Martin KaFai Lau | a3f7461 | 2016-06-30 10:28:45 -0700 | [diff] [blame] | 1 | /* Copyright (c) 2016 Facebook |
| 2 | * |
| 3 | * This program is free software; you can redistribute it and/or |
| 4 | * modify it under the terms of version 2 of the GNU General Public |
| 5 | * License as published by the Free Software Foundation. |
| 6 | */ |
| 7 | #include <uapi/linux/if_ether.h> |
| 8 | #include <uapi/linux/in6.h> |
| 9 | #include <uapi/linux/ipv6.h> |
| 10 | #include <uapi/linux/pkt_cls.h> |
| 11 | #include <uapi/linux/bpf.h> |
| 12 | #include "bpf_helpers.h" |
| 13 | |
| 14 | /* copy of 'struct ethhdr' without __packed */ |
| 15 | struct eth_hdr { |
| 16 | unsigned char h_dest[ETH_ALEN]; |
| 17 | unsigned char h_source[ETH_ALEN]; |
| 18 | unsigned short h_proto; |
| 19 | }; |
| 20 | |
| 21 | #define PIN_GLOBAL_NS 2 |
| 22 | struct bpf_elf_map { |
| 23 | __u32 type; |
| 24 | __u32 size_key; |
| 25 | __u32 size_value; |
| 26 | __u32 max_elem; |
| 27 | __u32 flags; |
| 28 | __u32 id; |
| 29 | __u32 pinning; |
| 30 | }; |
| 31 | |
| 32 | struct bpf_elf_map SEC("maps") test_cgrp2_array_pin = { |
| 33 | .type = BPF_MAP_TYPE_CGROUP_ARRAY, |
| 34 | .size_key = sizeof(uint32_t), |
| 35 | .size_value = sizeof(uint32_t), |
| 36 | .pinning = PIN_GLOBAL_NS, |
| 37 | .max_elem = 1, |
| 38 | }; |
| 39 | |
| 40 | SEC("filter") |
| 41 | int handle_egress(struct __sk_buff *skb) |
| 42 | { |
| 43 | void *data = (void *)(long)skb->data; |
| 44 | struct eth_hdr *eth = data; |
| 45 | struct ipv6hdr *ip6h = data + sizeof(*eth); |
| 46 | void *data_end = (void *)(long)skb->data_end; |
| 47 | char dont_care_msg[] = "dont care %04x %d\n"; |
| 48 | char pass_msg[] = "pass\n"; |
| 49 | char reject_msg[] = "reject\n"; |
| 50 | |
| 51 | /* single length check */ |
| 52 | if (data + sizeof(*eth) + sizeof(*ip6h) > data_end) |
| 53 | return TC_ACT_OK; |
| 54 | |
| 55 | if (eth->h_proto != htons(ETH_P_IPV6) || |
| 56 | ip6h->nexthdr != IPPROTO_ICMPV6) { |
| 57 | bpf_trace_printk(dont_care_msg, sizeof(dont_care_msg), |
| 58 | eth->h_proto, ip6h->nexthdr); |
| 59 | return TC_ACT_OK; |
Daniel Borkmann | 747ea55 | 2016-08-12 22:17:17 +0200 | [diff] [blame] | 60 | } else if (bpf_skb_under_cgroup(skb, &test_cgrp2_array_pin, 0) != 1) { |
Martin KaFai Lau | a3f7461 | 2016-06-30 10:28:45 -0700 | [diff] [blame] | 61 | bpf_trace_printk(pass_msg, sizeof(pass_msg)); |
| 62 | return TC_ACT_OK; |
| 63 | } else { |
| 64 | bpf_trace_printk(reject_msg, sizeof(reject_msg)); |
| 65 | return TC_ACT_SHOT; |
| 66 | } |
| 67 | } |
| 68 | |
| 69 | char _license[] SEC("license") = "GPL"; |