1*64c535dbSJakub Kicinski // SPDX-License-Identifier: GPL-2.0 2*64c535dbSJakub Kicinski /* Copyright (c) 2026 Meta Platforms, Inc. and affiliates. */ 3*64c535dbSJakub Kicinski 4*64c535dbSJakub Kicinski #include "vmlinux.h" 5*64c535dbSJakub Kicinski #include "bpf_tracing_net.h" 6*64c535dbSJakub Kicinski #include <bpf/bpf_helpers.h> 7*64c535dbSJakub Kicinski #include <bpf/bpf_endian.h> 8*64c535dbSJakub Kicinski 9*64c535dbSJakub Kicinski #define UDP_TEST_PORT 7777 10*64c535dbSJakub Kicinski 11*64c535dbSJakub Kicinski void *bpf_cast_to_kern_ctx(void *) __ksym; 12*64c535dbSJakub Kicinski 13*64c535dbSJakub Kicinski bool had_dst = false; 14*64c535dbSJakub Kicinski bool dst_cleared = false; 15*64c535dbSJakub Kicinski 16*64c535dbSJakub Kicinski SEC("tc/egress") 17*64c535dbSJakub Kicinski int dst_clear(struct __sk_buff *skb) 18*64c535dbSJakub Kicinski { 19*64c535dbSJakub Kicinski struct sk_buff *kskb; 20*64c535dbSJakub Kicinski struct iphdr iph; 21*64c535dbSJakub Kicinski struct udphdr udph; 22*64c535dbSJakub Kicinski int err; 23*64c535dbSJakub Kicinski 24*64c535dbSJakub Kicinski if (skb->protocol != __bpf_constant_htons(ETH_P_IP)) 25*64c535dbSJakub Kicinski return TC_ACT_OK; 26*64c535dbSJakub Kicinski 27*64c535dbSJakub Kicinski if (bpf_skb_load_bytes(skb, ETH_HLEN, &iph, sizeof(iph))) 28*64c535dbSJakub Kicinski return TC_ACT_OK; 29*64c535dbSJakub Kicinski 30*64c535dbSJakub Kicinski if (iph.protocol != IPPROTO_UDP) 31*64c535dbSJakub Kicinski return TC_ACT_OK; 32*64c535dbSJakub Kicinski 33*64c535dbSJakub Kicinski if (bpf_skb_load_bytes(skb, ETH_HLEN + sizeof(iph), &udph, sizeof(udph))) 34*64c535dbSJakub Kicinski return TC_ACT_OK; 35*64c535dbSJakub Kicinski 36*64c535dbSJakub Kicinski if (udph.dest != __bpf_constant_htons(UDP_TEST_PORT)) 37*64c535dbSJakub Kicinski return TC_ACT_OK; 38*64c535dbSJakub Kicinski 39*64c535dbSJakub Kicinski kskb = bpf_cast_to_kern_ctx(skb); 40*64c535dbSJakub Kicinski had_dst = (kskb->_skb_refdst != 0); 41*64c535dbSJakub Kicinski 42*64c535dbSJakub Kicinski /* Same-protocol encap (IPIP): protocol stays IPv4, but the dst 43*64c535dbSJakub Kicinski * from the original routing is no longer valid for the outer hdr. 44*64c535dbSJakub Kicinski */ 45*64c535dbSJakub Kicinski err = bpf_skb_adjust_room(skb, (s32)sizeof(struct iphdr), 46*64c535dbSJakub Kicinski BPF_ADJ_ROOM_MAC, 47*64c535dbSJakub Kicinski BPF_F_ADJ_ROOM_FIXED_GSO | 48*64c535dbSJakub Kicinski BPF_F_ADJ_ROOM_ENCAP_L3_IPV4); 49*64c535dbSJakub Kicinski if (err) 50*64c535dbSJakub Kicinski return TC_ACT_SHOT; 51*64c535dbSJakub Kicinski 52*64c535dbSJakub Kicinski dst_cleared = (kskb->_skb_refdst == 0); 53*64c535dbSJakub Kicinski 54*64c535dbSJakub Kicinski return TC_ACT_SHOT; 55*64c535dbSJakub Kicinski } 56*64c535dbSJakub Kicinski 57*64c535dbSJakub Kicinski char __license[] SEC("license") = "GPL"; 58