diff options
author | Alexei Starovoitov <ast@plumgrid.com> | 2015-04-01 20:12:13 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-04-06 16:42:35 -0400 |
commit | 91bc4822c3d61b9bb7ef66d3b77948a4f9177954 (patch) | |
tree | ca92a811b501957c1e876290d305aaf81c8d9aff /samples | |
parent | 5888b93b750609680735d6b8b737703083ef40ff (diff) |
tc: bpf: add checksum helpers
Commit 608cd71a9c7c ("tc: bpf: generalize pedit action") has added the
possibility to mangle packet data to BPF programs in the tc pipeline.
This patch adds two helpers bpf_l3_csum_replace() and bpf_l4_csum_replace()
for fixing up the protocol checksums after the packet mangling.
It also adds 'flags' argument to bpf_skb_store_bytes() helper to avoid
unnecessary checksum recomputations when BPF programs adjusting l3/l4
checksums and documents all three helpers in uapi header.
Moreover, a sample program is added to show how BPF programs can make use
of the mangle and csum helpers.
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'samples')
-rw-r--r-- | samples/bpf/Makefile | 1 | ||||
-rw-r--r-- | samples/bpf/bpf_helpers.h | 7 | ||||
-rw-r--r-- | samples/bpf/tcbpf1_kern.c | 71 |
3 files changed, 79 insertions, 0 deletions
diff --git a/samples/bpf/Makefile b/samples/bpf/Makefile index b5b3600dcdf5..d24f51bca465 100644 --- a/samples/bpf/Makefile +++ b/samples/bpf/Makefile | |||
@@ -17,6 +17,7 @@ sockex2-objs := bpf_load.o libbpf.o sockex2_user.o | |||
17 | always := $(hostprogs-y) | 17 | always := $(hostprogs-y) |
18 | always += sockex1_kern.o | 18 | always += sockex1_kern.o |
19 | always += sockex2_kern.o | 19 | always += sockex2_kern.o |
20 | always += tcbpf1_kern.o | ||
20 | 21 | ||
21 | HOSTCFLAGS += -I$(objtree)/usr/include | 22 | HOSTCFLAGS += -I$(objtree)/usr/include |
22 | 23 | ||
diff --git a/samples/bpf/bpf_helpers.h b/samples/bpf/bpf_helpers.h index ca0333146006..72540ec1f003 100644 --- a/samples/bpf/bpf_helpers.h +++ b/samples/bpf/bpf_helpers.h | |||
@@ -37,4 +37,11 @@ struct bpf_map_def { | |||
37 | unsigned int max_entries; | 37 | unsigned int max_entries; |
38 | }; | 38 | }; |
39 | 39 | ||
40 | static int (*bpf_skb_store_bytes)(void *ctx, int off, void *from, int len, int flags) = | ||
41 | (void *) BPF_FUNC_skb_store_bytes; | ||
42 | static int (*bpf_l3_csum_replace)(void *ctx, int off, int from, int to, int flags) = | ||
43 | (void *) BPF_FUNC_l3_csum_replace; | ||
44 | static int (*bpf_l4_csum_replace)(void *ctx, int off, int from, int to, int flags) = | ||
45 | (void *) BPF_FUNC_l4_csum_replace; | ||
46 | |||
40 | #endif | 47 | #endif |
diff --git a/samples/bpf/tcbpf1_kern.c b/samples/bpf/tcbpf1_kern.c new file mode 100644 index 000000000000..7cf3f42a6e39 --- /dev/null +++ b/samples/bpf/tcbpf1_kern.c | |||
@@ -0,0 +1,71 @@ | |||
1 | #include <uapi/linux/bpf.h> | ||
2 | #include <uapi/linux/if_ether.h> | ||
3 | #include <uapi/linux/if_packet.h> | ||
4 | #include <uapi/linux/ip.h> | ||
5 | #include <uapi/linux/in.h> | ||
6 | #include <uapi/linux/tcp.h> | ||
7 | #include "bpf_helpers.h" | ||
8 | |||
9 | /* compiler workaround */ | ||
10 | #define _htonl __builtin_bswap32 | ||
11 | |||
12 | static inline void set_dst_mac(struct __sk_buff *skb, char *mac) | ||
13 | { | ||
14 | bpf_skb_store_bytes(skb, 0, mac, ETH_ALEN, 1); | ||
15 | } | ||
16 | |||
17 | /* use 1 below for ingress qdisc and 0 for egress */ | ||
18 | #if 0 | ||
19 | #undef ETH_HLEN | ||
20 | #define ETH_HLEN 0 | ||
21 | #endif | ||
22 | |||
23 | #define IP_CSUM_OFF (ETH_HLEN + offsetof(struct iphdr, check)) | ||
24 | #define TOS_OFF (ETH_HLEN + offsetof(struct iphdr, tos)) | ||
25 | |||
26 | static inline void set_ip_tos(struct __sk_buff *skb, __u8 new_tos) | ||
27 | { | ||
28 | __u8 old_tos = load_byte(skb, TOS_OFF); | ||
29 | |||
30 | bpf_l3_csum_replace(skb, IP_CSUM_OFF, htons(old_tos), htons(new_tos), 2); | ||
31 | bpf_skb_store_bytes(skb, TOS_OFF, &new_tos, sizeof(new_tos), 0); | ||
32 | } | ||
33 | |||
34 | #define TCP_CSUM_OFF (ETH_HLEN + sizeof(struct iphdr) + offsetof(struct tcphdr, check)) | ||
35 | #define IP_SRC_OFF (ETH_HLEN + offsetof(struct iphdr, saddr)) | ||
36 | |||
37 | #define IS_PSEUDO 0x10 | ||
38 | |||
39 | static inline void set_tcp_ip_src(struct __sk_buff *skb, __u32 new_ip) | ||
40 | { | ||
41 | __u32 old_ip = _htonl(load_word(skb, IP_SRC_OFF)); | ||
42 | |||
43 | bpf_l4_csum_replace(skb, TCP_CSUM_OFF, old_ip, new_ip, IS_PSEUDO | sizeof(new_ip)); | ||
44 | bpf_l3_csum_replace(skb, IP_CSUM_OFF, old_ip, new_ip, sizeof(new_ip)); | ||
45 | bpf_skb_store_bytes(skb, IP_SRC_OFF, &new_ip, sizeof(new_ip), 0); | ||
46 | } | ||
47 | |||
48 | #define TCP_DPORT_OFF (ETH_HLEN + sizeof(struct iphdr) + offsetof(struct tcphdr, dest)) | ||
49 | static inline void set_tcp_dest_port(struct __sk_buff *skb, __u16 new_port) | ||
50 | { | ||
51 | __u16 old_port = htons(load_half(skb, TCP_DPORT_OFF)); | ||
52 | |||
53 | bpf_l4_csum_replace(skb, TCP_CSUM_OFF, old_port, new_port, sizeof(new_port)); | ||
54 | bpf_skb_store_bytes(skb, TCP_DPORT_OFF, &new_port, sizeof(new_port), 0); | ||
55 | } | ||
56 | |||
57 | SEC("classifier") | ||
58 | int bpf_prog1(struct __sk_buff *skb) | ||
59 | { | ||
60 | __u8 proto = load_byte(skb, ETH_HLEN + offsetof(struct iphdr, protocol)); | ||
61 | long *value; | ||
62 | |||
63 | if (proto == IPPROTO_TCP) { | ||
64 | set_ip_tos(skb, 8); | ||
65 | set_tcp_ip_src(skb, 0xA010101); | ||
66 | set_tcp_dest_port(skb, 5001); | ||
67 | } | ||
68 | |||
69 | return 0; | ||
70 | } | ||
71 | char _license[] SEC("license") = "GPL"; | ||