1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * Copyright (c) 2018 Facebook
4*4882a593Smuzhiyun *
5*4882a593Smuzhiyun * BPF program to automatically reflect TOS option from received syn packet
6*4882a593Smuzhiyun *
7*4882a593Smuzhiyun * Use "bpftool cgroup attach $cg sock_ops $prog" to load this BPF program.
8*4882a593Smuzhiyun */
9*4882a593Smuzhiyun
10*4882a593Smuzhiyun #include <uapi/linux/bpf.h>
11*4882a593Smuzhiyun #include <uapi/linux/tcp.h>
12*4882a593Smuzhiyun #include <uapi/linux/if_ether.h>
13*4882a593Smuzhiyun #include <uapi/linux/if_packet.h>
14*4882a593Smuzhiyun #include <uapi/linux/ip.h>
15*4882a593Smuzhiyun #include <uapi/linux/ipv6.h>
16*4882a593Smuzhiyun #include <uapi/linux/in.h>
17*4882a593Smuzhiyun #include <linux/socket.h>
18*4882a593Smuzhiyun #include <bpf/bpf_helpers.h>
19*4882a593Smuzhiyun #include <bpf/bpf_endian.h>
20*4882a593Smuzhiyun
21*4882a593Smuzhiyun #define DEBUG 1
22*4882a593Smuzhiyun
23*4882a593Smuzhiyun SEC("sockops")
bpf_basertt(struct bpf_sock_ops * skops)24*4882a593Smuzhiyun int bpf_basertt(struct bpf_sock_ops *skops)
25*4882a593Smuzhiyun {
26*4882a593Smuzhiyun char header[sizeof(struct ipv6hdr)];
27*4882a593Smuzhiyun struct ipv6hdr *hdr6;
28*4882a593Smuzhiyun struct iphdr *hdr;
29*4882a593Smuzhiyun int hdr_size = 0;
30*4882a593Smuzhiyun int save_syn = 1;
31*4882a593Smuzhiyun int tos = 0;
32*4882a593Smuzhiyun int rv = 0;
33*4882a593Smuzhiyun int op;
34*4882a593Smuzhiyun
35*4882a593Smuzhiyun op = (int) skops->op;
36*4882a593Smuzhiyun
37*4882a593Smuzhiyun #ifdef DEBUG
38*4882a593Smuzhiyun bpf_printk("BPF command: %d\n", op);
39*4882a593Smuzhiyun #endif
40*4882a593Smuzhiyun switch (op) {
41*4882a593Smuzhiyun case BPF_SOCK_OPS_TCP_LISTEN_CB:
42*4882a593Smuzhiyun rv = bpf_setsockopt(skops, SOL_TCP, TCP_SAVE_SYN,
43*4882a593Smuzhiyun &save_syn, sizeof(save_syn));
44*4882a593Smuzhiyun break;
45*4882a593Smuzhiyun case BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB:
46*4882a593Smuzhiyun if (skops->family == AF_INET)
47*4882a593Smuzhiyun hdr_size = sizeof(struct iphdr);
48*4882a593Smuzhiyun else
49*4882a593Smuzhiyun hdr_size = sizeof(struct ipv6hdr);
50*4882a593Smuzhiyun rv = bpf_getsockopt(skops, SOL_TCP, TCP_SAVED_SYN,
51*4882a593Smuzhiyun header, hdr_size);
52*4882a593Smuzhiyun if (!rv) {
53*4882a593Smuzhiyun if (skops->family == AF_INET) {
54*4882a593Smuzhiyun hdr = (struct iphdr *) header;
55*4882a593Smuzhiyun tos = hdr->tos;
56*4882a593Smuzhiyun if (tos != 0)
57*4882a593Smuzhiyun bpf_setsockopt(skops, SOL_IP, IP_TOS,
58*4882a593Smuzhiyun &tos, sizeof(tos));
59*4882a593Smuzhiyun } else {
60*4882a593Smuzhiyun hdr6 = (struct ipv6hdr *) header;
61*4882a593Smuzhiyun tos = ((hdr6->priority) << 4 |
62*4882a593Smuzhiyun (hdr6->flow_lbl[0]) >> 4);
63*4882a593Smuzhiyun if (tos)
64*4882a593Smuzhiyun bpf_setsockopt(skops, SOL_IPV6,
65*4882a593Smuzhiyun IPV6_TCLASS,
66*4882a593Smuzhiyun &tos, sizeof(tos));
67*4882a593Smuzhiyun }
68*4882a593Smuzhiyun rv = 0;
69*4882a593Smuzhiyun }
70*4882a593Smuzhiyun break;
71*4882a593Smuzhiyun default:
72*4882a593Smuzhiyun rv = -1;
73*4882a593Smuzhiyun }
74*4882a593Smuzhiyun #ifdef DEBUG
75*4882a593Smuzhiyun bpf_printk("Returning %d\n", rv);
76*4882a593Smuzhiyun #endif
77*4882a593Smuzhiyun skops->reply = rv;
78*4882a593Smuzhiyun return 1;
79*4882a593Smuzhiyun }
80*4882a593Smuzhiyun char _license[] SEC("license") = "GPL";
81