github.com/datadog/cilium@v1.6.12/bpf/sockops/bpf_redir.c (about) 1 /* 2 * Copyright (C) 2018 Authors of Cilium 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License as published by 6 * the Free Software Foundation; either version 2 of the License, or 7 * (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, write to the Free Software 16 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17 */ 18 19 #define SKIP_CALLS_MAP 20 21 #include <node_config.h> 22 #include <bpf/api.h> 23 24 #include <stdint.h> 25 #include <stdio.h> 26 27 #include <linux/bpf.h> 28 #include <linux/if_ether.h> 29 30 #define SOCKMAP 1 31 32 #include "../lib/utils.h" 33 #include "../lib/common.h" 34 #include "../lib/maps.h" 35 #include "../lib/lb.h" 36 #include "../lib/eps.h" 37 #include "../lib/events.h" 38 #include "../lib/policy.h" 39 40 #include "bpf_sockops.h" 41 42 __section("sk_msg") 43 int bpf_redir_proxy(struct sk_msg_md *msg) 44 { 45 struct remote_endpoint_info *info; 46 __u64 flags = BPF_F_INGRESS; 47 struct sock_key key = {}; 48 __u32 dstID = 0; 49 int verdict; 50 51 sk_msg_extract4_key(msg, &key); 52 53 /* Currently, pulling dstIP out of endpoint 54 * tables. This can be simplified by caching this information with the 55 * socket to avoid extra overhead. This would require the agent though 56 * to flush the sock ops map on policy changes. 57 */ 58 info = lookup_ip4_remote_endpoint(key.dip4); 59 if (info != NULL && info->sec_label) 60 dstID = info->sec_label; 61 else 62 dstID = WORLD_ID; 63 64 verdict = policy_sk_egress(dstID, key.sip4, key.dport); 65 if (verdict >= 0) { 66 msg_redirect_hash(msg, &SOCK_OPS_MAP, &key, flags); 67 } 68 return SK_PASS; 69 } 70 71 BPF_LICENSE("GPL"); 72 int _version __section("version") = 1;