1// SPDX-License-Identifier: GPL-2.0
  2
  3#include <string.h>
  4
  5#include <linux/stddef.h>
  6#include <linux/bpf.h>
  7#include <linux/in.h>
  8#include <linux/in6.h>
  9#include <linux/if.h>
 10#include <errno.h>
 11
 12#include <bpf/bpf_helpers.h>
 13#include <bpf/bpf_endian.h>
 14
 15#include "bind_prog.h"
 16
 17#define SERV4_IP		0xc0a801feU /* 192.168.1.254 */
 18#define SERV4_PORT		4040
 19#define SERV4_REWRITE_IP	0x7f000001U /* 127.0.0.1 */
 20#define SERV4_REWRITE_PORT	4444
 21
 22#ifndef IFNAMSIZ
 23#define IFNAMSIZ 16
 24#endif
 25
 26static __inline int bind_to_device(struct bpf_sock_addr *ctx)
 27{
 28	char veth1[IFNAMSIZ] = "test_sock_addr1";
 29	char veth2[IFNAMSIZ] = "test_sock_addr2";
 30	char missing[IFNAMSIZ] = "nonexistent_dev";
 31	char del_bind[IFNAMSIZ] = "";
 32	int veth1_idx, veth2_idx;
 33
 34	if (bpf_setsockopt(ctx, SOL_SOCKET, SO_BINDTODEVICE,
 35			   &veth1, sizeof(veth1)))
 36		return 1;
 37	if (bpf_getsockopt(ctx, SOL_SOCKET, SO_BINDTOIFINDEX,
 38			   &veth1_idx, sizeof(veth1_idx)) || !veth1_idx)
 39		return 1;
 40	if (bpf_setsockopt(ctx, SOL_SOCKET, SO_BINDTODEVICE,
 41			   &veth2, sizeof(veth2)))
 42		return 1;
 43	if (bpf_getsockopt(ctx, SOL_SOCKET, SO_BINDTOIFINDEX,
 44			   &veth2_idx, sizeof(veth2_idx)) || !veth2_idx ||
 45	    veth1_idx == veth2_idx)
 46		return 1;
 47	if (bpf_setsockopt(ctx, SOL_SOCKET, SO_BINDTODEVICE,
 48			   &missing, sizeof(missing)) != -ENODEV)
 49		return 1;
 50	if (bpf_setsockopt(ctx, SOL_SOCKET, SO_BINDTOIFINDEX,
 51			   &veth1_idx, sizeof(veth1_idx)))
 52		return 1;
 53	if (bpf_setsockopt(ctx, SOL_SOCKET, SO_BINDTODEVICE,
 54			   &del_bind, sizeof(del_bind)))
 55		return 1;
 56
 57	return 0;
 58}
 59
 60static __inline int bind_reuseport(struct bpf_sock_addr *ctx)
 61{
 62	int val = 1;
 63
 64	if (bpf_setsockopt(ctx, SOL_SOCKET, SO_REUSEPORT,
 65			   &val, sizeof(val)))
 66		return 1;
 67	if (bpf_getsockopt(ctx, SOL_SOCKET, SO_REUSEPORT,
 68			   &val, sizeof(val)) || !val)
 69		return 1;
 70	val = 0;
 71	if (bpf_setsockopt(ctx, SOL_SOCKET, SO_REUSEPORT,
 72			   &val, sizeof(val)))
 73		return 1;
 74	if (bpf_getsockopt(ctx, SOL_SOCKET, SO_REUSEPORT,
 75			   &val, sizeof(val)) || val)
 76		return 1;
 77
 78	return 0;
 79}
 80
 81static __inline int misc_opts(struct bpf_sock_addr *ctx, int opt)
 82{
 83	int old, tmp, new = 0xeb9f;
 84
 85	/* Socket in test case has guarantee that old never equals to new. */
 86	if (bpf_getsockopt(ctx, SOL_SOCKET, opt, &old, sizeof(old)) ||
 87	    old == new)
 88		return 1;
 89	if (bpf_setsockopt(ctx, SOL_SOCKET, opt, &new, sizeof(new)))
 90		return 1;
 91	if (bpf_getsockopt(ctx, SOL_SOCKET, opt, &tmp, sizeof(tmp)) ||
 92	    tmp != new)
 93		return 1;
 94	if (bpf_setsockopt(ctx, SOL_SOCKET, opt, &old, sizeof(old)))
 95		return 1;
 96
 97	return 0;
 98}
 99
100SEC("cgroup/bind4")
101int bind_v4_prog(struct bpf_sock_addr *ctx)
102{
103	struct bpf_sock *sk;
104	__u32 user_ip4;
105	__u16 user_port;
106
107	sk = ctx->sk;
108	if (!sk)
109		return 0;
110
111	if (sk->family != AF_INET)
112		return 0;
113
114	if (ctx->type != SOCK_STREAM && ctx->type != SOCK_DGRAM)
115		return 0;
116
117	if (ctx->user_ip4 != bpf_htonl(SERV4_IP) ||
118	    ctx->user_port != bpf_htons(SERV4_PORT))
119		return 0;
120
121	// u8 narrow loads:
122	user_ip4 = 0;
123	user_ip4 |= load_byte(ctx->user_ip4, 0, sizeof(user_ip4));
124	user_ip4 |= load_byte(ctx->user_ip4, 1, sizeof(user_ip4));
125	user_ip4 |= load_byte(ctx->user_ip4, 2, sizeof(user_ip4));
126	user_ip4 |= load_byte(ctx->user_ip4, 3, sizeof(user_ip4));
127	if (ctx->user_ip4 != user_ip4)
128		return 0;
129
130	user_port = 0;
131	user_port |= load_byte(ctx->user_port, 0, sizeof(user_port));
132	user_port |= load_byte(ctx->user_port, 1, sizeof(user_port));
133	if (ctx->user_port != user_port)
134		return 0;
135
136	// u16 narrow loads:
137	user_ip4 = 0;
138	user_ip4 |= load_word(ctx->user_ip4, 0, sizeof(user_ip4));
139	user_ip4 |= load_word(ctx->user_ip4, 1, sizeof(user_ip4));
140	if (ctx->user_ip4 != user_ip4)
141		return 0;
142
143	/* Bind to device and unbind it. */
144	if (bind_to_device(ctx))
145		return 0;
146
147	/* Test for misc socket options. */
148	if (misc_opts(ctx, SO_MARK) || misc_opts(ctx, SO_PRIORITY))
149		return 0;
150
151	/* Set reuseport and unset */
152	if (bind_reuseport(ctx))
153		return 0;
154
155	ctx->user_ip4 = bpf_htonl(SERV4_REWRITE_IP);
156	ctx->user_port = bpf_htons(SERV4_REWRITE_PORT);
157
158	return 1;
159}
160
161SEC("cgroup/bind4")
162int bind_v4_deny_prog(struct bpf_sock_addr *ctx)
163{
164	return 0;
165}
166
167char _license[] SEC("license") = "GPL";