1 // SPDX-License-Identifier: GPL-2.0
2 /* Copyright (c) 2018 Facebook */
3 
4 #include <linux/in.h>
5 #include <linux/ip.h>
6 #include <linux/ipv6.h>
7 #include <linux/tcp.h>
8 #include <linux/udp.h>
9 #include <linux/bpf.h>
10 #include <linux/types.h>
11 #include <linux/if_ether.h>
12 
13 #include <bpf/bpf_endian.h>
14 #include <bpf/bpf_helpers.h>
15 #include "test_select_reuseport_common.h"
16 
17 #ifndef offsetof
18 #define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
19 #endif
20 
21 struct {
22 	__uint(type, BPF_MAP_TYPE_ARRAY_OF_MAPS);
23 	__uint(max_entries, 1);
24 	__type(key, __u32);
25 	__type(value, __u32);
26 } outer_map SEC(".maps");
27 
28 struct {
29 	__uint(type, BPF_MAP_TYPE_ARRAY);
30 	__uint(max_entries, NR_RESULTS);
31 	__type(key, __u32);
32 	__type(value, __u32);
33 } result_map SEC(".maps");
34 
35 struct {
36 	__uint(type, BPF_MAP_TYPE_ARRAY);
37 	__uint(max_entries, 1);
38 	__type(key, __u32);
39 	__type(value, int);
40 } tmp_index_ovr_map SEC(".maps");
41 
42 struct {
43 	__uint(type, BPF_MAP_TYPE_ARRAY);
44 	__uint(max_entries, 1);
45 	__type(key, __u32);
46 	__type(value, __u32);
47 } linum_map SEC(".maps");
48 
49 struct {
50 	__uint(type, BPF_MAP_TYPE_ARRAY);
51 	__uint(max_entries, 1);
52 	__type(key, __u32);
53 	__type(value, struct data_check);
54 } data_check_map SEC(".maps");
55 
56 #define GOTO_DONE(_result) ({			\
57 	result = (_result);			\
58 	linum = __LINE__;			\
59 	goto done;				\
60 })
61 
62 SEC("sk_reuseport")
_select_by_skb_data(struct sk_reuseport_md * reuse_md)63 int _select_by_skb_data(struct sk_reuseport_md *reuse_md)
64 {
65 	__u32 linum, index = 0, flags = 0, index_zero = 0;
66 	__u32 *result_cnt;
67 	struct data_check data_check = {};
68 	struct cmd *cmd, cmd_copy;
69 	void *data, *data_end;
70 	void *reuseport_array;
71 	enum result result;
72 	int *index_ovr;
73 	int err;
74 
75 	data = reuse_md->data;
76 	data_end = reuse_md->data_end;
77 	data_check.len = reuse_md->len;
78 	data_check.eth_protocol = reuse_md->eth_protocol;
79 	data_check.ip_protocol = reuse_md->ip_protocol;
80 	data_check.hash = reuse_md->hash;
81 	data_check.bind_inany = reuse_md->bind_inany;
82 	if (data_check.eth_protocol == bpf_htons(ETH_P_IP)) {
83 		if (bpf_skb_load_bytes_relative(reuse_md,
84 						offsetof(struct iphdr, saddr),
85 						data_check.skb_addrs, 8,
86 						BPF_HDR_START_NET))
87 			GOTO_DONE(DROP_MISC);
88 	} else {
89 		if (bpf_skb_load_bytes_relative(reuse_md,
90 						offsetof(struct ipv6hdr, saddr),
91 						data_check.skb_addrs, 32,
92 						BPF_HDR_START_NET))
93 			GOTO_DONE(DROP_MISC);
94 	}
95 
96 	/*
97 	 * The ip_protocol could be a compile time decision
98 	 * if the bpf_prog.o is dedicated to either TCP or
99 	 * UDP.
100 	 *
101 	 * Otherwise, reuse_md->ip_protocol or
102 	 * the protocol field in the iphdr can be used.
103 	 */
104 	if (data_check.ip_protocol == IPPROTO_TCP) {
105 		struct tcphdr *th = data;
106 
107 		if (th + 1 > data_end)
108 			GOTO_DONE(DROP_MISC);
109 
110 		data_check.skb_ports[0] = th->source;
111 		data_check.skb_ports[1] = th->dest;
112 
113 		if (th->fin)
114 			/* The connection is being torn down at the end of a
115 			 * test. It can't contain a cmd, so return early.
116 			 */
117 			return SK_PASS;
118 
119 		if ((th->doff << 2) + sizeof(*cmd) > data_check.len)
120 			GOTO_DONE(DROP_ERR_SKB_DATA);
121 		if (bpf_skb_load_bytes(reuse_md, th->doff << 2, &cmd_copy,
122 				       sizeof(cmd_copy)))
123 			GOTO_DONE(DROP_MISC);
124 		cmd = &cmd_copy;
125 	} else if (data_check.ip_protocol == IPPROTO_UDP) {
126 		struct udphdr *uh = data;
127 
128 		if (uh + 1 > data_end)
129 			GOTO_DONE(DROP_MISC);
130 
131 		data_check.skb_ports[0] = uh->source;
132 		data_check.skb_ports[1] = uh->dest;
133 
134 		if (sizeof(struct udphdr) + sizeof(*cmd) > data_check.len)
135 			GOTO_DONE(DROP_ERR_SKB_DATA);
136 		if (data + sizeof(struct udphdr) + sizeof(*cmd) > data_end) {
137 			if (bpf_skb_load_bytes(reuse_md, sizeof(struct udphdr),
138 					       &cmd_copy, sizeof(cmd_copy)))
139 				GOTO_DONE(DROP_MISC);
140 			cmd = &cmd_copy;
141 		} else {
142 			cmd = data + sizeof(struct udphdr);
143 		}
144 	} else {
145 		GOTO_DONE(DROP_MISC);
146 	}
147 
148 	reuseport_array = bpf_map_lookup_elem(&outer_map, &index_zero);
149 	if (!reuseport_array)
150 		GOTO_DONE(DROP_ERR_INNER_MAP);
151 
152 	index = cmd->reuseport_index;
153 	index_ovr = bpf_map_lookup_elem(&tmp_index_ovr_map, &index_zero);
154 	if (!index_ovr)
155 		GOTO_DONE(DROP_MISC);
156 
157 	if (*index_ovr != -1) {
158 		index = *index_ovr;
159 		*index_ovr = -1;
160 	}
161 	err = bpf_sk_select_reuseport(reuse_md, reuseport_array, &index,
162 				      flags);
163 	if (!err)
164 		GOTO_DONE(PASS);
165 
166 	if (cmd->pass_on_failure)
167 		GOTO_DONE(PASS_ERR_SK_SELECT_REUSEPORT);
168 	else
169 		GOTO_DONE(DROP_ERR_SK_SELECT_REUSEPORT);
170 
171 done:
172 	result_cnt = bpf_map_lookup_elem(&result_map, &result);
173 	if (!result_cnt)
174 		return SK_DROP;
175 
176 	bpf_map_update_elem(&linum_map, &index_zero, &linum, BPF_ANY);
177 	bpf_map_update_elem(&data_check_map, &index_zero, &data_check, BPF_ANY);
178 
179 	(*result_cnt)++;
180 	return result < PASS ? SK_DROP : SK_PASS;
181 }
182 
183 char _license[] SEC("license") = "GPL";
184