1
2
3
4#include <stddef.h>
5#include <string.h>
6#include <linux/bpf.h>
7#include <linux/if_ether.h>
8#include <linux/if_packet.h>
9#include <linux/ip.h>
10#include <linux/ipv6.h>
11#include <linux/in.h>
12#include <linux/tcp.h>
13#include <linux/pkt_cls.h>
14#include <bpf/bpf_helpers.h>
15#include <bpf/bpf_endian.h>
16
17#define barrier() __asm__ __volatile__("": : :"memory")
18int _version SEC("version") = 1;
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38static __attribute__ ((noinline))
39int test_pkt_access_subprog1(volatile struct __sk_buff *skb)
40{
41 return skb->len * 2;
42}
43
44static __attribute__ ((noinline))
45int test_pkt_access_subprog2(int val, volatile struct __sk_buff *skb)
46{
47 return skb->len * val;
48}
49
50#define MAX_STACK (512 - 2 * 32)
51
52__attribute__ ((noinline))
53int get_skb_len(struct __sk_buff *skb)
54{
55 volatile char buf[MAX_STACK] = {};
56
57 return skb->len;
58}
59
60__attribute__ ((noinline))
61int get_constant(long val)
62{
63 return val - 122;
64}
65
66int get_skb_ifindex(int, struct __sk_buff *skb, int);
67
68__attribute__ ((noinline))
69int test_pkt_access_subprog3(int val, struct __sk_buff *skb)
70{
71 return get_skb_len(skb) * get_skb_ifindex(val, skb, get_constant(123));
72}
73
74__attribute__ ((noinline))
75int get_skb_ifindex(int val, struct __sk_buff *skb, int var)
76{
77 volatile char buf[MAX_STACK] = {};
78
79 return skb->ifindex * val * var;
80}
81
82__attribute__ ((noinline))
83int test_pkt_write_access_subprog(struct __sk_buff *skb, __u32 off)
84{
85 void *data = (void *)(long)skb->data;
86 void *data_end = (void *)(long)skb->data_end;
87 struct tcphdr *tcp = NULL;
88
89 if (off > sizeof(struct ethhdr) + sizeof(struct ipv6hdr))
90 return -1;
91
92 tcp = data + off;
93 if (tcp + 1 > data_end)
94 return -1;
95
96 tcp->check++;
97 return 0;
98}
99
100SEC("classifier/test_pkt_access")
101int test_pkt_access(struct __sk_buff *skb)
102{
103 void *data_end = (void *)(long)skb->data_end;
104 void *data = (void *)(long)skb->data;
105 struct ethhdr *eth = (struct ethhdr *)(data);
106 struct tcphdr *tcp = NULL;
107 __u8 proto = 255;
108 __u64 ihl_len;
109
110 if (eth + 1 > data_end)
111 return TC_ACT_SHOT;
112
113 if (eth->h_proto == bpf_htons(ETH_P_IP)) {
114 struct iphdr *iph = (struct iphdr *)(eth + 1);
115
116 if (iph + 1 > data_end)
117 return TC_ACT_SHOT;
118 ihl_len = iph->ihl * 4;
119 proto = iph->protocol;
120 tcp = (struct tcphdr *)((void *)(iph) + ihl_len);
121 } else if (eth->h_proto == bpf_htons(ETH_P_IPV6)) {
122 struct ipv6hdr *ip6h = (struct ipv6hdr *)(eth + 1);
123
124 if (ip6h + 1 > data_end)
125 return TC_ACT_SHOT;
126 ihl_len = sizeof(*ip6h);
127 proto = ip6h->nexthdr;
128 tcp = (struct tcphdr *)((void *)(ip6h) + ihl_len);
129 }
130
131 if (test_pkt_access_subprog1(skb) != skb->len * 2)
132 return TC_ACT_SHOT;
133 if (test_pkt_access_subprog2(2, skb) != skb->len * 2)
134 return TC_ACT_SHOT;
135 if (test_pkt_access_subprog3(3, skb) != skb->len * 3 * skb->ifindex)
136 return TC_ACT_SHOT;
137 if (tcp) {
138 if (test_pkt_write_access_subprog(skb, (void *)tcp - data))
139 return TC_ACT_SHOT;
140 if (((void *)(tcp) + 20) > data_end || proto != 6)
141 return TC_ACT_SHOT;
142 barrier();
143 if (((void *)(tcp) + 18) > data_end)
144 return TC_ACT_SHOT;
145 if (tcp->urg_ptr == 123)
146 return TC_ACT_OK;
147 }
148
149 return TC_ACT_UNSPEC;
150}
151