1 /* Copyright (c) 2016 Facebook 2 * 3 * This program is free software; you can redistribute it and/or 4 * modify it under the terms of version 2 of the GNU General Public 5 * License as published by the Free Software Foundation. 6 * 7 * This program shows how to use bpf_xdp_adjust_head() by 8 * encapsulating the incoming packet in an IPv4/v6 header 9 * and then XDP_TX it out. 10 */ 11 #include <uapi/linux/bpf.h> 12 #include <linux/in.h> 13 #include <linux/if_ether.h> 14 #include <linux/if_packet.h> 15 #include <linux/if_vlan.h> 16 #include <linux/ip.h> 17 #include <linux/ipv6.h> 18 #include "bpf_helpers.h" 19 #include "xdp_tx_iptunnel_common.h" 20 21 struct bpf_map_def SEC("maps") rxcnt = { 22 .type = BPF_MAP_TYPE_PERCPU_ARRAY, 23 .key_size = sizeof(__u32), 24 .value_size = sizeof(__u64), 25 .max_entries = 256, 26 }; 27 28 struct bpf_map_def SEC("maps") vip2tnl = { 29 .type = BPF_MAP_TYPE_HASH, 30 .key_size = sizeof(struct vip), 31 .value_size = sizeof(struct iptnl_info), 32 .max_entries = MAX_IPTNL_ENTRIES, 33 }; 34 35 static __always_inline void count_tx(u32 protocol) 36 { 37 u64 *rxcnt_count; 38 39 rxcnt_count = bpf_map_lookup_elem(&rxcnt, &protocol); 40 if (rxcnt_count) 41 *rxcnt_count += 1; 42 } 43 44 static __always_inline int get_dport(void *trans_data, void *data_end, 45 u8 protocol) 46 { 47 struct tcphdr *th; 48 struct udphdr *uh; 49 50 switch (protocol) { 51 case IPPROTO_TCP: 52 th = (struct tcphdr *)trans_data; 53 if (th + 1 > data_end) 54 return -1; 55 return th->dest; 56 case IPPROTO_UDP: 57 uh = (struct udphdr *)trans_data; 58 if (uh + 1 > data_end) 59 return -1; 60 return uh->dest; 61 default: 62 return 0; 63 } 64 } 65 66 static __always_inline void set_ethhdr(struct ethhdr *new_eth, 67 const struct ethhdr *old_eth, 68 const struct iptnl_info *tnl, 69 __be16 h_proto) 70 { 71 memcpy(new_eth->h_source, old_eth->h_dest, sizeof(new_eth->h_source)); 72 memcpy(new_eth->h_dest, tnl->dmac, sizeof(new_eth->h_dest)); 73 new_eth->h_proto = h_proto; 74 } 75 76 static __always_inline int handle_ipv4(struct xdp_md *xdp) 77 { 78 void *data_end = (void *)(long)xdp->data_end; 79 void *data = (void *)(long)xdp->data; 80 struct iptnl_info *tnl; 81 struct ethhdr *new_eth; 82 struct ethhdr *old_eth; 83 struct iphdr *iph = data + sizeof(struct ethhdr); 84 u16 *next_iph_u16; 85 u16 payload_len; 86 struct vip vip = {}; 87 int dport; 88 u32 csum = 0; 89 int i; 90 91 if (iph + 1 > data_end) 92 return XDP_DROP; 93 94 dport = get_dport(iph + 1, data_end, iph->protocol); 95 if (dport == -1) 96 return XDP_DROP; 97 98 vip.protocol = iph->protocol; 99 vip.family = AF_INET; 100 vip.daddr.v4 = iph->daddr; 101 vip.dport = dport; 102 payload_len = ntohs(iph->tot_len); 103 104 tnl = bpf_map_lookup_elem(&vip2tnl, &vip); 105 /* It only does v4-in-v4 */ 106 if (!tnl || tnl->family != AF_INET) 107 return XDP_PASS; 108 109 /* The vip key is found. Add an IP header and send it out */ 110 111 if (bpf_xdp_adjust_head(xdp, 0 - (int)sizeof(struct iphdr))) 112 return XDP_DROP; 113 114 data = (void *)(long)xdp->data; 115 data_end = (void *)(long)xdp->data_end; 116 117 new_eth = data; 118 iph = data + sizeof(*new_eth); 119 old_eth = data + sizeof(*iph); 120 121 if (new_eth + 1 > data_end || 122 old_eth + 1 > data_end || 123 iph + 1 > data_end) 124 return XDP_DROP; 125 126 set_ethhdr(new_eth, old_eth, tnl, htons(ETH_P_IP)); 127 128 iph->version = 4; 129 iph->ihl = sizeof(*iph) >> 2; 130 iph->frag_off = 0; 131 iph->protocol = IPPROTO_IPIP; 132 iph->check = 0; 133 iph->tos = 0; 134 iph->tot_len = htons(payload_len + sizeof(*iph)); 135 iph->daddr = tnl->daddr.v4; 136 iph->saddr = tnl->saddr.v4; 137 iph->ttl = 8; 138 139 next_iph_u16 = (u16 *)iph; 140 #pragma clang loop unroll(full) 141 for (i = 0; i < sizeof(*iph) >> 1; i++) 142 csum += *next_iph_u16++; 143 144 iph->check = ~((csum & 0xffff) + (csum >> 16)); 145 146 count_tx(vip.protocol); 147 148 return XDP_TX; 149 } 150 151 static __always_inline int handle_ipv6(struct xdp_md *xdp) 152 { 153 void *data_end = (void *)(long)xdp->data_end; 154 void *data = (void *)(long)xdp->data; 155 struct iptnl_info *tnl; 156 struct ethhdr *new_eth; 157 struct ethhdr *old_eth; 158 struct ipv6hdr *ip6h = data + sizeof(struct ethhdr); 159 __u16 payload_len; 160 struct vip vip = {}; 161 int dport; 162 163 if (ip6h + 1 > data_end) 164 return XDP_DROP; 165 166 dport = get_dport(ip6h + 1, data_end, ip6h->nexthdr); 167 if (dport == -1) 168 return XDP_DROP; 169 170 vip.protocol = ip6h->nexthdr; 171 vip.family = AF_INET6; 172 memcpy(vip.daddr.v6, ip6h->daddr.s6_addr32, sizeof(vip.daddr)); 173 vip.dport = dport; 174 payload_len = ip6h->payload_len; 175 176 tnl = bpf_map_lookup_elem(&vip2tnl, &vip); 177 /* It only does v6-in-v6 */ 178 if (!tnl || tnl->family != AF_INET6) 179 return XDP_PASS; 180 181 /* The vip key is found. Add an IP header and send it out */ 182 183 if (bpf_xdp_adjust_head(xdp, 0 - (int)sizeof(struct ipv6hdr))) 184 return XDP_DROP; 185 186 data = (void *)(long)xdp->data; 187 data_end = (void *)(long)xdp->data_end; 188 189 new_eth = data; 190 ip6h = data + sizeof(*new_eth); 191 old_eth = data + sizeof(*ip6h); 192 193 if (new_eth + 1 > data_end || 194 old_eth + 1 > data_end || 195 ip6h + 1 > data_end) 196 return XDP_DROP; 197 198 set_ethhdr(new_eth, old_eth, tnl, htons(ETH_P_IPV6)); 199 200 ip6h->version = 6; 201 ip6h->priority = 0; 202 memset(ip6h->flow_lbl, 0, sizeof(ip6h->flow_lbl)); 203 ip6h->payload_len = htons(ntohs(payload_len) + sizeof(*ip6h)); 204 ip6h->nexthdr = IPPROTO_IPV6; 205 ip6h->hop_limit = 8; 206 memcpy(ip6h->saddr.s6_addr32, tnl->saddr.v6, sizeof(tnl->saddr.v6)); 207 memcpy(ip6h->daddr.s6_addr32, tnl->daddr.v6, sizeof(tnl->daddr.v6)); 208 209 count_tx(vip.protocol); 210 211 return XDP_TX; 212 } 213 214 SEC("xdp_tx_iptunnel") 215 int _xdp_tx_iptunnel(struct xdp_md *xdp) 216 { 217 void *data_end = (void *)(long)xdp->data_end; 218 void *data = (void *)(long)xdp->data; 219 struct ethhdr *eth = data; 220 __u16 h_proto; 221 222 if (eth + 1 > data_end) 223 return XDP_DROP; 224 225 h_proto = eth->h_proto; 226 227 if (h_proto == htons(ETH_P_IP)) 228 return handle_ipv4(xdp); 229 else if (h_proto == htons(ETH_P_IPV6)) 230 231 return handle_ipv6(xdp); 232 else 233 return XDP_PASS; 234 } 235 236 char _license[] SEC("license") = "GPL"; 237