1
2
3
4
5
6
7#define KBUILD_MODNAME "foo"
8#include <linux/if_ether.h>
9#include <linux/if_vlan.h>
10#include <linux/ip.h>
11#include <linux/ipv6.h>
12#include <linux/in.h>
13#include <linux/tcp.h>
14#include <linux/udp.h>
15#include <uapi/linux/bpf.h>
16#include <net/ip.h>
17#include <bpf/bpf_helpers.h>
18
19#define DEFAULT_PKTGEN_UDP_PORT 9
20#define DEBUG 0
21
22static int tcp(void *data, uint64_t tp_off, void *data_end)
23{
24 struct tcphdr *tcp = data + tp_off;
25
26 if (tcp + 1 > data_end)
27 return 0;
28 if (tcp->dest == htons(80) || tcp->source == htons(80))
29 return TC_ACT_SHOT;
30 return 0;
31}
32
33static int udp(void *data, uint64_t tp_off, void *data_end)
34{
35 struct udphdr *udp = data + tp_off;
36
37 if (udp + 1 > data_end)
38 return 0;
39 if (udp->dest == htons(DEFAULT_PKTGEN_UDP_PORT) ||
40 udp->source == htons(DEFAULT_PKTGEN_UDP_PORT)) {
41 if (DEBUG) {
42 char fmt[] = "udp port 9 indeed\n";
43
44 bpf_trace_printk(fmt, sizeof(fmt));
45 }
46 return TC_ACT_SHOT;
47 }
48 return 0;
49}
50
51static int parse_ipv4(void *data, uint64_t nh_off, void *data_end)
52{
53 struct iphdr *iph;
54 uint64_t ihl_len;
55
56 iph = data + nh_off;
57 if (iph + 1 > data_end)
58 return 0;
59
60 if (ip_is_fragment(iph))
61 return 0;
62 ihl_len = iph->ihl * 4;
63
64 if (iph->protocol == IPPROTO_IPIP) {
65 iph = data + nh_off + ihl_len;
66 if (iph + 1 > data_end)
67 return 0;
68 ihl_len += iph->ihl * 4;
69 }
70
71 if (iph->protocol == IPPROTO_TCP)
72 return tcp(data, nh_off + ihl_len, data_end);
73 else if (iph->protocol == IPPROTO_UDP)
74 return udp(data, nh_off + ihl_len, data_end);
75 return 0;
76}
77
78static int parse_ipv6(void *data, uint64_t nh_off, void *data_end)
79{
80 struct ipv6hdr *ip6h;
81 struct iphdr *iph;
82 uint64_t ihl_len = sizeof(struct ipv6hdr);
83 uint64_t nexthdr;
84
85 ip6h = data + nh_off;
86 if (ip6h + 1 > data_end)
87 return 0;
88
89 nexthdr = ip6h->nexthdr;
90
91 if (nexthdr == IPPROTO_IPIP) {
92 iph = data + nh_off + ihl_len;
93 if (iph + 1 > data_end)
94 return 0;
95 ihl_len += iph->ihl * 4;
96 nexthdr = iph->protocol;
97 } else if (nexthdr == IPPROTO_IPV6) {
98 ip6h = data + nh_off + ihl_len;
99 if (ip6h + 1 > data_end)
100 return 0;
101 ihl_len += sizeof(struct ipv6hdr);
102 nexthdr = ip6h->nexthdr;
103 }
104
105 if (nexthdr == IPPROTO_TCP)
106 return tcp(data, nh_off + ihl_len, data_end);
107 else if (nexthdr == IPPROTO_UDP)
108 return udp(data, nh_off + ihl_len, data_end);
109 return 0;
110}
111
112SEC("varlen")
113int handle_ingress(struct __sk_buff *skb)
114{
115 void *data = (void *)(long)skb->data;
116 struct ethhdr *eth = data;
117 void *data_end = (void *)(long)skb->data_end;
118 uint64_t h_proto, nh_off;
119
120 nh_off = sizeof(*eth);
121 if (data + nh_off > data_end)
122 return 0;
123
124 h_proto = eth->h_proto;
125
126 if (h_proto == ETH_P_8021Q || h_proto == ETH_P_8021AD) {
127 struct vlan_hdr *vhdr;
128
129 vhdr = data + nh_off;
130 nh_off += sizeof(struct vlan_hdr);
131 if (data + nh_off > data_end)
132 return 0;
133 h_proto = vhdr->h_vlan_encapsulated_proto;
134 }
135 if (h_proto == ETH_P_8021Q || h_proto == ETH_P_8021AD) {
136 struct vlan_hdr *vhdr;
137
138 vhdr = data + nh_off;
139 nh_off += sizeof(struct vlan_hdr);
140 if (data + nh_off > data_end)
141 return 0;
142 h_proto = vhdr->h_vlan_encapsulated_proto;
143 }
144 if (h_proto == htons(ETH_P_IP))
145 return parse_ipv4(data, nh_off, data_end);
146 else if (h_proto == htons(ETH_P_IPV6))
147 return parse_ipv6(data, nh_off, data_end);
148 return 0;
149}
150char _license[] SEC("license") = "GPL";
151