Loading...
Note: File does not exist in v6.9.4.
1/* Copyright (c) 2016 VMware
2 * Copyright (c) 2016 Facebook
3 *
4 * This program is free software; you can redistribute it and/or
5 * modify it under the terms of version 2 of the GNU General Public
6 * License as published by the Free Software Foundation.
7 */
8#define KBUILD_MODNAME "foo"
9#include <uapi/linux/bpf.h>
10#include <uapi/linux/if_ether.h>
11#include <uapi/linux/if_packet.h>
12#include <uapi/linux/ip.h>
13#include <uapi/linux/ipv6.h>
14#include <uapi/linux/in.h>
15#include <uapi/linux/tcp.h>
16#include <uapi/linux/filter.h>
17#include <uapi/linux/pkt_cls.h>
18#include <uapi/linux/erspan.h>
19#include <net/ipv6.h>
20#include "bpf_helpers.h"
21#include "bpf_endian.h"
22
23#define _htonl __builtin_bswap32
24#define ERROR(ret) do {\
25 char fmt[] = "ERROR line:%d ret:%d\n";\
26 bpf_trace_printk(fmt, sizeof(fmt), __LINE__, ret); \
27 } while(0)
28
29struct geneve_opt {
30 __be16 opt_class;
31 u8 type;
32 u8 length:5;
33 u8 r3:1;
34 u8 r2:1;
35 u8 r1:1;
36 u8 opt_data[8]; /* hard-coded to 8 byte */
37};
38
39struct vxlan_metadata {
40 u32 gbp;
41};
42
43SEC("gre_set_tunnel")
44int _gre_set_tunnel(struct __sk_buff *skb)
45{
46 int ret;
47 struct bpf_tunnel_key key;
48
49 __builtin_memset(&key, 0x0, sizeof(key));
50 key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
51 key.tunnel_id = 2;
52 key.tunnel_tos = 0;
53 key.tunnel_ttl = 64;
54
55 ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
56 BPF_F_ZERO_CSUM_TX | BPF_F_SEQ_NUMBER);
57 if (ret < 0) {
58 ERROR(ret);
59 return TC_ACT_SHOT;
60 }
61
62 return TC_ACT_OK;
63}
64
65SEC("gre_get_tunnel")
66int _gre_get_tunnel(struct __sk_buff *skb)
67{
68 int ret;
69 struct bpf_tunnel_key key;
70 char fmt[] = "key %d remote ip 0x%x\n";
71
72 ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
73 if (ret < 0) {
74 ERROR(ret);
75 return TC_ACT_SHOT;
76 }
77
78 bpf_trace_printk(fmt, sizeof(fmt), key.tunnel_id, key.remote_ipv4);
79 return TC_ACT_OK;
80}
81
82SEC("ip6gretap_set_tunnel")
83int _ip6gretap_set_tunnel(struct __sk_buff *skb)
84{
85 struct bpf_tunnel_key key;
86 int ret;
87
88 __builtin_memset(&key, 0x0, sizeof(key));
89 key.remote_ipv6[3] = _htonl(0x11); /* ::11 */
90 key.tunnel_id = 2;
91 key.tunnel_tos = 0;
92 key.tunnel_ttl = 64;
93 key.tunnel_label = 0xabcde;
94
95 ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
96 BPF_F_TUNINFO_IPV6 | BPF_F_ZERO_CSUM_TX |
97 BPF_F_SEQ_NUMBER);
98 if (ret < 0) {
99 ERROR(ret);
100 return TC_ACT_SHOT;
101 }
102
103 return TC_ACT_OK;
104}
105
106SEC("ip6gretap_get_tunnel")
107int _ip6gretap_get_tunnel(struct __sk_buff *skb)
108{
109 char fmt[] = "key %d remote ip6 ::%x label %x\n";
110 struct bpf_tunnel_key key;
111 int ret;
112
113 ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
114 BPF_F_TUNINFO_IPV6);
115 if (ret < 0) {
116 ERROR(ret);
117 return TC_ACT_SHOT;
118 }
119
120 bpf_trace_printk(fmt, sizeof(fmt),
121 key.tunnel_id, key.remote_ipv6[3], key.tunnel_label);
122
123 return TC_ACT_OK;
124}
125
126SEC("erspan_set_tunnel")
127int _erspan_set_tunnel(struct __sk_buff *skb)
128{
129 struct bpf_tunnel_key key;
130 struct erspan_metadata md;
131 int ret;
132
133 __builtin_memset(&key, 0x0, sizeof(key));
134 key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
135 key.tunnel_id = 2;
136 key.tunnel_tos = 0;
137 key.tunnel_ttl = 64;
138
139 ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key), BPF_F_ZERO_CSUM_TX);
140 if (ret < 0) {
141 ERROR(ret);
142 return TC_ACT_SHOT;
143 }
144
145 __builtin_memset(&md, 0, sizeof(md));
146#ifdef ERSPAN_V1
147 md.version = 1;
148 md.u.index = bpf_htonl(123);
149#else
150 u8 direction = 1;
151 u8 hwid = 7;
152
153 md.version = 2;
154 md.u.md2.dir = direction;
155 md.u.md2.hwid = hwid & 0xf;
156 md.u.md2.hwid_upper = (hwid >> 4) & 0x3;
157#endif
158
159 ret = bpf_skb_set_tunnel_opt(skb, &md, sizeof(md));
160 if (ret < 0) {
161 ERROR(ret);
162 return TC_ACT_SHOT;
163 }
164
165 return TC_ACT_OK;
166}
167
168SEC("erspan_get_tunnel")
169int _erspan_get_tunnel(struct __sk_buff *skb)
170{
171 char fmt[] = "key %d remote ip 0x%x erspan version %d\n";
172 struct bpf_tunnel_key key;
173 struct erspan_metadata md;
174 u32 index;
175 int ret;
176
177 ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
178 if (ret < 0) {
179 ERROR(ret);
180 return TC_ACT_SHOT;
181 }
182
183 ret = bpf_skb_get_tunnel_opt(skb, &md, sizeof(md));
184 if (ret < 0) {
185 ERROR(ret);
186 return TC_ACT_SHOT;
187 }
188
189 bpf_trace_printk(fmt, sizeof(fmt),
190 key.tunnel_id, key.remote_ipv4, md.version);
191
192#ifdef ERSPAN_V1
193 char fmt2[] = "\tindex %x\n";
194
195 index = bpf_ntohl(md.u.index);
196 bpf_trace_printk(fmt2, sizeof(fmt2), index);
197#else
198 char fmt2[] = "\tdirection %d hwid %x timestamp %u\n";
199
200 bpf_trace_printk(fmt2, sizeof(fmt2),
201 md.u.md2.dir,
202 (md.u.md2.hwid_upper << 4) + md.u.md2.hwid,
203 bpf_ntohl(md.u.md2.timestamp));
204#endif
205
206 return TC_ACT_OK;
207}
208
209SEC("ip4ip6erspan_set_tunnel")
210int _ip4ip6erspan_set_tunnel(struct __sk_buff *skb)
211{
212 struct bpf_tunnel_key key;
213 struct erspan_metadata md;
214 int ret;
215
216 __builtin_memset(&key, 0x0, sizeof(key));
217 key.remote_ipv6[3] = _htonl(0x11);
218 key.tunnel_id = 2;
219 key.tunnel_tos = 0;
220 key.tunnel_ttl = 64;
221
222 ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
223 BPF_F_TUNINFO_IPV6);
224 if (ret < 0) {
225 ERROR(ret);
226 return TC_ACT_SHOT;
227 }
228
229 __builtin_memset(&md, 0, sizeof(md));
230
231#ifdef ERSPAN_V1
232 md.u.index = htonl(123);
233 md.version = 1;
234#else
235 u8 direction = 0;
236 u8 hwid = 17;
237
238 md.version = 2;
239 md.u.md2.dir = direction;
240 md.u.md2.hwid = hwid & 0xf;
241 md.u.md2.hwid_upper = (hwid >> 4) & 0x3;
242#endif
243
244 ret = bpf_skb_set_tunnel_opt(skb, &md, sizeof(md));
245 if (ret < 0) {
246 ERROR(ret);
247 return TC_ACT_SHOT;
248 }
249
250 return TC_ACT_OK;
251}
252
253SEC("ip4ip6erspan_get_tunnel")
254int _ip4ip6erspan_get_tunnel(struct __sk_buff *skb)
255{
256 char fmt[] = "ip6erspan get key %d remote ip6 ::%x erspan version %d\n";
257 struct bpf_tunnel_key key;
258 struct erspan_metadata md;
259 u32 index;
260 int ret;
261
262 ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), BPF_F_TUNINFO_IPV6);
263 if (ret < 0) {
264 ERROR(ret);
265 return TC_ACT_SHOT;
266 }
267
268 ret = bpf_skb_get_tunnel_opt(skb, &md, sizeof(md));
269 if (ret < 0) {
270 ERROR(ret);
271 return TC_ACT_SHOT;
272 }
273
274 bpf_trace_printk(fmt, sizeof(fmt),
275 key.tunnel_id, key.remote_ipv4, md.version);
276
277#ifdef ERSPAN_V1
278 char fmt2[] = "\tindex %x\n";
279
280 index = bpf_ntohl(md.u.index);
281 bpf_trace_printk(fmt2, sizeof(fmt2), index);
282#else
283 char fmt2[] = "\tdirection %d hwid %x timestamp %u\n";
284
285 bpf_trace_printk(fmt2, sizeof(fmt2),
286 md.u.md2.dir,
287 (md.u.md2.hwid_upper << 4) + md.u.md2.hwid,
288 bpf_ntohl(md.u.md2.timestamp));
289#endif
290
291 return TC_ACT_OK;
292}
293
294SEC("vxlan_set_tunnel")
295int _vxlan_set_tunnel(struct __sk_buff *skb)
296{
297 int ret;
298 struct bpf_tunnel_key key;
299 struct vxlan_metadata md;
300
301 __builtin_memset(&key, 0x0, sizeof(key));
302 key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
303 key.tunnel_id = 2;
304 key.tunnel_tos = 0;
305 key.tunnel_ttl = 64;
306
307 ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key), BPF_F_ZERO_CSUM_TX);
308 if (ret < 0) {
309 ERROR(ret);
310 return TC_ACT_SHOT;
311 }
312
313 md.gbp = 0x800FF; /* Set VXLAN Group Policy extension */
314 ret = bpf_skb_set_tunnel_opt(skb, &md, sizeof(md));
315 if (ret < 0) {
316 ERROR(ret);
317 return TC_ACT_SHOT;
318 }
319
320 return TC_ACT_OK;
321}
322
323SEC("vxlan_get_tunnel")
324int _vxlan_get_tunnel(struct __sk_buff *skb)
325{
326 int ret;
327 struct bpf_tunnel_key key;
328 struct vxlan_metadata md;
329 char fmt[] = "key %d remote ip 0x%x vxlan gbp 0x%x\n";
330
331 ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
332 if (ret < 0) {
333 ERROR(ret);
334 return TC_ACT_SHOT;
335 }
336
337 ret = bpf_skb_get_tunnel_opt(skb, &md, sizeof(md));
338 if (ret < 0) {
339 ERROR(ret);
340 return TC_ACT_SHOT;
341 }
342
343 bpf_trace_printk(fmt, sizeof(fmt),
344 key.tunnel_id, key.remote_ipv4, md.gbp);
345
346 return TC_ACT_OK;
347}
348
349SEC("geneve_set_tunnel")
350int _geneve_set_tunnel(struct __sk_buff *skb)
351{
352 int ret, ret2;
353 struct bpf_tunnel_key key;
354 struct geneve_opt gopt;
355
356 __builtin_memset(&key, 0x0, sizeof(key));
357 key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
358 key.tunnel_id = 2;
359 key.tunnel_tos = 0;
360 key.tunnel_ttl = 64;
361
362 __builtin_memset(&gopt, 0x0, sizeof(gopt));
363 gopt.opt_class = 0x102; /* Open Virtual Networking (OVN) */
364 gopt.type = 0x08;
365 gopt.r1 = 0;
366 gopt.r2 = 0;
367 gopt.r3 = 0;
368 gopt.length = 2; /* 4-byte multiple */
369 *(int *) &gopt.opt_data = 0xdeadbeef;
370
371 ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key), BPF_F_ZERO_CSUM_TX);
372 if (ret < 0) {
373 ERROR(ret);
374 return TC_ACT_SHOT;
375 }
376
377 ret = bpf_skb_set_tunnel_opt(skb, &gopt, sizeof(gopt));
378 if (ret < 0) {
379 ERROR(ret);
380 return TC_ACT_SHOT;
381 }
382
383 return TC_ACT_OK;
384}
385
386SEC("geneve_get_tunnel")
387int _geneve_get_tunnel(struct __sk_buff *skb)
388{
389 int ret;
390 struct bpf_tunnel_key key;
391 struct geneve_opt gopt;
392 char fmt[] = "key %d remote ip 0x%x geneve class 0x%x\n";
393
394 ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
395 if (ret < 0) {
396 ERROR(ret);
397 return TC_ACT_SHOT;
398 }
399
400 ret = bpf_skb_get_tunnel_opt(skb, &gopt, sizeof(gopt));
401 if (ret < 0) {
402 ERROR(ret);
403 return TC_ACT_SHOT;
404 }
405
406 bpf_trace_printk(fmt, sizeof(fmt),
407 key.tunnel_id, key.remote_ipv4, gopt.opt_class);
408 return TC_ACT_OK;
409}
410
411SEC("ipip_set_tunnel")
412int _ipip_set_tunnel(struct __sk_buff *skb)
413{
414 struct bpf_tunnel_key key = {};
415 void *data = (void *)(long)skb->data;
416 struct iphdr *iph = data;
417 struct tcphdr *tcp = data + sizeof(*iph);
418 void *data_end = (void *)(long)skb->data_end;
419 int ret;
420
421 /* single length check */
422 if (data + sizeof(*iph) + sizeof(*tcp) > data_end) {
423 ERROR(1);
424 return TC_ACT_SHOT;
425 }
426
427 key.tunnel_ttl = 64;
428 if (iph->protocol == IPPROTO_ICMP) {
429 key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
430 } else {
431 if (iph->protocol != IPPROTO_TCP || iph->ihl != 5)
432 return TC_ACT_SHOT;
433
434 if (tcp->dest == htons(5200))
435 key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
436 else if (tcp->dest == htons(5201))
437 key.remote_ipv4 = 0xac100165; /* 172.16.1.101 */
438 else
439 return TC_ACT_SHOT;
440 }
441
442 ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key), 0);
443 if (ret < 0) {
444 ERROR(ret);
445 return TC_ACT_SHOT;
446 }
447
448 return TC_ACT_OK;
449}
450
451SEC("ipip_get_tunnel")
452int _ipip_get_tunnel(struct __sk_buff *skb)
453{
454 int ret;
455 struct bpf_tunnel_key key;
456 char fmt[] = "remote ip 0x%x\n";
457
458 ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
459 if (ret < 0) {
460 ERROR(ret);
461 return TC_ACT_SHOT;
462 }
463
464 bpf_trace_printk(fmt, sizeof(fmt), key.remote_ipv4);
465 return TC_ACT_OK;
466}
467
468SEC("ipip6_set_tunnel")
469int _ipip6_set_tunnel(struct __sk_buff *skb)
470{
471 struct bpf_tunnel_key key = {};
472 void *data = (void *)(long)skb->data;
473 struct iphdr *iph = data;
474 struct tcphdr *tcp = data + sizeof(*iph);
475 void *data_end = (void *)(long)skb->data_end;
476 int ret;
477
478 /* single length check */
479 if (data + sizeof(*iph) + sizeof(*tcp) > data_end) {
480 ERROR(1);
481 return TC_ACT_SHOT;
482 }
483
484 key.remote_ipv6[0] = _htonl(0x2401db00);
485 key.tunnel_ttl = 64;
486
487 if (iph->protocol == IPPROTO_ICMP) {
488 key.remote_ipv6[3] = _htonl(1);
489 } else {
490 if (iph->protocol != IPPROTO_TCP || iph->ihl != 5) {
491 ERROR(iph->protocol);
492 return TC_ACT_SHOT;
493 }
494
495 if (tcp->dest == htons(5200)) {
496 key.remote_ipv6[3] = _htonl(1);
497 } else if (tcp->dest == htons(5201)) {
498 key.remote_ipv6[3] = _htonl(2);
499 } else {
500 ERROR(tcp->dest);
501 return TC_ACT_SHOT;
502 }
503 }
504
505 ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key), BPF_F_TUNINFO_IPV6);
506 if (ret < 0) {
507 ERROR(ret);
508 return TC_ACT_SHOT;
509 }
510
511 return TC_ACT_OK;
512}
513
514SEC("ipip6_get_tunnel")
515int _ipip6_get_tunnel(struct __sk_buff *skb)
516{
517 int ret;
518 struct bpf_tunnel_key key;
519 char fmt[] = "remote ip6 %x::%x\n";
520
521 ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), BPF_F_TUNINFO_IPV6);
522 if (ret < 0) {
523 ERROR(ret);
524 return TC_ACT_SHOT;
525 }
526
527 bpf_trace_printk(fmt, sizeof(fmt), _htonl(key.remote_ipv6[0]),
528 _htonl(key.remote_ipv6[3]));
529 return TC_ACT_OK;
530}
531
532SEC("ip6ip6_set_tunnel")
533int _ip6ip6_set_tunnel(struct __sk_buff *skb)
534{
535 struct bpf_tunnel_key key = {};
536 void *data = (void *)(long)skb->data;
537 struct ipv6hdr *iph = data;
538 struct tcphdr *tcp = data + sizeof(*iph);
539 void *data_end = (void *)(long)skb->data_end;
540 int ret;
541
542 /* single length check */
543 if (data + sizeof(*iph) + sizeof(*tcp) > data_end) {
544 ERROR(1);
545 return TC_ACT_SHOT;
546 }
547
548 key.remote_ipv6[0] = _htonl(0x2401db00);
549 key.tunnel_ttl = 64;
550
551 if (iph->nexthdr == NEXTHDR_ICMP) {
552 key.remote_ipv6[3] = _htonl(1);
553 } else {
554 if (iph->nexthdr != NEXTHDR_TCP) {
555 ERROR(iph->nexthdr);
556 return TC_ACT_SHOT;
557 }
558
559 if (tcp->dest == htons(5200)) {
560 key.remote_ipv6[3] = _htonl(1);
561 } else if (tcp->dest == htons(5201)) {
562 key.remote_ipv6[3] = _htonl(2);
563 } else {
564 ERROR(tcp->dest);
565 return TC_ACT_SHOT;
566 }
567 }
568
569 ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key), BPF_F_TUNINFO_IPV6);
570 if (ret < 0) {
571 ERROR(ret);
572 return TC_ACT_SHOT;
573 }
574
575 return TC_ACT_OK;
576}
577
578SEC("ip6ip6_get_tunnel")
579int _ip6ip6_get_tunnel(struct __sk_buff *skb)
580{
581 int ret;
582 struct bpf_tunnel_key key;
583 char fmt[] = "remote ip6 %x::%x\n";
584
585 ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), BPF_F_TUNINFO_IPV6);
586 if (ret < 0) {
587 ERROR(ret);
588 return TC_ACT_SHOT;
589 }
590
591 bpf_trace_printk(fmt, sizeof(fmt), _htonl(key.remote_ipv6[0]),
592 _htonl(key.remote_ipv6[3]));
593 return TC_ACT_OK;
594}
595
596char _license[] SEC("license") = "GPL";