I would like to experiment with the capabilities offered by the new netkit device available in recent Linux kernel versions. Documentation seems to be pretty light right now; I’m looking for examples of how to attach bpf code as netkit filters. In particular, I would like to start with a device like this with a default policy of NETKIT_DROP
:
ip link add red-ext type netkit blackhole peer red-int netns red
And then I would like to attach a “pass all packets” bpf filter.
How would I do that? I’m not clear what parameters are passed to the bpf filters or how to attach them. Can this be done using the ip
cli, or can this only be done via custom code?