blob: 71184af57749a2aef5a1c72cc9179d86c5c8f61c [file] [log] [blame]
// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2020 Jesper Dangaard Brouer */
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include <linux/if_ether.h>
#include <stddef.h>
#include <stdint.h>
char _license[] SEC("license") = "GPL";
/* Userspace will update with MTU it can see on device */
volatile const int GLOBAL_USER_MTU;
volatile const __u32 GLOBAL_USER_IFINDEX;
/* BPF-prog will update these with MTU values it can see */
__u32 global_bpf_mtu_xdp = 0;
__u32 global_bpf_mtu_tc = 0;
SEC("xdp")
int xdp_use_helper_basic(struct xdp_md *ctx)
{
__u32 mtu_len = 0;
if (bpf_check_mtu(ctx, 0, &mtu_len, 0, 0))
return XDP_ABORTED;
return XDP_PASS;
}
SEC("xdp")
int xdp_use_helper(struct xdp_md *ctx)
{
int retval = XDP_PASS; /* Expected retval on successful test */
__u32 mtu_len = 0;
__u32 ifindex = 0;
int delta = 0;
/* When ifindex is zero, save net_device lookup and use ctx netdev */
if (GLOBAL_USER_IFINDEX > 0)
ifindex = GLOBAL_USER_IFINDEX;
if (bpf_check_mtu(ctx, ifindex, &mtu_len, delta, 0)) {
/* mtu_len is also valid when check fail */
retval = XDP_ABORTED;
goto out;
}
if (mtu_len != GLOBAL_USER_MTU)
retval = XDP_DROP;
out:
global_bpf_mtu_xdp = mtu_len;
return retval;
}
SEC("xdp")
int xdp_exceed_mtu(struct xdp_md *ctx)
{
void *data_end = (void *)(long)ctx->data_end;
void *data = (void *)(long)ctx->data;
__u32 ifindex = GLOBAL_USER_IFINDEX;
__u32 data_len = data_end - data;
int retval = XDP_ABORTED; /* Fail */
__u32 mtu_len = 0;
int delta;
int err;
/* Exceed MTU with 1 via delta adjust */
delta = GLOBAL_USER_MTU - (data_len - ETH_HLEN) + 1;
err = bpf_check_mtu(ctx, ifindex, &mtu_len, delta, 0);
if (err) {
retval = XDP_PASS; /* Success in exceeding MTU check */
if (err != BPF_MTU_CHK_RET_FRAG_NEEDED)
retval = XDP_DROP;
}
global_bpf_mtu_xdp = mtu_len;
return retval;
}
SEC("xdp")
int xdp_minus_delta(struct xdp_md *ctx)
{
int retval = XDP_PASS; /* Expected retval on successful test */
void *data_end = (void *)(long)ctx->data_end;
void *data = (void *)(long)ctx->data;
__u32 ifindex = GLOBAL_USER_IFINDEX;
__u32 data_len = data_end - data;
__u32 mtu_len = 0;
int delta;
/* Borderline test case: Minus delta exceeding packet length allowed */
delta = -((data_len - ETH_HLEN) + 1);
/* Minus length (adjusted via delta) still pass MTU check, other helpers
* are responsible for catching this, when doing actual size adjust
*/
if (bpf_check_mtu(ctx, ifindex, &mtu_len, delta, 0))
retval = XDP_ABORTED;
global_bpf_mtu_xdp = mtu_len;
return retval;
}
SEC("xdp")
int xdp_input_len(struct xdp_md *ctx)
{
int retval = XDP_PASS; /* Expected retval on successful test */
void *data_end = (void *)(long)ctx->data_end;
void *data = (void *)(long)ctx->data;
__u32 ifindex = GLOBAL_USER_IFINDEX;
__u32 data_len = data_end - data;
/* API allow user give length to check as input via mtu_len param,
* resulting MTU value is still output in mtu_len param after call.
*
* Input len is L3, like MTU and iph->tot_len.
* Remember XDP data_len is L2.
*/
__u32 mtu_len = data_len - ETH_HLEN;
if (bpf_check_mtu(ctx, ifindex, &mtu_len, 0, 0))
retval = XDP_ABORTED;
global_bpf_mtu_xdp = mtu_len;
return retval;
}
SEC("xdp")
int xdp_input_len_exceed(struct xdp_md *ctx)
{
int retval = XDP_ABORTED; /* Fail */
__u32 ifindex = GLOBAL_USER_IFINDEX;
int err;
/* API allow user give length to check as input via mtu_len param,
* resulting MTU value is still output in mtu_len param after call.
*
* Input length value is L3 size like MTU.
*/
__u32 mtu_len = GLOBAL_USER_MTU;
mtu_len += 1; /* Exceed with 1 */
err = bpf_check_mtu(ctx, ifindex, &mtu_len, 0, 0);
if (err == BPF_MTU_CHK_RET_FRAG_NEEDED)
retval = XDP_PASS ; /* Success in exceeding MTU check */
global_bpf_mtu_xdp = mtu_len;
return retval;
}
SEC("classifier")
int tc_use_helper(struct __sk_buff *ctx)
{
int retval = BPF_OK; /* Expected retval on successful test */
__u32 mtu_len = 0;
int delta = 0;
if (bpf_check_mtu(ctx, 0, &mtu_len, delta, 0)) {
retval = BPF_DROP;
goto out;
}
if (mtu_len != GLOBAL_USER_MTU)
retval = BPF_REDIRECT;
out:
global_bpf_mtu_tc = mtu_len;
return retval;
}
SEC("classifier")
int tc_exceed_mtu(struct __sk_buff *ctx)
{
__u32 ifindex = GLOBAL_USER_IFINDEX;
int retval = BPF_DROP; /* Fail */
__u32 skb_len = ctx->len;
__u32 mtu_len = 0;
int delta;
int err;
/* Exceed MTU with 1 via delta adjust */
delta = GLOBAL_USER_MTU - (skb_len - ETH_HLEN) + 1;
err = bpf_check_mtu(ctx, ifindex, &mtu_len, delta, 0);
if (err) {
retval = BPF_OK; /* Success in exceeding MTU check */
if (err != BPF_MTU_CHK_RET_FRAG_NEEDED)
retval = BPF_DROP;
}
global_bpf_mtu_tc = mtu_len;
return retval;
}
SEC("classifier")
int tc_exceed_mtu_da(struct __sk_buff *ctx)
{
/* SKB Direct-Access variant */
void *data_end = (void *)(long)ctx->data_end;
void *data = (void *)(long)ctx->data;
__u32 ifindex = GLOBAL_USER_IFINDEX;
__u32 data_len = data_end - data;
int retval = BPF_DROP; /* Fail */
__u32 mtu_len = 0;
int delta;
int err;
/* Exceed MTU with 1 via delta adjust */
delta = GLOBAL_USER_MTU - (data_len - ETH_HLEN) + 1;
err = bpf_check_mtu(ctx, ifindex, &mtu_len, delta, 0);
if (err) {
retval = BPF_OK; /* Success in exceeding MTU check */
if (err != BPF_MTU_CHK_RET_FRAG_NEEDED)
retval = BPF_DROP;
}
global_bpf_mtu_tc = mtu_len;
return retval;
}
SEC("classifier")
int tc_minus_delta(struct __sk_buff *ctx)
{
int retval = BPF_OK; /* Expected retval on successful test */
__u32 ifindex = GLOBAL_USER_IFINDEX;
__u32 skb_len = ctx->len;
__u32 mtu_len = 0;
int delta;
/* Borderline test case: Minus delta exceeding packet length allowed */
delta = -((skb_len - ETH_HLEN) + 1);
/* Minus length (adjusted via delta) still pass MTU check, other helpers
* are responsible for catching this, when doing actual size adjust
*/
if (bpf_check_mtu(ctx, ifindex, &mtu_len, delta, 0))
retval = BPF_DROP;
global_bpf_mtu_xdp = mtu_len;
return retval;
}
SEC("classifier")
int tc_input_len(struct __sk_buff *ctx)
{
int retval = BPF_OK; /* Expected retval on successful test */
__u32 ifindex = GLOBAL_USER_IFINDEX;
/* API allow user give length to check as input via mtu_len param,
* resulting MTU value is still output in mtu_len param after call.
*
* Input length value is L3 size.
*/
__u32 mtu_len = GLOBAL_USER_MTU;
if (bpf_check_mtu(ctx, ifindex, &mtu_len, 0, 0))
retval = BPF_DROP;
global_bpf_mtu_xdp = mtu_len;
return retval;
}
SEC("classifier")
int tc_input_len_exceed(struct __sk_buff *ctx)
{
int retval = BPF_DROP; /* Fail */
__u32 ifindex = GLOBAL_USER_IFINDEX;
int err;
/* API allow user give length to check as input via mtu_len param,
* resulting MTU value is still output in mtu_len param after call.
*
* Input length value is L3 size like MTU.
*/
__u32 mtu_len = GLOBAL_USER_MTU;
mtu_len += 1; /* Exceed with 1 */
err = bpf_check_mtu(ctx, ifindex, &mtu_len, 0, 0);
if (err == BPF_MTU_CHK_RET_FRAG_NEEDED)
retval = BPF_OK; /* Success in exceeding MTU check */
global_bpf_mtu_xdp = mtu_len;
return retval;
}