bpf: selftest additions for SOCKHASH
This runs existing SOCKMAP tests with SOCKHASH map type. To do this we push programs into include file and build two BPF programs. One for SOCKHASH and one for SOCKMAP. We then run the entire test suite with each type. Signed-off-by: John Fastabend <john.fastabend@gmail.com> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
This commit is contained in:
parent
8111038444
commit
b8b394faa9
|
@ -118,6 +118,7 @@ enum bpf_map_type {
|
|||
BPF_MAP_TYPE_SOCKMAP,
|
||||
BPF_MAP_TYPE_CPUMAP,
|
||||
BPF_MAP_TYPE_XSKMAP,
|
||||
BPF_MAP_TYPE_SOCKHASH,
|
||||
};
|
||||
|
||||
enum bpf_prog_type {
|
||||
|
@ -1828,7 +1829,6 @@ union bpf_attr {
|
|||
* Return
|
||||
* 0 on success, or a negative error in case of failure.
|
||||
*
|
||||
*
|
||||
* int bpf_fib_lookup(void *ctx, struct bpf_fib_lookup *params, int plen, u32 flags)
|
||||
* Description
|
||||
* Do FIB lookup in kernel tables using parameters in *params*.
|
||||
|
@ -1855,6 +1855,53 @@ union bpf_attr {
|
|||
* Egress device index on success, 0 if packet needs to continue
|
||||
* up the stack for further processing or a negative error in case
|
||||
* of failure.
|
||||
*
|
||||
* int bpf_sock_hash_update(struct bpf_sock_ops_kern *skops, struct bpf_map *map, void *key, u64 flags)
|
||||
* Description
|
||||
* Add an entry to, or update a sockhash *map* referencing sockets.
|
||||
* The *skops* is used as a new value for the entry associated to
|
||||
* *key*. *flags* is one of:
|
||||
*
|
||||
* **BPF_NOEXIST**
|
||||
* The entry for *key* must not exist in the map.
|
||||
* **BPF_EXIST**
|
||||
* The entry for *key* must already exist in the map.
|
||||
* **BPF_ANY**
|
||||
* No condition on the existence of the entry for *key*.
|
||||
*
|
||||
* If the *map* has eBPF programs (parser and verdict), those will
|
||||
* be inherited by the socket being added. If the socket is
|
||||
* already attached to eBPF programs, this results in an error.
|
||||
* Return
|
||||
* 0 on success, or a negative error in case of failure.
|
||||
*
|
||||
* int bpf_msg_redirect_hash(struct sk_msg_buff *msg, struct bpf_map *map, void *key, u64 flags)
|
||||
* Description
|
||||
* This helper is used in programs implementing policies at the
|
||||
* socket level. If the message *msg* is allowed to pass (i.e. if
|
||||
* the verdict eBPF program returns **SK_PASS**), redirect it to
|
||||
* the socket referenced by *map* (of type
|
||||
* **BPF_MAP_TYPE_SOCKHASH**) using hash *key*. Both ingress and
|
||||
* egress interfaces can be used for redirection. The
|
||||
* **BPF_F_INGRESS** value in *flags* is used to make the
|
||||
* distinction (ingress path is selected if the flag is present,
|
||||
* egress path otherwise). This is the only flag supported for now.
|
||||
* Return
|
||||
* **SK_PASS** on success, or **SK_DROP** on error.
|
||||
*
|
||||
* int bpf_sk_redirect_hash(struct sk_buff *skb, struct bpf_map *map, void *key, u64 flags)
|
||||
* Description
|
||||
* This helper is used in programs implementing policies at the
|
||||
* skb socket level. If the sk_buff *skb* is allowed to pass (i.e.
|
||||
* if the verdeict eBPF program returns **SK_PASS**), redirect it
|
||||
* to the socket referenced by *map* (of type
|
||||
* **BPF_MAP_TYPE_SOCKHASH**) using hash *key*. Both ingress and
|
||||
* egress interfaces can be used for redirection. The
|
||||
* **BPF_F_INGRESS** value in *flags* is used to make the
|
||||
* distinction (ingress path is selected if the flag is present,
|
||||
* egress otherwise). This is the only flag supported for now.
|
||||
* Return
|
||||
* **SK_PASS** on success, or **SK_DROP** on error.
|
||||
*/
|
||||
#define __BPF_FUNC_MAPPER(FN) \
|
||||
FN(unspec), \
|
||||
|
@ -1926,7 +1973,10 @@ union bpf_attr {
|
|||
FN(skb_get_xfrm_state), \
|
||||
FN(get_stack), \
|
||||
FN(skb_load_bytes_relative), \
|
||||
FN(fib_lookup),
|
||||
FN(fib_lookup), \
|
||||
FN(sock_hash_update), \
|
||||
FN(msg_redirect_hash), \
|
||||
FN(sk_redirect_hash),
|
||||
|
||||
/* integer value in 'imm' field of BPF_CALL instruction selects which helper
|
||||
* function eBPF program intends to call
|
||||
|
|
|
@ -33,7 +33,7 @@ TEST_GEN_FILES = test_pkt_access.o test_xdp.o test_l4lb.o test_tcp_estats.o test
|
|||
sample_map_ret0.o test_tcpbpf_kern.o test_stacktrace_build_id.o \
|
||||
sockmap_tcp_msg_prog.o connect4_prog.o connect6_prog.o test_adjust_tail.o \
|
||||
test_btf_haskv.o test_btf_nokv.o test_sockmap_kern.o test_tunnel_kern.o \
|
||||
test_get_stack_rawtp.o
|
||||
test_get_stack_rawtp.o test_sockmap_kern.o test_sockhash_kern.o
|
||||
|
||||
# Order correspond to 'make run_tests' order
|
||||
TEST_PROGS := test_kmod.sh \
|
||||
|
|
|
@ -75,9 +75,14 @@ static int (*bpf_sock_ops_cb_flags_set)(void *ctx, int flags) =
|
|||
(void *) BPF_FUNC_sock_ops_cb_flags_set;
|
||||
static int (*bpf_sk_redirect_map)(void *ctx, void *map, int key, int flags) =
|
||||
(void *) BPF_FUNC_sk_redirect_map;
|
||||
static int (*bpf_sk_redirect_hash)(void *ctx, void *map, void *key, int flags) =
|
||||
(void *) BPF_FUNC_sk_redirect_hash;
|
||||
static int (*bpf_sock_map_update)(void *map, void *key, void *value,
|
||||
unsigned long long flags) =
|
||||
(void *) BPF_FUNC_sock_map_update;
|
||||
static int (*bpf_sock_hash_update)(void *map, void *key, void *value,
|
||||
unsigned long long flags) =
|
||||
(void *) BPF_FUNC_sock_hash_update;
|
||||
static int (*bpf_perf_event_read_value)(void *map, unsigned long long flags,
|
||||
void *buf, unsigned int buf_size) =
|
||||
(void *) BPF_FUNC_perf_event_read_value;
|
||||
|
@ -88,6 +93,9 @@ static int (*bpf_override_return)(void *ctx, unsigned long rc) =
|
|||
(void *) BPF_FUNC_override_return;
|
||||
static int (*bpf_msg_redirect_map)(void *ctx, void *map, int key, int flags) =
|
||||
(void *) BPF_FUNC_msg_redirect_map;
|
||||
static int (*bpf_msg_redirect_hash)(void *ctx,
|
||||
void *map, void *key, int flags) =
|
||||
(void *) BPF_FUNC_msg_redirect_hash;
|
||||
static int (*bpf_msg_apply_bytes)(void *ctx, int len) =
|
||||
(void *) BPF_FUNC_msg_apply_bytes;
|
||||
static int (*bpf_msg_cork_bytes)(void *ctx, int len) =
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
// Copyright (c) 2018 Covalent IO, Inc. http://covalent.io
|
||||
#undef SOCKMAP
|
||||
#define TEST_MAP_TYPE BPF_MAP_TYPE_SOCKHASH
|
||||
#include "./test_sockmap_kern.h"
|
|
@ -47,7 +47,8 @@ static void running_handler(int a);
|
|||
#define S1_PORT 10000
|
||||
#define S2_PORT 10001
|
||||
|
||||
#define BPF_FILENAME "test_sockmap_kern.o"
|
||||
#define BPF_SOCKMAP_FILENAME "test_sockmap_kern.o"
|
||||
#define BPF_SOCKHASH_FILENAME "test_sockhash_kern.o"
|
||||
#define CG_PATH "/sockmap"
|
||||
|
||||
/* global sockets */
|
||||
|
@ -1260,9 +1261,8 @@ int prog_type[] = {
|
|||
BPF_PROG_TYPE_SK_MSG,
|
||||
};
|
||||
|
||||
static int populate_progs(void)
|
||||
static int populate_progs(char *bpf_file)
|
||||
{
|
||||
char *bpf_file = BPF_FILENAME;
|
||||
struct bpf_program *prog;
|
||||
struct bpf_object *obj;
|
||||
int i = 0;
|
||||
|
@ -1306,11 +1306,11 @@ static int populate_progs(void)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int test_suite(void)
|
||||
static int __test_suite(char *bpf_file)
|
||||
{
|
||||
int cg_fd, err;
|
||||
|
||||
err = populate_progs();
|
||||
err = populate_progs(bpf_file);
|
||||
if (err < 0) {
|
||||
fprintf(stderr, "ERROR: (%i) load bpf failed\n", err);
|
||||
return err;
|
||||
|
@ -1347,17 +1347,30 @@ static int test_suite(void)
|
|||
|
||||
out:
|
||||
printf("Summary: %i PASSED %i FAILED\n", passed, failed);
|
||||
cleanup_cgroup_environment();
|
||||
close(cg_fd);
|
||||
return err;
|
||||
}
|
||||
|
||||
static int test_suite(void)
|
||||
{
|
||||
int err;
|
||||
|
||||
err = __test_suite(BPF_SOCKMAP_FILENAME);
|
||||
if (err)
|
||||
goto out;
|
||||
err = __test_suite(BPF_SOCKHASH_FILENAME);
|
||||
out:
|
||||
return err;
|
||||
}
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
struct rlimit r = {10 * 1024 * 1024, RLIM_INFINITY};
|
||||
int iov_count = 1, length = 1024, rate = 1;
|
||||
struct sockmap_options options = {0};
|
||||
int opt, longindex, err, cg_fd = 0;
|
||||
char *bpf_file = BPF_FILENAME;
|
||||
char *bpf_file = BPF_SOCKMAP_FILENAME;
|
||||
int test = PING_PONG;
|
||||
|
||||
if (setrlimit(RLIMIT_MEMLOCK, &r)) {
|
||||
|
@ -1438,7 +1451,7 @@ int main(int argc, char **argv)
|
|||
return -1;
|
||||
}
|
||||
|
||||
err = populate_progs();
|
||||
err = populate_progs(bpf_file);
|
||||
if (err) {
|
||||
fprintf(stderr, "populate program: (%s) %s\n",
|
||||
bpf_file, strerror(errno));
|
||||
|
|
|
@ -1,340 +1,5 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
// Copyright (c) 2017-2018 Covalent IO, Inc. http://covalent.io
|
||||
#include <stddef.h>
|
||||
#include <string.h>
|
||||
#include <linux/bpf.h>
|
||||
#include <linux/if_ether.h>
|
||||
#include <linux/if_packet.h>
|
||||
#include <linux/ip.h>
|
||||
#include <linux/ipv6.h>
|
||||
#include <linux/in.h>
|
||||
#include <linux/udp.h>
|
||||
#include <linux/tcp.h>
|
||||
#include <linux/pkt_cls.h>
|
||||
#include <sys/socket.h>
|
||||
#include "bpf_helpers.h"
|
||||
#include "bpf_endian.h"
|
||||
|
||||
/* Sockmap sample program connects a client and a backend together
|
||||
* using cgroups.
|
||||
*
|
||||
* client:X <---> frontend:80 client:X <---> backend:80
|
||||
*
|
||||
* For simplicity we hard code values here and bind 1:1. The hard
|
||||
* coded values are part of the setup in sockmap.sh script that
|
||||
* is associated with this BPF program.
|
||||
*
|
||||
* The bpf_printk is verbose and prints information as connections
|
||||
* are established and verdicts are decided.
|
||||
*/
|
||||
|
||||
#define bpf_printk(fmt, ...) \
|
||||
({ \
|
||||
char ____fmt[] = fmt; \
|
||||
bpf_trace_printk(____fmt, sizeof(____fmt), \
|
||||
##__VA_ARGS__); \
|
||||
})
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_map = {
|
||||
.type = BPF_MAP_TYPE_SOCKMAP,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 20,
|
||||
};
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_map_txmsg = {
|
||||
.type = BPF_MAP_TYPE_SOCKMAP,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 20,
|
||||
};
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_map_redir = {
|
||||
.type = BPF_MAP_TYPE_SOCKMAP,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 20,
|
||||
};
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_apply_bytes = {
|
||||
.type = BPF_MAP_TYPE_ARRAY,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 1
|
||||
};
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_cork_bytes = {
|
||||
.type = BPF_MAP_TYPE_ARRAY,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 1
|
||||
};
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_pull_bytes = {
|
||||
.type = BPF_MAP_TYPE_ARRAY,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 2
|
||||
};
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_redir_flags = {
|
||||
.type = BPF_MAP_TYPE_ARRAY,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 1
|
||||
};
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_skb_opts = {
|
||||
.type = BPF_MAP_TYPE_ARRAY,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 1
|
||||
};
|
||||
|
||||
SEC("sk_skb1")
|
||||
int bpf_prog1(struct __sk_buff *skb)
|
||||
{
|
||||
return skb->len;
|
||||
}
|
||||
|
||||
SEC("sk_skb2")
|
||||
int bpf_prog2(struct __sk_buff *skb)
|
||||
{
|
||||
__u32 lport = skb->local_port;
|
||||
__u32 rport = skb->remote_port;
|
||||
int len, *f, ret, zero = 0;
|
||||
__u64 flags = 0;
|
||||
|
||||
if (lport == 10000)
|
||||
ret = 10;
|
||||
else
|
||||
ret = 1;
|
||||
|
||||
len = (__u32)skb->data_end - (__u32)skb->data;
|
||||
f = bpf_map_lookup_elem(&sock_skb_opts, &zero);
|
||||
if (f && *f) {
|
||||
ret = 3;
|
||||
flags = *f;
|
||||
}
|
||||
|
||||
bpf_printk("sk_skb2: redirect(%iB) flags=%i\n",
|
||||
len, flags);
|
||||
return bpf_sk_redirect_map(skb, &sock_map, ret, flags);
|
||||
}
|
||||
|
||||
SEC("sockops")
|
||||
int bpf_sockmap(struct bpf_sock_ops *skops)
|
||||
{
|
||||
__u32 lport, rport;
|
||||
int op, err = 0, index, key, ret;
|
||||
|
||||
|
||||
op = (int) skops->op;
|
||||
|
||||
switch (op) {
|
||||
case BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB:
|
||||
lport = skops->local_port;
|
||||
rport = skops->remote_port;
|
||||
|
||||
if (lport == 10000) {
|
||||
ret = 1;
|
||||
err = bpf_sock_map_update(skops, &sock_map, &ret,
|
||||
BPF_NOEXIST);
|
||||
bpf_printk("passive(%i -> %i) map ctx update err: %d\n",
|
||||
lport, bpf_ntohl(rport), err);
|
||||
}
|
||||
break;
|
||||
case BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB:
|
||||
lport = skops->local_port;
|
||||
rport = skops->remote_port;
|
||||
|
||||
if (bpf_ntohl(rport) == 10001) {
|
||||
ret = 10;
|
||||
err = bpf_sock_map_update(skops, &sock_map, &ret,
|
||||
BPF_NOEXIST);
|
||||
bpf_printk("active(%i -> %i) map ctx update err: %d\n",
|
||||
lport, bpf_ntohl(rport), err);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
SEC("sk_msg1")
|
||||
int bpf_prog4(struct sk_msg_md *msg)
|
||||
{
|
||||
int *bytes, zero = 0, one = 1;
|
||||
int *start, *end;
|
||||
|
||||
bytes = bpf_map_lookup_elem(&sock_apply_bytes, &zero);
|
||||
if (bytes)
|
||||
bpf_msg_apply_bytes(msg, *bytes);
|
||||
bytes = bpf_map_lookup_elem(&sock_cork_bytes, &zero);
|
||||
if (bytes)
|
||||
bpf_msg_cork_bytes(msg, *bytes);
|
||||
start = bpf_map_lookup_elem(&sock_pull_bytes, &zero);
|
||||
end = bpf_map_lookup_elem(&sock_pull_bytes, &one);
|
||||
if (start && end)
|
||||
bpf_msg_pull_data(msg, *start, *end, 0);
|
||||
return SK_PASS;
|
||||
}
|
||||
|
||||
SEC("sk_msg2")
|
||||
int bpf_prog5(struct sk_msg_md *msg)
|
||||
{
|
||||
int err1 = -1, err2 = -1, zero = 0, one = 1;
|
||||
int *bytes, *start, *end, len1, len2;
|
||||
|
||||
bytes = bpf_map_lookup_elem(&sock_apply_bytes, &zero);
|
||||
if (bytes)
|
||||
err1 = bpf_msg_apply_bytes(msg, *bytes);
|
||||
bytes = bpf_map_lookup_elem(&sock_cork_bytes, &zero);
|
||||
if (bytes)
|
||||
err2 = bpf_msg_cork_bytes(msg, *bytes);
|
||||
len1 = (__u64)msg->data_end - (__u64)msg->data;
|
||||
start = bpf_map_lookup_elem(&sock_pull_bytes, &zero);
|
||||
end = bpf_map_lookup_elem(&sock_pull_bytes, &one);
|
||||
if (start && end) {
|
||||
int err;
|
||||
|
||||
bpf_printk("sk_msg2: pull(%i:%i)\n",
|
||||
start ? *start : 0, end ? *end : 0);
|
||||
err = bpf_msg_pull_data(msg, *start, *end, 0);
|
||||
if (err)
|
||||
bpf_printk("sk_msg2: pull_data err %i\n",
|
||||
err);
|
||||
len2 = (__u64)msg->data_end - (__u64)msg->data;
|
||||
bpf_printk("sk_msg2: length update %i->%i\n",
|
||||
len1, len2);
|
||||
}
|
||||
bpf_printk("sk_msg2: data length %i err1 %i err2 %i\n",
|
||||
len1, err1, err2);
|
||||
return SK_PASS;
|
||||
}
|
||||
|
||||
SEC("sk_msg3")
|
||||
int bpf_prog6(struct sk_msg_md *msg)
|
||||
{
|
||||
int *bytes, zero = 0, one = 1, key = 0;
|
||||
int *start, *end, *f;
|
||||
__u64 flags = 0;
|
||||
|
||||
bytes = bpf_map_lookup_elem(&sock_apply_bytes, &zero);
|
||||
if (bytes)
|
||||
bpf_msg_apply_bytes(msg, *bytes);
|
||||
bytes = bpf_map_lookup_elem(&sock_cork_bytes, &zero);
|
||||
if (bytes)
|
||||
bpf_msg_cork_bytes(msg, *bytes);
|
||||
start = bpf_map_lookup_elem(&sock_pull_bytes, &zero);
|
||||
end = bpf_map_lookup_elem(&sock_pull_bytes, &one);
|
||||
if (start && end)
|
||||
bpf_msg_pull_data(msg, *start, *end, 0);
|
||||
f = bpf_map_lookup_elem(&sock_redir_flags, &zero);
|
||||
if (f && *f) {
|
||||
key = 2;
|
||||
flags = *f;
|
||||
}
|
||||
return bpf_msg_redirect_map(msg, &sock_map_redir, key, flags);
|
||||
}
|
||||
|
||||
SEC("sk_msg4")
|
||||
int bpf_prog7(struct sk_msg_md *msg)
|
||||
{
|
||||
int err1 = 0, err2 = 0, zero = 0, one = 1, key = 0;
|
||||
int *f, *bytes, *start, *end, len1, len2;
|
||||
__u64 flags = 0;
|
||||
|
||||
int err;
|
||||
bytes = bpf_map_lookup_elem(&sock_apply_bytes, &zero);
|
||||
if (bytes)
|
||||
err1 = bpf_msg_apply_bytes(msg, *bytes);
|
||||
bytes = bpf_map_lookup_elem(&sock_cork_bytes, &zero);
|
||||
if (bytes)
|
||||
err2 = bpf_msg_cork_bytes(msg, *bytes);
|
||||
len1 = (__u64)msg->data_end - (__u64)msg->data;
|
||||
start = bpf_map_lookup_elem(&sock_pull_bytes, &zero);
|
||||
end = bpf_map_lookup_elem(&sock_pull_bytes, &one);
|
||||
if (start && end) {
|
||||
|
||||
bpf_printk("sk_msg2: pull(%i:%i)\n",
|
||||
start ? *start : 0, end ? *end : 0);
|
||||
err = bpf_msg_pull_data(msg, *start, *end, 0);
|
||||
if (err)
|
||||
bpf_printk("sk_msg2: pull_data err %i\n",
|
||||
err);
|
||||
len2 = (__u64)msg->data_end - (__u64)msg->data;
|
||||
bpf_printk("sk_msg2: length update %i->%i\n",
|
||||
len1, len2);
|
||||
}
|
||||
f = bpf_map_lookup_elem(&sock_redir_flags, &zero);
|
||||
if (f && *f) {
|
||||
key = 2;
|
||||
flags = *f;
|
||||
}
|
||||
bpf_printk("sk_msg3: redirect(%iB) flags=%i err=%i\n",
|
||||
len1, flags, err1 ? err1 : err2);
|
||||
err = bpf_msg_redirect_map(msg, &sock_map_redir, key, flags);
|
||||
bpf_printk("sk_msg3: err %i\n", err);
|
||||
return err;
|
||||
}
|
||||
|
||||
SEC("sk_msg5")
|
||||
int bpf_prog8(struct sk_msg_md *msg)
|
||||
{
|
||||
void *data_end = (void *)(long) msg->data_end;
|
||||
void *data = (void *)(long) msg->data;
|
||||
int ret = 0, *bytes, zero = 0;
|
||||
|
||||
bytes = bpf_map_lookup_elem(&sock_apply_bytes, &zero);
|
||||
if (bytes) {
|
||||
ret = bpf_msg_apply_bytes(msg, *bytes);
|
||||
if (ret)
|
||||
return SK_DROP;
|
||||
} else {
|
||||
return SK_DROP;
|
||||
}
|
||||
return SK_PASS;
|
||||
}
|
||||
SEC("sk_msg6")
|
||||
int bpf_prog9(struct sk_msg_md *msg)
|
||||
{
|
||||
void *data_end = (void *)(long) msg->data_end;
|
||||
void *data = (void *)(long) msg->data;
|
||||
int ret = 0, *bytes, zero = 0;
|
||||
|
||||
bytes = bpf_map_lookup_elem(&sock_cork_bytes, &zero);
|
||||
if (bytes) {
|
||||
if (((__u64)data_end - (__u64)data) >= *bytes)
|
||||
return SK_PASS;
|
||||
ret = bpf_msg_cork_bytes(msg, *bytes);
|
||||
if (ret)
|
||||
return SK_DROP;
|
||||
}
|
||||
return SK_PASS;
|
||||
}
|
||||
|
||||
SEC("sk_msg7")
|
||||
int bpf_prog10(struct sk_msg_md *msg)
|
||||
{
|
||||
int *bytes, zero = 0, one = 1;
|
||||
int *start, *end;
|
||||
|
||||
bytes = bpf_map_lookup_elem(&sock_apply_bytes, &zero);
|
||||
if (bytes)
|
||||
bpf_msg_apply_bytes(msg, *bytes);
|
||||
bytes = bpf_map_lookup_elem(&sock_cork_bytes, &zero);
|
||||
if (bytes)
|
||||
bpf_msg_cork_bytes(msg, *bytes);
|
||||
start = bpf_map_lookup_elem(&sock_pull_bytes, &zero);
|
||||
end = bpf_map_lookup_elem(&sock_pull_bytes, &one);
|
||||
if (start && end)
|
||||
bpf_msg_pull_data(msg, *start, *end, 0);
|
||||
|
||||
return SK_DROP;
|
||||
}
|
||||
|
||||
int _version SEC("version") = 1;
|
||||
char _license[] SEC("license") = "GPL";
|
||||
// Copyright (c) 2018 Covalent IO, Inc. http://covalent.io
|
||||
#define SOCKMAP
|
||||
#define TEST_MAP_TYPE BPF_MAP_TYPE_SOCKMAP
|
||||
#include "./test_sockmap_kern.h"
|
||||
|
|
|
@ -0,0 +1,363 @@
|
|||
/* SPDX-License-Identifier: GPL-2.0 */
|
||||
/* Copyright (c) 2017-2018 Covalent IO, Inc. http://covalent.io */
|
||||
#include <stddef.h>
|
||||
#include <string.h>
|
||||
#include <linux/bpf.h>
|
||||
#include <linux/if_ether.h>
|
||||
#include <linux/if_packet.h>
|
||||
#include <linux/ip.h>
|
||||
#include <linux/ipv6.h>
|
||||
#include <linux/in.h>
|
||||
#include <linux/udp.h>
|
||||
#include <linux/tcp.h>
|
||||
#include <linux/pkt_cls.h>
|
||||
#include <sys/socket.h>
|
||||
#include "bpf_helpers.h"
|
||||
#include "bpf_endian.h"
|
||||
|
||||
/* Sockmap sample program connects a client and a backend together
|
||||
* using cgroups.
|
||||
*
|
||||
* client:X <---> frontend:80 client:X <---> backend:80
|
||||
*
|
||||
* For simplicity we hard code values here and bind 1:1. The hard
|
||||
* coded values are part of the setup in sockmap.sh script that
|
||||
* is associated with this BPF program.
|
||||
*
|
||||
* The bpf_printk is verbose and prints information as connections
|
||||
* are established and verdicts are decided.
|
||||
*/
|
||||
|
||||
#define bpf_printk(fmt, ...) \
|
||||
({ \
|
||||
char ____fmt[] = fmt; \
|
||||
bpf_trace_printk(____fmt, sizeof(____fmt), \
|
||||
##__VA_ARGS__); \
|
||||
})
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_map = {
|
||||
.type = TEST_MAP_TYPE,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 20,
|
||||
};
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_map_txmsg = {
|
||||
.type = TEST_MAP_TYPE,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 20,
|
||||
};
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_map_redir = {
|
||||
.type = TEST_MAP_TYPE,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 20,
|
||||
};
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_apply_bytes = {
|
||||
.type = BPF_MAP_TYPE_ARRAY,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 1
|
||||
};
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_cork_bytes = {
|
||||
.type = BPF_MAP_TYPE_ARRAY,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 1
|
||||
};
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_pull_bytes = {
|
||||
.type = BPF_MAP_TYPE_ARRAY,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 2
|
||||
};
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_redir_flags = {
|
||||
.type = BPF_MAP_TYPE_ARRAY,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 1
|
||||
};
|
||||
|
||||
struct bpf_map_def SEC("maps") sock_skb_opts = {
|
||||
.type = BPF_MAP_TYPE_ARRAY,
|
||||
.key_size = sizeof(int),
|
||||
.value_size = sizeof(int),
|
||||
.max_entries = 1
|
||||
};
|
||||
|
||||
SEC("sk_skb1")
|
||||
int bpf_prog1(struct __sk_buff *skb)
|
||||
{
|
||||
return skb->len;
|
||||
}
|
||||
|
||||
SEC("sk_skb2")
|
||||
int bpf_prog2(struct __sk_buff *skb)
|
||||
{
|
||||
__u32 lport = skb->local_port;
|
||||
__u32 rport = skb->remote_port;
|
||||
int len, *f, ret, zero = 0;
|
||||
__u64 flags = 0;
|
||||
|
||||
if (lport == 10000)
|
||||
ret = 10;
|
||||
else
|
||||
ret = 1;
|
||||
|
||||
len = (__u32)skb->data_end - (__u32)skb->data;
|
||||
f = bpf_map_lookup_elem(&sock_skb_opts, &zero);
|
||||
if (f && *f) {
|
||||
ret = 3;
|
||||
flags = *f;
|
||||
}
|
||||
|
||||
bpf_printk("sk_skb2: redirect(%iB) flags=%i\n",
|
||||
len, flags);
|
||||
#ifdef SOCKMAP
|
||||
return bpf_sk_redirect_map(skb, &sock_map, ret, flags);
|
||||
#else
|
||||
return bpf_sk_redirect_hash(skb, &sock_map, &ret, flags);
|
||||
#endif
|
||||
|
||||
}
|
||||
|
||||
SEC("sockops")
|
||||
int bpf_sockmap(struct bpf_sock_ops *skops)
|
||||
{
|
||||
__u32 lport, rport;
|
||||
int op, err = 0, index, key, ret;
|
||||
|
||||
|
||||
op = (int) skops->op;
|
||||
|
||||
switch (op) {
|
||||
case BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB:
|
||||
lport = skops->local_port;
|
||||
rport = skops->remote_port;
|
||||
|
||||
if (lport == 10000) {
|
||||
ret = 1;
|
||||
#ifdef SOCKMAP
|
||||
err = bpf_sock_map_update(skops, &sock_map, &ret,
|
||||
BPF_NOEXIST);
|
||||
#else
|
||||
err = bpf_sock_hash_update(skops, &sock_map, &ret,
|
||||
BPF_NOEXIST);
|
||||
#endif
|
||||
bpf_printk("passive(%i -> %i) map ctx update err: %d\n",
|
||||
lport, bpf_ntohl(rport), err);
|
||||
}
|
||||
break;
|
||||
case BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB:
|
||||
lport = skops->local_port;
|
||||
rport = skops->remote_port;
|
||||
|
||||
if (bpf_ntohl(rport) == 10001) {
|
||||
ret = 10;
|
||||
#ifdef SOCKMAP
|
||||
err = bpf_sock_map_update(skops, &sock_map, &ret,
|
||||
BPF_NOEXIST);
|
||||
#else
|
||||
err = bpf_sock_hash_update(skops, &sock_map, &ret,
|
||||
BPF_NOEXIST);
|
||||
#endif
|
||||
bpf_printk("active(%i -> %i) map ctx update err: %d\n",
|
||||
lport, bpf_ntohl(rport), err);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
SEC("sk_msg1")
|
||||
int bpf_prog4(struct sk_msg_md *msg)
|
||||
{
|
||||
int *bytes, zero = 0, one = 1;
|
||||
int *start, *end;
|
||||
|
||||
bytes = bpf_map_lookup_elem(&sock_apply_bytes, &zero);
|
||||
if (bytes)
|
||||
bpf_msg_apply_bytes(msg, *bytes);
|
||||
bytes = bpf_map_lookup_elem(&sock_cork_bytes, &zero);
|
||||
if (bytes)
|
||||
bpf_msg_cork_bytes(msg, *bytes);
|
||||
start = bpf_map_lookup_elem(&sock_pull_bytes, &zero);
|
||||
end = bpf_map_lookup_elem(&sock_pull_bytes, &one);
|
||||
if (start && end)
|
||||
bpf_msg_pull_data(msg, *start, *end, 0);
|
||||
return SK_PASS;
|
||||
}
|
||||
|
||||
SEC("sk_msg2")
|
||||
int bpf_prog5(struct sk_msg_md *msg)
|
||||
{
|
||||
int err1 = -1, err2 = -1, zero = 0, one = 1;
|
||||
int *bytes, *start, *end, len1, len2;
|
||||
|
||||
bytes = bpf_map_lookup_elem(&sock_apply_bytes, &zero);
|
||||
if (bytes)
|
||||
err1 = bpf_msg_apply_bytes(msg, *bytes);
|
||||
bytes = bpf_map_lookup_elem(&sock_cork_bytes, &zero);
|
||||
if (bytes)
|
||||
err2 = bpf_msg_cork_bytes(msg, *bytes);
|
||||
len1 = (__u64)msg->data_end - (__u64)msg->data;
|
||||
start = bpf_map_lookup_elem(&sock_pull_bytes, &zero);
|
||||
end = bpf_map_lookup_elem(&sock_pull_bytes, &one);
|
||||
if (start && end) {
|
||||
int err;
|
||||
|
||||
bpf_printk("sk_msg2: pull(%i:%i)\n",
|
||||
start ? *start : 0, end ? *end : 0);
|
||||
err = bpf_msg_pull_data(msg, *start, *end, 0);
|
||||
if (err)
|
||||
bpf_printk("sk_msg2: pull_data err %i\n",
|
||||
err);
|
||||
len2 = (__u64)msg->data_end - (__u64)msg->data;
|
||||
bpf_printk("sk_msg2: length update %i->%i\n",
|
||||
len1, len2);
|
||||
}
|
||||
bpf_printk("sk_msg2: data length %i err1 %i err2 %i\n",
|
||||
len1, err1, err2);
|
||||
return SK_PASS;
|
||||
}
|
||||
|
||||
SEC("sk_msg3")
|
||||
int bpf_prog6(struct sk_msg_md *msg)
|
||||
{
|
||||
int *bytes, zero = 0, one = 1, key = 0;
|
||||
int *start, *end, *f;
|
||||
__u64 flags = 0;
|
||||
|
||||
bytes = bpf_map_lookup_elem(&sock_apply_bytes, &zero);
|
||||
if (bytes)
|
||||
bpf_msg_apply_bytes(msg, *bytes);
|
||||
bytes = bpf_map_lookup_elem(&sock_cork_bytes, &zero);
|
||||
if (bytes)
|
||||
bpf_msg_cork_bytes(msg, *bytes);
|
||||
start = bpf_map_lookup_elem(&sock_pull_bytes, &zero);
|
||||
end = bpf_map_lookup_elem(&sock_pull_bytes, &one);
|
||||
if (start && end)
|
||||
bpf_msg_pull_data(msg, *start, *end, 0);
|
||||
f = bpf_map_lookup_elem(&sock_redir_flags, &zero);
|
||||
if (f && *f) {
|
||||
key = 2;
|
||||
flags = *f;
|
||||
}
|
||||
#ifdef SOCKMAP
|
||||
return bpf_msg_redirect_map(msg, &sock_map_redir, key, flags);
|
||||
#else
|
||||
return bpf_msg_redirect_hash(msg, &sock_map_redir, &key, flags);
|
||||
#endif
|
||||
}
|
||||
|
||||
SEC("sk_msg4")
|
||||
int bpf_prog7(struct sk_msg_md *msg)
|
||||
{
|
||||
int err1 = 0, err2 = 0, zero = 0, one = 1, key = 0;
|
||||
int *f, *bytes, *start, *end, len1, len2;
|
||||
__u64 flags = 0;
|
||||
|
||||
int err;
|
||||
bytes = bpf_map_lookup_elem(&sock_apply_bytes, &zero);
|
||||
if (bytes)
|
||||
err1 = bpf_msg_apply_bytes(msg, *bytes);
|
||||
bytes = bpf_map_lookup_elem(&sock_cork_bytes, &zero);
|
||||
if (bytes)
|
||||
err2 = bpf_msg_cork_bytes(msg, *bytes);
|
||||
len1 = (__u64)msg->data_end - (__u64)msg->data;
|
||||
start = bpf_map_lookup_elem(&sock_pull_bytes, &zero);
|
||||
end = bpf_map_lookup_elem(&sock_pull_bytes, &one);
|
||||
if (start && end) {
|
||||
|
||||
bpf_printk("sk_msg2: pull(%i:%i)\n",
|
||||
start ? *start : 0, end ? *end : 0);
|
||||
err = bpf_msg_pull_data(msg, *start, *end, 0);
|
||||
if (err)
|
||||
bpf_printk("sk_msg2: pull_data err %i\n",
|
||||
err);
|
||||
len2 = (__u64)msg->data_end - (__u64)msg->data;
|
||||
bpf_printk("sk_msg2: length update %i->%i\n",
|
||||
len1, len2);
|
||||
}
|
||||
f = bpf_map_lookup_elem(&sock_redir_flags, &zero);
|
||||
if (f && *f) {
|
||||
key = 2;
|
||||
flags = *f;
|
||||
}
|
||||
bpf_printk("sk_msg3: redirect(%iB) flags=%i err=%i\n",
|
||||
len1, flags, err1 ? err1 : err2);
|
||||
#ifdef SOCKMAP
|
||||
err = bpf_msg_redirect_map(msg, &sock_map_redir, key, flags);
|
||||
#else
|
||||
err = bpf_msg_redirect_hash(msg, &sock_map_redir, &key, flags);
|
||||
#endif
|
||||
bpf_printk("sk_msg3: err %i\n", err);
|
||||
return err;
|
||||
}
|
||||
|
||||
SEC("sk_msg5")
|
||||
int bpf_prog8(struct sk_msg_md *msg)
|
||||
{
|
||||
void *data_end = (void *)(long) msg->data_end;
|
||||
void *data = (void *)(long) msg->data;
|
||||
int ret = 0, *bytes, zero = 0;
|
||||
|
||||
bytes = bpf_map_lookup_elem(&sock_apply_bytes, &zero);
|
||||
if (bytes) {
|
||||
ret = bpf_msg_apply_bytes(msg, *bytes);
|
||||
if (ret)
|
||||
return SK_DROP;
|
||||
} else {
|
||||
return SK_DROP;
|
||||
}
|
||||
return SK_PASS;
|
||||
}
|
||||
SEC("sk_msg6")
|
||||
int bpf_prog9(struct sk_msg_md *msg)
|
||||
{
|
||||
void *data_end = (void *)(long) msg->data_end;
|
||||
void *data = (void *)(long) msg->data;
|
||||
int ret = 0, *bytes, zero = 0;
|
||||
|
||||
bytes = bpf_map_lookup_elem(&sock_cork_bytes, &zero);
|
||||
if (bytes) {
|
||||
if (((__u64)data_end - (__u64)data) >= *bytes)
|
||||
return SK_PASS;
|
||||
ret = bpf_msg_cork_bytes(msg, *bytes);
|
||||
if (ret)
|
||||
return SK_DROP;
|
||||
}
|
||||
return SK_PASS;
|
||||
}
|
||||
|
||||
SEC("sk_msg7")
|
||||
int bpf_prog10(struct sk_msg_md *msg)
|
||||
{
|
||||
int *bytes, zero = 0, one = 1;
|
||||
int *start, *end;
|
||||
|
||||
bytes = bpf_map_lookup_elem(&sock_apply_bytes, &zero);
|
||||
if (bytes)
|
||||
bpf_msg_apply_bytes(msg, *bytes);
|
||||
bytes = bpf_map_lookup_elem(&sock_cork_bytes, &zero);
|
||||
if (bytes)
|
||||
bpf_msg_cork_bytes(msg, *bytes);
|
||||
start = bpf_map_lookup_elem(&sock_pull_bytes, &zero);
|
||||
end = bpf_map_lookup_elem(&sock_pull_bytes, &one);
|
||||
if (start && end)
|
||||
bpf_msg_pull_data(msg, *start, *end, 0);
|
||||
|
||||
return SK_DROP;
|
||||
}
|
||||
|
||||
int _version SEC("version") = 1;
|
||||
char _license[] SEC("license") = "GPL";
|
Loading…
Reference in New Issue