1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
// SPDX-License-Identifier: GPL-2.0
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_endian.h>
long process_byte = 0;
int verdict_dir = 0;
int dropped = 0;
int pkt_size = 0;
struct {
__uint(type, BPF_MAP_TYPE_SOCKMAP);
__uint(max_entries, 20);
__type(key, int);
__type(value, int);
} sock_map_rx SEC(".maps");
struct {
__uint(type, BPF_MAP_TYPE_SOCKMAP);
__uint(max_entries, 20);
__type(key, int);
__type(value, int);
} sock_map_tx SEC(".maps");
SEC("sk_skb/stream_parser")
int prog_skb_parser(struct __sk_buff *skb)
{
return pkt_size;
}
SEC("sk_skb/stream_verdict")
int prog_skb_verdict(struct __sk_buff *skb)
{
int one = 1;
int ret = bpf_sk_redirect_map(skb, &sock_map_rx, one, verdict_dir);
if (ret == SK_DROP)
dropped++;
__sync_fetch_and_add(&process_byte, skb->len);
return ret;
}
SEC("sk_skb/stream_verdict")
int prog_skb_pass(struct __sk_buff *skb)
{
__sync_fetch_and_add(&process_byte, skb->len);
return SK_PASS;
}
SEC("sk_msg")
int prog_skmsg_verdict(struct sk_msg_md *msg)
{
int one = 1;
__sync_fetch_and_add(&process_byte, msg->size);
return bpf_msg_redirect_map(msg, &sock_map_tx, one, verdict_dir);
}
SEC("sk_msg")
int prog_skmsg_pass(struct sk_msg_md *msg)
{
__sync_fetch_and_add(&process_byte, msg->size);
return SK_PASS;
}
char _license[] SEC("license") = "GPL";
|
