1 // SPDX-License-Identifier: GPL-2.0
2 #include <vmlinux.h>
3 #include <bpf/bpf_tracing.h>
4 #include <bpf/bpf_helpers.h>
5 #include <bpf/bpf_core_read.h>
6
7 struct nf_conn;
8
9 struct bpf_ct_opts___local {
10 s32 netns_id;
11 s32 error;
12 u8 l4proto;
13 u8 reserved[3];
14 } __attribute__((preserve_access_index));
15
16 struct nf_conn *bpf_skb_ct_alloc(struct __sk_buff *, struct bpf_sock_tuple *, u32,
17 struct bpf_ct_opts___local *, u32) __ksym;
18 struct nf_conn *bpf_skb_ct_lookup(struct __sk_buff *, struct bpf_sock_tuple *, u32,
19 struct bpf_ct_opts___local *, u32) __ksym;
20 struct nf_conn *bpf_ct_insert_entry(struct nf_conn *) __ksym;
21 void bpf_ct_release(struct nf_conn *) __ksym;
22 void bpf_ct_set_timeout(struct nf_conn *, u32) __ksym;
23 int bpf_ct_change_timeout(struct nf_conn *, u32) __ksym;
24 int bpf_ct_set_status(struct nf_conn *, u32) __ksym;
25 int bpf_ct_change_status(struct nf_conn *, u32) __ksym;
26
27 SEC("?tc")
alloc_release(struct __sk_buff * ctx)28 int alloc_release(struct __sk_buff *ctx)
29 {
30 struct bpf_ct_opts___local opts = {};
31 struct bpf_sock_tuple tup = {};
32 struct nf_conn *ct;
33
34 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
35 if (!ct)
36 return 0;
37 bpf_ct_release(ct);
38 return 0;
39 }
40
41 SEC("?tc")
insert_insert(struct __sk_buff * ctx)42 int insert_insert(struct __sk_buff *ctx)
43 {
44 struct bpf_ct_opts___local opts = {};
45 struct bpf_sock_tuple tup = {};
46 struct nf_conn *ct;
47
48 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
49 if (!ct)
50 return 0;
51 ct = bpf_ct_insert_entry(ct);
52 if (!ct)
53 return 0;
54 ct = bpf_ct_insert_entry(ct);
55 return 0;
56 }
57
58 SEC("?tc")
lookup_insert(struct __sk_buff * ctx)59 int lookup_insert(struct __sk_buff *ctx)
60 {
61 struct bpf_ct_opts___local opts = {};
62 struct bpf_sock_tuple tup = {};
63 struct nf_conn *ct;
64
65 ct = bpf_skb_ct_lookup(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
66 if (!ct)
67 return 0;
68 bpf_ct_insert_entry(ct);
69 return 0;
70 }
71
72 SEC("?tc")
write_not_allowlisted_field(struct __sk_buff * ctx)73 int write_not_allowlisted_field(struct __sk_buff *ctx)
74 {
75 struct bpf_ct_opts___local opts = {};
76 struct bpf_sock_tuple tup = {};
77 struct nf_conn *ct;
78
79 ct = bpf_skb_ct_lookup(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
80 if (!ct)
81 return 0;
82 ct->status = 0xF00;
83 return 0;
84 }
85
86 SEC("?tc")
set_timeout_after_insert(struct __sk_buff * ctx)87 int set_timeout_after_insert(struct __sk_buff *ctx)
88 {
89 struct bpf_ct_opts___local opts = {};
90 struct bpf_sock_tuple tup = {};
91 struct nf_conn *ct;
92
93 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
94 if (!ct)
95 return 0;
96 ct = bpf_ct_insert_entry(ct);
97 if (!ct)
98 return 0;
99 bpf_ct_set_timeout(ct, 0);
100 return 0;
101 }
102
103 SEC("?tc")
set_status_after_insert(struct __sk_buff * ctx)104 int set_status_after_insert(struct __sk_buff *ctx)
105 {
106 struct bpf_ct_opts___local opts = {};
107 struct bpf_sock_tuple tup = {};
108 struct nf_conn *ct;
109
110 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
111 if (!ct)
112 return 0;
113 ct = bpf_ct_insert_entry(ct);
114 if (!ct)
115 return 0;
116 bpf_ct_set_status(ct, 0);
117 return 0;
118 }
119
120 SEC("?tc")
change_timeout_after_alloc(struct __sk_buff * ctx)121 int change_timeout_after_alloc(struct __sk_buff *ctx)
122 {
123 struct bpf_ct_opts___local opts = {};
124 struct bpf_sock_tuple tup = {};
125 struct nf_conn *ct;
126
127 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
128 if (!ct)
129 return 0;
130 bpf_ct_change_timeout(ct, 0);
131 return 0;
132 }
133
134 SEC("?tc")
change_status_after_alloc(struct __sk_buff * ctx)135 int change_status_after_alloc(struct __sk_buff *ctx)
136 {
137 struct bpf_ct_opts___local opts = {};
138 struct bpf_sock_tuple tup = {};
139 struct nf_conn *ct;
140
141 ct = bpf_skb_ct_alloc(ctx, &tup, sizeof(tup.ipv4), &opts, sizeof(opts));
142 if (!ct)
143 return 0;
144 bpf_ct_change_status(ct, 0);
145 return 0;
146 }
147
148 char _license[] SEC("license") = "GPL";
149