samples/bpf/xdp_adjust_tail_kern.c

*c6ffd1ffSNikita V. Shirokov/* SPDX-License-Identifier: GPL-2.0
*c6ffd1ffSNikita V. Shirokov * Copyright (c) 2018 Facebook
*c6ffd1ffSNikita V. Shirokov *
*c6ffd1ffSNikita V. Shirokov * This program is free software; you can redistribute it and/or
*c6ffd1ffSNikita V. Shirokov * modify it under the terms of version 2 of the GNU General Public
*c6ffd1ffSNikita V. Shirokov * License as published by the Free Software Foundation.
*c6ffd1ffSNikita V. Shirokov *
*c6ffd1ffSNikita V. Shirokov * This program shows how to use bpf_xdp_adjust_tail() by
*c6ffd1ffSNikita V. Shirokov * generating ICMPv4 "packet to big" (unreachable/ df bit set frag needed
*c6ffd1ffSNikita V. Shirokov * to be more preice in case of v4)" where receiving packets bigger then
*c6ffd1ffSNikita V. Shirokov * 600 bytes.
*c6ffd1ffSNikita V. Shirokov */
*c6ffd1ffSNikita V. Shirokov#define KBUILD_MODNAME "foo"
*c6ffd1ffSNikita V. Shirokov#include <uapi/linux/bpf.h>
*c6ffd1ffSNikita V. Shirokov#include <linux/in.h>
*c6ffd1ffSNikita V. Shirokov#include <linux/if_ether.h>
*c6ffd1ffSNikita V. Shirokov#include <linux/if_packet.h>
*c6ffd1ffSNikita V. Shirokov#include <linux/if_vlan.h>
*c6ffd1ffSNikita V. Shirokov#include <linux/ip.h>
*c6ffd1ffSNikita V. Shirokov#include <linux/icmp.h>
*c6ffd1ffSNikita V. Shirokov#include "bpf_helpers.h"
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokov#define DEFAULT_TTL 64
*c6ffd1ffSNikita V. Shirokov#define MAX_PCKT_SIZE 600
*c6ffd1ffSNikita V. Shirokov#define ICMP_TOOBIG_SIZE 98
*c6ffd1ffSNikita V. Shirokov#define ICMP_TOOBIG_PAYLOAD_SIZE 92
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokovstruct bpf_map_def SEC("maps") icmpcnt = {
*c6ffd1ffSNikita V. Shirokov	.type = BPF_MAP_TYPE_ARRAY,
*c6ffd1ffSNikita V. Shirokov	.key_size = sizeof(__u32),
*c6ffd1ffSNikita V. Shirokov	.value_size = sizeof(__u64),
*c6ffd1ffSNikita V. Shirokov	.max_entries = 1,
*c6ffd1ffSNikita V. Shirokov};
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokovstatic __always_inline void count_icmp(void)
*c6ffd1ffSNikita V. Shirokov{
*c6ffd1ffSNikita V. Shirokov	u64 key = 0;
*c6ffd1ffSNikita V. Shirokov	u64 *icmp_count;
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokov	icmp_count = bpf_map_lookup_elem(&icmpcnt, &key);
*c6ffd1ffSNikita V. Shirokov	if (icmp_count)
*c6ffd1ffSNikita V. Shirokov		*icmp_count += 1;
*c6ffd1ffSNikita V. Shirokov}
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokovstatic __always_inline void swap_mac(void *data, struct ethhdr *orig_eth)
*c6ffd1ffSNikita V. Shirokov{
*c6ffd1ffSNikita V. Shirokov	struct ethhdr *eth;
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokov	eth = data;
*c6ffd1ffSNikita V. Shirokov	memcpy(eth->h_source, orig_eth->h_dest, ETH_ALEN);
*c6ffd1ffSNikita V. Shirokov	memcpy(eth->h_dest, orig_eth->h_source, ETH_ALEN);
*c6ffd1ffSNikita V. Shirokov	eth->h_proto = orig_eth->h_proto;
*c6ffd1ffSNikita V. Shirokov}
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokovstatic __always_inline __u16 csum_fold_helper(__u32 csum)
*c6ffd1ffSNikita V. Shirokov{
*c6ffd1ffSNikita V. Shirokov	return ~((csum & 0xffff) + (csum >> 16));
*c6ffd1ffSNikita V. Shirokov}
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokovstatic __always_inline void ipv4_csum(void *data_start, int data_size,
*c6ffd1ffSNikita V. Shirokov				      __u32 *csum)
*c6ffd1ffSNikita V. Shirokov{
*c6ffd1ffSNikita V. Shirokov	*csum = bpf_csum_diff(0, 0, data_start, data_size, *csum);
*c6ffd1ffSNikita V. Shirokov	*csum = csum_fold_helper(*csum);
*c6ffd1ffSNikita V. Shirokov}
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokovstatic __always_inline int send_icmp4_too_big(struct xdp_md *xdp)
*c6ffd1ffSNikita V. Shirokov{
*c6ffd1ffSNikita V. Shirokov	int headroom = (int)sizeof(struct iphdr) + (int)sizeof(struct icmphdr);
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokov	if (bpf_xdp_adjust_head(xdp, 0 - headroom))
*c6ffd1ffSNikita V. Shirokov		return XDP_DROP;
*c6ffd1ffSNikita V. Shirokov	void *data = (void *)(long)xdp->data;
*c6ffd1ffSNikita V. Shirokov	void *data_end = (void *)(long)xdp->data_end;
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokov	if (data + (ICMP_TOOBIG_SIZE + headroom) > data_end)
*c6ffd1ffSNikita V. Shirokov		return XDP_DROP;
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokov	struct iphdr *iph, *orig_iph;
*c6ffd1ffSNikita V. Shirokov	struct icmphdr *icmp_hdr;
*c6ffd1ffSNikita V. Shirokov	struct ethhdr *orig_eth;
*c6ffd1ffSNikita V. Shirokov	__u32 csum = 0;
*c6ffd1ffSNikita V. Shirokov	__u64 off = 0;
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokov	orig_eth = data + headroom;
*c6ffd1ffSNikita V. Shirokov	swap_mac(data, orig_eth);
*c6ffd1ffSNikita V. Shirokov	off += sizeof(struct ethhdr);
*c6ffd1ffSNikita V. Shirokov	iph = data + off;
*c6ffd1ffSNikita V. Shirokov	off += sizeof(struct iphdr);
*c6ffd1ffSNikita V. Shirokov	icmp_hdr = data + off;
*c6ffd1ffSNikita V. Shirokov	off += sizeof(struct icmphdr);
*c6ffd1ffSNikita V. Shirokov	orig_iph = data + off;
*c6ffd1ffSNikita V. Shirokov	icmp_hdr->type = ICMP_DEST_UNREACH;
*c6ffd1ffSNikita V. Shirokov	icmp_hdr->code = ICMP_FRAG_NEEDED;
*c6ffd1ffSNikita V. Shirokov	icmp_hdr->un.frag.mtu = htons(MAX_PCKT_SIZE-sizeof(struct ethhdr));
*c6ffd1ffSNikita V. Shirokov	icmp_hdr->checksum = 0;
*c6ffd1ffSNikita V. Shirokov	ipv4_csum(icmp_hdr, ICMP_TOOBIG_PAYLOAD_SIZE, &csum);
*c6ffd1ffSNikita V. Shirokov	icmp_hdr->checksum = csum;
*c6ffd1ffSNikita V. Shirokov	iph->ttl = DEFAULT_TTL;
*c6ffd1ffSNikita V. Shirokov	iph->daddr = orig_iph->saddr;
*c6ffd1ffSNikita V. Shirokov	iph->saddr = orig_iph->daddr;
*c6ffd1ffSNikita V. Shirokov	iph->version = 4;
*c6ffd1ffSNikita V. Shirokov	iph->ihl = 5;
*c6ffd1ffSNikita V. Shirokov	iph->protocol = IPPROTO_ICMP;
*c6ffd1ffSNikita V. Shirokov	iph->tos = 0;
*c6ffd1ffSNikita V. Shirokov	iph->tot_len = htons(
*c6ffd1ffSNikita V. Shirokov		ICMP_TOOBIG_SIZE + headroom - sizeof(struct ethhdr));
*c6ffd1ffSNikita V. Shirokov	iph->check = 0;
*c6ffd1ffSNikita V. Shirokov	csum = 0;
*c6ffd1ffSNikita V. Shirokov	ipv4_csum(iph, sizeof(struct iphdr), &csum);
*c6ffd1ffSNikita V. Shirokov	iph->check = csum;
*c6ffd1ffSNikita V. Shirokov	count_icmp();
*c6ffd1ffSNikita V. Shirokov	return XDP_TX;
*c6ffd1ffSNikita V. Shirokov}
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokovstatic __always_inline int handle_ipv4(struct xdp_md *xdp)
*c6ffd1ffSNikita V. Shirokov{
*c6ffd1ffSNikita V. Shirokov	void *data_end = (void *)(long)xdp->data_end;
*c6ffd1ffSNikita V. Shirokov	void *data = (void *)(long)xdp->data;
*c6ffd1ffSNikita V. Shirokov	int pckt_size = data_end - data;
*c6ffd1ffSNikita V. Shirokov	int offset;
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokov	if (pckt_size > MAX_PCKT_SIZE) {
*c6ffd1ffSNikita V. Shirokov		offset = pckt_size - ICMP_TOOBIG_SIZE;
*c6ffd1ffSNikita V. Shirokov		if (bpf_xdp_adjust_tail(xdp, 0 - offset))
*c6ffd1ffSNikita V. Shirokov			return XDP_PASS;
*c6ffd1ffSNikita V. Shirokov		return send_icmp4_too_big(xdp);
*c6ffd1ffSNikita V. Shirokov	}
*c6ffd1ffSNikita V. Shirokov	return XDP_PASS;
*c6ffd1ffSNikita V. Shirokov}
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. ShirokovSEC("xdp_icmp")
*c6ffd1ffSNikita V. Shirokovint _xdp_icmp(struct xdp_md *xdp)
*c6ffd1ffSNikita V. Shirokov{
*c6ffd1ffSNikita V. Shirokov	void *data_end = (void *)(long)xdp->data_end;
*c6ffd1ffSNikita V. Shirokov	void *data = (void *)(long)xdp->data;
*c6ffd1ffSNikita V. Shirokov	struct ethhdr *eth = data;
*c6ffd1ffSNikita V. Shirokov	__u16 h_proto;
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokov	if (eth + 1 > data_end)
*c6ffd1ffSNikita V. Shirokov		return XDP_DROP;
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokov	h_proto = eth->h_proto;
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokov	if (h_proto == htons(ETH_P_IP))
*c6ffd1ffSNikita V. Shirokov		return handle_ipv4(xdp);
*c6ffd1ffSNikita V. Shirokov	else
*c6ffd1ffSNikita V. Shirokov		return XDP_PASS;
*c6ffd1ffSNikita V. Shirokov}
*c6ffd1ffSNikita V. Shirokov
*c6ffd1ffSNikita V. Shirokovchar _license[] SEC("license") = "GPL";