samples/bpf/xdp_tx_iptunnel_kern.c

   1 /* Copyright (c) 2016 Facebook
   2  *
   3  * This program is free software; you can redistribute it and/or
   4  * modify it under the terms of version 2 of the GNU General Public
   5  * License as published by the Free Software Foundation.
   6  *
   7  * This program shows how to use bpf_xdp_adjust_head() by
   8  * encapsulating the incoming packet in an IPv4/v6 header
   9  * and then XDP_TX it out.
  10  */
  11 #include <uapi/linux/bpf.h>
  12 #include <linux/in.h>
  13 #include <linux/if_ether.h>
  14 #include <linux/if_packet.h>
  15 #include <linux/if_vlan.h>
  16 #include <linux/ip.h>
  17 #include <linux/ipv6.h>
  18 #include "bpf_helpers.h"
  19 #include "xdp_tx_iptunnel_common.h"
  20
  21 struct bpf_map_def SEC("maps") rxcnt = {
  22         .type = BPF_MAP_TYPE_PERCPU_ARRAY,
  23         .key_size = sizeof(__u32),
  24         .value_size = sizeof(__u64),
  25         .max_entries = 256,
  26 };
  27
  28 struct bpf_map_def SEC("maps") vip2tnl = {
  29         .type = BPF_MAP_TYPE_HASH,
  30         .key_size = sizeof(struct vip),
  31         .value_size = sizeof(struct iptnl_info),
  32         .max_entries = MAX_IPTNL_ENTRIES,
  33 };
  34
  35 static __always_inline void count_tx(u32 protocol)
  36 {
  37         u64 *rxcnt_count;
  38
  39         rxcnt_count = bpf_map_lookup_elem(&rxcnt, &protocol);
  40         if (rxcnt_count)
  41                 *rxcnt_count += 1;
  42 }
  43
  44 static __always_inline int get_dport(void *trans_data, void *data_end,
  45                                      u8 protocol)
  46 {
  47         struct tcphdr *th;
  48         struct udphdr *uh;
  49
  50         switch (protocol) {
  51         case IPPROTO_TCP:
  52                 th = (struct tcphdr *)trans_data;
  53                 if (th + 1 > data_end)
  54                         return -1;
  55                 return th->dest;
  56         case IPPROTO_UDP:
  57                 uh = (struct udphdr *)trans_data;
  58                 if (uh + 1 > data_end)
  59                         return -1;
  60                 return uh->dest;
  61         default:
  62                 return 0;
  63         }
  64 }
  65
  66 static __always_inline void set_ethhdr(struct ethhdr *new_eth,
  67                                        const struct ethhdr *old_eth,
  68                                        const struct iptnl_info *tnl,
  69                                        __be16 h_proto)
  70 {
  71         memcpy(new_eth->h_source, old_eth->h_dest, sizeof(new_eth->h_source));
  72         memcpy(new_eth->h_dest, tnl->dmac, sizeof(new_eth->h_dest));
  73         new_eth->h_proto = h_proto;
  74 }
  75
  76 static __always_inline int handle_ipv4(struct xdp_md *xdp)
  77 {
  78         void *data_end = (void *)(long)xdp->data_end;
  79         void *data = (void *)(long)xdp->data;
  80         struct iptnl_info *tnl;
  81         struct ethhdr *new_eth;
  82         struct ethhdr *old_eth;
  83         struct iphdr *iph = data + sizeof(struct ethhdr);
  84         u16 *next_iph_u16;
  85         u16 payload_len;
  86         struct vip vip = {};
  87         int dport;
  88         u32 csum = 0;
  89         int i;
  90
  91         if (iph + 1 > data_end)
  92                 return XDP_DROP;
  93
  94         dport = get_dport(iph + 1, data_end, iph->protocol);
  95         if (dport == -1)
  96                 return XDP_DROP;
  97
  98         vip.protocol = iph->protocol;
  99         vip.family = AF_INET;
 100         vip.daddr.v4 = iph->daddr;
 101         vip.dport = dport;
 102         payload_len = ntohs(iph->tot_len);
 103
 104         tnl = bpf_map_lookup_elem(&vip2tnl, &vip);
 105         /* It only does v4-in-v4 */
 106         if (!tnl || tnl->family != AF_INET)
 107                 return XDP_PASS;
 108
 109         /* The vip key is found.  Add an IP header and send it out */
 110
 111         if (bpf_xdp_adjust_head(xdp, 0 - (int)sizeof(struct iphdr)))
 112                 return XDP_DROP;
 113
 114         data = (void *)(long)xdp->data;
 115         data_end = (void *)(long)xdp->data_end;
 116
 117         new_eth = data;
 118         iph = data + sizeof(*new_eth);
 119         old_eth = data + sizeof(*iph);
 120
 121         if (new_eth + 1 > data_end ||
 122             old_eth + 1 > data_end ||
 123             iph + 1 > data_end)
 124                 return XDP_DROP;
 125
 126         set_ethhdr(new_eth, old_eth, tnl, htons(ETH_P_IP));
 127
 128         iph->version = 4;
 129         iph->ihl = sizeof(*iph) >> 2;
 130         iph->frag_off = 0;
 131         iph->protocol = IPPROTO_IPIP;
 132         iph->check = 0;
 133         iph->tos = 0;
 134         iph->tot_len = htons(payload_len + sizeof(*iph));
 135         iph->daddr = tnl->daddr.v4;
 136         iph->saddr = tnl->saddr.v4;
 137         iph->ttl = 8;
 138
 139         next_iph_u16 = (u16 *)iph;
 140 #pragma clang loop unroll(full)
 141         for (i = 0; i < sizeof(*iph) >> 1; i++)
 142                 csum += *next_iph_u16++;
 143
 144         iph->check = ~((csum & 0xffff) + (csum >> 16));
 145
 146         count_tx(vip.protocol);
 147
 148         return XDP_TX;
 149 }
 150
 151 static __always_inline int handle_ipv6(struct xdp_md *xdp)
 152 {
 153         void *data_end = (void *)(long)xdp->data_end;
 154         void *data = (void *)(long)xdp->data;
 155         struct iptnl_info *tnl;
 156         struct ethhdr *new_eth;
 157         struct ethhdr *old_eth;
 158         struct ipv6hdr *ip6h = data + sizeof(struct ethhdr);
 159         __u16 payload_len;
 160         struct vip vip = {};
 161         int dport;
 162
 163         if (ip6h + 1 > data_end)
 164                 return XDP_DROP;
 165
 166         dport = get_dport(ip6h + 1, data_end, ip6h->nexthdr);
 167         if (dport == -1)
 168                 return XDP_DROP;
 169
 170         vip.protocol = ip6h->nexthdr;
 171         vip.family = AF_INET6;
 172         memcpy(vip.daddr.v6, ip6h->daddr.s6_addr32, sizeof(vip.daddr));
 173         vip.dport = dport;
 174         payload_len = ip6h->payload_len;
 175
 176         tnl = bpf_map_lookup_elem(&vip2tnl, &vip);
 177         /* It only does v6-in-v6 */
 178         if (!tnl || tnl->family != AF_INET6)
 179                 return XDP_PASS;
 180
 181         /* The vip key is found.  Add an IP header and send it out */
 182
 183         if (bpf_xdp_adjust_head(xdp, 0 - (int)sizeof(struct ipv6hdr)))
 184                 return XDP_DROP;
 185
 186         data = (void *)(long)xdp->data;
 187         data_end = (void *)(long)xdp->data_end;
 188
 189         new_eth = data;
 190         ip6h = data + sizeof(*new_eth);
 191         old_eth = data + sizeof(*ip6h);
 192
 193         if (new_eth + 1 > data_end ||
 194             old_eth + 1 > data_end ||
 195             ip6h + 1 > data_end)
 196                 return XDP_DROP;
 197
 198         set_ethhdr(new_eth, old_eth, tnl, htons(ETH_P_IPV6));
 199
 200         ip6h->version = 6;
 201         ip6h->priority = 0;
 202         memset(ip6h->flow_lbl, 0, sizeof(ip6h->flow_lbl));
 203         ip6h->payload_len = htons(ntohs(payload_len) + sizeof(*ip6h));
 204         ip6h->nexthdr = IPPROTO_IPV6;
 205         ip6h->hop_limit = 8;
 206         memcpy(ip6h->saddr.s6_addr32, tnl->saddr.v6, sizeof(tnl->saddr.v6));
 207         memcpy(ip6h->daddr.s6_addr32, tnl->daddr.v6, sizeof(tnl->daddr.v6));
 208
 209         count_tx(vip.protocol);
 210
 211         return XDP_TX;
 212 }
 213
 214 SEC("xdp_tx_iptunnel")
 215 int _xdp_tx_iptunnel(struct xdp_md *xdp)
 216 {
 217         void *data_end = (void *)(long)xdp->data_end;
 218         void *data = (void *)(long)xdp->data;
 219         struct ethhdr *eth = data;
 220         __u16 h_proto;
 221
 222         if (eth + 1 > data_end)
 223                 return XDP_DROP;
 224
 225         h_proto = eth->h_proto;
 226
 227         if (h_proto == htons(ETH_P_IP))
 228                 return handle_ipv4(xdp);
 229         else if (h_proto == htons(ETH_P_IPV6))
 230
 231                 return handle_ipv6(xdp);
 232         else
 233                 return XDP_PASS;
 234 }
 235
 236 char _license[] SEC("license") = "GPL";