1 // SPDX-License-Identifier: GPL-2.0
2 // Copyright (c) 2019 Facebook
3 #include <stddef.h>
4 #include <string.h>
5 #include <linux/bpf.h>
6 #include <linux/if_ether.h>
7 #include <linux/if_packet.h>
8 #include <linux/ip.h>
9 #include <linux/ipv6.h>
10 #include <linux/in.h>
11 #include <linux/udp.h>
12 #include <linux/tcp.h>
13 #include <linux/pkt_cls.h>
14 #include <sys/socket.h>
15 #include <bpf/bpf_helpers.h>
16 #include <bpf/bpf_endian.h>
17 #include "test_iptunnel_common.h"
18
19 int _version SEC("version") = 1;
20
21 struct {
22 __uint(type, BPF_MAP_TYPE_PERCPU_ARRAY);
23 __uint(max_entries, 256);
24 __type(key, __u32);
25 __type(value, __u64);
26 } rxcnt SEC(".maps");
27
28 struct {
29 __uint(type, BPF_MAP_TYPE_HASH);
30 __uint(max_entries, MAX_IPTNL_ENTRIES);
31 __type(key, struct vip);
32 __type(value, struct iptnl_info);
33 } vip2tnl SEC(".maps");
34
count_tx(__u32 protocol)35 static __always_inline void count_tx(__u32 protocol)
36 {
37 __u64 *rxcnt_count;
38
39 rxcnt_count = bpf_map_lookup_elem(&rxcnt, &protocol);
40 if (rxcnt_count)
41 *rxcnt_count += 1;
42 }
43
get_dport(void * trans_data,void * data_end,__u8 protocol)44 static __always_inline int get_dport(void *trans_data, void *data_end,
45 __u8 protocol)
46 {
47 struct tcphdr *th;
48 struct udphdr *uh;
49
50 switch (protocol) {
51 case IPPROTO_TCP:
52 th = (struct tcphdr *)trans_data;
53 if (th + 1 > data_end)
54 return -1;
55 return th->dest;
56 case IPPROTO_UDP:
57 uh = (struct udphdr *)trans_data;
58 if (uh + 1 > data_end)
59 return -1;
60 return uh->dest;
61 default:
62 return 0;
63 }
64 }
65
set_ethhdr(struct ethhdr * new_eth,const struct ethhdr * old_eth,const struct iptnl_info * tnl,__be16 h_proto)66 static __always_inline void set_ethhdr(struct ethhdr *new_eth,
67 const struct ethhdr *old_eth,
68 const struct iptnl_info *tnl,
69 __be16 h_proto)
70 {
71 memcpy(new_eth->h_source, old_eth->h_dest, sizeof(new_eth->h_source));
72 memcpy(new_eth->h_dest, tnl->dmac, sizeof(new_eth->h_dest));
73 new_eth->h_proto = h_proto;
74 }
75
handle_ipv4(struct xdp_md * xdp)76 static __always_inline int handle_ipv4(struct xdp_md *xdp)
77 {
78 void *data_end = (void *)(long)xdp->data_end;
79 void *data = (void *)(long)xdp->data;
80 struct iptnl_info *tnl;
81 struct ethhdr *new_eth;
82 struct ethhdr *old_eth;
83 struct iphdr *iph = data + sizeof(struct ethhdr);
84 __u16 *next_iph;
85 __u16 payload_len;
86 struct vip vip = {};
87 int dport;
88 __u32 csum = 0;
89 int i;
90
91 if (iph + 1 > data_end)
92 return XDP_DROP;
93
94 dport = get_dport(iph + 1, data_end, iph->protocol);
95 if (dport == -1)
96 return XDP_DROP;
97
98 vip.protocol = iph->protocol;
99 vip.family = AF_INET;
100 vip.daddr.v4 = iph->daddr;
101 vip.dport = dport;
102 payload_len = bpf_ntohs(iph->tot_len);
103
104 tnl = bpf_map_lookup_elem(&vip2tnl, &vip);
105 /* It only does v4-in-v4 */
106 if (!tnl || tnl->family != AF_INET)
107 return XDP_PASS;
108
109 if (bpf_xdp_adjust_head(xdp, 0 - (int)sizeof(struct iphdr)))
110 return XDP_DROP;
111
112 data = (void *)(long)xdp->data;
113 data_end = (void *)(long)xdp->data_end;
114
115 new_eth = data;
116 iph = data + sizeof(*new_eth);
117 old_eth = data + sizeof(*iph);
118
119 if (new_eth + 1 > data_end ||
120 old_eth + 1 > data_end ||
121 iph + 1 > data_end)
122 return XDP_DROP;
123
124 set_ethhdr(new_eth, old_eth, tnl, bpf_htons(ETH_P_IP));
125
126 iph->version = 4;
127 iph->ihl = sizeof(*iph) >> 2;
128 iph->frag_off = 0;
129 iph->protocol = IPPROTO_IPIP;
130 iph->check = 0;
131 iph->tos = 0;
132 iph->tot_len = bpf_htons(payload_len + sizeof(*iph));
133 iph->daddr = tnl->daddr.v4;
134 iph->saddr = tnl->saddr.v4;
135 iph->ttl = 8;
136
137 next_iph = (__u16 *)iph;
138 #pragma clang loop unroll(disable)
139 for (i = 0; i < sizeof(*iph) >> 1; i++)
140 csum += *next_iph++;
141
142 iph->check = ~((csum & 0xffff) + (csum >> 16));
143
144 count_tx(vip.protocol);
145
146 return XDP_TX;
147 }
148
handle_ipv6(struct xdp_md * xdp)149 static __always_inline int handle_ipv6(struct xdp_md *xdp)
150 {
151 void *data_end = (void *)(long)xdp->data_end;
152 void *data = (void *)(long)xdp->data;
153 struct iptnl_info *tnl;
154 struct ethhdr *new_eth;
155 struct ethhdr *old_eth;
156 struct ipv6hdr *ip6h = data + sizeof(struct ethhdr);
157 __u16 payload_len;
158 struct vip vip = {};
159 int dport;
160
161 if (ip6h + 1 > data_end)
162 return XDP_DROP;
163
164 dport = get_dport(ip6h + 1, data_end, ip6h->nexthdr);
165 if (dport == -1)
166 return XDP_DROP;
167
168 vip.protocol = ip6h->nexthdr;
169 vip.family = AF_INET6;
170 memcpy(vip.daddr.v6, ip6h->daddr.s6_addr32, sizeof(vip.daddr));
171 vip.dport = dport;
172 payload_len = ip6h->payload_len;
173
174 tnl = bpf_map_lookup_elem(&vip2tnl, &vip);
175 /* It only does v6-in-v6 */
176 if (!tnl || tnl->family != AF_INET6)
177 return XDP_PASS;
178
179 if (bpf_xdp_adjust_head(xdp, 0 - (int)sizeof(struct ipv6hdr)))
180 return XDP_DROP;
181
182 data = (void *)(long)xdp->data;
183 data_end = (void *)(long)xdp->data_end;
184
185 new_eth = data;
186 ip6h = data + sizeof(*new_eth);
187 old_eth = data + sizeof(*ip6h);
188
189 if (new_eth + 1 > data_end || old_eth + 1 > data_end ||
190 ip6h + 1 > data_end)
191 return XDP_DROP;
192
193 set_ethhdr(new_eth, old_eth, tnl, bpf_htons(ETH_P_IPV6));
194
195 ip6h->version = 6;
196 ip6h->priority = 0;
197 memset(ip6h->flow_lbl, 0, sizeof(ip6h->flow_lbl));
198 ip6h->payload_len = bpf_htons(bpf_ntohs(payload_len) + sizeof(*ip6h));
199 ip6h->nexthdr = IPPROTO_IPV6;
200 ip6h->hop_limit = 8;
201 memcpy(ip6h->saddr.s6_addr32, tnl->saddr.v6, sizeof(tnl->saddr.v6));
202 memcpy(ip6h->daddr.s6_addr32, tnl->daddr.v6, sizeof(tnl->daddr.v6));
203
204 count_tx(vip.protocol);
205
206 return XDP_TX;
207 }
208
209 SEC("xdp_tx_iptunnel")
_xdp_tx_iptunnel(struct xdp_md * xdp)210 int _xdp_tx_iptunnel(struct xdp_md *xdp)
211 {
212 void *data_end = (void *)(long)xdp->data_end;
213 void *data = (void *)(long)xdp->data;
214 struct ethhdr *eth = data;
215 __u16 h_proto;
216
217 if (eth + 1 > data_end)
218 return XDP_DROP;
219
220 h_proto = eth->h_proto;
221
222 if (h_proto == bpf_htons(ETH_P_IP))
223 return handle_ipv4(xdp);
224 else if (h_proto == bpf_htons(ETH_P_IPV6))
225
226 return handle_ipv6(xdp);
227 else
228 return XDP_DROP;
229 }
230
231 char _license[] SEC("license") = "GPL";
232