twfw.c source code [linux/tools/testing/selftests/bpf/progs/twfw.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/ Copyright (c) 2021 Facebook /
3	#include <linux/types.h>
4	#include <bpf/bpf_helpers.h>
5	#include <linux/bpf.h>
6	#include <stdint.h>
7
8	#define TWFW_MAX_TIERS (64)
9	/*
10	* load is successful
11	* #define TWFW_MAX_TIERS (64u)$
12	*/
13
14	struct twfw_tier_value {
15	unsigned long mask[`1`];
16	};
17
18	struct rule {
19	uint8_t seqnum;
20	};
21
22	struct rules_map {
23	__uint(type, BPF_MAP_TYPE_ARRAY);
24	__type(key, __u32);
25	__type(value, struct rule);
26	__uint(max_entries, `1`);
27	};
28
29	struct tiers_map {
30	__uint(type, BPF_MAP_TYPE_ARRAY);
31	__type(key, __u32);
32	__type(value, struct twfw_tier_value);
33	__uint(max_entries, `1`);
34	};
35
36	struct rules_map rules SEC(".maps");
37	struct tiers_map tiers SEC(".maps");
38
39	SEC("cgroup_skb/ingress")
40	int twfw_verifier(struct __sk_buff* skb)
41	{
42	const uint32_t key = `0`;
43	const struct twfw_tier_value* tier = bpf_map_lookup_elem(&tiers, &key);
44	if (!tier)
45	return `1`;
46
47	struct rule* rule = bpf_map_lookup_elem(&rules, &key);
48	if (!rule)
49	return `1`;
50
51	if (rule && rule->seqnum < TWFW_MAX_TIERS) {
52	/ rule->seqnum / 64 should always be 0 /
53	unsigned long mask = tier->mask[rule->seqnum / `64`];
54	if (mask)
55	return `0`;
56	}
57	return `1`;
58	}
59

source code of linux/tools/testing/selftests/bpf/progs/twfw.c