1*4882a593Smuzhiyun /* Copyright (c) 2016,2017 Facebook
2*4882a593Smuzhiyun *
3*4882a593Smuzhiyun * This program is free software; you can redistribute it and/or
4*4882a593Smuzhiyun * modify it under the terms of version 2 of the GNU General Public
5*4882a593Smuzhiyun * License as published by the Free Software Foundation.
6*4882a593Smuzhiyun */
7*4882a593Smuzhiyun #include <stddef.h>
8*4882a593Smuzhiyun #include <string.h>
9*4882a593Smuzhiyun #include <linux/bpf.h>
10*4882a593Smuzhiyun #include <linux/if_ether.h>
11*4882a593Smuzhiyun #include <linux/if_packet.h>
12*4882a593Smuzhiyun #include <linux/ip.h>
13*4882a593Smuzhiyun #include <linux/ipv6.h>
14*4882a593Smuzhiyun #include <linux/in.h>
15*4882a593Smuzhiyun #include <linux/udp.h>
16*4882a593Smuzhiyun #include <linux/tcp.h>
17*4882a593Smuzhiyun #include <linux/pkt_cls.h>
18*4882a593Smuzhiyun #include <sys/socket.h>
19*4882a593Smuzhiyun #include <bpf/bpf_helpers.h>
20*4882a593Smuzhiyun #include <bpf/bpf_endian.h>
21*4882a593Smuzhiyun #include "test_iptunnel_common.h"
22*4882a593Smuzhiyun
23*4882a593Smuzhiyun int _version SEC("version") = 1;
24*4882a593Smuzhiyun
25*4882a593Smuzhiyun struct {
26*4882a593Smuzhiyun __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
27*4882a593Smuzhiyun __uint(max_entries, 256);
28*4882a593Smuzhiyun __type(key, __u32);
29*4882a593Smuzhiyun __type(value, __u64);
30*4882a593Smuzhiyun } rxcnt SEC(".maps");
31*4882a593Smuzhiyun
32*4882a593Smuzhiyun struct {
33*4882a593Smuzhiyun __uint(type, BPF_MAP_TYPE_HASH);
34*4882a593Smuzhiyun __uint(max_entries, MAX_IPTNL_ENTRIES);
35*4882a593Smuzhiyun __type(key, struct vip);
36*4882a593Smuzhiyun __type(value, struct iptnl_info);
37*4882a593Smuzhiyun } vip2tnl SEC(".maps");
38*4882a593Smuzhiyun
count_tx(__u32 protocol)39*4882a593Smuzhiyun static __always_inline void count_tx(__u32 protocol)
40*4882a593Smuzhiyun {
41*4882a593Smuzhiyun __u64 *rxcnt_count;
42*4882a593Smuzhiyun
43*4882a593Smuzhiyun rxcnt_count = bpf_map_lookup_elem(&rxcnt, &protocol);
44*4882a593Smuzhiyun if (rxcnt_count)
45*4882a593Smuzhiyun *rxcnt_count += 1;
46*4882a593Smuzhiyun }
47*4882a593Smuzhiyun
get_dport(void * trans_data,void * data_end,__u8 protocol)48*4882a593Smuzhiyun static __always_inline int get_dport(void *trans_data, void *data_end,
49*4882a593Smuzhiyun __u8 protocol)
50*4882a593Smuzhiyun {
51*4882a593Smuzhiyun struct tcphdr *th;
52*4882a593Smuzhiyun struct udphdr *uh;
53*4882a593Smuzhiyun
54*4882a593Smuzhiyun switch (protocol) {
55*4882a593Smuzhiyun case IPPROTO_TCP:
56*4882a593Smuzhiyun th = (struct tcphdr *)trans_data;
57*4882a593Smuzhiyun if (th + 1 > data_end)
58*4882a593Smuzhiyun return -1;
59*4882a593Smuzhiyun return th->dest;
60*4882a593Smuzhiyun case IPPROTO_UDP:
61*4882a593Smuzhiyun uh = (struct udphdr *)trans_data;
62*4882a593Smuzhiyun if (uh + 1 > data_end)
63*4882a593Smuzhiyun return -1;
64*4882a593Smuzhiyun return uh->dest;
65*4882a593Smuzhiyun default:
66*4882a593Smuzhiyun return 0;
67*4882a593Smuzhiyun }
68*4882a593Smuzhiyun }
69*4882a593Smuzhiyun
set_ethhdr(struct ethhdr * new_eth,const struct ethhdr * old_eth,const struct iptnl_info * tnl,__be16 h_proto)70*4882a593Smuzhiyun static __always_inline void set_ethhdr(struct ethhdr *new_eth,
71*4882a593Smuzhiyun const struct ethhdr *old_eth,
72*4882a593Smuzhiyun const struct iptnl_info *tnl,
73*4882a593Smuzhiyun __be16 h_proto)
74*4882a593Smuzhiyun {
75*4882a593Smuzhiyun memcpy(new_eth->h_source, old_eth->h_dest, sizeof(new_eth->h_source));
76*4882a593Smuzhiyun memcpy(new_eth->h_dest, tnl->dmac, sizeof(new_eth->h_dest));
77*4882a593Smuzhiyun new_eth->h_proto = h_proto;
78*4882a593Smuzhiyun }
79*4882a593Smuzhiyun
handle_ipv4(struct xdp_md * xdp)80*4882a593Smuzhiyun static __always_inline int handle_ipv4(struct xdp_md *xdp)
81*4882a593Smuzhiyun {
82*4882a593Smuzhiyun void *data_end = (void *)(long)xdp->data_end;
83*4882a593Smuzhiyun void *data = (void *)(long)xdp->data;
84*4882a593Smuzhiyun struct iptnl_info *tnl;
85*4882a593Smuzhiyun struct ethhdr *new_eth;
86*4882a593Smuzhiyun struct ethhdr *old_eth;
87*4882a593Smuzhiyun struct iphdr *iph = data + sizeof(struct ethhdr);
88*4882a593Smuzhiyun __u16 *next_iph;
89*4882a593Smuzhiyun __u16 payload_len;
90*4882a593Smuzhiyun struct vip vip = {};
91*4882a593Smuzhiyun int dport;
92*4882a593Smuzhiyun __u32 csum = 0;
93*4882a593Smuzhiyun int i;
94*4882a593Smuzhiyun
95*4882a593Smuzhiyun if (iph + 1 > data_end)
96*4882a593Smuzhiyun return XDP_DROP;
97*4882a593Smuzhiyun
98*4882a593Smuzhiyun dport = get_dport(iph + 1, data_end, iph->protocol);
99*4882a593Smuzhiyun if (dport == -1)
100*4882a593Smuzhiyun return XDP_DROP;
101*4882a593Smuzhiyun
102*4882a593Smuzhiyun vip.protocol = iph->protocol;
103*4882a593Smuzhiyun vip.family = AF_INET;
104*4882a593Smuzhiyun vip.daddr.v4 = iph->daddr;
105*4882a593Smuzhiyun vip.dport = dport;
106*4882a593Smuzhiyun payload_len = bpf_ntohs(iph->tot_len);
107*4882a593Smuzhiyun
108*4882a593Smuzhiyun tnl = bpf_map_lookup_elem(&vip2tnl, &vip);
109*4882a593Smuzhiyun /* It only does v4-in-v4 */
110*4882a593Smuzhiyun if (!tnl || tnl->family != AF_INET)
111*4882a593Smuzhiyun return XDP_PASS;
112*4882a593Smuzhiyun
113*4882a593Smuzhiyun if (bpf_xdp_adjust_head(xdp, 0 - (int)sizeof(struct iphdr)))
114*4882a593Smuzhiyun return XDP_DROP;
115*4882a593Smuzhiyun
116*4882a593Smuzhiyun data = (void *)(long)xdp->data;
117*4882a593Smuzhiyun data_end = (void *)(long)xdp->data_end;
118*4882a593Smuzhiyun
119*4882a593Smuzhiyun new_eth = data;
120*4882a593Smuzhiyun iph = data + sizeof(*new_eth);
121*4882a593Smuzhiyun old_eth = data + sizeof(*iph);
122*4882a593Smuzhiyun
123*4882a593Smuzhiyun if (new_eth + 1 > data_end ||
124*4882a593Smuzhiyun old_eth + 1 > data_end ||
125*4882a593Smuzhiyun iph + 1 > data_end)
126*4882a593Smuzhiyun return XDP_DROP;
127*4882a593Smuzhiyun
128*4882a593Smuzhiyun set_ethhdr(new_eth, old_eth, tnl, bpf_htons(ETH_P_IP));
129*4882a593Smuzhiyun
130*4882a593Smuzhiyun iph->version = 4;
131*4882a593Smuzhiyun iph->ihl = sizeof(*iph) >> 2;
132*4882a593Smuzhiyun iph->frag_off = 0;
133*4882a593Smuzhiyun iph->protocol = IPPROTO_IPIP;
134*4882a593Smuzhiyun iph->check = 0;
135*4882a593Smuzhiyun iph->tos = 0;
136*4882a593Smuzhiyun iph->tot_len = bpf_htons(payload_len + sizeof(*iph));
137*4882a593Smuzhiyun iph->daddr = tnl->daddr.v4;
138*4882a593Smuzhiyun iph->saddr = tnl->saddr.v4;
139*4882a593Smuzhiyun iph->ttl = 8;
140*4882a593Smuzhiyun
141*4882a593Smuzhiyun next_iph = (__u16 *)iph;
142*4882a593Smuzhiyun #pragma clang loop unroll(full)
143*4882a593Smuzhiyun for (i = 0; i < sizeof(*iph) >> 1; i++)
144*4882a593Smuzhiyun csum += *next_iph++;
145*4882a593Smuzhiyun
146*4882a593Smuzhiyun iph->check = ~((csum & 0xffff) + (csum >> 16));
147*4882a593Smuzhiyun
148*4882a593Smuzhiyun count_tx(vip.protocol);
149*4882a593Smuzhiyun
150*4882a593Smuzhiyun return XDP_TX;
151*4882a593Smuzhiyun }
152*4882a593Smuzhiyun
handle_ipv6(struct xdp_md * xdp)153*4882a593Smuzhiyun static __always_inline int handle_ipv6(struct xdp_md *xdp)
154*4882a593Smuzhiyun {
155*4882a593Smuzhiyun void *data_end = (void *)(long)xdp->data_end;
156*4882a593Smuzhiyun void *data = (void *)(long)xdp->data;
157*4882a593Smuzhiyun struct iptnl_info *tnl;
158*4882a593Smuzhiyun struct ethhdr *new_eth;
159*4882a593Smuzhiyun struct ethhdr *old_eth;
160*4882a593Smuzhiyun struct ipv6hdr *ip6h = data + sizeof(struct ethhdr);
161*4882a593Smuzhiyun __u16 payload_len;
162*4882a593Smuzhiyun struct vip vip = {};
163*4882a593Smuzhiyun int dport;
164*4882a593Smuzhiyun
165*4882a593Smuzhiyun if (ip6h + 1 > data_end)
166*4882a593Smuzhiyun return XDP_DROP;
167*4882a593Smuzhiyun
168*4882a593Smuzhiyun dport = get_dport(ip6h + 1, data_end, ip6h->nexthdr);
169*4882a593Smuzhiyun if (dport == -1)
170*4882a593Smuzhiyun return XDP_DROP;
171*4882a593Smuzhiyun
172*4882a593Smuzhiyun vip.protocol = ip6h->nexthdr;
173*4882a593Smuzhiyun vip.family = AF_INET6;
174*4882a593Smuzhiyun memcpy(vip.daddr.v6, ip6h->daddr.s6_addr32, sizeof(vip.daddr));
175*4882a593Smuzhiyun vip.dport = dport;
176*4882a593Smuzhiyun payload_len = ip6h->payload_len;
177*4882a593Smuzhiyun
178*4882a593Smuzhiyun tnl = bpf_map_lookup_elem(&vip2tnl, &vip);
179*4882a593Smuzhiyun /* It only does v6-in-v6 */
180*4882a593Smuzhiyun if (!tnl || tnl->family != AF_INET6)
181*4882a593Smuzhiyun return XDP_PASS;
182*4882a593Smuzhiyun
183*4882a593Smuzhiyun if (bpf_xdp_adjust_head(xdp, 0 - (int)sizeof(struct ipv6hdr)))
184*4882a593Smuzhiyun return XDP_DROP;
185*4882a593Smuzhiyun
186*4882a593Smuzhiyun data = (void *)(long)xdp->data;
187*4882a593Smuzhiyun data_end = (void *)(long)xdp->data_end;
188*4882a593Smuzhiyun
189*4882a593Smuzhiyun new_eth = data;
190*4882a593Smuzhiyun ip6h = data + sizeof(*new_eth);
191*4882a593Smuzhiyun old_eth = data + sizeof(*ip6h);
192*4882a593Smuzhiyun
193*4882a593Smuzhiyun if (new_eth + 1 > data_end || old_eth + 1 > data_end ||
194*4882a593Smuzhiyun ip6h + 1 > data_end)
195*4882a593Smuzhiyun return XDP_DROP;
196*4882a593Smuzhiyun
197*4882a593Smuzhiyun set_ethhdr(new_eth, old_eth, tnl, bpf_htons(ETH_P_IPV6));
198*4882a593Smuzhiyun
199*4882a593Smuzhiyun ip6h->version = 6;
200*4882a593Smuzhiyun ip6h->priority = 0;
201*4882a593Smuzhiyun memset(ip6h->flow_lbl, 0, sizeof(ip6h->flow_lbl));
202*4882a593Smuzhiyun ip6h->payload_len = bpf_htons(bpf_ntohs(payload_len) + sizeof(*ip6h));
203*4882a593Smuzhiyun ip6h->nexthdr = IPPROTO_IPV6;
204*4882a593Smuzhiyun ip6h->hop_limit = 8;
205*4882a593Smuzhiyun memcpy(ip6h->saddr.s6_addr32, tnl->saddr.v6, sizeof(tnl->saddr.v6));
206*4882a593Smuzhiyun memcpy(ip6h->daddr.s6_addr32, tnl->daddr.v6, sizeof(tnl->daddr.v6));
207*4882a593Smuzhiyun
208*4882a593Smuzhiyun count_tx(vip.protocol);
209*4882a593Smuzhiyun
210*4882a593Smuzhiyun return XDP_TX;
211*4882a593Smuzhiyun }
212*4882a593Smuzhiyun
213*4882a593Smuzhiyun SEC("xdp_tx_iptunnel")
_xdp_tx_iptunnel(struct xdp_md * xdp)214*4882a593Smuzhiyun int _xdp_tx_iptunnel(struct xdp_md *xdp)
215*4882a593Smuzhiyun {
216*4882a593Smuzhiyun void *data_end = (void *)(long)xdp->data_end;
217*4882a593Smuzhiyun void *data = (void *)(long)xdp->data;
218*4882a593Smuzhiyun struct ethhdr *eth = data;
219*4882a593Smuzhiyun __u16 h_proto;
220*4882a593Smuzhiyun
221*4882a593Smuzhiyun if (eth + 1 > data_end)
222*4882a593Smuzhiyun return XDP_DROP;
223*4882a593Smuzhiyun
224*4882a593Smuzhiyun h_proto = eth->h_proto;
225*4882a593Smuzhiyun
226*4882a593Smuzhiyun if (h_proto == bpf_htons(ETH_P_IP))
227*4882a593Smuzhiyun return handle_ipv4(xdp);
228*4882a593Smuzhiyun else if (h_proto == bpf_htons(ETH_P_IPV6))
229*4882a593Smuzhiyun
230*4882a593Smuzhiyun return handle_ipv6(xdp);
231*4882a593Smuzhiyun else
232*4882a593Smuzhiyun return XDP_DROP;
233*4882a593Smuzhiyun }
234*4882a593Smuzhiyun
235*4882a593Smuzhiyun char _license[] SEC("license") = "GPL";
236