packet03: implement assignments 1 through 4

Implement assignments for the packet03-redirecting lesson and place
corresponding solutions to the package-solutions directory.

Signed-off-by: Anton Protopopov <a.s.protopopov@gmail.com>

Author: aspsk

common/common_defines.h

@@ -6,6 +6,9 @@ struct config {
 	int ifindex;
 	char *ifname;
 	char ifname_buf[IF_NAMESIZE];
+	int redirect_ifindex;
+	char *redirect_ifname;
+	char redirect_ifname_buf[IF_NAMESIZE];
 	bool do_unload;
 	char filename[512];
 	char progsec[32];

common/common_params.c

@@ -91,7 +91,7 @@ void parse_cmdline_args(int argc, char **argv,
 	}
 
 	/* Parse commands line args */
-	while ((opt = getopt_long(argc, argv, "hd:ASNFUq",
+	while ((opt = getopt_long(argc, argv, "hd:r:ASNFUq",
 				  long_options, &longindex)) != -1) {
 		switch (opt) {
 		case 'd':
@@ -109,6 +109,21 @@ void parse_cmdline_args(int argc, char **argv,
 				goto error;
 			}
 			break;
+		case 'r':
+			if (strlen(optarg) >= IF_NAMESIZE) {
+				fprintf(stderr, "ERR: --redirect-dev name too long\n");
+				goto error;
+			}
+			cfg->redirect_ifname = (char *)&cfg->redirect_ifname_buf;
+			strncpy(cfg->redirect_ifname, optarg, IF_NAMESIZE);
+			cfg->redirect_ifindex = if_nametoindex(cfg->redirect_ifname);
+			if (cfg->redirect_ifindex == 0) {
+				fprintf(stderr,
+						"ERR: --redirect-dev name unknown err(%d):%s\n",
+						errno, strerror(errno));
+				goto error;
+			}
+			break;
 		case 'A':
 			cfg->xdp_flags &= ~XDP_FLAGS_MODES;    /* Clear flags */
 			break;

packet-solutions/Makefile

@@ -1,12 +1,13 @@
 # SPDX-License-Identifier: (GPL-2.0 OR BSD-2-Clause)
 
 XDP_TARGETS  := xdp_prog_kern
-USER_TARGETS :=
+USER_TARGETS := xdp_prog_user
 
 LIBBPF_DIR = ../libbpf/src/
 COMMON_DIR = ../common
 
 COPY_LOADER := xdp_loader
+COPY_STATS  := xdp_stats
 EXTRA_DEPS := $(COMMON_DIR)/parsing_helpers.h
 
 include $(COMMON_DIR)/common.mk

packet-solutions/xdp_prog_kern.c

@@ -7,6 +7,27 @@
 // The parsing helper functions from the packet01 lesson have moved here
 #include "../common/parsing_helpers.h"
 
+/* Defines xdp_stats_map */
+#include "../common/xdp_stats_kern_user.h"
+#include "../common/xdp_stats_kern.h"
+
+#ifndef memcpy
+#define memcpy(dest, src, n) __builtin_memcpy((dest), (src), (n))
+#endif
+
+struct bpf_map_def SEC("maps") tx_port = {
+	.type = BPF_MAP_TYPE_DEVMAP,
+	.key_size = sizeof(int),
+	.value_size = sizeof(int),
+	.max_entries = 256,
+};
+
+struct bpf_map_def SEC("maps") redirect_params = {
+	.type = BPF_MAP_TYPE_HASH,
+	.key_size = ETH_ALEN,
+	.value_size = ETH_ALEN,
+	.max_entries = 1,
+};
 
 /* Pops the outermost VLAN tag off the packet. Returns the popped VLAN ID on
  * success or negative errno on failure.
@@ -126,5 +147,273 @@ int xdp_vlan_swap_func(struct xdp_md *ctx)
         return XDP_PASS;
 }
 
+static __always_inline void swap_src_dst_mac(struct ethhdr *eth)
+{
+	__u8 h_tmp[ETH_ALEN];
+	memcpy(h_tmp, eth->h_source, ETH_ALEN);
+	memcpy(eth->h_source, eth->h_dest, ETH_ALEN);
+	memcpy(eth->h_dest, h_tmp, ETH_ALEN);
+}
+
+static __always_inline void swap_src_dst_ipv6(struct ipv6hdr *ipv6)
+{
+	struct in6_addr tmp = ipv6->saddr;
+	ipv6->saddr = ipv6->daddr;
+	ipv6->daddr = tmp;
+}
+
+static __always_inline void swap_src_dst_ipv4(struct iphdr *iphdr)
+{
+	__be32 tmp = iphdr->saddr;
+	iphdr->saddr = iphdr->daddr;
+	iphdr->daddr = tmp;
+}
+
+static __always_inline __u16 csum16_add(__u16 csum, __u16 addend)
+{
+	csum += addend;
+	return csum + (csum < addend);
+}
+
+/* Solution to packet03/assignment-1 */
+SEC("xdp_icmp_echo")
+int xdp_icmp_echo_func(struct xdp_md *ctx)
+{
+	void *data_end = (void *)(long)ctx->data_end;
+	void *data = (void *)(long)ctx->data;
+	struct hdr_cursor nh;
+	struct ethhdr *eth;
+	int eth_type;
+	int ip_type;
+	int icmp_type;
+	struct iphdr *iphdr;
+	struct ipv6hdr *ipv6hdr;
+	__u16 echo_reply, m0, m1;
+	struct icmphdr *icmphdr;
+	__u32 action = XDP_PASS;
+
+	/* These keep track of the next header type and iterator pointer */
+	nh.pos = data;
+
+	/* Parse Ethernet and IP/IPv6 headers */
+	eth_type = parse_ethhdr(&nh, data_end, &eth);
+	if (eth_type == ETH_P_IP) {
+		ip_type = parse_iphdr(&nh, data_end, &iphdr);
+		if (ip_type != IPPROTO_ICMP)
+			goto out;
+	} else if (eth_type == ETH_P_IPV6) {
+		ip_type = parse_ip6hdr(&nh, data_end, &ipv6hdr);
+		if (ip_type != IPPROTO_ICMPV6)
+			goto out;
+	} else {
+		goto out;
+	}
+
+	icmp_type = parse_icmphdr(&nh, data_end, &icmphdr);
+	if (eth_type == ETH_P_IP && icmp_type == ICMP_ECHO) {
+		/* Swap IP source and destination */
+		swap_src_dst_ipv4(iphdr);
+		echo_reply = ICMP_ECHOREPLY;
+	} else if (eth_type == ETH_P_IPV6 && icmp_type == ICMPV6_ECHO_REQUEST) {
+		/* Swap IPv6 source and destination */
+		swap_src_dst_ipv6(ipv6hdr);
+		echo_reply = ICMPV6_ECHO_REPLY;
+	} else {
+		goto out;
+	}
+
+	/* Swap Ethernet source and destination */
+	swap_src_dst_mac(eth);
+
+	/* Patch the packet and update the checksum */
+	m0 = * (__u16 *) icmphdr;
+	icmphdr->type = echo_reply;
+	m1 = * (__u16 *) icmphdr;
+	icmphdr->checksum = ~(csum16_add(csum16_add(~icmphdr->checksum, ~m0), m1));
+
+	action = XDP_TX;
+
+out:
+	return xdp_stats_record_action(ctx, action);
+}
+
+/* Assignment 2 */
+SEC("xdp_redirect")
+int xdp_redirect_func(struct xdp_md *ctx)
+{
+	void *data_end = (void *)(long)ctx->data_end;
+	void *data = (void *)(long)ctx->data;
+	struct hdr_cursor nh;
+	struct ethhdr *eth;
+	int eth_type;
+	int action = XDP_PASS;
+	unsigned char dst[ETH_ALEN] = { /* TODO: put your values here */ };
+	unsigned ifindex = 0/* TODO: put your values here */;
+
+	/* These keep track of the next header type and iterator pointer */
+	nh.pos = data;
+
+	/* Parse Ethernet and IP/IPv6 headers */
+	eth_type = parse_ethhdr(&nh, data_end, &eth);
+	if (eth_type == -1)
+		goto out;
+
+	/* Set a proper destination address */
+	memcpy(eth->h_dest, dst, ETH_ALEN);
+	action = bpf_redirect(ifindex, 0);
+
+out:
+	return xdp_stats_record_action(ctx, action);
+}
+
+/* Assignment 3 */
+SEC("xdp_redirect_map")
+int xdp_redirect_map_func(struct xdp_md *ctx)
+{
+	void *data_end = (void *)(long)ctx->data_end;
+	void *data = (void *)(long)ctx->data;
+	struct hdr_cursor nh;
+	struct ethhdr *eth;
+	int eth_type;
+	int action = XDP_PASS;
+	unsigned char *dst;
+
+	/* These keep track of the next header type and iterator pointer */
+	nh.pos = data;
+
+	/* Parse Ethernet and IP/IPv6 headers */
+	eth_type = parse_ethhdr(&nh, data_end, &eth);
+	if (eth_type == -1)
+		goto out;
+
+	/* Do we know where to redirect this packet? */
+	dst = bpf_map_lookup_elem(&redirect_params, eth->h_source);
+	if (!dst)
+		goto out;
+
+	/* Set a proper destination address */
+	memcpy(eth->h_dest, dst, ETH_ALEN);
+	action = bpf_redirect_map(&tx_port, 0, 0);
+
+out:
+	return xdp_stats_record_action(ctx, action);
+}
+
+#define AF_INET 2
+#define AF_INET6 10
+#define IPV6_FLOWINFO_MASK bpf_htonl(0x0FFFFFFF)
+
+/* from include/net/ip.h */
+static __always_inline int ip_decrease_ttl(struct iphdr *iph)
+{
+	__u32 check = iph->check;
+	check += bpf_htons(0x0100);
+	iph->check = (__u16)(check + (check >= 0xFFFF));
+	return --iph->ttl;
+}
+
+/* Solution to packet03/assignment-4 */
+SEC("xdp_router")
+int xdp_router_func(struct xdp_md *ctx)
+{
+	void *data_end = (void *)(long)ctx->data_end;
+	void *data = (void *)(long)ctx->data;
+	struct bpf_fib_lookup fib_params = {};
+	struct ethhdr *eth = data;
+	struct ipv6hdr *ip6h;
+	struct iphdr *iph;
+	__u16 h_proto;
+	__u64 nh_off;
+	int rc;
+	int action = XDP_PASS;
+
+	nh_off = sizeof(*eth);
+	if (data + nh_off > data_end) {
+		action = XDP_DROP;
+		goto out;
+	}
+
+	h_proto = eth->h_proto;
+	if (h_proto == bpf_htons(ETH_P_IP)) {
+		iph = data + nh_off;
+
+		if (iph + 1 > data_end) {
+			action = XDP_DROP;
+			goto out;
+		}
+
+		if (iph->ttl <= 1)
+			goto out;
+
+		fib_params.family	= AF_INET;
+		fib_params.tos		= iph->tos;
+		fib_params.l4_protocol	= iph->protocol;
+		fib_params.sport	= 0;
+		fib_params.dport	= 0;
+		fib_params.tot_len	= bpf_ntohs(iph->tot_len);
+		fib_params.ipv4_src	= iph->saddr;
+		fib_params.ipv4_dst	= iph->daddr;
+	} else if (h_proto == bpf_htons(ETH_P_IPV6)) {
+		struct in6_addr *src = (struct in6_addr *) fib_params.ipv6_src;
+		struct in6_addr *dst = (struct in6_addr *) fib_params.ipv6_dst;
+
+		ip6h = data + nh_off;
+		if (ip6h + 1 > data_end) {
+			action = XDP_DROP;
+			goto out;
+		}
+
+		if (ip6h->hop_limit <= 1)
+			goto out;
+
+		fib_params.family	= AF_INET6;
+		fib_params.flowinfo	= *(__be32 *) ip6h & IPV6_FLOWINFO_MASK;
+		fib_params.l4_protocol	= ip6h->nexthdr;
+		fib_params.sport	= 0;
+		fib_params.dport	= 0;
+		fib_params.tot_len	= bpf_ntohs(ip6h->payload_len);
+		*src			= ip6h->saddr;
+		*dst			= ip6h->daddr;
+	} else {
+		goto out;
+	}
+
+	fib_params.ifindex = ctx->ingress_ifindex;
+
+	rc = bpf_fib_lookup(ctx, &fib_params, sizeof(fib_params), 0);
+	switch (rc) {
+	case BPF_FIB_LKUP_RET_SUCCESS:         /* lookup successful */
+		if (h_proto == bpf_htons(ETH_P_IP))
+			ip_decrease_ttl(iph);
+		else if (h_proto == bpf_htons(ETH_P_IPV6))
+			ip6h->hop_limit--;
+
+		memcpy(eth->h_dest, fib_params.dmac, ETH_ALEN);
+		memcpy(eth->h_source, fib_params.smac, ETH_ALEN);
+		action = bpf_redirect_map(&tx_port, fib_params.ifindex, 0);
+		break;
+	case BPF_FIB_LKUP_RET_BLACKHOLE:    /* dest is blackholed; can be dropped */
+	case BPF_FIB_LKUP_RET_UNREACHABLE:  /* dest is unreachable; can be dropped */
+	case BPF_FIB_LKUP_RET_PROHIBIT:     /* dest not allowed; can be dropped */
+		action = XDP_DROP;
+		break;
+	case BPF_FIB_LKUP_RET_NOT_FWDED:    /* packet is not forwarded */
+	case BPF_FIB_LKUP_RET_FWD_DISABLED: /* fwding is not enabled on ingress */
+	case BPF_FIB_LKUP_RET_UNSUPP_LWT:   /* fwd requires encapsulation */
+	case BPF_FIB_LKUP_RET_NO_NEIGH:     /* no neighbor entry for nh */
+	case BPF_FIB_LKUP_RET_FRAG_NEEDED:  /* fragmentation required to fwd */
+		/* PASS */
+		break;
+	}
+
+out:
+	return xdp_stats_record_action(ctx, action);
+}
+
+SEC("xdp_pass")
+int xdp_pass_func(struct xdp_md *ctx)
+{
+	return XDP_PASS;
+}
 
 char _license[] SEC("license") = "GPL";