1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2016 VMware
3  * Copyright (c) 2016 Facebook
4  *
5  * This program is free software; you can redistribute it and/or
6  * modify it under the terms of version 2 of the GNU General Public
7  * License as published by the Free Software Foundation.
8  */
9 #include <stddef.h>
10 #include <string.h>
11 #include <arpa/inet.h>
12 #include <linux/bpf.h>
13 #include <linux/if_ether.h>
14 #include <linux/if_packet.h>
15 #include <linux/ip.h>
16 #include <linux/ipv6.h>
17 #include <linux/types.h>
18 #include <linux/socket.h>
19 #include <linux/pkt_cls.h>
20 #include <linux/erspan.h>
21 #include <bpf/bpf_helpers.h>
22 #include <bpf/bpf_endian.h>
23 
24 #define ERROR(ret) do {\
25 		char fmt[] = "ERROR line:%d ret:%d\n";\
26 		bpf_trace_printk(fmt, sizeof(fmt), __LINE__, ret); \
27 	} while (0)
28 
29 int _version SEC("version") = 1;
30 
31 struct geneve_opt {
32 	__be16	opt_class;
33 	__u8	type;
34 	__u8	length:5;
35 	__u8	r3:1;
36 	__u8	r2:1;
37 	__u8	r1:1;
38 	__u8	opt_data[8]; /* hard-coded to 8 byte */
39 };
40 
41 struct vxlan_metadata {
42 	__u32     gbp;
43 };
44 
45 SEC("gre_set_tunnel")
46 int _gre_set_tunnel(struct __sk_buff *skb)
47 {
48 	int ret;
49 	struct bpf_tunnel_key key;
50 
51 	__builtin_memset(&key, 0x0, sizeof(key));
52 	key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
53 	key.tunnel_id = 2;
54 	key.tunnel_tos = 0;
55 	key.tunnel_ttl = 64;
56 
57 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
58 				     BPF_F_ZERO_CSUM_TX | BPF_F_SEQ_NUMBER);
59 	if (ret < 0) {
60 		ERROR(ret);
61 		return TC_ACT_SHOT;
62 	}
63 
64 	return TC_ACT_OK;
65 }
66 
67 SEC("gre_get_tunnel")
68 int _gre_get_tunnel(struct __sk_buff *skb)
69 {
70 	int ret;
71 	struct bpf_tunnel_key key;
72 	char fmt[] = "key %d remote ip 0x%x\n";
73 
74 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
75 	if (ret < 0) {
76 		ERROR(ret);
77 		return TC_ACT_SHOT;
78 	}
79 
80 	bpf_trace_printk(fmt, sizeof(fmt), key.tunnel_id, key.remote_ipv4);
81 	return TC_ACT_OK;
82 }
83 
84 SEC("ip6gretap_set_tunnel")
85 int _ip6gretap_set_tunnel(struct __sk_buff *skb)
86 {
87 	struct bpf_tunnel_key key;
88 	int ret;
89 
90 	__builtin_memset(&key, 0x0, sizeof(key));
91 	key.remote_ipv6[3] = bpf_htonl(0x11); /* ::11 */
92 	key.tunnel_id = 2;
93 	key.tunnel_tos = 0;
94 	key.tunnel_ttl = 64;
95 	key.tunnel_label = 0xabcde;
96 
97 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
98 				     BPF_F_TUNINFO_IPV6 | BPF_F_ZERO_CSUM_TX |
99 				     BPF_F_SEQ_NUMBER);
100 	if (ret < 0) {
101 		ERROR(ret);
102 		return TC_ACT_SHOT;
103 	}
104 
105 	return TC_ACT_OK;
106 }
107 
108 SEC("ip6gretap_get_tunnel")
109 int _ip6gretap_get_tunnel(struct __sk_buff *skb)
110 {
111 	char fmt[] = "key %d remote ip6 ::%x label %x\n";
112 	struct bpf_tunnel_key key;
113 	int ret;
114 
115 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
116 				     BPF_F_TUNINFO_IPV6);
117 	if (ret < 0) {
118 		ERROR(ret);
119 		return TC_ACT_SHOT;
120 	}
121 
122 	bpf_trace_printk(fmt, sizeof(fmt),
123 			 key.tunnel_id, key.remote_ipv6[3], key.tunnel_label);
124 
125 	return TC_ACT_OK;
126 }
127 
128 SEC("erspan_set_tunnel")
129 int _erspan_set_tunnel(struct __sk_buff *skb)
130 {
131 	struct bpf_tunnel_key key;
132 	struct erspan_metadata md;
133 	int ret;
134 
135 	__builtin_memset(&key, 0x0, sizeof(key));
136 	key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
137 	key.tunnel_id = 2;
138 	key.tunnel_tos = 0;
139 	key.tunnel_ttl = 64;
140 
141 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
142 				     BPF_F_ZERO_CSUM_TX);
143 	if (ret < 0) {
144 		ERROR(ret);
145 		return TC_ACT_SHOT;
146 	}
147 
148 	__builtin_memset(&md, 0, sizeof(md));
149 #ifdef ERSPAN_V1
150 	md.version = 1;
151 	md.u.index = bpf_htonl(123);
152 #else
153 	__u8 direction = 1;
154 	__u8 hwid = 7;
155 
156 	md.version = 2;
157 	md.u.md2.dir = direction;
158 	md.u.md2.hwid = hwid & 0xf;
159 	md.u.md2.hwid_upper = (hwid >> 4) & 0x3;
160 #endif
161 
162 	ret = bpf_skb_set_tunnel_opt(skb, &md, sizeof(md));
163 	if (ret < 0) {
164 		ERROR(ret);
165 		return TC_ACT_SHOT;
166 	}
167 
168 	return TC_ACT_OK;
169 }
170 
171 SEC("erspan_get_tunnel")
172 int _erspan_get_tunnel(struct __sk_buff *skb)
173 {
174 	char fmt[] = "key %d remote ip 0x%x erspan version %d\n";
175 	struct bpf_tunnel_key key;
176 	struct erspan_metadata md;
177 	__u32 index;
178 	int ret;
179 
180 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
181 	if (ret < 0) {
182 		ERROR(ret);
183 		return TC_ACT_SHOT;
184 	}
185 
186 	ret = bpf_skb_get_tunnel_opt(skb, &md, sizeof(md));
187 	if (ret < 0) {
188 		ERROR(ret);
189 		return TC_ACT_SHOT;
190 	}
191 
192 	bpf_trace_printk(fmt, sizeof(fmt),
193 			key.tunnel_id, key.remote_ipv4, md.version);
194 
195 #ifdef ERSPAN_V1
196 	char fmt2[] = "\tindex %x\n";
197 
198 	index = bpf_ntohl(md.u.index);
199 	bpf_trace_printk(fmt2, sizeof(fmt2), index);
200 #else
201 	char fmt2[] = "\tdirection %d hwid %x timestamp %u\n";
202 
203 	bpf_trace_printk(fmt2, sizeof(fmt2),
204 			 md.u.md2.dir,
205 			 (md.u.md2.hwid_upper << 4) + md.u.md2.hwid,
206 			 bpf_ntohl(md.u.md2.timestamp));
207 #endif
208 
209 	return TC_ACT_OK;
210 }
211 
212 SEC("ip4ip6erspan_set_tunnel")
213 int _ip4ip6erspan_set_tunnel(struct __sk_buff *skb)
214 {
215 	struct bpf_tunnel_key key;
216 	struct erspan_metadata md;
217 	int ret;
218 
219 	__builtin_memset(&key, 0x0, sizeof(key));
220 	key.remote_ipv6[3] = bpf_htonl(0x11);
221 	key.tunnel_id = 2;
222 	key.tunnel_tos = 0;
223 	key.tunnel_ttl = 64;
224 
225 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
226 				     BPF_F_TUNINFO_IPV6);
227 	if (ret < 0) {
228 		ERROR(ret);
229 		return TC_ACT_SHOT;
230 	}
231 
232 	__builtin_memset(&md, 0, sizeof(md));
233 
234 #ifdef ERSPAN_V1
235 	md.u.index = bpf_htonl(123);
236 	md.version = 1;
237 #else
238 	__u8 direction = 0;
239 	__u8 hwid = 17;
240 
241 	md.version = 2;
242 	md.u.md2.dir = direction;
243 	md.u.md2.hwid = hwid & 0xf;
244 	md.u.md2.hwid_upper = (hwid >> 4) & 0x3;
245 #endif
246 
247 	ret = bpf_skb_set_tunnel_opt(skb, &md, sizeof(md));
248 	if (ret < 0) {
249 		ERROR(ret);
250 		return TC_ACT_SHOT;
251 	}
252 
253 	return TC_ACT_OK;
254 }
255 
256 SEC("ip4ip6erspan_get_tunnel")
257 int _ip4ip6erspan_get_tunnel(struct __sk_buff *skb)
258 {
259 	char fmt[] = "ip6erspan get key %d remote ip6 ::%x erspan version %d\n";
260 	struct bpf_tunnel_key key;
261 	struct erspan_metadata md;
262 	__u32 index;
263 	int ret;
264 
265 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
266 				     BPF_F_TUNINFO_IPV6);
267 	if (ret < 0) {
268 		ERROR(ret);
269 		return TC_ACT_SHOT;
270 	}
271 
272 	ret = bpf_skb_get_tunnel_opt(skb, &md, sizeof(md));
273 	if (ret < 0) {
274 		ERROR(ret);
275 		return TC_ACT_SHOT;
276 	}
277 
278 	bpf_trace_printk(fmt, sizeof(fmt),
279 			key.tunnel_id, key.remote_ipv4, md.version);
280 
281 #ifdef ERSPAN_V1
282 	char fmt2[] = "\tindex %x\n";
283 
284 	index = bpf_ntohl(md.u.index);
285 	bpf_trace_printk(fmt2, sizeof(fmt2), index);
286 #else
287 	char fmt2[] = "\tdirection %d hwid %x timestamp %u\n";
288 
289 	bpf_trace_printk(fmt2, sizeof(fmt2),
290 			 md.u.md2.dir,
291 			 (md.u.md2.hwid_upper << 4) + md.u.md2.hwid,
292 			 bpf_ntohl(md.u.md2.timestamp));
293 #endif
294 
295 	return TC_ACT_OK;
296 }
297 
298 SEC("vxlan_set_tunnel")
299 int _vxlan_set_tunnel(struct __sk_buff *skb)
300 {
301 	int ret;
302 	struct bpf_tunnel_key key;
303 	struct vxlan_metadata md;
304 
305 	__builtin_memset(&key, 0x0, sizeof(key));
306 	key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
307 	key.tunnel_id = 2;
308 	key.tunnel_tos = 0;
309 	key.tunnel_ttl = 64;
310 
311 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
312 				     BPF_F_ZERO_CSUM_TX);
313 	if (ret < 0) {
314 		ERROR(ret);
315 		return TC_ACT_SHOT;
316 	}
317 
318 	md.gbp = 0x800FF; /* Set VXLAN Group Policy extension */
319 	ret = bpf_skb_set_tunnel_opt(skb, &md, sizeof(md));
320 	if (ret < 0) {
321 		ERROR(ret);
322 		return TC_ACT_SHOT;
323 	}
324 
325 	return TC_ACT_OK;
326 }
327 
328 SEC("vxlan_get_tunnel")
329 int _vxlan_get_tunnel(struct __sk_buff *skb)
330 {
331 	int ret;
332 	struct bpf_tunnel_key key;
333 	struct vxlan_metadata md;
334 	char fmt[] = "key %d remote ip 0x%x vxlan gbp 0x%x\n";
335 
336 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
337 	if (ret < 0) {
338 		ERROR(ret);
339 		return TC_ACT_SHOT;
340 	}
341 
342 	ret = bpf_skb_get_tunnel_opt(skb, &md, sizeof(md));
343 	if (ret < 0) {
344 		ERROR(ret);
345 		return TC_ACT_SHOT;
346 	}
347 
348 	bpf_trace_printk(fmt, sizeof(fmt),
349 			key.tunnel_id, key.remote_ipv4, md.gbp);
350 
351 	return TC_ACT_OK;
352 }
353 
354 SEC("ip6vxlan_set_tunnel")
355 int _ip6vxlan_set_tunnel(struct __sk_buff *skb)
356 {
357 	struct bpf_tunnel_key key;
358 	int ret;
359 
360 	__builtin_memset(&key, 0x0, sizeof(key));
361 	key.remote_ipv6[3] = bpf_htonl(0x11); /* ::11 */
362 	key.tunnel_id = 22;
363 	key.tunnel_tos = 0;
364 	key.tunnel_ttl = 64;
365 
366 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
367 				     BPF_F_TUNINFO_IPV6);
368 	if (ret < 0) {
369 		ERROR(ret);
370 		return TC_ACT_SHOT;
371 	}
372 
373 	return TC_ACT_OK;
374 }
375 
376 SEC("ip6vxlan_get_tunnel")
377 int _ip6vxlan_get_tunnel(struct __sk_buff *skb)
378 {
379 	char fmt[] = "key %d remote ip6 ::%x label %x\n";
380 	struct bpf_tunnel_key key;
381 	int ret;
382 
383 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
384 				     BPF_F_TUNINFO_IPV6);
385 	if (ret < 0) {
386 		ERROR(ret);
387 		return TC_ACT_SHOT;
388 	}
389 
390 	bpf_trace_printk(fmt, sizeof(fmt),
391 			 key.tunnel_id, key.remote_ipv6[3], key.tunnel_label);
392 
393 	return TC_ACT_OK;
394 }
395 
396 SEC("geneve_set_tunnel")
397 int _geneve_set_tunnel(struct __sk_buff *skb)
398 {
399 	int ret, ret2;
400 	struct bpf_tunnel_key key;
401 	struct geneve_opt gopt;
402 
403 	__builtin_memset(&key, 0x0, sizeof(key));
404 	key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
405 	key.tunnel_id = 2;
406 	key.tunnel_tos = 0;
407 	key.tunnel_ttl = 64;
408 
409 	__builtin_memset(&gopt, 0x0, sizeof(gopt));
410 	gopt.opt_class = bpf_htons(0x102); /* Open Virtual Networking (OVN) */
411 	gopt.type = 0x08;
412 	gopt.r1 = 0;
413 	gopt.r2 = 0;
414 	gopt.r3 = 0;
415 	gopt.length = 2; /* 4-byte multiple */
416 	*(int *) &gopt.opt_data = bpf_htonl(0xdeadbeef);
417 
418 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
419 				     BPF_F_ZERO_CSUM_TX);
420 	if (ret < 0) {
421 		ERROR(ret);
422 		return TC_ACT_SHOT;
423 	}
424 
425 	ret = bpf_skb_set_tunnel_opt(skb, &gopt, sizeof(gopt));
426 	if (ret < 0) {
427 		ERROR(ret);
428 		return TC_ACT_SHOT;
429 	}
430 
431 	return TC_ACT_OK;
432 }
433 
434 SEC("geneve_get_tunnel")
435 int _geneve_get_tunnel(struct __sk_buff *skb)
436 {
437 	int ret;
438 	struct bpf_tunnel_key key;
439 	struct geneve_opt gopt;
440 	char fmt[] = "key %d remote ip 0x%x geneve class 0x%x\n";
441 
442 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
443 	if (ret < 0) {
444 		ERROR(ret);
445 		return TC_ACT_SHOT;
446 	}
447 
448 	ret = bpf_skb_get_tunnel_opt(skb, &gopt, sizeof(gopt));
449 	if (ret < 0)
450 		gopt.opt_class = 0;
451 
452 	bpf_trace_printk(fmt, sizeof(fmt),
453 			key.tunnel_id, key.remote_ipv4, gopt.opt_class);
454 	return TC_ACT_OK;
455 }
456 
457 SEC("ip6geneve_set_tunnel")
458 int _ip6geneve_set_tunnel(struct __sk_buff *skb)
459 {
460 	struct bpf_tunnel_key key;
461 	struct geneve_opt gopt;
462 	int ret;
463 
464 	__builtin_memset(&key, 0x0, sizeof(key));
465 	key.remote_ipv6[3] = bpf_htonl(0x11); /* ::11 */
466 	key.tunnel_id = 22;
467 	key.tunnel_tos = 0;
468 	key.tunnel_ttl = 64;
469 
470 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
471 				     BPF_F_TUNINFO_IPV6);
472 	if (ret < 0) {
473 		ERROR(ret);
474 		return TC_ACT_SHOT;
475 	}
476 
477 	__builtin_memset(&gopt, 0x0, sizeof(gopt));
478 	gopt.opt_class = bpf_htons(0x102); /* Open Virtual Networking (OVN) */
479 	gopt.type = 0x08;
480 	gopt.r1 = 0;
481 	gopt.r2 = 0;
482 	gopt.r3 = 0;
483 	gopt.length = 2; /* 4-byte multiple */
484 	*(int *) &gopt.opt_data = bpf_htonl(0xfeedbeef);
485 
486 	ret = bpf_skb_set_tunnel_opt(skb, &gopt, sizeof(gopt));
487 	if (ret < 0) {
488 		ERROR(ret);
489 		return TC_ACT_SHOT;
490 	}
491 
492 	return TC_ACT_OK;
493 }
494 
495 SEC("ip6geneve_get_tunnel")
496 int _ip6geneve_get_tunnel(struct __sk_buff *skb)
497 {
498 	char fmt[] = "key %d remote ip 0x%x geneve class 0x%x\n";
499 	struct bpf_tunnel_key key;
500 	struct geneve_opt gopt;
501 	int ret;
502 
503 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
504 				     BPF_F_TUNINFO_IPV6);
505 	if (ret < 0) {
506 		ERROR(ret);
507 		return TC_ACT_SHOT;
508 	}
509 
510 	ret = bpf_skb_get_tunnel_opt(skb, &gopt, sizeof(gopt));
511 	if (ret < 0)
512 		gopt.opt_class = 0;
513 
514 	bpf_trace_printk(fmt, sizeof(fmt),
515 			key.tunnel_id, key.remote_ipv4, gopt.opt_class);
516 
517 	return TC_ACT_OK;
518 }
519 
520 SEC("ipip_set_tunnel")
521 int _ipip_set_tunnel(struct __sk_buff *skb)
522 {
523 	struct bpf_tunnel_key key = {};
524 	void *data = (void *)(long)skb->data;
525 	struct iphdr *iph = data;
526 	void *data_end = (void *)(long)skb->data_end;
527 	int ret;
528 
529 	/* single length check */
530 	if (data + sizeof(*iph) > data_end) {
531 		ERROR(1);
532 		return TC_ACT_SHOT;
533 	}
534 
535 	key.tunnel_ttl = 64;
536 	if (iph->protocol == IPPROTO_ICMP) {
537 		key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
538 	}
539 
540 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key), 0);
541 	if (ret < 0) {
542 		ERROR(ret);
543 		return TC_ACT_SHOT;
544 	}
545 
546 	return TC_ACT_OK;
547 }
548 
549 SEC("ipip_get_tunnel")
550 int _ipip_get_tunnel(struct __sk_buff *skb)
551 {
552 	int ret;
553 	struct bpf_tunnel_key key;
554 	char fmt[] = "remote ip 0x%x\n";
555 
556 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
557 	if (ret < 0) {
558 		ERROR(ret);
559 		return TC_ACT_SHOT;
560 	}
561 
562 	bpf_trace_printk(fmt, sizeof(fmt), key.remote_ipv4);
563 	return TC_ACT_OK;
564 }
565 
566 SEC("ipip6_set_tunnel")
567 int _ipip6_set_tunnel(struct __sk_buff *skb)
568 {
569 	struct bpf_tunnel_key key = {};
570 	void *data = (void *)(long)skb->data;
571 	struct iphdr *iph = data;
572 	void *data_end = (void *)(long)skb->data_end;
573 	int ret;
574 
575 	/* single length check */
576 	if (data + sizeof(*iph) > data_end) {
577 		ERROR(1);
578 		return TC_ACT_SHOT;
579 	}
580 
581 	__builtin_memset(&key, 0x0, sizeof(key));
582 	key.tunnel_ttl = 64;
583 	if (iph->protocol == IPPROTO_ICMP) {
584 		key.remote_ipv6[3] = bpf_htonl(0x11); /* ::11 */
585 	}
586 
587 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
588 				     BPF_F_TUNINFO_IPV6);
589 	if (ret < 0) {
590 		ERROR(ret);
591 		return TC_ACT_SHOT;
592 	}
593 
594 	return TC_ACT_OK;
595 }
596 
597 SEC("ipip6_get_tunnel")
598 int _ipip6_get_tunnel(struct __sk_buff *skb)
599 {
600 	int ret;
601 	struct bpf_tunnel_key key;
602 	char fmt[] = "remote ip6 %x::%x\n";
603 
604 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
605 				     BPF_F_TUNINFO_IPV6);
606 	if (ret < 0) {
607 		ERROR(ret);
608 		return TC_ACT_SHOT;
609 	}
610 
611 	bpf_trace_printk(fmt, sizeof(fmt), bpf_htonl(key.remote_ipv6[0]),
612 			 bpf_htonl(key.remote_ipv6[3]));
613 	return TC_ACT_OK;
614 }
615 
616 SEC("ip6ip6_set_tunnel")
617 int _ip6ip6_set_tunnel(struct __sk_buff *skb)
618 {
619 	struct bpf_tunnel_key key = {};
620 	void *data = (void *)(long)skb->data;
621 	struct ipv6hdr *iph = data;
622 	void *data_end = (void *)(long)skb->data_end;
623 	int ret;
624 
625 	/* single length check */
626 	if (data + sizeof(*iph) > data_end) {
627 		ERROR(1);
628 		return TC_ACT_SHOT;
629 	}
630 
631 	key.tunnel_ttl = 64;
632 	if (iph->nexthdr == 58 /* NEXTHDR_ICMP */) {
633 		key.remote_ipv6[3] = bpf_htonl(0x11); /* ::11 */
634 	}
635 
636 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
637 				     BPF_F_TUNINFO_IPV6);
638 	if (ret < 0) {
639 		ERROR(ret);
640 		return TC_ACT_SHOT;
641 	}
642 
643 	return TC_ACT_OK;
644 }
645 
646 SEC("ip6ip6_get_tunnel")
647 int _ip6ip6_get_tunnel(struct __sk_buff *skb)
648 {
649 	int ret;
650 	struct bpf_tunnel_key key;
651 	char fmt[] = "remote ip6 %x::%x\n";
652 
653 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
654 				     BPF_F_TUNINFO_IPV6);
655 	if (ret < 0) {
656 		ERROR(ret);
657 		return TC_ACT_SHOT;
658 	}
659 
660 	bpf_trace_printk(fmt, sizeof(fmt), bpf_htonl(key.remote_ipv6[0]),
661 			 bpf_htonl(key.remote_ipv6[3]));
662 	return TC_ACT_OK;
663 }
664 
665 SEC("xfrm_get_state")
666 int _xfrm_get_state(struct __sk_buff *skb)
667 {
668 	struct bpf_xfrm_state x;
669 	char fmt[] = "reqid %d spi 0x%x remote ip 0x%x\n";
670 	int ret;
671 
672 	ret = bpf_skb_get_xfrm_state(skb, 0, &x, sizeof(x), 0);
673 	if (ret < 0)
674 		return TC_ACT_OK;
675 
676 	bpf_trace_printk(fmt, sizeof(fmt), x.reqid, bpf_ntohl(x.spi),
677 			 bpf_ntohl(x.remote_ipv4));
678 	return TC_ACT_OK;
679 }
680 
681 char _license[] SEC("license") = "GPL";
682