blob: bd3c657c58a79451d8f5c796400c4dfd92a16554 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2022 Meta Platforms, Inc. and affiliates. */
#include "vmlinux.h"
#include "bpf_tracing_net.h"
#include <bpf/bpf_helpers.h>
#include <bpf/bpf_endian.h>
#define UDP_TEST_PORT 7777
void *bpf_cast_to_kern_ctx(void *) __ksym;
bool init_csum_partial = false;
bool final_csum_none = false;
bool broken_csum_start = false;
static unsigned int skb_headlen(const struct sk_buff *skb)
{
return skb->len - skb->data_len;
}
static unsigned int skb_headroom(const struct sk_buff *skb)
{
return skb->data - skb->head;
}
static int skb_checksum_start_offset(const struct sk_buff *skb)
{
return skb->csum_start - skb_headroom(skb);
}
SEC("tc")
int decap_sanity(struct __sk_buff *skb)
{
struct sk_buff *kskb;
struct ipv6hdr ip6h;
struct udphdr udph;
int err;
if (skb->protocol != __bpf_constant_htons(ETH_P_IPV6))
return TC_ACT_SHOT;
if (bpf_skb_load_bytes(skb, ETH_HLEN, &ip6h, sizeof(ip6h)))
return TC_ACT_SHOT;
if (ip6h.nexthdr != IPPROTO_UDP)
return TC_ACT_SHOT;
if (bpf_skb_load_bytes(skb, ETH_HLEN + sizeof(ip6h), &udph, sizeof(udph)))
return TC_ACT_SHOT;
if (udph.dest != __bpf_constant_htons(UDP_TEST_PORT))
return TC_ACT_SHOT;
kskb = bpf_cast_to_kern_ctx(skb);
init_csum_partial = (kskb->ip_summed == CHECKSUM_PARTIAL);
err = bpf_skb_adjust_room(skb, -(s32)(ETH_HLEN + sizeof(ip6h) + sizeof(udph)),
1, BPF_F_ADJ_ROOM_FIXED_GSO);
if (err)
return TC_ACT_SHOT;
final_csum_none = (kskb->ip_summed == CHECKSUM_NONE);
if (kskb->ip_summed == CHECKSUM_PARTIAL &&
(unsigned int)skb_checksum_start_offset(kskb) >= skb_headlen(kskb))
broken_csum_start = true;
return TC_ACT_SHOT;
}
char __license[] SEC("license") = "GPL";
|