1 // SPDX-License-Identifier: GPL-2.0 2 #include <stdint.h> 3 #include <stdbool.h> 4 5 #include <linux/bpf.h> 6 #include <linux/stddef.h> 7 #include <linux/pkt_cls.h> 8 #include <linux/if_ether.h> 9 #include <linux/ip.h> 10 11 #include <bpf/bpf_helpers.h> 12 13 volatile const __u32 IFINDEX_SRC; 14 volatile const __u32 IFINDEX_DST; 15 16 static const __u8 src_mac[] = {0x00, 0x11, 0x22, 0x33, 0x44, 0x55}; 17 static const __u8 dst_mac[] = {0x00, 0x22, 0x33, 0x44, 0x55, 0x66}; 18 19 SEC("classifier/chk_egress") 20 int tc_chk(struct __sk_buff *skb) 21 { 22 return TC_ACT_SHOT; 23 } 24 25 SEC("classifier/dst_ingress") 26 int tc_dst(struct __sk_buff *skb) 27 { 28 return bpf_redirect_peer(IFINDEX_SRC, 0); 29 } 30 31 SEC("classifier/src_ingress") 32 int tc_src(struct __sk_buff *skb) 33 { 34 return bpf_redirect_peer(IFINDEX_DST, 0); 35 } 36 37 SEC("classifier/dst_ingress_l3") 38 int tc_dst_l3(struct __sk_buff *skb) 39 { 40 return bpf_redirect(IFINDEX_SRC, 0); 41 } 42 43 SEC("classifier/src_ingress_l3") 44 int tc_src_l3(struct __sk_buff *skb) 45 { 46 __u16 proto = skb->protocol; 47 48 if (bpf_skb_change_head(skb, ETH_HLEN, 0) != 0) 49 return TC_ACT_SHOT; 50 51 if (bpf_skb_store_bytes(skb, 0, &src_mac, ETH_ALEN, 0) != 0) 52 return TC_ACT_SHOT; 53 54 if (bpf_skb_store_bytes(skb, ETH_ALEN, &dst_mac, ETH_ALEN, 0) != 0) 55 return TC_ACT_SHOT; 56 57 if (bpf_skb_store_bytes(skb, ETH_ALEN + ETH_ALEN, &proto, sizeof(__u16), 0) != 0) 58 return TC_ACT_SHOT; 59 60 return bpf_redirect_peer(IFINDEX_DST, 0); 61 } 62 63 char __license[] SEC("license") = "GPL"; 64