Giter Site home page Giter Site logo

batermj / bpftools Goto Github PK

View Code? Open in Web Editor NEW

This project forked from cloudflare/bpftools

0.0 2.0 0.0 188 KB

BPF Tools - packet analyst toolkit

License: BSD 3-Clause "New" or "Revised" License

Makefile 0.62% Python 57.24% C 27.81% Lex 2.05% Yacc 12.28%

bpftools's Introduction

BPF Tools

Introductory blog posts:

Here you can find a set of tool for analyzing and processing of pcap traffic dumps. The aim of this tool is to help creating BPF rules that will match (and drop) malicious traffic.

To run these scripts you will need:

  • Kernel headers (ideally from a 3.10+ kernel):

     $ sudo apt-get install linux-headers-generic

  • Installed dependencies:

     $ sudo apt-get install python-setuptools libpcap-dev \
                        libreadline-dev binutils-dev bison flex
 $ sudo easy_install pcappy

  • Build the binary tools in linux_tools directory:

     $ make

BPF Tools repository contains a number simple Python scripts, some of them focus on analyzing pcap files, others focus more on the BPF:

  • pcap2hex, hex2pcap
  • parsedns
  • bpfgen
  • filter
  • iptables_bpf, iptables_bpf_chain

bpfgen

The core script is bpfgen which generates the BPF bytecode. For more information please read:

$ ./bpfgen --help
$ ./bpfgen dns -- --help
$ ./bpfgen dns_validate -- --help
$ ./bpfgen suffix -- --help

iptables_bpf

This script generates a simple bash script that contains iptables rules that drop traffic based on selected parameters.

For example, to generate a script dropping packets exactly to a domain "example.com" you can run:

$ ./iptables_bpf dns -- example.com
Generated file 'bpf_dns_ip4_example_com.sh'

If you want commands for IPv6 use -6 flag:

$ ./iptables_bpf -6 dns -- example.com
Generated file 'bpf_dns_ip6_example_com.sh'

The rule can match any from a number listed domains:

$ ./iptables_bpf dns -- example.com example1.com example2.com
Generated file 'bpf_dns_ip4_example_com_example1_com_example2_com.sh'

If you want to match any subdomain you can use a star '*'. This will only work if star is the only character in a domain part. Valid examples:

$ ./iptables_bpf dns -- *.example.com
Generated file 'bpf_dns_ip4_any_example_com.sh'

$ ./iptables_bpf dns -- *.example.*.gov.de
Generated file 'bpf_dns_ip4_any_example_any_gov_de.sh'

You can run the generated script to apply the rule and match it against one or more flooded ip addresses:

$ sudo ./bpf_dns_ip4_example_com.sh 1.2.3.4/32

To remove the iptable rule simply specify --delete:

$ sudo ./bpf_dns_ip4_example_com.sh --delete

bpftools's People

Contributors

geoffreyplouviez avatar ghedo avatar jgrahamc avatar jibi avatar majek avatar zygiss avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.