket_wrapper.iface
            ),
            Err(err) => panic!("error whild reading from socket: {}", err),
        }
    }
}

fn main() {
    let matches = App::new("port_filter")
        .arg(
            Arg::with_name("ifaces")
                .long("ifaces")
                .short("i")
                .help("interface to listen to")
                .use_delimiter(true)
                .default_value("eth0"),
        )
        .arg(
            Arg::with_name("duration")
                .long("duration")
                .value_name("Seconds")
                .help("The total duration to run this tool")
                .takes_value(true),
        )
        .arg(
            Arg::with_name("port")
                .long("port")
                .short("p")
                .help("The port to filter")
                .takes_value(true)
                .default_value("8080"),
        )
        .get_matches();

    if cfg!(any(
        feature = "v0_4_0",
        feature = "v0_5_0",
        feature = "v0_6_0",
        feature = "v0_6_1",
        feature = "v0_7_0",
        feature = "v0_8_0",
        feature = "v0_9_0",
        feature = "v0_10_0",
        feature = "v0_11_0",
        feature = "v0_12_0",
        feature = "v0_13_0",
        feature = "v0_14_0",
        feature = "v0_15_0",
        feature = "v0_16_0",
        feature = "v0_17_0",
        feature = "v0_18_0",
        feature = "v0_19_0",
        feature = "v0_20_0",
    )) {
        println!("not supported for bcc < 0.21.0");
        std::process::exit(0);
    }

    let ifaces = matches
        .values_of("ifaces")
        .unwrap()
        .map(String::from)
        .collect::<Vec<String>>();

    let duration: u64 = matches
        .value_of("duration")
        .map(|v| v.parse().expect("Invalid duration"))
        .unwrap_or(DEFAULT_DURATION);

    let port: &str = matches.value_of("port").unwrap();

    println!("Running for {} seconds", duration);

    let code = include_str!("port_filter.c").replace("{dst_port}", port);

    let mut bpf = BPF::new(&code).unwrap();

    let sockets = SocketBuilder::new()
        .handler("port_filter")
        .add_interfaces(&ifaces)
        .attach(&mut bpf)
        .unwrap();

    sockets
        .into_iter()
        .for_each(|socket_wrapper: bcc::SocketWrapper| {
            thread::spawn(|| recv_loop(socket_wrapper));
        });

    println!(
        "Attached sockets to interfaces {:?} and looking for tcp packets to port {}",
        &ifaces, port
    );

    let mut elapsed = 0;
    while elapsed < duration {
        thread::sleep(time::Duration::new(1, 0));
        elapsed += 1;
    }
}