Two C programs to show how to attach a cBPF filter program to a raw socket or to an udp socket.
cbpfprogs.txt file contains different filters with different levels of complexity that can be used in raw.c.
gcc raw.c -o raw
sudo setcap cap_net_raw+ep ./raw
./raw [-i ifname]
The default interface name is eth0.
To change filter copy the cbpf assembly from the cbpfprogs.txt file and paste it in the initialization block of struct sock_prog bpfcode[].
Based on the filter you choose to use you should accordingly uncomment/comment the functions to print the correct headers.
gcc udp.c -o udp
./udp
To test the filter execute on another terminal
nc -p 1030 -u localhost 55555
and then
nc -p 1031 -u localhost 55555
C programs to show seccomp mode 1 (strict), seccomp mode 2 (filter) and libseccomp usage.
Download the tarball from https://github.com/seccomp/libseccomp/releases
# ./configure
# make [V=0|1]
# make install
gcc -o strictexlib strictexlib.c -lseccomp
./strictexlib
gcc -o strict strict.c
./strict
gcc -o strictdup strictdup.c
./strictdup
gcc -o strictdupmacro strictdupmacro.c
./strictdupmacro
With seccomp_syscall_priority and seccomp_export_pfc uncommented.
Executed using strace with SECCOMP_RET_TRAP and with dup(STDERR_FILENO) uncommented.