1 // SPDX-License-Identifier: GPL-2.0 2 #define BPF_NO_KFUNC_PROTOTYPES 3 #include <vmlinux.h> 4 #include <bpf/bpf_tracing.h> 5 #include <bpf/bpf_helpers.h> 6 #include <bpf/bpf_core_read.h> 7 8 struct nf_conn; 9 10 struct bpf_ct_opts___local { 11 s32 netns_id; 12 s32 error; 13 u8 l4proto; 14 u8 reserved[3]; 15 } __attribute__((preserve_access_index)); 16 17 struct nf_conn *bpf_skb_ct_alloc(struct __sk_buff *, struct bpf_sock_tuple *, u32, 18 struct bpf_ct_opts___local *, u32) __ksym; 19 struct nf_conn *bpf_skb_ct_lookup(struct __sk_buff *, struct bpf_sock_tuple *, u32, 20 struct bpf_ct_opts___local *, u32) __ksym; 21 struct nf_conn *bpf_ct_insert_entry(struct nf_conn *) __ksym; 22 void bpf_ct_release(struct nf_conn *) __ksym; 23 void bpf_ct_set_timeout(struct nf_conn *, u32) __ksym; 24 int bpf_ct_change_timeout(struct nf_conn *, u32) __ksym; 25 int bpf_ct_set_status(struct nf_conn *, u32) __ksym; 26 int bpf_ct_change_status(struct nf_conn *, u32) __ksym; 27 28 SEC("?tc") 29 int alloc_release(struct __sk_buff *ctx) 30 { 31 struct bpf_ct_opts___local opts = {}; 32 struct bpf_sock_tuple tup = {}; 33 struct nf_conn *ct; 34 35 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts)); 36 if (!ct) 37 return 0; 38 bpf_ct_release(ct); 39 return 0; 40 } 41 42 SEC("?tc") 43 int insert_insert(struct __sk_buff *ctx) 44 { 45 struct bpf_ct_opts___local opts = {}; 46 struct bpf_sock_tuple tup = {}; 47 struct nf_conn *ct; 48 49 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts)); 50 if (!ct) 51 return 0; 52 ct = bpf_ct_insert_entry(ct); 53 if (!ct) 54 return 0; 55 ct = bpf_ct_insert_entry(ct); 56 return 0; 57 } 58 59 SEC("?tc") 60 int lookup_insert(struct __sk_buff *ctx) 61 { 62 struct bpf_ct_opts___local opts = {}; 63 struct bpf_sock_tuple tup = {}; 64 struct nf_conn *ct; 65 66 ct = bpf_skb_ct_lookup(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts)); 67 if (!ct) 68 return 0; 69 bpf_ct_insert_entry(ct); 70 return 0; 71 } 72 73 SEC("?tc") 74 int write_not_allowlisted_field(struct __sk_buff *ctx) 75 { 76 struct bpf_ct_opts___local opts = {}; 77 struct bpf_sock_tuple tup = {}; 78 struct nf_conn *ct; 79 80 ct = bpf_skb_ct_lookup(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts)); 81 if (!ct) 82 return 0; 83 ct->status = 0xF00; 84 return 0; 85 } 86 87 SEC("?tc") 88 int set_timeout_after_insert(struct __sk_buff *ctx) 89 { 90 struct bpf_ct_opts___local opts = {}; 91 struct bpf_sock_tuple tup = {}; 92 struct nf_conn *ct; 93 94 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts)); 95 if (!ct) 96 return 0; 97 ct = bpf_ct_insert_entry(ct); 98 if (!ct) 99 return 0; 100 bpf_ct_set_timeout(ct, 0); 101 return 0; 102 } 103 104 SEC("?tc") 105 int set_status_after_insert(struct __sk_buff *ctx) 106 { 107 struct bpf_ct_opts___local opts = {}; 108 struct bpf_sock_tuple tup = {}; 109 struct nf_conn *ct; 110 111 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts)); 112 if (!ct) 113 return 0; 114 ct = bpf_ct_insert_entry(ct); 115 if (!ct) 116 return 0; 117 bpf_ct_set_status(ct, 0); 118 return 0; 119 } 120 121 SEC("?tc") 122 int change_timeout_after_alloc(struct __sk_buff *ctx) 123 { 124 struct bpf_ct_opts___local opts = {}; 125 struct bpf_sock_tuple tup = {}; 126 struct nf_conn *ct; 127 128 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts)); 129 if (!ct) 130 return 0; 131 bpf_ct_change_timeout(ct, 0); 132 return 0; 133 } 134 135 SEC("?tc") 136 int change_status_after_alloc(struct __sk_buff *ctx) 137 { 138 struct bpf_ct_opts___local opts = {}; 139 struct bpf_sock_tuple tup = {}; 140 struct nf_conn *ct; 141 142 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts)); 143 if (!ct) 144 return 0; 145 bpf_ct_change_status(ct, 0); 146 return 0; 147 } 148 149 char _license[] SEC("license") = "GPL"; 150