tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
1// SPDX-License-Identifier: GPL-2.0
2#define BPF_NO_KFUNC_PROTOTYPES
3#include <vmlinux.h>
4#include <bpf/bpf_tracing.h>
5#include <bpf/bpf_helpers.h>
6#include <bpf/bpf_core_read.h>
7
8struct nf_conn;
9
10struct bpf_ct_opts___local {
11 s32 netns_id;
12 s32 error;
13 u8 l4proto;
14 u8 reserved[3];
15} __attribute__((preserve_access_index));
16
17struct nf_conn *bpf_skb_ct_alloc(struct __sk_buff *, struct bpf_sock_tuple *, u32,
18 struct bpf_ct_opts___local *, u32) __ksym;
19struct nf_conn *bpf_skb_ct_lookup(struct __sk_buff *, struct bpf_sock_tuple *, u32,
20 struct bpf_ct_opts___local *, u32) __ksym;
21struct nf_conn *bpf_ct_insert_entry(struct nf_conn *) __ksym;
22void bpf_ct_release(struct nf_conn *) __ksym;
23void bpf_ct_set_timeout(struct nf_conn *, u32) __ksym;
24int bpf_ct_change_timeout(struct nf_conn *, u32) __ksym;
25int bpf_ct_set_status(struct nf_conn *, u32) __ksym;
26int bpf_ct_change_status(struct nf_conn *, u32) __ksym;
27
28SEC("?tc")
29int alloc_release(struct __sk_buff *ctx)
30{
31 struct bpf_ct_opts___local opts = {};
32 struct bpf_sock_tuple tup = {};
33 struct nf_conn *ct;
34
35 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
36 if (!ct)
37 return 0;
38 bpf_ct_release(ct);
39 return 0;
40}
41
42SEC("?tc")
43int insert_insert(struct __sk_buff *ctx)
44{
45 struct bpf_ct_opts___local opts = {};
46 struct bpf_sock_tuple tup = {};
47 struct nf_conn *ct;
48
49 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
50 if (!ct)
51 return 0;
52 ct = bpf_ct_insert_entry(ct);
53 if (!ct)
54 return 0;
55 ct = bpf_ct_insert_entry(ct);
56 return 0;
57}
58
59SEC("?tc")
60int lookup_insert(struct __sk_buff *ctx)
61{
62 struct bpf_ct_opts___local opts = {};
63 struct bpf_sock_tuple tup = {};
64 struct nf_conn *ct;
65
66 ct = bpf_skb_ct_lookup(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
67 if (!ct)
68 return 0;
69 bpf_ct_insert_entry(ct);
70 return 0;
71}
72
73SEC("?tc")
74int write_not_allowlisted_field(struct __sk_buff *ctx)
75{
76 struct bpf_ct_opts___local opts = {};
77 struct bpf_sock_tuple tup = {};
78 struct nf_conn *ct;
79
80 ct = bpf_skb_ct_lookup(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
81 if (!ct)
82 return 0;
83 ct->status = 0xF00;
84 return 0;
85}
86
87SEC("?tc")
88int set_timeout_after_insert(struct __sk_buff *ctx)
89{
90 struct bpf_ct_opts___local opts = {};
91 struct bpf_sock_tuple tup = {};
92 struct nf_conn *ct;
93
94 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
95 if (!ct)
96 return 0;
97 ct = bpf_ct_insert_entry(ct);
98 if (!ct)
99 return 0;
100 bpf_ct_set_timeout(ct, 0);
101 return 0;
102}
103
104SEC("?tc")
105int set_status_after_insert(struct __sk_buff *ctx)
106{
107 struct bpf_ct_opts___local opts = {};
108 struct bpf_sock_tuple tup = {};
109 struct nf_conn *ct;
110
111 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
112 if (!ct)
113 return 0;
114 ct = bpf_ct_insert_entry(ct);
115 if (!ct)
116 return 0;
117 bpf_ct_set_status(ct, 0);
118 return 0;
119}
120
121SEC("?tc")
122int change_timeout_after_alloc(struct __sk_buff *ctx)
123{
124 struct bpf_ct_opts___local opts = {};
125 struct bpf_sock_tuple tup = {};
126 struct nf_conn *ct;
127
128 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
129 if (!ct)
130 return 0;
131 bpf_ct_change_timeout(ct, 0);
132 return 0;
133}
134
135SEC("?tc")
136int change_status_after_alloc(struct __sk_buff *ctx)
137{
138 struct bpf_ct_opts___local opts = {};
139 struct bpf_sock_tuple tup = {};
140 struct nf_conn *ct;
141
142 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
143 if (!ct)
144 return 0;
145 bpf_ct_change_status(ct, 0);
146 return 0;
147}
148
149char _license[] SEC("license") = "GPL";