1c6f420acSKumar Kartikeya Dwivedi // SPDX-License-Identifier: GPL-2.0
2c6f420acSKumar Kartikeya Dwivedi #include <vmlinux.h>
3c6f420acSKumar Kartikeya Dwivedi #include <bpf/bpf_tracing.h>
4c6f420acSKumar Kartikeya Dwivedi #include <bpf/bpf_helpers.h>
5c6f420acSKumar Kartikeya Dwivedi #include <bpf/bpf_core_read.h>
6c6f420acSKumar Kartikeya Dwivedi
7c6f420acSKumar Kartikeya Dwivedi struct nf_conn;
8c6f420acSKumar Kartikeya Dwivedi
9c6f420acSKumar Kartikeya Dwivedi struct bpf_ct_opts___local {
10c6f420acSKumar Kartikeya Dwivedi s32 netns_id;
11c6f420acSKumar Kartikeya Dwivedi s32 error;
12c6f420acSKumar Kartikeya Dwivedi u8 l4proto;
13c6f420acSKumar Kartikeya Dwivedi u8 reserved[3];
14c6f420acSKumar Kartikeya Dwivedi } __attribute__((preserve_access_index));
15c6f420acSKumar Kartikeya Dwivedi
16c6f420acSKumar Kartikeya Dwivedi struct nf_conn *bpf_skb_ct_alloc(struct __sk_buff *, struct bpf_sock_tuple *, u32,
17c6f420acSKumar Kartikeya Dwivedi struct bpf_ct_opts___local *, u32) __ksym;
18c6f420acSKumar Kartikeya Dwivedi struct nf_conn *bpf_skb_ct_lookup(struct __sk_buff *, struct bpf_sock_tuple *, u32,
19c6f420acSKumar Kartikeya Dwivedi struct bpf_ct_opts___local *, u32) __ksym;
20c6f420acSKumar Kartikeya Dwivedi struct nf_conn *bpf_ct_insert_entry(struct nf_conn *) __ksym;
21c6f420acSKumar Kartikeya Dwivedi void bpf_ct_release(struct nf_conn *) __ksym;
22c6f420acSKumar Kartikeya Dwivedi void bpf_ct_set_timeout(struct nf_conn *, u32) __ksym;
23c6f420acSKumar Kartikeya Dwivedi int bpf_ct_change_timeout(struct nf_conn *, u32) __ksym;
24c6f420acSKumar Kartikeya Dwivedi int bpf_ct_set_status(struct nf_conn *, u32) __ksym;
25c6f420acSKumar Kartikeya Dwivedi int bpf_ct_change_status(struct nf_conn *, u32) __ksym;
26c6f420acSKumar Kartikeya Dwivedi
27c6f420acSKumar Kartikeya Dwivedi SEC("?tc")
alloc_release(struct __sk_buff * ctx)28c6f420acSKumar Kartikeya Dwivedi int alloc_release(struct __sk_buff *ctx)
29c6f420acSKumar Kartikeya Dwivedi {
30c6f420acSKumar Kartikeya Dwivedi struct bpf_ct_opts___local opts = {};
31c6f420acSKumar Kartikeya Dwivedi struct bpf_sock_tuple tup = {};
32c6f420acSKumar Kartikeya Dwivedi struct nf_conn *ct;
33c6f420acSKumar Kartikeya Dwivedi
34c6f420acSKumar Kartikeya Dwivedi ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
35c6f420acSKumar Kartikeya Dwivedi if (!ct)
36c6f420acSKumar Kartikeya Dwivedi return 0;
37c6f420acSKumar Kartikeya Dwivedi bpf_ct_release(ct);
38c6f420acSKumar Kartikeya Dwivedi return 0;
39c6f420acSKumar Kartikeya Dwivedi }
40c6f420acSKumar Kartikeya Dwivedi
41c6f420acSKumar Kartikeya Dwivedi SEC("?tc")
insert_insert(struct __sk_buff * ctx)42c6f420acSKumar Kartikeya Dwivedi int insert_insert(struct __sk_buff *ctx)
43c6f420acSKumar Kartikeya Dwivedi {
44c6f420acSKumar Kartikeya Dwivedi struct bpf_ct_opts___local opts = {};
45c6f420acSKumar Kartikeya Dwivedi struct bpf_sock_tuple tup = {};
46c6f420acSKumar Kartikeya Dwivedi struct nf_conn *ct;
47c6f420acSKumar Kartikeya Dwivedi
48c6f420acSKumar Kartikeya Dwivedi ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
49c6f420acSKumar Kartikeya Dwivedi if (!ct)
50c6f420acSKumar Kartikeya Dwivedi return 0;
51c6f420acSKumar Kartikeya Dwivedi ct = bpf_ct_insert_entry(ct);
52c6f420acSKumar Kartikeya Dwivedi if (!ct)
53c6f420acSKumar Kartikeya Dwivedi return 0;
54c6f420acSKumar Kartikeya Dwivedi ct = bpf_ct_insert_entry(ct);
55c6f420acSKumar Kartikeya Dwivedi return 0;
56c6f420acSKumar Kartikeya Dwivedi }
57c6f420acSKumar Kartikeya Dwivedi
58c6f420acSKumar Kartikeya Dwivedi SEC("?tc")
lookup_insert(struct __sk_buff * ctx)59c6f420acSKumar Kartikeya Dwivedi int lookup_insert(struct __sk_buff *ctx)
60c6f420acSKumar Kartikeya Dwivedi {
61c6f420acSKumar Kartikeya Dwivedi struct bpf_ct_opts___local opts = {};
62c6f420acSKumar Kartikeya Dwivedi struct bpf_sock_tuple tup = {};
63c6f420acSKumar Kartikeya Dwivedi struct nf_conn *ct;
64c6f420acSKumar Kartikeya Dwivedi
65c6f420acSKumar Kartikeya Dwivedi ct = bpf_skb_ct_lookup(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
66c6f420acSKumar Kartikeya Dwivedi if (!ct)
67c6f420acSKumar Kartikeya Dwivedi return 0;
68c6f420acSKumar Kartikeya Dwivedi bpf_ct_insert_entry(ct);
69c6f420acSKumar Kartikeya Dwivedi return 0;
70c6f420acSKumar Kartikeya Dwivedi }
71c6f420acSKumar Kartikeya Dwivedi
72c6f420acSKumar Kartikeya Dwivedi SEC("?tc")
write_not_allowlisted_field(struct __sk_buff * ctx)73*e2d75e95SDaniel Xu int write_not_allowlisted_field(struct __sk_buff *ctx)
74*e2d75e95SDaniel Xu {
75*e2d75e95SDaniel Xu struct bpf_ct_opts___local opts = {};
76*e2d75e95SDaniel Xu struct bpf_sock_tuple tup = {};
77*e2d75e95SDaniel Xu struct nf_conn *ct;
78*e2d75e95SDaniel Xu
79*e2d75e95SDaniel Xu ct = bpf_skb_ct_lookup(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
80*e2d75e95SDaniel Xu if (!ct)
81*e2d75e95SDaniel Xu return 0;
82*e2d75e95SDaniel Xu ct->status = 0xF00;
83*e2d75e95SDaniel Xu return 0;
84*e2d75e95SDaniel Xu }
85*e2d75e95SDaniel Xu
86*e2d75e95SDaniel Xu SEC("?tc")
set_timeout_after_insert(struct __sk_buff * ctx)87c6f420acSKumar Kartikeya Dwivedi int set_timeout_after_insert(struct __sk_buff *ctx)
88c6f420acSKumar Kartikeya Dwivedi {
89c6f420acSKumar Kartikeya Dwivedi struct bpf_ct_opts___local opts = {};
90c6f420acSKumar Kartikeya Dwivedi struct bpf_sock_tuple tup = {};
91c6f420acSKumar Kartikeya Dwivedi struct nf_conn *ct;
92c6f420acSKumar Kartikeya Dwivedi
93c6f420acSKumar Kartikeya Dwivedi ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
94c6f420acSKumar Kartikeya Dwivedi if (!ct)
95c6f420acSKumar Kartikeya Dwivedi return 0;
96c6f420acSKumar Kartikeya Dwivedi ct = bpf_ct_insert_entry(ct);
97c6f420acSKumar Kartikeya Dwivedi if (!ct)
98c6f420acSKumar Kartikeya Dwivedi return 0;
99c6f420acSKumar Kartikeya Dwivedi bpf_ct_set_timeout(ct, 0);
100c6f420acSKumar Kartikeya Dwivedi return 0;
101c6f420acSKumar Kartikeya Dwivedi }
102c6f420acSKumar Kartikeya Dwivedi
103c6f420acSKumar Kartikeya Dwivedi SEC("?tc")
set_status_after_insert(struct __sk_buff * ctx)104c6f420acSKumar Kartikeya Dwivedi int set_status_after_insert(struct __sk_buff *ctx)
105c6f420acSKumar Kartikeya Dwivedi {
106c6f420acSKumar Kartikeya Dwivedi struct bpf_ct_opts___local opts = {};
107c6f420acSKumar Kartikeya Dwivedi struct bpf_sock_tuple tup = {};
108c6f420acSKumar Kartikeya Dwivedi struct nf_conn *ct;
109c6f420acSKumar Kartikeya Dwivedi
110c6f420acSKumar Kartikeya Dwivedi ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
111c6f420acSKumar Kartikeya Dwivedi if (!ct)
112c6f420acSKumar Kartikeya Dwivedi return 0;
113c6f420acSKumar Kartikeya Dwivedi ct = bpf_ct_insert_entry(ct);
114c6f420acSKumar Kartikeya Dwivedi if (!ct)
115c6f420acSKumar Kartikeya Dwivedi return 0;
116c6f420acSKumar Kartikeya Dwivedi bpf_ct_set_status(ct, 0);
117c6f420acSKumar Kartikeya Dwivedi return 0;
118c6f420acSKumar Kartikeya Dwivedi }
119c6f420acSKumar Kartikeya Dwivedi
120c6f420acSKumar Kartikeya Dwivedi SEC("?tc")
change_timeout_after_alloc(struct __sk_buff * ctx)121c6f420acSKumar Kartikeya Dwivedi int change_timeout_after_alloc(struct __sk_buff *ctx)
122c6f420acSKumar Kartikeya Dwivedi {
123c6f420acSKumar Kartikeya Dwivedi struct bpf_ct_opts___local opts = {};
124c6f420acSKumar Kartikeya Dwivedi struct bpf_sock_tuple tup = {};
125c6f420acSKumar Kartikeya Dwivedi struct nf_conn *ct;
126c6f420acSKumar Kartikeya Dwivedi
127c6f420acSKumar Kartikeya Dwivedi ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
128c6f420acSKumar Kartikeya Dwivedi if (!ct)
129c6f420acSKumar Kartikeya Dwivedi return 0;
130c6f420acSKumar Kartikeya Dwivedi bpf_ct_change_timeout(ct, 0);
131c6f420acSKumar Kartikeya Dwivedi return 0;
132c6f420acSKumar Kartikeya Dwivedi }
133c6f420acSKumar Kartikeya Dwivedi
134c6f420acSKumar Kartikeya Dwivedi SEC("?tc")
change_status_after_alloc(struct __sk_buff * ctx)135c6f420acSKumar Kartikeya Dwivedi int change_status_after_alloc(struct __sk_buff *ctx)
136c6f420acSKumar Kartikeya Dwivedi {
137c6f420acSKumar Kartikeya Dwivedi struct bpf_ct_opts___local opts = {};
138c6f420acSKumar Kartikeya Dwivedi struct bpf_sock_tuple tup = {};
139c6f420acSKumar Kartikeya Dwivedi struct nf_conn *ct;
140c6f420acSKumar Kartikeya Dwivedi
141c6f420acSKumar Kartikeya Dwivedi ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
142c6f420acSKumar Kartikeya Dwivedi if (!ct)
143c6f420acSKumar Kartikeya Dwivedi return 0;
144c6f420acSKumar Kartikeya Dwivedi bpf_ct_change_status(ct, 0);
145c6f420acSKumar Kartikeya Dwivedi return 0;
146c6f420acSKumar Kartikeya Dwivedi }
147c6f420acSKumar Kartikeya Dwivedi
148c6f420acSKumar Kartikeya Dwivedi char _license[] SEC("license") = "GPL";
149