~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/samples/bpf/sockex2_kern.c

Version: ~ [ linux-5.9 ] ~ [ linux-5.8.14 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.70 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.150 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.200 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.238 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.238 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.85 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 #include <uapi/linux/bpf.h>
  2 #include "bpf_helpers.h"
  3 #include <uapi/linux/in.h>
  4 #include <uapi/linux/if.h>
  5 #include <uapi/linux/if_ether.h>
  6 #include <uapi/linux/ip.h>
  7 #include <uapi/linux/ipv6.h>
  8 #include <uapi/linux/if_tunnel.h>
  9 #define IP_MF           0x2000
 10 #define IP_OFFSET       0x1FFF
 11 
 12 struct vlan_hdr {
 13         __be16 h_vlan_TCI;
 14         __be16 h_vlan_encapsulated_proto;
 15 };
 16 
 17 struct bpf_flow_keys {
 18         __be32 src;
 19         __be32 dst;
 20         union {
 21                 __be32 ports;
 22                 __be16 port16[2];
 23         };
 24         __u16 thoff;
 25         __u8 ip_proto;
 26 };
 27 
 28 static inline int proto_ports_offset(__u64 proto)
 29 {
 30         switch (proto) {
 31         case IPPROTO_TCP:
 32         case IPPROTO_UDP:
 33         case IPPROTO_DCCP:
 34         case IPPROTO_ESP:
 35         case IPPROTO_SCTP:
 36         case IPPROTO_UDPLITE:
 37                 return 0;
 38         case IPPROTO_AH:
 39                 return 4;
 40         default:
 41                 return 0;
 42         }
 43 }
 44 
 45 static inline int ip_is_fragment(struct __sk_buff *ctx, __u64 nhoff)
 46 {
 47         return load_half(ctx, nhoff + offsetof(struct iphdr, frag_off))
 48                 & (IP_MF | IP_OFFSET);
 49 }
 50 
 51 static inline __u32 ipv6_addr_hash(struct __sk_buff *ctx, __u64 off)
 52 {
 53         __u64 w0 = load_word(ctx, off);
 54         __u64 w1 = load_word(ctx, off + 4);
 55         __u64 w2 = load_word(ctx, off + 8);
 56         __u64 w3 = load_word(ctx, off + 12);
 57 
 58         return (__u32)(w0 ^ w1 ^ w2 ^ w3);
 59 }
 60 
 61 static inline __u64 parse_ip(struct __sk_buff *skb, __u64 nhoff, __u64 *ip_proto,
 62                              struct bpf_flow_keys *flow)
 63 {
 64         __u64 verlen;
 65 
 66         if (unlikely(ip_is_fragment(skb, nhoff)))
 67                 *ip_proto = 0;
 68         else
 69                 *ip_proto = load_byte(skb, nhoff + offsetof(struct iphdr, protocol));
 70 
 71         if (*ip_proto != IPPROTO_GRE) {
 72                 flow->src = load_word(skb, nhoff + offsetof(struct iphdr, saddr));
 73                 flow->dst = load_word(skb, nhoff + offsetof(struct iphdr, daddr));
 74         }
 75 
 76         verlen = load_byte(skb, nhoff + 0/*offsetof(struct iphdr, ihl)*/);
 77         if (likely(verlen == 0x45))
 78                 nhoff += 20;
 79         else
 80                 nhoff += (verlen & 0xF) << 2;
 81 
 82         return nhoff;
 83 }
 84 
 85 static inline __u64 parse_ipv6(struct __sk_buff *skb, __u64 nhoff, __u64 *ip_proto,
 86                                struct bpf_flow_keys *flow)
 87 {
 88         *ip_proto = load_byte(skb,
 89                               nhoff + offsetof(struct ipv6hdr, nexthdr));
 90         flow->src = ipv6_addr_hash(skb,
 91                                    nhoff + offsetof(struct ipv6hdr, saddr));
 92         flow->dst = ipv6_addr_hash(skb,
 93                                    nhoff + offsetof(struct ipv6hdr, daddr));
 94         nhoff += sizeof(struct ipv6hdr);
 95 
 96         return nhoff;
 97 }
 98 
 99 static inline bool flow_dissector(struct __sk_buff *skb, struct bpf_flow_keys *flow)
100 {
101         __u64 nhoff = ETH_HLEN;
102         __u64 ip_proto;
103         __u64 proto = load_half(skb, 12);
104         int poff;
105 
106         if (proto == ETH_P_8021AD) {
107                 proto = load_half(skb, nhoff + offsetof(struct vlan_hdr,
108                                                         h_vlan_encapsulated_proto));
109                 nhoff += sizeof(struct vlan_hdr);
110         }
111 
112         if (proto == ETH_P_8021Q) {
113                 proto = load_half(skb, nhoff + offsetof(struct vlan_hdr,
114                                                         h_vlan_encapsulated_proto));
115                 nhoff += sizeof(struct vlan_hdr);
116         }
117 
118         if (likely(proto == ETH_P_IP))
119                 nhoff = parse_ip(skb, nhoff, &ip_proto, flow);
120         else if (proto == ETH_P_IPV6)
121                 nhoff = parse_ipv6(skb, nhoff, &ip_proto, flow);
122         else
123                 return false;
124 
125         switch (ip_proto) {
126         case IPPROTO_GRE: {
127                 struct gre_hdr {
128                         __be16 flags;
129                         __be16 proto;
130                 };
131 
132                 __u64 gre_flags = load_half(skb,
133                                             nhoff + offsetof(struct gre_hdr, flags));
134                 __u64 gre_proto = load_half(skb,
135                                             nhoff + offsetof(struct gre_hdr, proto));
136 
137                 if (gre_flags & (GRE_VERSION|GRE_ROUTING))
138                         break;
139 
140                 proto = gre_proto;
141                 nhoff += 4;
142                 if (gre_flags & GRE_CSUM)
143                         nhoff += 4;
144                 if (gre_flags & GRE_KEY)
145                         nhoff += 4;
146                 if (gre_flags & GRE_SEQ)
147                         nhoff += 4;
148 
149                 if (proto == ETH_P_8021Q) {
150                         proto = load_half(skb,
151                                           nhoff + offsetof(struct vlan_hdr,
152                                                            h_vlan_encapsulated_proto));
153                         nhoff += sizeof(struct vlan_hdr);
154                 }
155 
156                 if (proto == ETH_P_IP)
157                         nhoff = parse_ip(skb, nhoff, &ip_proto, flow);
158                 else if (proto == ETH_P_IPV6)
159                         nhoff = parse_ipv6(skb, nhoff, &ip_proto, flow);
160                 else
161                         return false;
162                 break;
163         }
164         case IPPROTO_IPIP:
165                 nhoff = parse_ip(skb, nhoff, &ip_proto, flow);
166                 break;
167         case IPPROTO_IPV6:
168                 nhoff = parse_ipv6(skb, nhoff, &ip_proto, flow);
169                 break;
170         default:
171                 break;
172         }
173 
174         flow->ip_proto = ip_proto;
175         poff = proto_ports_offset(ip_proto);
176         if (poff >= 0) {
177                 nhoff += poff;
178                 flow->ports = load_word(skb, nhoff);
179         }
180 
181         flow->thoff = (__u16) nhoff;
182 
183         return true;
184 }
185 
186 struct pair {
187         long packets;
188         long bytes;
189 };
190 
191 struct bpf_map_def SEC("maps") hash_map = {
192         .type = BPF_MAP_TYPE_HASH,
193         .key_size = sizeof(__be32),
194         .value_size = sizeof(struct pair),
195         .max_entries = 1024,
196 };
197 
198 SEC("socket2")
199 int bpf_prog2(struct __sk_buff *skb)
200 {
201         struct bpf_flow_keys flow = {};
202         struct pair *value;
203         u32 key;
204 
205         if (!flow_dissector(skb, &flow))
206                 return 0;
207 
208         key = flow.dst;
209         value = bpf_map_lookup_elem(&hash_map, &key);
210         if (value) {
211                 __sync_fetch_and_add(&value->packets, 1);
212                 __sync_fetch_and_add(&value->bytes, skb->len);
213         } else {
214                 struct pair val = {1, skb->len};
215 
216                 bpf_map_update_elem(&hash_map, &key, &val, BPF_ANY);
217         }
218         return 0;
219 }
220 
221 char _license[] SEC("license") = "GPL";
222 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp