Revert "Switch to using typesafe kernel ebpf map accessors"
This reverts commit d07962a3f6d6a9c3f63a12b7cfd8c486cd7c78e3.
diff --git a/bpf_progs/clatd.c b/bpf_progs/clatd.c
index 578d244..4c2953f 100644
--- a/bpf_progs/clatd.c
+++ b/bpf_progs/clatd.c
@@ -48,7 +48,12 @@
#define ntohs(x) htons(x)
#define ntohl(x) htonl(x)
-DEFINE_BPF_MAP(clat_ingress_map, HASH, ClatIngressKey, ClatIngressValue, 16)
+struct bpf_map_def SEC("maps") clat_ingress_map = {
+ .type = BPF_MAP_TYPE_HASH,
+ .key_size = sizeof(struct ClatIngressKey),
+ .value_size = sizeof(struct ClatIngressValue),
+ .max_entries = 16,
+};
static inline __always_inline int nat64(struct __sk_buff* skb, bool is_ethernet) {
const int l2_header_size = is_ethernet ? sizeof(struct ethhdr) : 0;
@@ -87,7 +92,7 @@
return TC_ACT_OK;
}
- ClatIngressKey k = {
+ struct ClatIngressKey k = {
.iif = skb->ifindex,
.pfx96.in6_u.u6_addr32 =
{
@@ -98,7 +103,7 @@
.local6 = ip6->daddr,
};
- ClatIngressValue* v = bpf_clat_ingress_map_lookup_elem(&k);
+ struct ClatIngressValue* v = bpf_map_lookup_elem(&clat_ingress_map, &k);
if (!v) return TC_ACT_OK;
diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index 65f3b47..e752dc3 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c
@@ -45,7 +45,7 @@
int xt_bpf_whitelist_prog(struct __sk_buff* skb) {
uint32_t sock_uid = bpf_get_socket_uid(skb);
if (is_system_uid(sock_uid)) return BPF_MATCH;
- UidOwnerValue* whitelistMatch = bpf_uid_owner_map_lookup_elem(&sock_uid);
+ struct UidOwnerValue* whitelistMatch = bpf_map_lookup_elem(&uid_owner_map, &sock_uid);
if (whitelistMatch) return whitelistMatch->rule & HAPPY_BOX_MATCH;
return BPF_NOMATCH;
}
@@ -53,12 +53,17 @@
SEC("skfilter/blacklist/xtbpf")
int xt_bpf_blacklist_prog(struct __sk_buff* skb) {
uint32_t sock_uid = bpf_get_socket_uid(skb);
- UidOwnerValue* blacklistMatch = bpf_uid_owner_map_lookup_elem(&sock_uid);
+ struct UidOwnerValue* blacklistMatch = bpf_map_lookup_elem(&uid_owner_map, &sock_uid);
if (blacklistMatch) return blacklistMatch->rule & PENALTY_BOX_MATCH;
return BPF_NOMATCH;
}
-DEFINE_BPF_MAP(uid_permission_map, HASH, uint32_t, uint8_t, UID_OWNER_MAP_SIZE)
+struct bpf_map_def SEC("maps") uid_permission_map = {
+ .type = BPF_MAP_TYPE_HASH,
+ .key_size = sizeof(uint32_t),
+ .value_size = sizeof(uint8_t),
+ .max_entries = UID_OWNER_MAP_SIZE,
+};
SEC("cgroupsock/inet/create")
int inet_socket_create(struct bpf_sock* sk) {
@@ -70,7 +75,7 @@
* run time. See UserHandle#isSameApp for detail.
*/
uint32_t appId = (gid_uid & 0xffffffff) % PER_USER_RANGE;
- uint8_t* permissions = bpf_uid_permission_map_lookup_elem(&appId);
+ uint8_t* permissions = bpf_map_lookup_elem(&uid_permission_map, &appId);
if (!permissions) {
// UID not in map. Default to just INTERNET permission.
return 1;
diff --git a/bpf_progs/netd.h b/bpf_progs/netd.h
index b98be57..3bede8d 100644
--- a/bpf_progs/netd.h
+++ b/bpf_progs/netd.h
@@ -31,28 +31,28 @@
#include <stdint.h>
#include "netdbpf/bpf_shared.h"
-typedef struct {
+struct uid_tag {
uint32_t uid;
uint32_t tag;
-} uid_tag;
+};
-typedef struct {
+struct stats_key {
uint32_t uid;
uint32_t tag;
uint32_t counterSet;
uint32_t ifaceIndex;
-} stats_key;
+};
-typedef struct {
+struct stats_value {
uint64_t rxPackets;
uint64_t rxBytes;
uint64_t txPackets;
uint64_t txBytes;
-} stats_value;
+};
-typedef struct {
+struct IfaceValue {
char name[IFNAMSIZ];
-} IfaceValue;
+};
// This is defined for cgroup bpf filter only.
#define BPF_PASS 1
@@ -71,38 +71,81 @@
#define TCP_FLAG_OFF 13
#define RST_OFFSET 2
-DEFINE_BPF_MAP(cookie_tag_map, HASH, uint64_t, uid_tag, COOKIE_UID_MAP_SIZE)
-DEFINE_BPF_MAP(uid_counterset_map, HASH, uint32_t, uint8_t, UID_COUNTERSET_MAP_SIZE)
+struct bpf_map_def SEC("maps") cookie_tag_map = {
+ .type = BPF_MAP_TYPE_HASH,
+ .key_size = sizeof(uint64_t),
+ .value_size = sizeof(struct uid_tag),
+ .max_entries = COOKIE_UID_MAP_SIZE,
+};
-/* these are updated via bpf_update_stats() which unfortunately isn't type safe */
-DEFINE_BPF_MAP_NO_ACCESSORS(app_uid_stats_map, HASH, uint32_t, stats_value, APP_STATS_MAP_SIZE)
-DEFINE_BPF_MAP_NO_ACCESSORS(stats_map_A, HASH, stats_key, stats_value, STATS_MAP_SIZE)
-DEFINE_BPF_MAP_NO_ACCESSORS(stats_map_B, HASH, stats_key, stats_value, STATS_MAP_SIZE)
-DEFINE_BPF_MAP_NO_ACCESSORS(iface_stats_map, HASH, uint32_t, stats_value, IFACE_STATS_MAP_SIZE)
+struct bpf_map_def SEC("maps") uid_counterset_map = {
+ .type = BPF_MAP_TYPE_HASH,
+ .key_size = sizeof(uint32_t),
+ .value_size = sizeof(uint8_t),
+ .max_entries = UID_COUNTERSET_MAP_SIZE,
+};
-DEFINE_BPF_MAP(configuration_map, HASH, uint32_t, uint8_t, CONFIGURATION_MAP_SIZE)
-DEFINE_BPF_MAP(uid_owner_map, HASH, uint32_t, UidOwnerValue, UID_OWNER_MAP_SIZE)
+struct bpf_map_def SEC("maps") app_uid_stats_map = {
+ .type = BPF_MAP_TYPE_HASH,
+ .key_size = sizeof(uint32_t),
+ .value_size = sizeof(struct stats_value),
+ .max_entries = APP_STATS_MAP_SIZE,
+};
-/* never actually used from ebpf */
-DEFINE_BPF_MAP_NO_ACCESSORS(iface_index_name_map, HASH, uint32_t, IfaceValue,
- IFACE_INDEX_NAME_MAP_SIZE)
+struct bpf_map_def SEC("maps") stats_map_A = {
+ .type = BPF_MAP_TYPE_HASH,
+ .key_size = sizeof(struct stats_key),
+ .value_size = sizeof(struct stats_value),
+ .max_entries = STATS_MAP_SIZE,
+};
+
+struct bpf_map_def SEC("maps") stats_map_B = {
+ .type = BPF_MAP_TYPE_HASH,
+ .key_size = sizeof(struct stats_key),
+ .value_size = sizeof(struct stats_value),
+ .max_entries = STATS_MAP_SIZE,
+};
+
+struct bpf_map_def SEC("maps") iface_stats_map = {
+ .type = BPF_MAP_TYPE_HASH,
+ .key_size = sizeof(uint32_t),
+ .value_size = sizeof(struct stats_value),
+ .max_entries = IFACE_STATS_MAP_SIZE,
+};
+
+struct bpf_map_def SEC("maps") configuration_map = {
+ .type = BPF_MAP_TYPE_HASH,
+ .key_size = sizeof(uint32_t),
+ .value_size = sizeof(uint8_t),
+ .max_entries = CONFIGURATION_MAP_SIZE,
+};
+
+struct bpf_map_def SEC("maps") uid_owner_map = {
+ .type = BPF_MAP_TYPE_HASH,
+ .key_size = sizeof(uint32_t),
+ .value_size = sizeof(struct UidOwnerValue),
+ .max_entries = UID_OWNER_MAP_SIZE,
+};
+
+struct bpf_map_def SEC("maps") iface_index_name_map = {
+ .type = BPF_MAP_TYPE_HASH,
+ .key_size = sizeof(uint32_t),
+ .value_size = sizeof(struct IfaceValue),
+ .max_entries = IFACE_INDEX_NAME_MAP_SIZE,
+};
static __always_inline int is_system_uid(uint32_t uid) {
return (uid <= MAX_SYSTEM_UID) && (uid >= MIN_SYSTEM_UID);
}
-/* this function deals with bpf maps from any key type to 'stats_value' value,
- * but it is on the programmer to ensure this, and to ensure the type/length of
- * the passed in key is appropriate for the passed in map.
- */
static __always_inline inline void bpf_update_stats(struct __sk_buff* skb, struct bpf_map_def* map,
int direction, void* key) {
- stats_value* value;
- value = unsafe_bpf_map_lookup_elem(map, key);
+ struct stats_value* value;
+ value = bpf_map_lookup_elem(map, key);
if (!value) {
- stats_value newValue = {};
- unsafe_bpf_map_update_elem(map, key, &newValue, BPF_NOEXIST);
- value = unsafe_bpf_map_lookup_elem(map, key);
+ struct stats_value newValue = {};
+ bpf_map_update_elem(map, key, &newValue, BPF_NOEXIST);
+ value = bpf_map_lookup_elem(map, key);
}
if (value) {
if (direction == BPF_EGRESS) {
@@ -156,7 +199,7 @@
static __always_inline BpfConfig getConfig(uint32_t configKey) {
uint32_t mapSettingKey = configKey;
- BpfConfig* config = bpf_configuration_map_lookup_elem(&mapSettingKey);
+ BpfConfig* config = bpf_map_lookup_elem(&configuration_map, &mapSettingKey);
if (!config) {
// Couldn't read configuration entry. Assume everything is disabled.
return DEFAULT_CONFIG;
@@ -171,7 +214,7 @@
BpfConfig enabledRules = getConfig(UID_RULES_CONFIGURATION_KEY);
- UidOwnerValue* uidEntry = bpf_uid_owner_map_lookup_elem(&uid);
+ struct UidOwnerValue* uidEntry = bpf_map_lookup_elem(&uid_owner_map, &uid);
uint8_t uidRules = uidEntry ? uidEntry->rule : 0;
uint32_t allowed_iif = uidEntry ? uidEntry->iif : 0;
@@ -214,7 +257,7 @@
}
uint64_t cookie = bpf_get_socket_cookie(skb);
- uid_tag* utag = bpf_cookie_tag_map_lookup_elem(&cookie);
+ struct uid_tag* utag = bpf_map_lookup_elem(&cookie_tag_map, &cookie);
uint32_t uid, tag;
if (utag) {
uid = utag->uid;
@@ -224,13 +267,13 @@
tag = 0;
}
- stats_key key = {.uid = uid, .tag = tag, .counterSet = 0, .ifaceIndex = skb->ifindex};
+ struct stats_key key = {.uid = uid, .tag = tag, .counterSet = 0, .ifaceIndex = skb->ifindex};
- uint8_t* counterSet = bpf_uid_counterset_map_lookup_elem(&uid);
+ uint8_t* counterSet = bpf_map_lookup_elem(&uid_counterset_map, &uid);
if (counterSet) key.counterSet = (uint32_t)*counterSet;
uint32_t mapSettingKey = CURRENT_STATS_MAP_CONFIGURATION_KEY;
- uint8_t* selectedMap = bpf_configuration_map_lookup_elem(&mapSettingKey);
+ uint8_t* selectedMap = bpf_map_lookup_elem(&configuration_map, &mapSettingKey);
if (!selectedMap) {
return match;
}
diff --git a/libnetdbpf/include/netdbpf/bpf_shared.h b/libnetdbpf/include/netdbpf/bpf_shared.h
index 66d20ec..43aa9d3 100644
--- a/libnetdbpf/include/netdbpf/bpf_shared.h
+++ b/libnetdbpf/include/netdbpf/bpf_shared.h
@@ -104,12 +104,12 @@
typedef uint8_t BpfConfig;
const BpfConfig DEFAULT_CONFIG = 0;
-typedef struct {
+struct UidOwnerValue {
// Allowed interface index. Only applicable if IIF_MATCH is set in the rule bitmask above.
uint32_t iif;
// A bitmask of enum values in UidOwnerMatchType.
uint8_t rule;
-} UidOwnerValue;
+};
#define UID_RULES_CONFIGURATION_KEY 1
#define CURRENT_STATS_MAP_CONFIGURATION_KEY 2
@@ -122,15 +122,15 @@
#define CLAT_INGRESS_MAP_PATH BPF_PATH "/map_clatd_clat_ingress_map"
-typedef struct {
+struct ClatIngressKey {
uint32_t iif; // The input interface index
struct in6_addr pfx96; // The source /96 nat64 prefix, bottom 32 bits must be 0
struct in6_addr local6; // The full 128-bits of the destination IPv6 address
-} ClatIngressKey;
+};
-typedef struct {
+struct ClatIngressValue {
uint32_t oif; // The output interface to redirect to (0 means don't redirect)
struct in_addr local4; // The destination IPv4 address
-} ClatIngressValue;
+};
#endif // NETDBPF_BPF_SHARED_H