github.com/jayanthvn/pure-gobpf@v0.0.0-20230623131354-8d1d959d9e0b/test-data/tc.ingress.bpf.c (about) 1 #include "vmlinux.h" 2 #include <bpf/bpf_helpers.h> 3 #include <bpf/bpf_tracing.h> 4 #include <bpf/bpf_core_read.h> 5 6 #define BPF_F_NO_PREALLOC 1 7 #define PIN_GLOBAL_NS 2 8 #define BPF_MAP_TYPE_RINGBUF 27 9 10 struct bpf_map_def_pvt { 11 __u32 type; 12 __u32 key_size; 13 __u32 value_size; 14 __u32 max_entries; 15 __u32 map_flags; 16 __u32 pinning; 17 __u32 inner_map_fd; 18 }; 19 20 struct lpm_trie_key { 21 __u32 prefixlen; 22 __u8 ip[4]; 23 }; 24 25 struct lpm_trie_val { 26 __u32 protocol; 27 __u32 start_port; 28 __u32 end_port; 29 }; 30 31 struct conntrack_key { 32 __u32 src_ip; 33 __u16 src_port; 34 __u32 dest_ip; 35 __u16 dest_port; 36 __u8 protocol; 37 }; 38 39 struct conntrack_value { 40 __u8 val[4]; 41 }; 42 43 struct data_t { 44 __u32 src_ip; 45 __u32 src_port; 46 __u32 dest_ip; 47 __u32 dest_port; 48 __u32 protocol; 49 __u32 verdict; 50 }; 51 52 53 struct bpf_map_def_pvt SEC("maps") ingress_map = { 54 .type = BPF_MAP_TYPE_LPM_TRIE, 55 .key_size =sizeof(struct lpm_trie_key), 56 .value_size = sizeof(struct lpm_trie_val[16]), 57 .max_entries = 100, 58 .map_flags = BPF_F_NO_PREALLOC, 59 .pinning = PIN_GLOBAL_NS, 60 }; 61 62 struct bpf_map_def_pvt SEC("maps") aws_conntrack_map = { 63 .type = BPF_MAP_TYPE_LRU_HASH, 64 .key_size =sizeof(struct conntrack_key), 65 .value_size = sizeof(struct conntrack_value), 66 .max_entries = 65536, 67 .pinning = PIN_GLOBAL_NS, 68 }; 69 70 struct bpf_map_def_pvt SEC("maps") policy_events = { 71 .type = BPF_MAP_TYPE_RINGBUF, 72 .max_entries = 256 * 1024, 73 .pinning = PIN_GLOBAL_NS, 74 }; 75 76 SEC("tc_cls") 77 int handle_ingress(struct __sk_buff *skb) 78 { 79 struct lpm_trie_key trie_key; 80 trie_key.prefixlen = 32; 81 trie_key.ip[0] = 10; 82 trie_key.ip[1] = 1; 83 trie_key.ip[2] = 1; 84 trie_key.ip[3] = 100; 85 86 struct lpm_trie_val *trie_val; 87 trie_val = bpf_map_lookup_elem(&ingress_map, &trie_key); 88 if (trie_val == NULL) { 89 return BPF_DROP; 90 } 91 return BPF_OK; 92 } 93 94 SEC("kprobe/nf_ct_delete") 95 int conn_del(struct pt_regs *ctx) { 96 struct nf_conn *ct = (struct nf_conn *) PT_REGS_PARM1(ctx); 97 struct nf_conn new_ct = {}; 98 bpf_probe_read(&new_ct, sizeof(new_ct), ct); 99 struct conntrack_key flow_key = {}; 100 memset(&flow_key, 0, sizeof(flow_key)); 101 102 struct nf_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX]; 103 bpf_probe_read(&tuplehash, sizeof(tuplehash), &new_ct.tuplehash); 104 105 bpf_probe_read(&flow_key.src_ip, sizeof(flow_key.src_ip), &tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip); 106 bpf_probe_read(&flow_key.src_port, sizeof(flow_key.src_port), &tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.all); 107 bpf_probe_read(&flow_key.dest_ip, sizeof(flow_key.dest_ip), &tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u3.ip); 108 bpf_probe_read(&flow_key.dest_port, sizeof(flow_key.dest_port), &tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.all); 109 bpf_probe_read(&flow_key.protocol, sizeof(flow_key.protocol), &tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum); 110 111 struct data_t evt = {}; 112 evt.src_ip = flow_key.src_ip; 113 evt.src_port = flow_key.src_port; 114 evt.dest_ip = flow_key.dest_ip; 115 evt.dest_port = flow_key.dest_port; 116 evt.protocol = flow_key.protocol; 117 bpf_ringbuf_output(&policy_events, &evt, sizeof(evt), 2); 118 return 0; 119 } 120 121 char _license[] SEC("license") = "GPL";