eBPF example repository for study purpose
Blog article (ja): https://nonylene.hatenablog.jp/entry/2023/02/03/001155
# apt install linux-tools-generic libbpf-dev clang build-essential gcc-multilib
Enable multilib and
# pacman -S base-devel libbpf bpf lib32-glibc clang
$ sudo make init # Install eBPF program
$ sudo make reload # Reload eBPF program while preserving maps
$ sudo make unload # Uninstall eBPF program
$ sudo bpftool btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h
e.g. Drop ICMP packets to 8.8.4.4
$ sudo bpftool map update pinned /sys/fs/bpf/rule key 0x04 0x04 0x08 0x08 value 0x00