tools/testing/selftests/bpf/progs/test_tc_neigh.c

   1 // SPDX-License-Identifier: GPL-2.0
   2 #include <stddef.h>
   3 #include <stdint.h>
   4 #include <stdbool.h>
   5
   6 #include <linux/bpf.h>
   7 #include <linux/stddef.h>
   8 #include <linux/pkt_cls.h>
   9 #include <linux/if_ether.h>
  10 #include <linux/in.h>
  11 #include <linux/ip.h>
  12 #include <linux/ipv6.h>
  13
  14 #include <bpf/bpf_helpers.h>
  15 #include <bpf/bpf_endian.h>
  16
  17 #ifndef ctx_ptr
  18 # define ctx_ptr(field)         (void *)(long)(field)
  19 #endif
  20
  21 #define ip4_src                 0xac100164 /* 172.16.1.100 */
  22 #define ip4_dst                 0xac100264 /* 172.16.2.100 */
  23
  24 #define ip6_src                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
  25                                   0x00, 0x01, 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe }
  26 #define ip6_dst                 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, \
  27                                   0x00, 0x02, 0xde, 0xad, 0xbe, 0xef, 0xca, 0xfe }
  28
  29 #ifndef v6_equal
  30 # define v6_equal(a, b)         (a.s6_addr32[0] == b.s6_addr32[0] && \
  31                                  a.s6_addr32[1] == b.s6_addr32[1] && \
  32                                  a.s6_addr32[2] == b.s6_addr32[2] && \
  33                                  a.s6_addr32[3] == b.s6_addr32[3])
  34 #endif
  35
  36 enum {
  37         dev_src,
  38         dev_dst,
  39 };
  40
  41 struct bpf_map_def SEC("maps") ifindex_map = {
  42         .type           = BPF_MAP_TYPE_ARRAY,
  43         .key_size       = sizeof(int),
  44         .value_size     = sizeof(int),
  45         .max_entries    = 2,
  46 };
  47
  48 static __always_inline bool is_remote_ep_v4(struct __sk_buff *skb,
  49                                             __be32 addr)
  50 {
  51         void *data_end = ctx_ptr(skb->data_end);
  52         void *data = ctx_ptr(skb->data);
  53         struct iphdr *ip4h;
  54
  55         if (data + sizeof(struct ethhdr) > data_end)
  56                 return false;
  57
  58         ip4h = (struct iphdr *)(data + sizeof(struct ethhdr));
  59         if ((void *)(ip4h + 1) > data_end)
  60                 return false;
  61
  62         return ip4h->daddr == addr;
  63 }
  64
  65 static __always_inline bool is_remote_ep_v6(struct __sk_buff *skb,
  66                                             struct in6_addr addr)
  67 {
  68         void *data_end = ctx_ptr(skb->data_end);
  69         void *data = ctx_ptr(skb->data);
  70         struct ipv6hdr *ip6h;
  71
  72         if (data + sizeof(struct ethhdr) > data_end)
  73                 return false;
  74
  75         ip6h = (struct ipv6hdr *)(data + sizeof(struct ethhdr));
  76         if ((void *)(ip6h + 1) > data_end)
  77                 return false;
  78
  79         return v6_equal(ip6h->daddr, addr);
  80 }
  81
  82 static __always_inline int get_dev_ifindex(int which)
  83 {
  84         int *ifindex = bpf_map_lookup_elem(&ifindex_map, &which);
  85
  86         return ifindex ? *ifindex : 0;
  87 }
  88
  89 SEC("chk_egress") int tc_chk(struct __sk_buff *skb)
  90 {
  91         void *data_end = ctx_ptr(skb->data_end);
  92         void *data = ctx_ptr(skb->data);
  93         __u32 *raw = data;
  94
  95         if (data + sizeof(struct ethhdr) > data_end)
  96                 return TC_ACT_SHOT;
  97
  98         return !raw[0] && !raw[1] && !raw[2] ? TC_ACT_SHOT : TC_ACT_OK;
  99 }
 100
 101 SEC("dst_ingress") int tc_dst(struct __sk_buff *skb)
 102 {
 103         __u8 zero[ETH_ALEN * 2];
 104         bool redirect = false;
 105
 106         switch (skb->protocol) {
 107         case __bpf_constant_htons(ETH_P_IP):
 108                 redirect = is_remote_ep_v4(skb, __bpf_constant_htonl(ip4_src));
 109                 break;
 110         case __bpf_constant_htons(ETH_P_IPV6):
 111                 redirect = is_remote_ep_v6(skb, (struct in6_addr)ip6_src);
 112                 break;
 113         }
 114
 115         if (!redirect)
 116                 return TC_ACT_OK;
 117
 118         __builtin_memset(&zero, 0, sizeof(zero));
 119         if (bpf_skb_store_bytes(skb, 0, &zero, sizeof(zero), 0) < 0)
 120                 return TC_ACT_SHOT;
 121
 122         return bpf_redirect_neigh(get_dev_ifindex(dev_src), NULL, 0, 0);
 123 }
 124
 125 SEC("src_ingress") int tc_src(struct __sk_buff *skb)
 126 {
 127         __u8 zero[ETH_ALEN * 2];
 128         bool redirect = false;
 129
 130         switch (skb->protocol) {
 131         case __bpf_constant_htons(ETH_P_IP):
 132                 redirect = is_remote_ep_v4(skb, __bpf_constant_htonl(ip4_dst));
 133                 break;
 134         case __bpf_constant_htons(ETH_P_IPV6):
 135                 redirect = is_remote_ep_v6(skb, (struct in6_addr)ip6_dst);
 136                 break;
 137         }
 138
 139         if (!redirect)
 140                 return TC_ACT_OK;
 141
 142         __builtin_memset(&zero, 0, sizeof(zero));
 143         if (bpf_skb_store_bytes(skb, 0, &zero, sizeof(zero), 0) < 0)
 144                 return TC_ACT_SHOT;
 145
 146         return bpf_redirect_neigh(get_dev_ifindex(dev_dst), NULL, 0, 0);
 147 }
 148
 149 char __license[] SEC("license") = "GPL";