xref: /OK3568_Linux_fs/kernel/samples/bpf/xdp_tx_iptunnel_kern.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun /* Copyright (c) 2016 Facebook
2*4882a593Smuzhiyun  *
3*4882a593Smuzhiyun  * This program is free software; you can redistribute it and/or
4*4882a593Smuzhiyun  * modify it under the terms of version 2 of the GNU General Public
5*4882a593Smuzhiyun  * License as published by the Free Software Foundation.
6*4882a593Smuzhiyun  *
7*4882a593Smuzhiyun  * This program shows how to use bpf_xdp_adjust_head() by
8*4882a593Smuzhiyun  * encapsulating the incoming packet in an IPv4/v6 header
9*4882a593Smuzhiyun  * and then XDP_TX it out.
10*4882a593Smuzhiyun  */
11*4882a593Smuzhiyun #define KBUILD_MODNAME "foo"
12*4882a593Smuzhiyun #include <uapi/linux/bpf.h>
13*4882a593Smuzhiyun #include <linux/in.h>
14*4882a593Smuzhiyun #include <linux/if_ether.h>
15*4882a593Smuzhiyun #include <linux/if_packet.h>
16*4882a593Smuzhiyun #include <linux/if_vlan.h>
17*4882a593Smuzhiyun #include <linux/ip.h>
18*4882a593Smuzhiyun #include <linux/ipv6.h>
19*4882a593Smuzhiyun #include <bpf/bpf_helpers.h>
20*4882a593Smuzhiyun #include "xdp_tx_iptunnel_common.h"
21*4882a593Smuzhiyun 
22*4882a593Smuzhiyun struct {
23*4882a593Smuzhiyun 	__uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
24*4882a593Smuzhiyun 	__type(key, __u32);
25*4882a593Smuzhiyun 	__type(value, __u64);
26*4882a593Smuzhiyun 	__uint(max_entries, 256);
27*4882a593Smuzhiyun } rxcnt SEC(".maps");
28*4882a593Smuzhiyun 
29*4882a593Smuzhiyun struct {
30*4882a593Smuzhiyun 	__uint(type, BPF_MAP_TYPE_HASH);
31*4882a593Smuzhiyun 	__type(key, struct vip);
32*4882a593Smuzhiyun 	__type(value, struct iptnl_info);
33*4882a593Smuzhiyun 	__uint(max_entries, MAX_IPTNL_ENTRIES);
34*4882a593Smuzhiyun } vip2tnl SEC(".maps");
35*4882a593Smuzhiyun 
count_tx(u32 protocol)36*4882a593Smuzhiyun static __always_inline void count_tx(u32 protocol)
37*4882a593Smuzhiyun {
38*4882a593Smuzhiyun 	u64 *rxcnt_count;
39*4882a593Smuzhiyun 
40*4882a593Smuzhiyun 	rxcnt_count = bpf_map_lookup_elem(&rxcnt, &protocol);
41*4882a593Smuzhiyun 	if (rxcnt_count)
42*4882a593Smuzhiyun 		*rxcnt_count += 1;
43*4882a593Smuzhiyun }
44*4882a593Smuzhiyun 
get_dport(void * trans_data,void * data_end,u8 protocol)45*4882a593Smuzhiyun static __always_inline int get_dport(void *trans_data, void *data_end,
46*4882a593Smuzhiyun 				     u8 protocol)
47*4882a593Smuzhiyun {
48*4882a593Smuzhiyun 	struct tcphdr *th;
49*4882a593Smuzhiyun 	struct udphdr *uh;
50*4882a593Smuzhiyun 
51*4882a593Smuzhiyun 	switch (protocol) {
52*4882a593Smuzhiyun 	case IPPROTO_TCP:
53*4882a593Smuzhiyun 		th = (struct tcphdr *)trans_data;
54*4882a593Smuzhiyun 		if (th + 1 > data_end)
55*4882a593Smuzhiyun 			return -1;
56*4882a593Smuzhiyun 		return th->dest;
57*4882a593Smuzhiyun 	case IPPROTO_UDP:
58*4882a593Smuzhiyun 		uh = (struct udphdr *)trans_data;
59*4882a593Smuzhiyun 		if (uh + 1 > data_end)
60*4882a593Smuzhiyun 			return -1;
61*4882a593Smuzhiyun 		return uh->dest;
62*4882a593Smuzhiyun 	default:
63*4882a593Smuzhiyun 		return 0;
64*4882a593Smuzhiyun 	}
65*4882a593Smuzhiyun }
66*4882a593Smuzhiyun 
set_ethhdr(struct ethhdr * new_eth,const struct ethhdr * old_eth,const struct iptnl_info * tnl,__be16 h_proto)67*4882a593Smuzhiyun static __always_inline void set_ethhdr(struct ethhdr *new_eth,
68*4882a593Smuzhiyun 				       const struct ethhdr *old_eth,
69*4882a593Smuzhiyun 				       const struct iptnl_info *tnl,
70*4882a593Smuzhiyun 				       __be16 h_proto)
71*4882a593Smuzhiyun {
72*4882a593Smuzhiyun 	memcpy(new_eth->h_source, old_eth->h_dest, sizeof(new_eth->h_source));
73*4882a593Smuzhiyun 	memcpy(new_eth->h_dest, tnl->dmac, sizeof(new_eth->h_dest));
74*4882a593Smuzhiyun 	new_eth->h_proto = h_proto;
75*4882a593Smuzhiyun }
76*4882a593Smuzhiyun 
handle_ipv4(struct xdp_md * xdp)77*4882a593Smuzhiyun static __always_inline int handle_ipv4(struct xdp_md *xdp)
78*4882a593Smuzhiyun {
79*4882a593Smuzhiyun 	void *data_end = (void *)(long)xdp->data_end;
80*4882a593Smuzhiyun 	void *data = (void *)(long)xdp->data;
81*4882a593Smuzhiyun 	struct iptnl_info *tnl;
82*4882a593Smuzhiyun 	struct ethhdr *new_eth;
83*4882a593Smuzhiyun 	struct ethhdr *old_eth;
84*4882a593Smuzhiyun 	struct iphdr *iph = data + sizeof(struct ethhdr);
85*4882a593Smuzhiyun 	u16 *next_iph_u16;
86*4882a593Smuzhiyun 	u16 payload_len;
87*4882a593Smuzhiyun 	struct vip vip = {};
88*4882a593Smuzhiyun 	int dport;
89*4882a593Smuzhiyun 	u32 csum = 0;
90*4882a593Smuzhiyun 	int i;
91*4882a593Smuzhiyun 
92*4882a593Smuzhiyun 	if (iph + 1 > data_end)
93*4882a593Smuzhiyun 		return XDP_DROP;
94*4882a593Smuzhiyun 
95*4882a593Smuzhiyun 	dport = get_dport(iph + 1, data_end, iph->protocol);
96*4882a593Smuzhiyun 	if (dport == -1)
97*4882a593Smuzhiyun 		return XDP_DROP;
98*4882a593Smuzhiyun 
99*4882a593Smuzhiyun 	vip.protocol = iph->protocol;
100*4882a593Smuzhiyun 	vip.family = AF_INET;
101*4882a593Smuzhiyun 	vip.daddr.v4 = iph->daddr;
102*4882a593Smuzhiyun 	vip.dport = dport;
103*4882a593Smuzhiyun 	payload_len = ntohs(iph->tot_len);
104*4882a593Smuzhiyun 
105*4882a593Smuzhiyun 	tnl = bpf_map_lookup_elem(&vip2tnl, &vip);
106*4882a593Smuzhiyun 	/* It only does v4-in-v4 */
107*4882a593Smuzhiyun 	if (!tnl || tnl->family != AF_INET)
108*4882a593Smuzhiyun 		return XDP_PASS;
109*4882a593Smuzhiyun 
110*4882a593Smuzhiyun 	/* The vip key is found.  Add an IP header and send it out */
111*4882a593Smuzhiyun 
112*4882a593Smuzhiyun 	if (bpf_xdp_adjust_head(xdp, 0 - (int)sizeof(struct iphdr)))
113*4882a593Smuzhiyun 		return XDP_DROP;
114*4882a593Smuzhiyun 
115*4882a593Smuzhiyun 	data = (void *)(long)xdp->data;
116*4882a593Smuzhiyun 	data_end = (void *)(long)xdp->data_end;
117*4882a593Smuzhiyun 
118*4882a593Smuzhiyun 	new_eth = data;
119*4882a593Smuzhiyun 	iph = data + sizeof(*new_eth);
120*4882a593Smuzhiyun 	old_eth = data + sizeof(*iph);
121*4882a593Smuzhiyun 
122*4882a593Smuzhiyun 	if (new_eth + 1 > data_end ||
123*4882a593Smuzhiyun 	    old_eth + 1 > data_end ||
124*4882a593Smuzhiyun 	    iph + 1 > data_end)
125*4882a593Smuzhiyun 		return XDP_DROP;
126*4882a593Smuzhiyun 
127*4882a593Smuzhiyun 	set_ethhdr(new_eth, old_eth, tnl, htons(ETH_P_IP));
128*4882a593Smuzhiyun 
129*4882a593Smuzhiyun 	iph->version = 4;
130*4882a593Smuzhiyun 	iph->ihl = sizeof(*iph) >> 2;
131*4882a593Smuzhiyun 	iph->frag_off =	0;
132*4882a593Smuzhiyun 	iph->protocol = IPPROTO_IPIP;
133*4882a593Smuzhiyun 	iph->check = 0;
134*4882a593Smuzhiyun 	iph->tos = 0;
135*4882a593Smuzhiyun 	iph->tot_len = htons(payload_len + sizeof(*iph));
136*4882a593Smuzhiyun 	iph->daddr = tnl->daddr.v4;
137*4882a593Smuzhiyun 	iph->saddr = tnl->saddr.v4;
138*4882a593Smuzhiyun 	iph->ttl = 8;
139*4882a593Smuzhiyun 
140*4882a593Smuzhiyun 	next_iph_u16 = (u16 *)iph;
141*4882a593Smuzhiyun #pragma clang loop unroll(full)
142*4882a593Smuzhiyun 	for (i = 0; i < sizeof(*iph) >> 1; i++)
143*4882a593Smuzhiyun 		csum += *next_iph_u16++;
144*4882a593Smuzhiyun 
145*4882a593Smuzhiyun 	iph->check = ~((csum & 0xffff) + (csum >> 16));
146*4882a593Smuzhiyun 
147*4882a593Smuzhiyun 	count_tx(vip.protocol);
148*4882a593Smuzhiyun 
149*4882a593Smuzhiyun 	return XDP_TX;
150*4882a593Smuzhiyun }
151*4882a593Smuzhiyun 
handle_ipv6(struct xdp_md * xdp)152*4882a593Smuzhiyun static __always_inline int handle_ipv6(struct xdp_md *xdp)
153*4882a593Smuzhiyun {
154*4882a593Smuzhiyun 	void *data_end = (void *)(long)xdp->data_end;
155*4882a593Smuzhiyun 	void *data = (void *)(long)xdp->data;
156*4882a593Smuzhiyun 	struct iptnl_info *tnl;
157*4882a593Smuzhiyun 	struct ethhdr *new_eth;
158*4882a593Smuzhiyun 	struct ethhdr *old_eth;
159*4882a593Smuzhiyun 	struct ipv6hdr *ip6h = data + sizeof(struct ethhdr);
160*4882a593Smuzhiyun 	__u16 payload_len;
161*4882a593Smuzhiyun 	struct vip vip = {};
162*4882a593Smuzhiyun 	int dport;
163*4882a593Smuzhiyun 
164*4882a593Smuzhiyun 	if (ip6h + 1 > data_end)
165*4882a593Smuzhiyun 		return XDP_DROP;
166*4882a593Smuzhiyun 
167*4882a593Smuzhiyun 	dport = get_dport(ip6h + 1, data_end, ip6h->nexthdr);
168*4882a593Smuzhiyun 	if (dport == -1)
169*4882a593Smuzhiyun 		return XDP_DROP;
170*4882a593Smuzhiyun 
171*4882a593Smuzhiyun 	vip.protocol = ip6h->nexthdr;
172*4882a593Smuzhiyun 	vip.family = AF_INET6;
173*4882a593Smuzhiyun 	memcpy(vip.daddr.v6, ip6h->daddr.s6_addr32, sizeof(vip.daddr));
174*4882a593Smuzhiyun 	vip.dport = dport;
175*4882a593Smuzhiyun 	payload_len = ip6h->payload_len;
176*4882a593Smuzhiyun 
177*4882a593Smuzhiyun 	tnl = bpf_map_lookup_elem(&vip2tnl, &vip);
178*4882a593Smuzhiyun 	/* It only does v6-in-v6 */
179*4882a593Smuzhiyun 	if (!tnl || tnl->family != AF_INET6)
180*4882a593Smuzhiyun 		return XDP_PASS;
181*4882a593Smuzhiyun 
182*4882a593Smuzhiyun 	/* The vip key is found.  Add an IP header and send it out */
183*4882a593Smuzhiyun 
184*4882a593Smuzhiyun 	if (bpf_xdp_adjust_head(xdp, 0 - (int)sizeof(struct ipv6hdr)))
185*4882a593Smuzhiyun 		return XDP_DROP;
186*4882a593Smuzhiyun 
187*4882a593Smuzhiyun 	data = (void *)(long)xdp->data;
188*4882a593Smuzhiyun 	data_end = (void *)(long)xdp->data_end;
189*4882a593Smuzhiyun 
190*4882a593Smuzhiyun 	new_eth = data;
191*4882a593Smuzhiyun 	ip6h = data + sizeof(*new_eth);
192*4882a593Smuzhiyun 	old_eth = data + sizeof(*ip6h);
193*4882a593Smuzhiyun 
194*4882a593Smuzhiyun 	if (new_eth + 1 > data_end ||
195*4882a593Smuzhiyun 	    old_eth + 1 > data_end ||
196*4882a593Smuzhiyun 	    ip6h + 1 > data_end)
197*4882a593Smuzhiyun 		return XDP_DROP;
198*4882a593Smuzhiyun 
199*4882a593Smuzhiyun 	set_ethhdr(new_eth, old_eth, tnl, htons(ETH_P_IPV6));
200*4882a593Smuzhiyun 
201*4882a593Smuzhiyun 	ip6h->version = 6;
202*4882a593Smuzhiyun 	ip6h->priority = 0;
203*4882a593Smuzhiyun 	memset(ip6h->flow_lbl, 0, sizeof(ip6h->flow_lbl));
204*4882a593Smuzhiyun 	ip6h->payload_len = htons(ntohs(payload_len) + sizeof(*ip6h));
205*4882a593Smuzhiyun 	ip6h->nexthdr = IPPROTO_IPV6;
206*4882a593Smuzhiyun 	ip6h->hop_limit = 8;
207*4882a593Smuzhiyun 	memcpy(ip6h->saddr.s6_addr32, tnl->saddr.v6, sizeof(tnl->saddr.v6));
208*4882a593Smuzhiyun 	memcpy(ip6h->daddr.s6_addr32, tnl->daddr.v6, sizeof(tnl->daddr.v6));
209*4882a593Smuzhiyun 
210*4882a593Smuzhiyun 	count_tx(vip.protocol);
211*4882a593Smuzhiyun 
212*4882a593Smuzhiyun 	return XDP_TX;
213*4882a593Smuzhiyun }
214*4882a593Smuzhiyun 
215*4882a593Smuzhiyun SEC("xdp_tx_iptunnel")
_xdp_tx_iptunnel(struct xdp_md * xdp)216*4882a593Smuzhiyun int _xdp_tx_iptunnel(struct xdp_md *xdp)
217*4882a593Smuzhiyun {
218*4882a593Smuzhiyun 	void *data_end = (void *)(long)xdp->data_end;
219*4882a593Smuzhiyun 	void *data = (void *)(long)xdp->data;
220*4882a593Smuzhiyun 	struct ethhdr *eth = data;
221*4882a593Smuzhiyun 	__u16 h_proto;
222*4882a593Smuzhiyun 
223*4882a593Smuzhiyun 	if (eth + 1 > data_end)
224*4882a593Smuzhiyun 		return XDP_DROP;
225*4882a593Smuzhiyun 
226*4882a593Smuzhiyun 	h_proto = eth->h_proto;
227*4882a593Smuzhiyun 
228*4882a593Smuzhiyun 	if (h_proto == htons(ETH_P_IP))
229*4882a593Smuzhiyun 		return handle_ipv4(xdp);
230*4882a593Smuzhiyun 	else if (h_proto == htons(ETH_P_IPV6))
231*4882a593Smuzhiyun 
232*4882a593Smuzhiyun 		return handle_ipv6(xdp);
233*4882a593Smuzhiyun 	else
234*4882a593Smuzhiyun 		return XDP_PASS;
235*4882a593Smuzhiyun }
236*4882a593Smuzhiyun 
237*4882a593Smuzhiyun char _license[] SEC("license") = "GPL";
238