tools/testing/selftests/bpf/progs/twfw.c - linux - Git at Google

 // SPDX-License-Identifier: GPL-2.0
 /* Copyright (c) 2021 Facebook */
 #include <linux/types.h>
 #include <bpf/bpf_helpers.h>
 #include <linux/bpf.h>
 #include <stdint.h>

 #define TWFW_MAX_TIERS (64)
 /*
  * load is successful
  * #define TWFW_MAX_TIERS (64u)$
  */

 struct twfw_tier_value {
 	unsigned long mask[1];
 };

 struct rule {
 	uint8_t seqnum;
 };

 struct rules_map {
 	__uint(type, BPF_MAP_TYPE_ARRAY);
 	__type(key, __u32);
 	__type(value, struct rule);
 	__uint(max_entries, 1);
 };

 struct tiers_map {
 	__uint(type, BPF_MAP_TYPE_ARRAY);
 	__type(key, __u32);
 	__type(value, struct twfw_tier_value);
 	__uint(max_entries, 1);
 };

 struct rules_map rules SEC(".maps");
 struct tiers_map tiers SEC(".maps");

 SEC("cgroup_skb/ingress")
 int twfw_verifier(struct __sk_buff* skb)
 {
 	const uint32_t key = 0;
 	const struct twfw_tier_value* tier = bpf_map_lookup_elem(&tiers, &key);
 	if (!tier)
 		return 1;

 	struct rule* rule = bpf_map_lookup_elem(&rules, &key);
 	if (!rule)
 		return 1;

 	if (rule && rule->seqnum < TWFW_MAX_TIERS) {
 		/* rule->seqnum / 64 should always be 0 */
 		unsigned long mask = tier->mask[rule->seqnum / 64];
 		if (mask)
 			return 0;
 	}
 	return 1;
 }
	// SPDX-License-Identifier: GPL-2.0
	/* Copyright (c) 2021 Facebook */
	#include <linux/types.h>
	#include <bpf/bpf_helpers.h>
	#include <linux/bpf.h>
	#include <stdint.h>

	#define TWFW_MAX_TIERS (64)
	/*
	* load is successful
	* #define TWFW_MAX_TIERS (64u)$
	*/

	struct twfw_tier_value {
	unsigned long mask[1];
	};

	struct rule {
	uint8_t seqnum;
	};

	struct rules_map {
	__uint(type, BPF_MAP_TYPE_ARRAY);
	__type(key, __u32);
	__type(value, struct rule);
	__uint(max_entries, 1);
	};

	struct tiers_map {
	__uint(type, BPF_MAP_TYPE_ARRAY);
	__type(key, __u32);
	__type(value, struct twfw_tier_value);
	__uint(max_entries, 1);
	};

	struct rules_map rules SEC(".maps");
	struct tiers_map tiers SEC(".maps");

	SEC("cgroup_skb/ingress")
	int twfw_verifier(struct __sk_buff* skb)
	{
	const uint32_t key = 0;
	const struct twfw_tier_value* tier = bpf_map_lookup_elem(&tiers, &key);
	if (!tier)
	return 1;

	struct rule* rule = bpf_map_lookup_elem(&rules, &key);
	if (!rule)
	return 1;

	if (rule && rule->seqnum < TWFW_MAX_TIERS) {
	/* rule->seqnum / 64 should always be 0 */
	unsigned long mask = tier->mask[rule->seqnum / 64];
	if (mask)
	return 0;
	}
	return 1;
	}