Contributors: 2
Author Tokens Token Proportion Commits Commit Proportion
Jesper Dangaard Brouer 1105 99.46% 2 66.67%
Andrii Nakryiko 6 0.54% 1 33.33%
Total 1111 3

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290
// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2020 Jesper Dangaard Brouer */

#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
#include <linux/if_ether.h>

#include <stddef.h>
#include <stdint.h>

char _license[] SEC("license") = "GPL";

/* Userspace will update with MTU it can see on device */
volatile const int GLOBAL_USER_MTU;
volatile const __u32 GLOBAL_USER_IFINDEX;

/* BPF-prog will update these with MTU values it can see */
__u32 global_bpf_mtu_xdp = 0;
__u32 global_bpf_mtu_tc  = 0;

SEC("xdp")
int xdp_use_helper_basic(struct xdp_md *ctx)
{
	__u32 mtu_len = 0;

	if (bpf_check_mtu(ctx, 0, &mtu_len, 0, 0))
		return XDP_ABORTED;

	return XDP_PASS;
}

SEC("xdp")
int xdp_use_helper(struct xdp_md *ctx)
{
	int retval = XDP_PASS; /* Expected retval on successful test */
	__u32 mtu_len = 0;
	__u32 ifindex = 0;
	int delta = 0;

	/* When ifindex is zero, save net_device lookup and use ctx netdev */
	if (GLOBAL_USER_IFINDEX > 0)
		ifindex = GLOBAL_USER_IFINDEX;

	if (bpf_check_mtu(ctx, ifindex, &mtu_len, delta, 0)) {
		/* mtu_len is also valid when check fail */
		retval = XDP_ABORTED;
		goto out;
	}

	if (mtu_len != GLOBAL_USER_MTU)
		retval = XDP_DROP;

out:
	global_bpf_mtu_xdp = mtu_len;
	return retval;
}

SEC("xdp")
int xdp_exceed_mtu(struct xdp_md *ctx)
{
	void *data_end = (void *)(long)ctx->data_end;
	void *data = (void *)(long)ctx->data;
	__u32 ifindex = GLOBAL_USER_IFINDEX;
	__u32 data_len = data_end - data;
	int retval = XDP_ABORTED; /* Fail */
	__u32 mtu_len = 0;
	int delta;
	int err;

	/* Exceed MTU with 1 via delta adjust */
	delta = GLOBAL_USER_MTU - (data_len - ETH_HLEN) + 1;

	err = bpf_check_mtu(ctx, ifindex, &mtu_len, delta, 0);
	if (err) {
		retval = XDP_PASS; /* Success in exceeding MTU check */
		if (err != BPF_MTU_CHK_RET_FRAG_NEEDED)
			retval = XDP_DROP;
	}

	global_bpf_mtu_xdp = mtu_len;
	return retval;
}

SEC("xdp")
int xdp_minus_delta(struct xdp_md *ctx)
{
	int retval = XDP_PASS; /* Expected retval on successful test */
	void *data_end = (void *)(long)ctx->data_end;
	void *data = (void *)(long)ctx->data;
	__u32 ifindex = GLOBAL_USER_IFINDEX;
	__u32 data_len = data_end - data;
	__u32 mtu_len = 0;
	int delta;

	/* Borderline test case: Minus delta exceeding packet length allowed */
	delta = -((data_len - ETH_HLEN) + 1);

	/* Minus length (adjusted via delta) still pass MTU check, other helpers
	 * are responsible for catching this, when doing actual size adjust
	 */
	if (bpf_check_mtu(ctx, ifindex, &mtu_len, delta, 0))
		retval = XDP_ABORTED;

	global_bpf_mtu_xdp = mtu_len;
	return retval;
}

SEC("xdp")
int xdp_input_len(struct xdp_md *ctx)
{
	int retval = XDP_PASS; /* Expected retval on successful test */
	void *data_end = (void *)(long)ctx->data_end;
	void *data = (void *)(long)ctx->data;
	__u32 ifindex = GLOBAL_USER_IFINDEX;
	__u32 data_len = data_end - data;

	/* API allow user give length to check as input via mtu_len param,
	 * resulting MTU value is still output in mtu_len param after call.
	 *
	 * Input len is L3, like MTU and iph->tot_len.
	 * Remember XDP data_len is L2.
	 */
	__u32 mtu_len = data_len - ETH_HLEN;

	if (bpf_check_mtu(ctx, ifindex, &mtu_len, 0, 0))
		retval = XDP_ABORTED;

	global_bpf_mtu_xdp = mtu_len;
	return retval;
}

SEC("xdp")
int xdp_input_len_exceed(struct xdp_md *ctx)
{
	int retval = XDP_ABORTED; /* Fail */
	__u32 ifindex = GLOBAL_USER_IFINDEX;
	int err;

	/* API allow user give length to check as input via mtu_len param,
	 * resulting MTU value is still output in mtu_len param after call.
	 *
	 * Input length value is L3 size like MTU.
	 */
	__u32 mtu_len = GLOBAL_USER_MTU;

	mtu_len += 1; /* Exceed with 1 */

	err = bpf_check_mtu(ctx, ifindex, &mtu_len, 0, 0);
	if (err == BPF_MTU_CHK_RET_FRAG_NEEDED)
		retval = XDP_PASS ; /* Success in exceeding MTU check */

	global_bpf_mtu_xdp = mtu_len;
	return retval;
}

SEC("tc")
int tc_use_helper(struct __sk_buff *ctx)
{
	int retval = BPF_OK; /* Expected retval on successful test */
	__u32 mtu_len = 0;
	int delta = 0;

	if (bpf_check_mtu(ctx, 0, &mtu_len, delta, 0)) {
		retval = BPF_DROP;
		goto out;
	}

	if (mtu_len != GLOBAL_USER_MTU)
		retval = BPF_REDIRECT;
out:
	global_bpf_mtu_tc = mtu_len;
	return retval;
}

SEC("tc")
int tc_exceed_mtu(struct __sk_buff *ctx)
{
	__u32 ifindex = GLOBAL_USER_IFINDEX;
	int retval = BPF_DROP; /* Fail */
	__u32 skb_len = ctx->len;
	__u32 mtu_len = 0;
	int delta;
	int err;

	/* Exceed MTU with 1 via delta adjust */
	delta = GLOBAL_USER_MTU - (skb_len - ETH_HLEN) + 1;

	err = bpf_check_mtu(ctx, ifindex, &mtu_len, delta, 0);
	if (err) {
		retval = BPF_OK; /* Success in exceeding MTU check */
		if (err != BPF_MTU_CHK_RET_FRAG_NEEDED)
			retval = BPF_DROP;
	}

	global_bpf_mtu_tc = mtu_len;
	return retval;
}

SEC("tc")
int tc_exceed_mtu_da(struct __sk_buff *ctx)
{
	/* SKB Direct-Access variant */
	void *data_end = (void *)(long)ctx->data_end;
	void *data = (void *)(long)ctx->data;
	__u32 ifindex = GLOBAL_USER_IFINDEX;
	__u32 data_len = data_end - data;
	int retval = BPF_DROP; /* Fail */
	__u32 mtu_len = 0;
	int delta;
	int err;

	/* Exceed MTU with 1 via delta adjust */
	delta = GLOBAL_USER_MTU - (data_len - ETH_HLEN) + 1;

	err = bpf_check_mtu(ctx, ifindex, &mtu_len, delta, 0);
	if (err) {
		retval = BPF_OK; /* Success in exceeding MTU check */
		if (err != BPF_MTU_CHK_RET_FRAG_NEEDED)
			retval = BPF_DROP;
	}

	global_bpf_mtu_tc = mtu_len;
	return retval;
}

SEC("tc")
int tc_minus_delta(struct __sk_buff *ctx)
{
	int retval = BPF_OK; /* Expected retval on successful test */
	__u32 ifindex = GLOBAL_USER_IFINDEX;
	__u32 skb_len = ctx->len;
	__u32 mtu_len = 0;
	int delta;

	/* Borderline test case: Minus delta exceeding packet length allowed */
	delta = -((skb_len - ETH_HLEN) + 1);

	/* Minus length (adjusted via delta) still pass MTU check, other helpers
	 * are responsible for catching this, when doing actual size adjust
	 */
	if (bpf_check_mtu(ctx, ifindex, &mtu_len, delta, 0))
		retval = BPF_DROP;

	global_bpf_mtu_xdp = mtu_len;
	return retval;
}

SEC("tc")
int tc_input_len(struct __sk_buff *ctx)
{
	int retval = BPF_OK; /* Expected retval on successful test */
	__u32 ifindex = GLOBAL_USER_IFINDEX;

	/* API allow user give length to check as input via mtu_len param,
	 * resulting MTU value is still output in mtu_len param after call.
	 *
	 * Input length value is L3 size.
	 */
	__u32 mtu_len = GLOBAL_USER_MTU;

	if (bpf_check_mtu(ctx, ifindex, &mtu_len, 0, 0))
		retval = BPF_DROP;

	global_bpf_mtu_xdp = mtu_len;
	return retval;
}

SEC("tc")
int tc_input_len_exceed(struct __sk_buff *ctx)
{
	int retval = BPF_DROP; /* Fail */
	__u32 ifindex = GLOBAL_USER_IFINDEX;
	int err;

	/* API allow user give length to check as input via mtu_len param,
	 * resulting MTU value is still output in mtu_len param after call.
	 *
	 * Input length value is L3 size like MTU.
	 */
	__u32 mtu_len = GLOBAL_USER_MTU;

	mtu_len += 1; /* Exceed with 1 */

	err = bpf_check_mtu(ctx, ifindex, &mtu_len, 0, 0);
	if (err == BPF_MTU_CHK_RET_FRAG_NEEDED)
		retval = BPF_OK; /* Success in exceeding MTU check */

	global_bpf_mtu_xdp = mtu_len;
	return retval;
}