aboutsummaryrefslogtreecommitdiffstats
path: root/samples
diff options
context:
space:
mode:
authorAlexei Starovoitov <ast@plumgrid.com>2015-04-01 20:12:13 -0400
committerDavid S. Miller <davem@davemloft.net>2015-04-06 16:42:35 -0400
commit91bc4822c3d61b9bb7ef66d3b77948a4f9177954 (patch)
treeca92a811b501957c1e876290d305aaf81c8d9aff /samples
parent5888b93b750609680735d6b8b737703083ef40ff (diff)
tc: bpf: add checksum helpers
Commit 608cd71a9c7c ("tc: bpf: generalize pedit action") has added the possibility to mangle packet data to BPF programs in the tc pipeline. This patch adds two helpers bpf_l3_csum_replace() and bpf_l4_csum_replace() for fixing up the protocol checksums after the packet mangling. It also adds 'flags' argument to bpf_skb_store_bytes() helper to avoid unnecessary checksum recomputations when BPF programs adjusting l3/l4 checksums and documents all three helpers in uapi header. Moreover, a sample program is added to show how BPF programs can make use of the mangle and csum helpers. Signed-off-by: Alexei Starovoitov <ast@plumgrid.com> Acked-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'samples')
-rw-r--r--samples/bpf/Makefile1
-rw-r--r--samples/bpf/bpf_helpers.h7
-rw-r--r--samples/bpf/tcbpf1_kern.c71
3 files changed, 79 insertions, 0 deletions
diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile
index b5b3600dcdf5..d24f51bca465 100644
--- a/samples/bpf/Makefile
+++ b/samples/bpf/Makefile
@@ -17,6 +17,7 @@ sockex2-objs := bpf_load.o libbpf.o sockex2_user.o
17always := $(hostprogs-y) 17always := $(hostprogs-y)
18always += sockex1_kern.o 18always += sockex1_kern.o
19always += sockex2_kern.o 19always += sockex2_kern.o
20always += tcbpf1_kern.o
20 21
21HOSTCFLAGS += -I$(objtree)/usr/include 22HOSTCFLAGS += -I$(objtree)/usr/include
22 23
diff --git a/samples/bpf/bpf_helpers.h b/samples/bpf/bpf_helpers.h
index ca0333146006..72540ec1f003 100644
--- a/samples/bpf/bpf_helpers.h
+++ b/samples/bpf/bpf_helpers.h
@@ -37,4 +37,11 @@ struct bpf_map_def {
37 unsigned int max_entries; 37 unsigned int max_entries;
38}; 38};
39 39
40static int (*bpf_skb_store_bytes)(void *ctx, int off, void *from, int len, int flags) =
41 (void *) BPF_FUNC_skb_store_bytes;
42static int (*bpf_l3_csum_replace)(void *ctx, int off, int from, int to, int flags) =
43 (void *) BPF_FUNC_l3_csum_replace;
44static int (*bpf_l4_csum_replace)(void *ctx, int off, int from, int to, int flags) =
45 (void *) BPF_FUNC_l4_csum_replace;
46
40#endif 47#endif
diff --git a/samples/bpf/tcbpf1_kern.c b/samples/bpf/tcbpf1_kern.c
new file mode 100644
index 000000000000..7cf3f42a6e39
--- /dev/null
+++ b/samples/bpf/tcbpf1_kern.c
@@ -0,0 +1,71 @@
1#include <uapi/linux/bpf.h>
2#include <uapi/linux/if_ether.h>
3#include <uapi/linux/if_packet.h>
4#include <uapi/linux/ip.h>
5#include <uapi/linux/in.h>
6#include <uapi/linux/tcp.h>
7#include "bpf_helpers.h"
8
9/* compiler workaround */
10#define _htonl __builtin_bswap32
11
12static inline void set_dst_mac(struct __sk_buff *skb, char *mac)
13{
14 bpf_skb_store_bytes(skb, 0, mac, ETH_ALEN, 1);
15}
16
17/* use 1 below for ingress qdisc and 0 for egress */
18#if 0
19#undef ETH_HLEN
20#define ETH_HLEN 0
21#endif
22
23#define IP_CSUM_OFF (ETH_HLEN + offsetof(struct iphdr, check))
24#define TOS_OFF (ETH_HLEN + offsetof(struct iphdr, tos))
25
26static inline void set_ip_tos(struct __sk_buff *skb, __u8 new_tos)
27{
28 __u8 old_tos = load_byte(skb, TOS_OFF);
29
30 bpf_l3_csum_replace(skb, IP_CSUM_OFF, htons(old_tos), htons(new_tos), 2);
31 bpf_skb_store_bytes(skb, TOS_OFF, &new_tos, sizeof(new_tos), 0);
32}
33
34#define TCP_CSUM_OFF (ETH_HLEN + sizeof(struct iphdr) + offsetof(struct tcphdr, check))
35#define IP_SRC_OFF (ETH_HLEN + offsetof(struct iphdr, saddr))
36
37#define IS_PSEUDO 0x10
38
39static inline void set_tcp_ip_src(struct __sk_buff *skb, __u32 new_ip)
40{
41 __u32 old_ip = _htonl(load_word(skb, IP_SRC_OFF));
42
43 bpf_l4_csum_replace(skb, TCP_CSUM_OFF, old_ip, new_ip, IS_PSEUDO | sizeof(new_ip));
44 bpf_l3_csum_replace(skb, IP_CSUM_OFF, old_ip, new_ip, sizeof(new_ip));
45 bpf_skb_store_bytes(skb, IP_SRC_OFF, &new_ip, sizeof(new_ip), 0);
46}
47
48#define TCP_DPORT_OFF (ETH_HLEN + sizeof(struct iphdr) + offsetof(struct tcphdr, dest))
49static inline void set_tcp_dest_port(struct __sk_buff *skb, __u16 new_port)
50{
51 __u16 old_port = htons(load_half(skb, TCP_DPORT_OFF));
52
53 bpf_l4_csum_replace(skb, TCP_CSUM_OFF, old_port, new_port, sizeof(new_port));
54 bpf_skb_store_bytes(skb, TCP_DPORT_OFF, &new_port, sizeof(new_port), 0);
55}
56
57SEC("classifier")
58int bpf_prog1(struct __sk_buff *skb)
59{
60 __u8 proto = load_byte(skb, ETH_HLEN + offsetof(struct iphdr, protocol));
61 long *value;
62
63 if (proto == IPPROTO_TCP) {
64 set_ip_tos(skb, 8);
65 set_tcp_ip_src(skb, 0xA010101);
66 set_tcp_dest_port(skb, 5001);
67 }
68
69 return 0;
70}
71char _license[] SEC("license") = "GPL";