1
2
3
4#include <stdint.h>
5#include <string.h>
6
7#include <linux/stddef.h>
8#include <linux/bpf.h>
9
10#include <bpf/bpf_helpers.h>
11
12
13#define MAX_ULONG_STR_LEN 0xF
14
15
16#define MAX_VALUE_STR_LEN 0x40
17
18#ifndef ARRAY_SIZE
19#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
20#endif
21
22const char tcp_mem_name[] = "net/ipv4/tcp_mem";
23static __always_inline int is_tcp_mem(struct bpf_sysctl *ctx)
24{
25 unsigned char i;
26 char name[sizeof(tcp_mem_name)];
27 int ret;
28
29 memset(name, 0, sizeof(name));
30 ret = bpf_sysctl_get_name(ctx, name, sizeof(name), 0);
31 if (ret < 0 || ret != sizeof(tcp_mem_name) - 1)
32 return 0;
33
34#pragma clang loop unroll(full)
35 for (i = 0; i < sizeof(tcp_mem_name); ++i)
36 if (name[i] != tcp_mem_name[i])
37 return 0;
38
39 return 1;
40}
41
42SEC("cgroup/sysctl")
43int sysctl_tcp_mem(struct bpf_sysctl *ctx)
44{
45 unsigned long tcp_mem[3] = {0, 0, 0};
46 char value[MAX_VALUE_STR_LEN];
47 unsigned char i, off = 0;
48 volatile int ret;
49
50 if (ctx->write)
51 return 0;
52
53 if (!is_tcp_mem(ctx))
54 return 0;
55
56 ret = bpf_sysctl_get_current_value(ctx, value, MAX_VALUE_STR_LEN);
57 if (ret < 0 || ret >= MAX_VALUE_STR_LEN)
58 return 0;
59
60#pragma clang loop unroll(full)
61 for (i = 0; i < ARRAY_SIZE(tcp_mem); ++i) {
62 ret = bpf_strtoul(value + off, MAX_ULONG_STR_LEN, 0,
63 tcp_mem + i);
64 if (ret <= 0 || ret > MAX_ULONG_STR_LEN)
65 return 0;
66 off += ret & MAX_ULONG_STR_LEN;
67 }
68
69
70 return tcp_mem[0] < tcp_mem[1] && tcp_mem[1] < tcp_mem[2];
71}
72
73char _license[] SEC("license") = "GPL";
74
