| 1 | #define KBUILD_MODNAME "foo" |
|---|
| 2 | #include <uapi/linux/bpf.h> |
|---|
| 3 | #include <uapi/linux/if_ether.h> |
|---|
| 4 | #include <uapi/linux/if_packet.h> |
|---|
| 5 | #include <uapi/linux/ip.h> |
|---|
| 6 | #include <uapi/linux/in.h> |
|---|
| 7 | #include <uapi/linux/tcp.h> |
|---|
| 8 | #include <uapi/linux/filter.h> |
|---|
| 9 | #include <uapi/linux/pkt_cls.h> |
|---|
| 10 | #include <bpf/bpf_helpers.h> |
|---|
| 11 | #include "bpf_legacy.h" |
|---|
| 12 | |
|---|
| 13 | /* compiler workaround */ |
|---|
| 14 | #define _htonl __builtin_bswap32 |
|---|
| 15 | |
|---|
| 16 | static inline void set_dst_mac(struct __sk_buff *skb, char *mac) |
|---|
| 17 | { |
|---|
| 18 | bpf_skb_store_bytes(skb, 0, mac, ETH_ALEN, 1); |
|---|
| 19 | } |
|---|
| 20 | |
|---|
| 21 | #define IP_CSUM_OFF (ETH_HLEN + offsetof(struct iphdr, check)) |
|---|
| 22 | #define TOS_OFF (ETH_HLEN + offsetof(struct iphdr, tos)) |
|---|
| 23 | |
|---|
| 24 | static inline void set_ip_tos(struct __sk_buff *skb, __u8 new_tos) |
|---|
| 25 | { |
|---|
| 26 | __u8 old_tos = load_byte(skb, TOS_OFF); |
|---|
| 27 | |
|---|
| 28 | bpf_l3_csum_replace(skb, IP_CSUM_OFF, htons(old_tos), htons(new_tos), 2); |
|---|
| 29 | bpf_skb_store_bytes(skb, TOS_OFF, &new_tos, sizeof(new_tos), 0); |
|---|
| 30 | } |
|---|
| 31 | |
|---|
| 32 | #define TCP_CSUM_OFF (ETH_HLEN + sizeof(struct iphdr) + offsetof(struct tcphdr, check)) |
|---|
| 33 | #define IP_SRC_OFF (ETH_HLEN + offsetof(struct iphdr, saddr)) |
|---|
| 34 | |
|---|
| 35 | #define IS_PSEUDO 0x10 |
|---|
| 36 | |
|---|
| 37 | static inline void set_tcp_ip_src(struct __sk_buff *skb, __u32 new_ip) |
|---|
| 38 | { |
|---|
| 39 | __u32 old_ip = _htonl(load_word(skb, IP_SRC_OFF)); |
|---|
| 40 | |
|---|
| 41 | bpf_l4_csum_replace(skb, TCP_CSUM_OFF, old_ip, new_ip, IS_PSEUDO | sizeof(new_ip)); |
|---|
| 42 | bpf_l3_csum_replace(skb, IP_CSUM_OFF, old_ip, new_ip, sizeof(new_ip)); |
|---|
| 43 | bpf_skb_store_bytes(skb, IP_SRC_OFF, &new_ip, sizeof(new_ip), 0); |
|---|
| 44 | } |
|---|
| 45 | |
|---|
| 46 | #define TCP_DPORT_OFF (ETH_HLEN + sizeof(struct iphdr) + offsetof(struct tcphdr, dest)) |
|---|
| 47 | static inline void set_tcp_dest_port(struct __sk_buff *skb, __u16 new_port) |
|---|
| 48 | { |
|---|
| 49 | __u16 old_port = htons(load_half(skb, TCP_DPORT_OFF)); |
|---|
| 50 | |
|---|
| 51 | bpf_l4_csum_replace(skb, TCP_CSUM_OFF, old_port, new_port, sizeof(new_port)); |
|---|
| 52 | bpf_skb_store_bytes(skb, TCP_DPORT_OFF, &new_port, sizeof(new_port), 0); |
|---|
| 53 | } |
|---|
| 54 | |
|---|
| 55 | SEC("classifier" ) |
|---|
| 56 | int bpf_prog1(struct __sk_buff *skb) |
|---|
| 57 | { |
|---|
| 58 | __u8 proto = load_byte(skb, ETH_HLEN + offsetof(struct iphdr, protocol)); |
|---|
| 59 | long *value; |
|---|
| 60 | |
|---|
| 61 | if (proto == IPPROTO_TCP) { |
|---|
| 62 | set_ip_tos(skb, 8); |
|---|
| 63 | set_tcp_ip_src(skb, 0xA010101); |
|---|
| 64 | set_tcp_dest_port(skb, 5001); |
|---|
| 65 | } |
|---|
| 66 | |
|---|
| 67 | return 0; |
|---|
| 68 | } |
|---|
| 69 | SEC("redirect_xmit" ) |
|---|
| 70 | int _redirect_xmit(struct __sk_buff *skb) |
|---|
| 71 | { |
|---|
| 72 | return bpf_redirect(skb->ifindex + 1, 0); |
|---|
| 73 | } |
|---|
| 74 | SEC("redirect_recv" ) |
|---|
| 75 | int _redirect_recv(struct __sk_buff *skb) |
|---|
| 76 | { |
|---|
| 77 | return bpf_redirect(skb->ifindex + 1, 1); |
|---|
| 78 | } |
|---|
| 79 | SEC("clone_redirect_xmit" ) |
|---|
| 80 | int _clone_redirect_xmit(struct __sk_buff *skb) |
|---|
| 81 | { |
|---|
| 82 | bpf_clone_redirect(skb, skb->ifindex + 1, 0); |
|---|
| 83 | return TC_ACT_SHOT; |
|---|
| 84 | } |
|---|
| 85 | SEC("clone_redirect_recv" ) |
|---|
| 86 | int _clone_redirect_recv(struct __sk_buff *skb) |
|---|
| 87 | { |
|---|
| 88 | bpf_clone_redirect(skb, skb->ifindex + 1, 1); |
|---|
| 89 | return TC_ACT_SHOT; |
|---|
| 90 | } |
|---|
| 91 | char _license[] SEC("license" ) = "GPL" ; |
|---|
| 92 | |
|---|
