1*4882a593Smuzhiyun { 2*4882a593Smuzhiyun "direct packet read test#1 for CGROUP_SKB", 3*4882a593Smuzhiyun .insns = { 4*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 5*4882a593Smuzhiyun offsetof(struct __sk_buff, data)), 6*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 7*4882a593Smuzhiyun offsetof(struct __sk_buff, data_end)), 8*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, 9*4882a593Smuzhiyun offsetof(struct __sk_buff, len)), 10*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, 11*4882a593Smuzhiyun offsetof(struct __sk_buff, pkt_type)), 12*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, 13*4882a593Smuzhiyun offsetof(struct __sk_buff, mark)), 14*4882a593Smuzhiyun BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_6, 15*4882a593Smuzhiyun offsetof(struct __sk_buff, mark)), 16*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1, 17*4882a593Smuzhiyun offsetof(struct __sk_buff, queue_mapping)), 18*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_8, BPF_REG_1, 19*4882a593Smuzhiyun offsetof(struct __sk_buff, protocol)), 20*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_9, BPF_REG_1, 21*4882a593Smuzhiyun offsetof(struct __sk_buff, vlan_present)), 22*4882a593Smuzhiyun BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), 23*4882a593Smuzhiyun BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), 24*4882a593Smuzhiyun BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), 25*4882a593Smuzhiyun BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), 26*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 27*4882a593Smuzhiyun BPF_EXIT_INSN(), 28*4882a593Smuzhiyun }, 29*4882a593Smuzhiyun .result = ACCEPT, 30*4882a593Smuzhiyun .result_unpriv = REJECT, 31*4882a593Smuzhiyun .errstr_unpriv = "invalid bpf_context access off=76 size=4", 32*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 33*4882a593Smuzhiyun }, 34*4882a593Smuzhiyun { 35*4882a593Smuzhiyun "direct packet read test#2 for CGROUP_SKB", 36*4882a593Smuzhiyun .insns = { 37*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, 38*4882a593Smuzhiyun offsetof(struct __sk_buff, vlan_tci)), 39*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, 40*4882a593Smuzhiyun offsetof(struct __sk_buff, vlan_proto)), 41*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, 42*4882a593Smuzhiyun offsetof(struct __sk_buff, priority)), 43*4882a593Smuzhiyun BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_6, 44*4882a593Smuzhiyun offsetof(struct __sk_buff, priority)), 45*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1, 46*4882a593Smuzhiyun offsetof(struct __sk_buff, ingress_ifindex)), 47*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_8, BPF_REG_1, 48*4882a593Smuzhiyun offsetof(struct __sk_buff, tc_index)), 49*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_9, BPF_REG_1, 50*4882a593Smuzhiyun offsetof(struct __sk_buff, hash)), 51*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 52*4882a593Smuzhiyun BPF_EXIT_INSN(), 53*4882a593Smuzhiyun }, 54*4882a593Smuzhiyun .result = ACCEPT, 55*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 56*4882a593Smuzhiyun }, 57*4882a593Smuzhiyun { 58*4882a593Smuzhiyun "direct packet read test#3 for CGROUP_SKB", 59*4882a593Smuzhiyun .insns = { 60*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, 61*4882a593Smuzhiyun offsetof(struct __sk_buff, cb[0])), 62*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, 63*4882a593Smuzhiyun offsetof(struct __sk_buff, cb[1])), 64*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, 65*4882a593Smuzhiyun offsetof(struct __sk_buff, cb[2])), 66*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1, 67*4882a593Smuzhiyun offsetof(struct __sk_buff, cb[3])), 68*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_8, BPF_REG_1, 69*4882a593Smuzhiyun offsetof(struct __sk_buff, cb[4])), 70*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_9, BPF_REG_1, 71*4882a593Smuzhiyun offsetof(struct __sk_buff, napi_id)), 72*4882a593Smuzhiyun BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_4, 73*4882a593Smuzhiyun offsetof(struct __sk_buff, cb[0])), 74*4882a593Smuzhiyun BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_5, 75*4882a593Smuzhiyun offsetof(struct __sk_buff, cb[1])), 76*4882a593Smuzhiyun BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_6, 77*4882a593Smuzhiyun offsetof(struct __sk_buff, cb[2])), 78*4882a593Smuzhiyun BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_7, 79*4882a593Smuzhiyun offsetof(struct __sk_buff, cb[3])), 80*4882a593Smuzhiyun BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_8, 81*4882a593Smuzhiyun offsetof(struct __sk_buff, cb[4])), 82*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 83*4882a593Smuzhiyun BPF_EXIT_INSN(), 84*4882a593Smuzhiyun }, 85*4882a593Smuzhiyun .result = ACCEPT, 86*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 87*4882a593Smuzhiyun }, 88*4882a593Smuzhiyun { 89*4882a593Smuzhiyun "direct packet read test#4 for CGROUP_SKB", 90*4882a593Smuzhiyun .insns = { 91*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, 92*4882a593Smuzhiyun offsetof(struct __sk_buff, family)), 93*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, 94*4882a593Smuzhiyun offsetof(struct __sk_buff, remote_ip4)), 95*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, 96*4882a593Smuzhiyun offsetof(struct __sk_buff, local_ip4)), 97*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, 98*4882a593Smuzhiyun offsetof(struct __sk_buff, remote_ip6[0])), 99*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, 100*4882a593Smuzhiyun offsetof(struct __sk_buff, remote_ip6[1])), 101*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, 102*4882a593Smuzhiyun offsetof(struct __sk_buff, remote_ip6[2])), 103*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, 104*4882a593Smuzhiyun offsetof(struct __sk_buff, remote_ip6[3])), 105*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, 106*4882a593Smuzhiyun offsetof(struct __sk_buff, local_ip6[0])), 107*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, 108*4882a593Smuzhiyun offsetof(struct __sk_buff, local_ip6[1])), 109*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, 110*4882a593Smuzhiyun offsetof(struct __sk_buff, local_ip6[2])), 111*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, 112*4882a593Smuzhiyun offsetof(struct __sk_buff, local_ip6[3])), 113*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1, 114*4882a593Smuzhiyun offsetof(struct __sk_buff, remote_port)), 115*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_8, BPF_REG_1, 116*4882a593Smuzhiyun offsetof(struct __sk_buff, local_port)), 117*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 118*4882a593Smuzhiyun BPF_EXIT_INSN(), 119*4882a593Smuzhiyun }, 120*4882a593Smuzhiyun .result = ACCEPT, 121*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 122*4882a593Smuzhiyun }, 123*4882a593Smuzhiyun { 124*4882a593Smuzhiyun "invalid access of tc_classid for CGROUP_SKB", 125*4882a593Smuzhiyun .insns = { 126*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 127*4882a593Smuzhiyun offsetof(struct __sk_buff, tc_classid)), 128*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 129*4882a593Smuzhiyun BPF_EXIT_INSN(), 130*4882a593Smuzhiyun }, 131*4882a593Smuzhiyun .result = REJECT, 132*4882a593Smuzhiyun .errstr = "invalid bpf_context access", 133*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 134*4882a593Smuzhiyun }, 135*4882a593Smuzhiyun { 136*4882a593Smuzhiyun "invalid access of data_meta for CGROUP_SKB", 137*4882a593Smuzhiyun .insns = { 138*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 139*4882a593Smuzhiyun offsetof(struct __sk_buff, data_meta)), 140*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 141*4882a593Smuzhiyun BPF_EXIT_INSN(), 142*4882a593Smuzhiyun }, 143*4882a593Smuzhiyun .result = REJECT, 144*4882a593Smuzhiyun .errstr = "invalid bpf_context access", 145*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 146*4882a593Smuzhiyun }, 147*4882a593Smuzhiyun { 148*4882a593Smuzhiyun "invalid access of flow_keys for CGROUP_SKB", 149*4882a593Smuzhiyun .insns = { 150*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, 151*4882a593Smuzhiyun offsetof(struct __sk_buff, flow_keys)), 152*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 153*4882a593Smuzhiyun BPF_EXIT_INSN(), 154*4882a593Smuzhiyun }, 155*4882a593Smuzhiyun .result = REJECT, 156*4882a593Smuzhiyun .errstr = "invalid bpf_context access", 157*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 158*4882a593Smuzhiyun }, 159*4882a593Smuzhiyun { 160*4882a593Smuzhiyun "invalid write access to napi_id for CGROUP_SKB", 161*4882a593Smuzhiyun .insns = { 162*4882a593Smuzhiyun BPF_LDX_MEM(BPF_W, BPF_REG_9, BPF_REG_1, 163*4882a593Smuzhiyun offsetof(struct __sk_buff, napi_id)), 164*4882a593Smuzhiyun BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_9, 165*4882a593Smuzhiyun offsetof(struct __sk_buff, napi_id)), 166*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 167*4882a593Smuzhiyun BPF_EXIT_INSN(), 168*4882a593Smuzhiyun }, 169*4882a593Smuzhiyun .result = REJECT, 170*4882a593Smuzhiyun .errstr = "invalid bpf_context access", 171*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 172*4882a593Smuzhiyun }, 173*4882a593Smuzhiyun { 174*4882a593Smuzhiyun "write tstamp from CGROUP_SKB", 175*4882a593Smuzhiyun .insns = { 176*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 177*4882a593Smuzhiyun BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, 178*4882a593Smuzhiyun offsetof(struct __sk_buff, tstamp)), 179*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 180*4882a593Smuzhiyun BPF_EXIT_INSN(), 181*4882a593Smuzhiyun }, 182*4882a593Smuzhiyun .result = ACCEPT, 183*4882a593Smuzhiyun .result_unpriv = REJECT, 184*4882a593Smuzhiyun .errstr_unpriv = "invalid bpf_context access off=152 size=8", 185*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 186*4882a593Smuzhiyun }, 187*4882a593Smuzhiyun { 188*4882a593Smuzhiyun "read tstamp from CGROUP_SKB", 189*4882a593Smuzhiyun .insns = { 190*4882a593Smuzhiyun BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, 191*4882a593Smuzhiyun offsetof(struct __sk_buff, tstamp)), 192*4882a593Smuzhiyun BPF_MOV64_IMM(BPF_REG_0, 0), 193*4882a593Smuzhiyun BPF_EXIT_INSN(), 194*4882a593Smuzhiyun }, 195*4882a593Smuzhiyun .result = ACCEPT, 196*4882a593Smuzhiyun .prog_type = BPF_PROG_TYPE_CGROUP_SKB, 197*4882a593Smuzhiyun }, 198