bpf: add TCP_SAVE_SYN/TCP_SAVED_SYN sample program
authorNikita V. Shirokov <tehnerd@fb.com>
Thu, 30 Aug 2018 14:51:54 +0000 (07:51 -0700)
committerDaniel Borkmann <daniel@iogearbox.net>
Fri, 31 Aug 2018 23:36:04 +0000 (01:36 +0200)
Sample program which shows TCP_SAVE_SYN/TCP_SAVED_SYN usage example:
bpf program which is doing TOS/TCLASS reflection (server would reply
with a same TOS/TCLASS as client).

Signed-off-by: Nikita V. Shirokov <tehnerd@fb.com>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
samples/bpf/Makefile
samples/bpf/tcp_tos_reflect_kern.c [new file with mode: 0644]

index 36f9f41d094b2ac939cf68d0ef0ee65830f08dc6..be0a961450bc2f3ebdcc681540b81d9b66235645 100644 (file)
@@ -153,6 +153,7 @@ always += tcp_cong_kern.o
 always += tcp_iw_kern.o
 always += tcp_clamp_kern.o
 always += tcp_basertt_kern.o
+always += tcp_tos_reflect_kern.o
 always += xdp_redirect_kern.o
 always += xdp_redirect_map_kern.o
 always += xdp_redirect_cpu_kern.o
diff --git a/samples/bpf/tcp_tos_reflect_kern.c b/samples/bpf/tcp_tos_reflect_kern.c
new file mode 100644 (file)
index 0000000..d51dab1
--- /dev/null
@@ -0,0 +1,87 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Copyright (c) 2018 Facebook
+ *
+ * BPF program to automatically reflect TOS option from received syn packet
+ *
+ * Use load_sock_ops to load this BPF program.
+ */
+
+#include <uapi/linux/bpf.h>
+#include <uapi/linux/tcp.h>
+#include <uapi/linux/if_ether.h>
+#include <uapi/linux/if_packet.h>
+#include <uapi/linux/ip.h>
+#include <uapi/linux/ipv6.h>
+#include <uapi/linux/in.h>
+#include <linux/socket.h>
+#include "bpf_helpers.h"
+#include "bpf_endian.h"
+
+#define DEBUG 1
+
+#define bpf_printk(fmt, ...)                                   \
+({                                                             \
+              char ____fmt[] = fmt;                            \
+              bpf_trace_printk(____fmt, sizeof(____fmt),       \
+                               ##__VA_ARGS__);                 \
+})
+
+SEC("sockops")
+int bpf_basertt(struct bpf_sock_ops *skops)
+{
+       char header[sizeof(struct ipv6hdr)];
+       struct ipv6hdr *hdr6;
+       struct iphdr *hdr;
+       int hdr_size = 0;
+       int save_syn = 1;
+       int tos = 0;
+       int rv = 0;
+       int op;
+
+       op = (int) skops->op;
+
+#ifdef DEBUG
+       bpf_printk("BPF command: %d\n", op);
+#endif
+       switch (op) {
+       case BPF_SOCK_OPS_TCP_LISTEN_CB:
+               rv = bpf_setsockopt(skops, SOL_TCP, TCP_SAVE_SYN,
+                                  &save_syn, sizeof(save_syn));
+               break;
+       case BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB:
+               if (skops->family == AF_INET)
+                       hdr_size = sizeof(struct iphdr);
+               else
+                       hdr_size = sizeof(struct ipv6hdr);
+               rv = bpf_getsockopt(skops, SOL_TCP, TCP_SAVED_SYN,
+                                   header, hdr_size);
+               if (!rv) {
+                       if (skops->family == AF_INET) {
+                               hdr = (struct iphdr *) header;
+                               tos = hdr->tos;
+                               if (tos != 0)
+                                       bpf_setsockopt(skops, SOL_IP, IP_TOS,
+                                                      &tos, sizeof(tos));
+                       } else {
+                               hdr6 = (struct ipv6hdr *) header;
+                               tos = ((hdr6->priority) << 4 |
+                                      (hdr6->flow_lbl[0]) >>  4);
+                               if (tos)
+                                       bpf_setsockopt(skops, SOL_IPV6,
+                                                      IPV6_TCLASS,
+                                                      &tos, sizeof(tos));
+                       }
+                       rv = 0;
+               }
+               break;
+       default:
+               rv = -1;
+       }
+#ifdef DEBUG
+       bpf_printk("Returning %d\n", rv);
+#endif
+       skops->reply = rv;
+       return 1;
+}
+char _license[] SEC("license") = "GPL";