• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2016 VMware
3  * Copyright (c) 2016 Facebook
4  *
5  * This program is free software; you can redistribute it and/or
6  * modify it under the terms of version 2 of the GNU General Public
7  * License as published by the Free Software Foundation.
8  */
9 #include <stddef.h>
10 #include <string.h>
11 #include <arpa/inet.h>
12 #include <linux/bpf.h>
13 #include <linux/if_ether.h>
14 #include <linux/if_packet.h>
15 #include <linux/ip.h>
16 #include <linux/ipv6.h>
17 #include <linux/types.h>
18 #include <linux/tcp.h>
19 #include <linux/socket.h>
20 #include <linux/pkt_cls.h>
21 #include <linux/erspan.h>
22 #include "bpf_helpers.h"
23 #include "bpf_endian.h"
24 
25 #define ERROR(ret) do {\
26 		char fmt[] = "ERROR line:%d ret:%d\n";\
27 		bpf_trace_printk(fmt, sizeof(fmt), __LINE__, ret); \
28 	} while (0)
29 
30 int _version SEC("version") = 1;
31 
32 struct geneve_opt {
33 	__be16	opt_class;
34 	__u8	type;
35 	__u8	length:5;
36 	__u8	r3:1;
37 	__u8	r2:1;
38 	__u8	r1:1;
39 	__u8	opt_data[8]; /* hard-coded to 8 byte */
40 };
41 
42 struct vxlan_metadata {
43 	__u32     gbp;
44 };
45 
46 SEC("gre_set_tunnel")
_gre_set_tunnel(struct __sk_buff * skb)47 int _gre_set_tunnel(struct __sk_buff *skb)
48 {
49 	int ret;
50 	struct bpf_tunnel_key key;
51 
52 	__builtin_memset(&key, 0x0, sizeof(key));
53 	key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
54 	key.tunnel_id = 2;
55 	key.tunnel_tos = 0;
56 	key.tunnel_ttl = 64;
57 
58 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
59 				     BPF_F_ZERO_CSUM_TX | BPF_F_SEQ_NUMBER);
60 	if (ret < 0) {
61 		ERROR(ret);
62 		return TC_ACT_SHOT;
63 	}
64 
65 	return TC_ACT_OK;
66 }
67 
68 SEC("gre_get_tunnel")
_gre_get_tunnel(struct __sk_buff * skb)69 int _gre_get_tunnel(struct __sk_buff *skb)
70 {
71 	int ret;
72 	struct bpf_tunnel_key key;
73 	char fmt[] = "key %d remote ip 0x%x\n";
74 
75 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
76 	if (ret < 0) {
77 		ERROR(ret);
78 		return TC_ACT_SHOT;
79 	}
80 
81 	bpf_trace_printk(fmt, sizeof(fmt), key.tunnel_id, key.remote_ipv4);
82 	return TC_ACT_OK;
83 }
84 
85 SEC("ip6gretap_set_tunnel")
_ip6gretap_set_tunnel(struct __sk_buff * skb)86 int _ip6gretap_set_tunnel(struct __sk_buff *skb)
87 {
88 	struct bpf_tunnel_key key;
89 	int ret;
90 
91 	__builtin_memset(&key, 0x0, sizeof(key));
92 	key.remote_ipv6[3] = bpf_htonl(0x11); /* ::11 */
93 	key.tunnel_id = 2;
94 	key.tunnel_tos = 0;
95 	key.tunnel_ttl = 64;
96 	key.tunnel_label = 0xabcde;
97 
98 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
99 				     BPF_F_TUNINFO_IPV6 | BPF_F_ZERO_CSUM_TX |
100 				     BPF_F_SEQ_NUMBER);
101 	if (ret < 0) {
102 		ERROR(ret);
103 		return TC_ACT_SHOT;
104 	}
105 
106 	return TC_ACT_OK;
107 }
108 
109 SEC("ip6gretap_get_tunnel")
_ip6gretap_get_tunnel(struct __sk_buff * skb)110 int _ip6gretap_get_tunnel(struct __sk_buff *skb)
111 {
112 	char fmt[] = "key %d remote ip6 ::%x label %x\n";
113 	struct bpf_tunnel_key key;
114 	int ret;
115 
116 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
117 				     BPF_F_TUNINFO_IPV6);
118 	if (ret < 0) {
119 		ERROR(ret);
120 		return TC_ACT_SHOT;
121 	}
122 
123 	bpf_trace_printk(fmt, sizeof(fmt),
124 			 key.tunnel_id, key.remote_ipv6[3], key.tunnel_label);
125 
126 	return TC_ACT_OK;
127 }
128 
129 SEC("erspan_set_tunnel")
_erspan_set_tunnel(struct __sk_buff * skb)130 int _erspan_set_tunnel(struct __sk_buff *skb)
131 {
132 	struct bpf_tunnel_key key;
133 	struct erspan_metadata md;
134 	int ret;
135 
136 	__builtin_memset(&key, 0x0, sizeof(key));
137 	key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
138 	key.tunnel_id = 2;
139 	key.tunnel_tos = 0;
140 	key.tunnel_ttl = 64;
141 
142 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
143 				     BPF_F_ZERO_CSUM_TX);
144 	if (ret < 0) {
145 		ERROR(ret);
146 		return TC_ACT_SHOT;
147 	}
148 
149 	__builtin_memset(&md, 0, sizeof(md));
150 #ifdef ERSPAN_V1
151 	md.version = 1;
152 	md.u.index = bpf_htonl(123);
153 #else
154 	__u8 direction = 1;
155 	__u8 hwid = 7;
156 
157 	md.version = 2;
158 	md.u.md2.dir = direction;
159 	md.u.md2.hwid = hwid & 0xf;
160 	md.u.md2.hwid_upper = (hwid >> 4) & 0x3;
161 #endif
162 
163 	ret = bpf_skb_set_tunnel_opt(skb, &md, sizeof(md));
164 	if (ret < 0) {
165 		ERROR(ret);
166 		return TC_ACT_SHOT;
167 	}
168 
169 	return TC_ACT_OK;
170 }
171 
172 SEC("erspan_get_tunnel")
_erspan_get_tunnel(struct __sk_buff * skb)173 int _erspan_get_tunnel(struct __sk_buff *skb)
174 {
175 	char fmt[] = "key %d remote ip 0x%x erspan version %d\n";
176 	struct bpf_tunnel_key key;
177 	struct erspan_metadata md;
178 	__u32 index;
179 	int ret;
180 
181 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
182 	if (ret < 0) {
183 		ERROR(ret);
184 		return TC_ACT_SHOT;
185 	}
186 
187 	ret = bpf_skb_get_tunnel_opt(skb, &md, sizeof(md));
188 	if (ret < 0) {
189 		ERROR(ret);
190 		return TC_ACT_SHOT;
191 	}
192 
193 	bpf_trace_printk(fmt, sizeof(fmt),
194 			key.tunnel_id, key.remote_ipv4, md.version);
195 
196 #ifdef ERSPAN_V1
197 	char fmt2[] = "\tindex %x\n";
198 
199 	index = bpf_ntohl(md.u.index);
200 	bpf_trace_printk(fmt2, sizeof(fmt2), index);
201 #else
202 	char fmt2[] = "\tdirection %d hwid %x timestamp %u\n";
203 
204 	bpf_trace_printk(fmt2, sizeof(fmt2),
205 			 md.u.md2.dir,
206 			 (md.u.md2.hwid_upper << 4) + md.u.md2.hwid,
207 			 bpf_ntohl(md.u.md2.timestamp));
208 #endif
209 
210 	return TC_ACT_OK;
211 }
212 
213 SEC("ip4ip6erspan_set_tunnel")
_ip4ip6erspan_set_tunnel(struct __sk_buff * skb)214 int _ip4ip6erspan_set_tunnel(struct __sk_buff *skb)
215 {
216 	struct bpf_tunnel_key key;
217 	struct erspan_metadata md;
218 	int ret;
219 
220 	__builtin_memset(&key, 0x0, sizeof(key));
221 	key.remote_ipv6[3] = bpf_htonl(0x11);
222 	key.tunnel_id = 2;
223 	key.tunnel_tos = 0;
224 	key.tunnel_ttl = 64;
225 
226 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
227 				     BPF_F_TUNINFO_IPV6);
228 	if (ret < 0) {
229 		ERROR(ret);
230 		return TC_ACT_SHOT;
231 	}
232 
233 	__builtin_memset(&md, 0, sizeof(md));
234 
235 #ifdef ERSPAN_V1
236 	md.u.index = bpf_htonl(123);
237 	md.version = 1;
238 #else
239 	__u8 direction = 0;
240 	__u8 hwid = 17;
241 
242 	md.version = 2;
243 	md.u.md2.dir = direction;
244 	md.u.md2.hwid = hwid & 0xf;
245 	md.u.md2.hwid_upper = (hwid >> 4) & 0x3;
246 #endif
247 
248 	ret = bpf_skb_set_tunnel_opt(skb, &md, sizeof(md));
249 	if (ret < 0) {
250 		ERROR(ret);
251 		return TC_ACT_SHOT;
252 	}
253 
254 	return TC_ACT_OK;
255 }
256 
257 SEC("ip4ip6erspan_get_tunnel")
_ip4ip6erspan_get_tunnel(struct __sk_buff * skb)258 int _ip4ip6erspan_get_tunnel(struct __sk_buff *skb)
259 {
260 	char fmt[] = "ip6erspan get key %d remote ip6 ::%x erspan version %d\n";
261 	struct bpf_tunnel_key key;
262 	struct erspan_metadata md;
263 	__u32 index;
264 	int ret;
265 
266 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
267 				     BPF_F_TUNINFO_IPV6);
268 	if (ret < 0) {
269 		ERROR(ret);
270 		return TC_ACT_SHOT;
271 	}
272 
273 	ret = bpf_skb_get_tunnel_opt(skb, &md, sizeof(md));
274 	if (ret < 0) {
275 		ERROR(ret);
276 		return TC_ACT_SHOT;
277 	}
278 
279 	bpf_trace_printk(fmt, sizeof(fmt),
280 			key.tunnel_id, key.remote_ipv4, md.version);
281 
282 #ifdef ERSPAN_V1
283 	char fmt2[] = "\tindex %x\n";
284 
285 	index = bpf_ntohl(md.u.index);
286 	bpf_trace_printk(fmt2, sizeof(fmt2), index);
287 #else
288 	char fmt2[] = "\tdirection %d hwid %x timestamp %u\n";
289 
290 	bpf_trace_printk(fmt2, sizeof(fmt2),
291 			 md.u.md2.dir,
292 			 (md.u.md2.hwid_upper << 4) + md.u.md2.hwid,
293 			 bpf_ntohl(md.u.md2.timestamp));
294 #endif
295 
296 	return TC_ACT_OK;
297 }
298 
299 SEC("vxlan_set_tunnel")
_vxlan_set_tunnel(struct __sk_buff * skb)300 int _vxlan_set_tunnel(struct __sk_buff *skb)
301 {
302 	int ret;
303 	struct bpf_tunnel_key key;
304 	struct vxlan_metadata md;
305 
306 	__builtin_memset(&key, 0x0, sizeof(key));
307 	key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
308 	key.tunnel_id = 2;
309 	key.tunnel_tos = 0;
310 	key.tunnel_ttl = 64;
311 
312 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
313 				     BPF_F_ZERO_CSUM_TX);
314 	if (ret < 0) {
315 		ERROR(ret);
316 		return TC_ACT_SHOT;
317 	}
318 
319 	md.gbp = 0x800FF; /* Set VXLAN Group Policy extension */
320 	ret = bpf_skb_set_tunnel_opt(skb, &md, sizeof(md));
321 	if (ret < 0) {
322 		ERROR(ret);
323 		return TC_ACT_SHOT;
324 	}
325 
326 	return TC_ACT_OK;
327 }
328 
329 SEC("vxlan_get_tunnel")
_vxlan_get_tunnel(struct __sk_buff * skb)330 int _vxlan_get_tunnel(struct __sk_buff *skb)
331 {
332 	int ret;
333 	struct bpf_tunnel_key key;
334 	struct vxlan_metadata md;
335 	char fmt[] = "key %d remote ip 0x%x vxlan gbp 0x%x\n";
336 
337 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
338 	if (ret < 0) {
339 		ERROR(ret);
340 		return TC_ACT_SHOT;
341 	}
342 
343 	ret = bpf_skb_get_tunnel_opt(skb, &md, sizeof(md));
344 	if (ret < 0) {
345 		ERROR(ret);
346 		return TC_ACT_SHOT;
347 	}
348 
349 	bpf_trace_printk(fmt, sizeof(fmt),
350 			key.tunnel_id, key.remote_ipv4, md.gbp);
351 
352 	return TC_ACT_OK;
353 }
354 
355 SEC("ip6vxlan_set_tunnel")
_ip6vxlan_set_tunnel(struct __sk_buff * skb)356 int _ip6vxlan_set_tunnel(struct __sk_buff *skb)
357 {
358 	struct bpf_tunnel_key key;
359 	int ret;
360 
361 	__builtin_memset(&key, 0x0, sizeof(key));
362 	key.remote_ipv6[3] = bpf_htonl(0x11); /* ::11 */
363 	key.tunnel_id = 22;
364 	key.tunnel_tos = 0;
365 	key.tunnel_ttl = 64;
366 
367 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
368 				     BPF_F_TUNINFO_IPV6);
369 	if (ret < 0) {
370 		ERROR(ret);
371 		return TC_ACT_SHOT;
372 	}
373 
374 	return TC_ACT_OK;
375 }
376 
377 SEC("ip6vxlan_get_tunnel")
_ip6vxlan_get_tunnel(struct __sk_buff * skb)378 int _ip6vxlan_get_tunnel(struct __sk_buff *skb)
379 {
380 	char fmt[] = "key %d remote ip6 ::%x label %x\n";
381 	struct bpf_tunnel_key key;
382 	int ret;
383 
384 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
385 				     BPF_F_TUNINFO_IPV6);
386 	if (ret < 0) {
387 		ERROR(ret);
388 		return TC_ACT_SHOT;
389 	}
390 
391 	bpf_trace_printk(fmt, sizeof(fmt),
392 			 key.tunnel_id, key.remote_ipv6[3], key.tunnel_label);
393 
394 	return TC_ACT_OK;
395 }
396 
397 SEC("geneve_set_tunnel")
_geneve_set_tunnel(struct __sk_buff * skb)398 int _geneve_set_tunnel(struct __sk_buff *skb)
399 {
400 	int ret, ret2;
401 	struct bpf_tunnel_key key;
402 	struct geneve_opt gopt;
403 
404 	__builtin_memset(&key, 0x0, sizeof(key));
405 	key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
406 	key.tunnel_id = 2;
407 	key.tunnel_tos = 0;
408 	key.tunnel_ttl = 64;
409 
410 	__builtin_memset(&gopt, 0x0, sizeof(gopt));
411 	gopt.opt_class = bpf_htons(0x102); /* Open Virtual Networking (OVN) */
412 	gopt.type = 0x08;
413 	gopt.r1 = 0;
414 	gopt.r2 = 0;
415 	gopt.r3 = 0;
416 	gopt.length = 2; /* 4-byte multiple */
417 	*(int *) &gopt.opt_data = bpf_htonl(0xdeadbeef);
418 
419 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
420 				     BPF_F_ZERO_CSUM_TX);
421 	if (ret < 0) {
422 		ERROR(ret);
423 		return TC_ACT_SHOT;
424 	}
425 
426 	ret = bpf_skb_set_tunnel_opt(skb, &gopt, sizeof(gopt));
427 	if (ret < 0) {
428 		ERROR(ret);
429 		return TC_ACT_SHOT;
430 	}
431 
432 	return TC_ACT_OK;
433 }
434 
435 SEC("geneve_get_tunnel")
_geneve_get_tunnel(struct __sk_buff * skb)436 int _geneve_get_tunnel(struct __sk_buff *skb)
437 {
438 	int ret;
439 	struct bpf_tunnel_key key;
440 	struct geneve_opt gopt;
441 	char fmt[] = "key %d remote ip 0x%x geneve class 0x%x\n";
442 
443 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
444 	if (ret < 0) {
445 		ERROR(ret);
446 		return TC_ACT_SHOT;
447 	}
448 
449 	ret = bpf_skb_get_tunnel_opt(skb, &gopt, sizeof(gopt));
450 	if (ret < 0) {
451 		ERROR(ret);
452 		return TC_ACT_SHOT;
453 	}
454 
455 	bpf_trace_printk(fmt, sizeof(fmt),
456 			key.tunnel_id, key.remote_ipv4, gopt.opt_class);
457 	return TC_ACT_OK;
458 }
459 
460 SEC("ip6geneve_set_tunnel")
_ip6geneve_set_tunnel(struct __sk_buff * skb)461 int _ip6geneve_set_tunnel(struct __sk_buff *skb)
462 {
463 	struct bpf_tunnel_key key;
464 	struct geneve_opt gopt;
465 	int ret;
466 
467 	__builtin_memset(&key, 0x0, sizeof(key));
468 	key.remote_ipv6[3] = bpf_htonl(0x11); /* ::11 */
469 	key.tunnel_id = 22;
470 	key.tunnel_tos = 0;
471 	key.tunnel_ttl = 64;
472 
473 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
474 				     BPF_F_TUNINFO_IPV6);
475 	if (ret < 0) {
476 		ERROR(ret);
477 		return TC_ACT_SHOT;
478 	}
479 
480 	__builtin_memset(&gopt, 0x0, sizeof(gopt));
481 	gopt.opt_class = bpf_htons(0x102); /* Open Virtual Networking (OVN) */
482 	gopt.type = 0x08;
483 	gopt.r1 = 0;
484 	gopt.r2 = 0;
485 	gopt.r3 = 0;
486 	gopt.length = 2; /* 4-byte multiple */
487 	*(int *) &gopt.opt_data = bpf_htonl(0xfeedbeef);
488 
489 	ret = bpf_skb_set_tunnel_opt(skb, &gopt, sizeof(gopt));
490 	if (ret < 0) {
491 		ERROR(ret);
492 		return TC_ACT_SHOT;
493 	}
494 
495 	return TC_ACT_OK;
496 }
497 
498 SEC("ip6geneve_get_tunnel")
_ip6geneve_get_tunnel(struct __sk_buff * skb)499 int _ip6geneve_get_tunnel(struct __sk_buff *skb)
500 {
501 	char fmt[] = "key %d remote ip 0x%x geneve class 0x%x\n";
502 	struct bpf_tunnel_key key;
503 	struct geneve_opt gopt;
504 	int ret;
505 
506 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
507 				     BPF_F_TUNINFO_IPV6);
508 	if (ret < 0) {
509 		ERROR(ret);
510 		return TC_ACT_SHOT;
511 	}
512 
513 	ret = bpf_skb_get_tunnel_opt(skb, &gopt, sizeof(gopt));
514 	if (ret < 0) {
515 		ERROR(ret);
516 		return TC_ACT_SHOT;
517 	}
518 
519 	bpf_trace_printk(fmt, sizeof(fmt),
520 			key.tunnel_id, key.remote_ipv4, gopt.opt_class);
521 
522 	return TC_ACT_OK;
523 }
524 
525 SEC("ipip_set_tunnel")
_ipip_set_tunnel(struct __sk_buff * skb)526 int _ipip_set_tunnel(struct __sk_buff *skb)
527 {
528 	struct bpf_tunnel_key key = {};
529 	void *data = (void *)(long)skb->data;
530 	struct iphdr *iph = data;
531 	struct tcphdr *tcp = data + sizeof(*iph);
532 	void *data_end = (void *)(long)skb->data_end;
533 	int ret;
534 
535 	/* single length check */
536 	if (data + sizeof(*iph) + sizeof(*tcp) > data_end) {
537 		ERROR(1);
538 		return TC_ACT_SHOT;
539 	}
540 
541 	key.tunnel_ttl = 64;
542 	if (iph->protocol == IPPROTO_ICMP) {
543 		key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
544 	} else {
545 		if (iph->protocol != IPPROTO_TCP || iph->ihl != 5)
546 			return TC_ACT_SHOT;
547 
548 		if (tcp->dest == bpf_htons(5200))
549 			key.remote_ipv4 = 0xac100164; /* 172.16.1.100 */
550 		else if (tcp->dest == bpf_htons(5201))
551 			key.remote_ipv4 = 0xac100165; /* 172.16.1.101 */
552 		else
553 			return TC_ACT_SHOT;
554 	}
555 
556 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key), 0);
557 	if (ret < 0) {
558 		ERROR(ret);
559 		return TC_ACT_SHOT;
560 	}
561 
562 	return TC_ACT_OK;
563 }
564 
565 SEC("ipip_get_tunnel")
_ipip_get_tunnel(struct __sk_buff * skb)566 int _ipip_get_tunnel(struct __sk_buff *skb)
567 {
568 	int ret;
569 	struct bpf_tunnel_key key;
570 	char fmt[] = "remote ip 0x%x\n";
571 
572 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key), 0);
573 	if (ret < 0) {
574 		ERROR(ret);
575 		return TC_ACT_SHOT;
576 	}
577 
578 	bpf_trace_printk(fmt, sizeof(fmt), key.remote_ipv4);
579 	return TC_ACT_OK;
580 }
581 
582 SEC("ipip6_set_tunnel")
_ipip6_set_tunnel(struct __sk_buff * skb)583 int _ipip6_set_tunnel(struct __sk_buff *skb)
584 {
585 	struct bpf_tunnel_key key = {};
586 	void *data = (void *)(long)skb->data;
587 	struct iphdr *iph = data;
588 	struct tcphdr *tcp = data + sizeof(*iph);
589 	void *data_end = (void *)(long)skb->data_end;
590 	int ret;
591 
592 	/* single length check */
593 	if (data + sizeof(*iph) + sizeof(*tcp) > data_end) {
594 		ERROR(1);
595 		return TC_ACT_SHOT;
596 	}
597 
598 	__builtin_memset(&key, 0x0, sizeof(key));
599 	key.remote_ipv6[3] = bpf_htonl(0x11); /* ::11 */
600 	key.tunnel_ttl = 64;
601 
602 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
603 				     BPF_F_TUNINFO_IPV6);
604 	if (ret < 0) {
605 		ERROR(ret);
606 		return TC_ACT_SHOT;
607 	}
608 
609 	return TC_ACT_OK;
610 }
611 
612 SEC("ipip6_get_tunnel")
_ipip6_get_tunnel(struct __sk_buff * skb)613 int _ipip6_get_tunnel(struct __sk_buff *skb)
614 {
615 	int ret;
616 	struct bpf_tunnel_key key;
617 	char fmt[] = "remote ip6 %x::%x\n";
618 
619 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
620 				     BPF_F_TUNINFO_IPV6);
621 	if (ret < 0) {
622 		ERROR(ret);
623 		return TC_ACT_SHOT;
624 	}
625 
626 	bpf_trace_printk(fmt, sizeof(fmt), bpf_htonl(key.remote_ipv6[0]),
627 			 bpf_htonl(key.remote_ipv6[3]));
628 	return TC_ACT_OK;
629 }
630 
631 SEC("ip6ip6_set_tunnel")
_ip6ip6_set_tunnel(struct __sk_buff * skb)632 int _ip6ip6_set_tunnel(struct __sk_buff *skb)
633 {
634 	struct bpf_tunnel_key key = {};
635 	void *data = (void *)(long)skb->data;
636 	struct ipv6hdr *iph = data;
637 	struct tcphdr *tcp = data + sizeof(*iph);
638 	void *data_end = (void *)(long)skb->data_end;
639 	int ret;
640 
641 	/* single length check */
642 	if (data + sizeof(*iph) + sizeof(*tcp) > data_end) {
643 		ERROR(1);
644 		return TC_ACT_SHOT;
645 	}
646 
647 	key.remote_ipv6[0] = bpf_htonl(0x2401db00);
648 	key.tunnel_ttl = 64;
649 
650 	if (iph->nexthdr == 58 /* NEXTHDR_ICMP */) {
651 		key.remote_ipv6[3] = bpf_htonl(1);
652 	} else {
653 		if (iph->nexthdr != 6 /* NEXTHDR_TCP */) {
654 			ERROR(iph->nexthdr);
655 			return TC_ACT_SHOT;
656 		}
657 
658 		if (tcp->dest == bpf_htons(5200)) {
659 			key.remote_ipv6[3] = bpf_htonl(1);
660 		} else if (tcp->dest == bpf_htons(5201)) {
661 			key.remote_ipv6[3] = bpf_htonl(2);
662 		} else {
663 			ERROR(tcp->dest);
664 			return TC_ACT_SHOT;
665 		}
666 	}
667 
668 	ret = bpf_skb_set_tunnel_key(skb, &key, sizeof(key),
669 				     BPF_F_TUNINFO_IPV6);
670 	if (ret < 0) {
671 		ERROR(ret);
672 		return TC_ACT_SHOT;
673 	}
674 
675 	return TC_ACT_OK;
676 }
677 
678 SEC("ip6ip6_get_tunnel")
_ip6ip6_get_tunnel(struct __sk_buff * skb)679 int _ip6ip6_get_tunnel(struct __sk_buff *skb)
680 {
681 	int ret;
682 	struct bpf_tunnel_key key;
683 	char fmt[] = "remote ip6 %x::%x\n";
684 
685 	ret = bpf_skb_get_tunnel_key(skb, &key, sizeof(key),
686 				     BPF_F_TUNINFO_IPV6);
687 	if (ret < 0) {
688 		ERROR(ret);
689 		return TC_ACT_SHOT;
690 	}
691 
692 	bpf_trace_printk(fmt, sizeof(fmt), bpf_htonl(key.remote_ipv6[0]),
693 			 bpf_htonl(key.remote_ipv6[3]));
694 	return TC_ACT_OK;
695 }
696 
697 SEC("xfrm_get_state")
_xfrm_get_state(struct __sk_buff * skb)698 int _xfrm_get_state(struct __sk_buff *skb)
699 {
700 	struct bpf_xfrm_state x;
701 	char fmt[] = "reqid %d spi 0x%x remote ip 0x%x\n";
702 	int ret;
703 
704 	ret = bpf_skb_get_xfrm_state(skb, 0, &x, sizeof(x), 0);
705 	if (ret < 0)
706 		return TC_ACT_OK;
707 
708 	bpf_trace_printk(fmt, sizeof(fmt), x.reqid, bpf_ntohl(x.spi),
709 			 bpf_ntohl(x.remote_ipv4));
710 	return TC_ACT_OK;
711 }
712 
713 char _license[] SEC("license") = "GPL";
714