Skip to content

Commit

Permalink
clang-format eBPF sources
Browse files Browse the repository at this point in the history
  • Loading branch information
@rafaelroquetto
rafaelroquetto committed Sep 18, 2024
1 parent 3fc48aa commit 593ce93
Show file tree
Hide file tree
Showing 42 changed files with 1,013 additions and 1,256 deletions.
1 change: 1 addition & 0 deletions bpf/.clang-format
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
{
BasedOnStyle: LLVM,
BreakStringLiterals: true,
AllowShortFunctionsOnASingleLine: InlineOnly,
ColumnLimit: 100,
IndentWidth: 4,
Expand Down
43 changes: 22 additions & 21 deletions bpf/bpf_dbg.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,33 +23,34 @@ typedef struct log_info {
struct {
__uint(type, BPF_MAP_TYPE_RINGBUF);
__uint(max_entries, 1 << 12);
__uint(pinning, LIBBPF_PIN_BY_NAME);
__uint(pinning, LIBBPF_PIN_BY_NAME);
} debug_events SEC(".maps");

enum bpf_func_id___x { BPF_FUNC_snprintf___x = 42 /* avoid zero */ };

#define bpf_dbg_helper(fmt, args...) { \
log_info_t *__trace__ = bpf_ringbuf_reserve(&debug_events, sizeof(log_info_t), 0); \
if (__trace__) { \
if(bpf_core_enum_value_exists(enum bpf_func_id___x, BPF_FUNC_snprintf___x)) { \
BPF_SNPRINTF(__trace__->log, sizeof(__trace__->log), fmt, ##args); \
} else { \
__builtin_memcpy(__trace__->log, fmt, sizeof(__trace__->log)); \
} \
u64 id = bpf_get_current_pid_tgid(); \
bpf_get_current_comm(&__trace__->comm, sizeof(__trace__->comm)); \
__trace__->pid = id >> 32; \
bpf_ringbuf_submit(__trace__, 0); \
} \
}

#define bpf_dbg_printk(fmt, args...) { \
bpf_printk(fmt, ##args); \
bpf_dbg_helper(fmt, ##args); \
}
#define bpf_dbg_helper(fmt, args...) \
{ \
log_info_t *__trace__ = bpf_ringbuf_reserve(&debug_events, sizeof(log_info_t), 0); \
if (__trace__) { \
if (bpf_core_enum_value_exists(enum bpf_func_id___x, BPF_FUNC_snprintf___x)) { \
BPF_SNPRINTF(__trace__->log, sizeof(__trace__->log), fmt, ##args); \
} else { \
__builtin_memcpy(__trace__->log, fmt, sizeof(__trace__->log)); \
} \
u64 id = bpf_get_current_pid_tgid(); \
bpf_get_current_comm(&__trace__->comm, sizeof(__trace__->comm)); \
__trace__->pid = id >> 32; \
bpf_ringbuf_submit(__trace__, 0); \
} \
}

#define bpf_dbg_printk(fmt, args...) \
{ \
bpf_printk(fmt, ##args); \
bpf_dbg_helper(fmt, ##args); \
}
#else
#define bpf_dbg_printk(fmt, args...)
#endif

#endif

8 changes: 4 additions & 4 deletions bpf/flow.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,12 @@
#define TC_ACT_SHOT 2
#define IP_MAX_LEN 16

#define ETH_ALEN 6 /* Octets in one ethernet addr */
#define ETH_ALEN 6 /* Octets in one ethernet addr */

#define s6_addr in6_u.u6_addr8
#define ETH_P_IP 0x0800 /* Internet Protocol packet */
#define s6_addr in6_u.u6_addr8
#define ETH_P_IP 0x0800 /* Internet Protocol packet */
// ETH_P_IPV6 value as defined in IEEE 802: https://www.iana.org/assignments/ieee-802-numbers/ieee-802-numbers.xhtml
#define ETH_P_IPV6 0x86DD /* IPv6 over bluebook */
#define ETH_P_IPV6 0x86DD /* IPv6 over bluebook */
typedef __u8 u8;
typedef __u16 u16;
typedef __u32 u32;
Expand Down
21 changes: 11 additions & 10 deletions bpf/flows.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,14 @@

// sets the TCP header flags for connection information
static inline void set_flags(struct tcphdr *th, u16 *flags) {
//If both ACK and SYN are set, then it is server -> client communication during 3-way handshake.
//If both ACK and SYN are set, then it is server -> client communication during 3-way handshake.
if (th->ack && th->syn) {
*flags |= SYN_ACK_FLAG;
} else if (th->ack && th->fin ) {
} else if (th->ack && th->fin) {
// If both ACK and FIN are set, then it is graceful termination from server.
*flags |= FIN_ACK_FLAG;
} else if (th->ack && th->rst ) {
// If both ACK and RST are set, then it is abrupt connection termination.
} else if (th->ack && th->rst) {
// If both ACK and RST are set, then it is abrupt connection termination.
*flags |= RST_ACK_FLAG;
} else if (th->fin) {
*flags |= FIN_FLAG;
Expand Down Expand Up @@ -199,18 +199,18 @@ static inline int flow_monitor(struct __sk_buff *skb) {
};

u8 *direction = (u8 *)bpf_map_lookup_elem(&flow_directions, &id);
if(direction == NULL) {
if (direction == NULL) {
// Calculate direction based on first flag received
// SYN and ACK mean someone else initiated the connection and this is the INGRESS direction
if((flags & SYN_ACK_FLAG) == SYN_ACK_FLAG) {
if ((flags & SYN_ACK_FLAG) == SYN_ACK_FLAG) {
new_flow.iface_direction = INGRESS;
}
// SYN only means we initiated the connection and this is the EGRESS direction
else if((flags & SYN_FLAG) == SYN_FLAG) {
else if ((flags & SYN_FLAG) == SYN_FLAG) {
new_flow.iface_direction = EGRESS;
}
// save, when direction was calculated based on TCP flag
if(new_flow.iface_direction != UNKNOWN) {
if (new_flow.iface_direction != UNKNOWN) {
// errors are intentionally omitted
bpf_map_update_elem(&flow_directions, &id, &new_flow.iface_direction, BPF_NOEXIST);
}
Expand Down Expand Up @@ -242,7 +242,8 @@ static inline int flow_monitor(struct __sk_buff *skb) {
}

new_flow.errno = -ret;
flow_record *record = (flow_record *)bpf_ringbuf_reserve(&direct_flows, sizeof(flow_record), 0);
flow_record *record =
(flow_record *)bpf_ringbuf_reserve(&direct_flows, sizeof(flow_record), 0);
if (!record) {
if (trace_messages) {
bpf_dbg_printk("couldn't reserve space in the ringbuf. Dropping flow");
Expand All @@ -257,7 +258,7 @@ static inline int flow_monitor(struct __sk_buff *skb) {

cleanup:
// finally, when flow receives FIN or RST, clean flow_directions
if(flags & FIN_FLAG || flags & RST_FLAG || flags & FIN_ACK_FLAG || flags & RST_ACK_FLAG) {
if (flags & FIN_FLAG || flags & RST_FLAG || flags & FIN_ACK_FLAG || flags & RST_ACK_FLAG) {
bpf_map_delete_elem(&flow_directions, &id);
}
return TC_ACT_OK;
Expand Down
120 changes: 69 additions & 51 deletions bpf/flows_sock.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,17 +30,18 @@ struct __tcphdr {
__be16 dest;
__be32 seq;
__be32 ack_seq;
__u16 res1 : 4, doff : 4, fin : 1, syn : 1, rst : 1, psh : 1, ack : 1, urg : 1, ece : 1, cwr : 1;
__u16 res1 : 4, doff : 4, fin : 1, syn : 1, rst : 1, psh : 1, ack : 1, urg : 1, ece : 1,
cwr : 1;
__be16 window;
__sum16 check;
__be16 urg_ptr;
};

struct __udphdr {
__be16 source;
__be16 dest;
__be16 len;
__sum16 check;
__be16 source;
__be16 dest;
__be16 len;
__sum16 check;
};

static __always_inline bool read_sk_buff(struct __sk_buff *skb, flow_id *id, u16 *custom_flags) {
Expand Down Expand Up @@ -85,10 +86,17 @@ static __always_inline bool read_sk_buff(struct __sk_buff *skb, flow_id *id, u16
break;
}
case ETH_P_IPV6:
bpf_skb_load_bytes(skb, ETH_HLEN + offsetof(struct ipv6hdr, nexthdr), &proto, sizeof(proto));

bpf_skb_load_bytes(skb, ETH_HLEN + offsetof(struct ipv6hdr, saddr), &id->src_ip.s6_addr, sizeof(id->src_ip.s6_addr));
bpf_skb_load_bytes(skb, ETH_HLEN + offsetof(struct ipv6hdr, daddr), &id->dst_ip.s6_addr, sizeof(id->dst_ip.s6_addr));
bpf_skb_load_bytes(
skb, ETH_HLEN + offsetof(struct ipv6hdr, nexthdr), &proto, sizeof(proto));

bpf_skb_load_bytes(skb,
ETH_HLEN + offsetof(struct ipv6hdr, saddr),
&id->src_ip.s6_addr,
sizeof(id->src_ip.s6_addr));
bpf_skb_load_bytes(skb,
ETH_HLEN + offsetof(struct ipv6hdr, daddr),
&id->dst_ip.s6_addr,
sizeof(id->dst_ip.s6_addr));

hdr_len = ETH_HLEN + sizeof(struct ipv6hdr);
break;
Expand All @@ -100,40 +108,49 @@ static __always_inline bool read_sk_buff(struct __sk_buff *skb, flow_id *id, u16
id->dst_port = 0;
id->transport_protocol = proto;

switch(proto) {
case IPPROTO_TCP: {
u16 port;
bpf_skb_load_bytes(skb, hdr_len + offsetof(struct __tcphdr, source), &port, sizeof(port));
id->src_port = __bpf_htons(port);

bpf_skb_load_bytes(skb, hdr_len + offsetof(struct __tcphdr, dest), &port, sizeof(port));
id->dst_port = __bpf_htons(port);

u8 doff;
bpf_skb_load_bytes(skb, hdr_len + offsetof(struct __tcphdr, ack_seq) + 4, &doff, sizeof(doff)); // read the first byte past __tcphdr->ack_seq, we can't do offsetof bit fields
doff &= 0xf0; // clean-up res1
doff >>= 4; // move the upper 4 bits to low
doff *= 4; // convert to bytes length

u8 flags;
bpf_skb_load_bytes(skb, hdr_len + offsetof(struct __tcphdr, ack_seq) + 4 + 1, &flags, sizeof(flags)); // read the second byte past __tcphdr->doff, again bit fields offsets
*custom_flags = ((u16)flags & 0x00ff);

hdr_len += doff;

if ((skb->len - hdr_len) < 0) { // less than 0 is a packet we can't parse
return false;
}

break;
}
case IPPROTO_UDP: {
u16 port;
bpf_skb_load_bytes(skb, hdr_len + offsetof(struct __udphdr, source), &port, sizeof(port));
id->src_port = __bpf_htons(port);
bpf_skb_load_bytes(skb, hdr_len + offsetof(struct __udphdr, dest), &port, sizeof(port));
id->dst_port = __bpf_htons(port);
switch (proto) {
case IPPROTO_TCP: {
u16 port;
bpf_skb_load_bytes(skb, hdr_len + offsetof(struct __tcphdr, source), &port, sizeof(port));
id->src_port = __bpf_htons(port);

bpf_skb_load_bytes(skb, hdr_len + offsetof(struct __tcphdr, dest), &port, sizeof(port));
id->dst_port = __bpf_htons(port);

u8 doff;
bpf_skb_load_bytes(
skb,
hdr_len + offsetof(struct __tcphdr, ack_seq) + 4,
&doff,
sizeof(
doff)); // read the first byte past __tcphdr->ack_seq, we can't do offsetof bit fields
doff &= 0xf0; // clean-up res1
doff >>= 4; // move the upper 4 bits to low
doff *= 4; // convert to bytes length

u8 flags;
bpf_skb_load_bytes(
skb,
hdr_len + offsetof(struct __tcphdr, ack_seq) + 4 + 1,
&flags,
sizeof(flags)); // read the second byte past __tcphdr->doff, again bit fields offsets
*custom_flags = ((u16)flags & 0x00ff);

hdr_len += doff;

if ((skb->len - hdr_len) < 0) { // less than 0 is a packet we can't parse
return false;
}

break;
}
case IPPROTO_UDP: {
u16 port;
bpf_skb_load_bytes(skb, hdr_len + offsetof(struct __udphdr, source), &port, sizeof(port));
id->src_port = __bpf_htons(port);
bpf_skb_load_bytes(skb, hdr_len + offsetof(struct __udphdr, dest), &port, sizeof(port));
id->dst_port = __bpf_htons(port);
}
}

// custom flags
Expand All @@ -149,8 +166,8 @@ static __always_inline bool read_sk_buff(struct __sk_buff *skb, flow_id *id, u16
}

static __always_inline bool same_ip(u8 *ip1, u8 *ip2) {
for (int i=0; i<16; i+=4) {
if (*((u32 *)(ip1+i)) != *((u32 *)(ip2+i))) {
for (int i = 0; i < 16; i += 4) {
if (*((u32 *)(ip1 + i)) != *((u32 *)(ip2 + i))) {
return false;
}
}
Expand Down Expand Up @@ -214,21 +231,21 @@ int socket__http_filter(struct __sk_buff *skb) {
};

u8 *direction = (u8 *)bpf_map_lookup_elem(&flow_directions, &id);
if(direction == NULL) {
if (direction == NULL) {
// Calculate direction based on first flag received
// SYN and ACK mean someone else initiated the connection and this is the INGRESS direction
if((flags & (SYN_FLAG | ACK_FLAG)) == (SYN_FLAG | ACK_FLAG)) {
if ((flags & (SYN_FLAG | ACK_FLAG)) == (SYN_FLAG | ACK_FLAG)) {
new_flow.iface_direction = INGRESS;
}
// SYN only means we initiated the connection and this is the EGRESS direction
else if((flags & SYN_FLAG) == SYN_FLAG) {
else if ((flags & SYN_FLAG) == SYN_FLAG) {
new_flow.iface_direction = EGRESS;
}
// save, when direction was calculated based on TCP flag
if(new_flow.iface_direction != UNKNOWN) {
if (new_flow.iface_direction != UNKNOWN) {
// errors are intentionally omitted
bpf_map_update_elem(&flow_directions, &id, &new_flow.iface_direction, BPF_NOEXIST);
}
}
// fallback for lost or already started connections and UDP
else {
new_flow.iface_direction = INGRESS;
Expand Down Expand Up @@ -257,7 +274,8 @@ int socket__http_filter(struct __sk_buff *skb) {
}

new_flow.errno = -ret;
flow_record *record = (flow_record *)bpf_ringbuf_reserve(&direct_flows, sizeof(flow_record), 0);
flow_record *record =
(flow_record *)bpf_ringbuf_reserve(&direct_flows, sizeof(flow_record), 0);
if (!record) {
if (trace_messages) {
bpf_dbg_printk("couldn't reserve space in the ringbuf. Dropping flow");
Expand All @@ -272,7 +290,7 @@ int socket__http_filter(struct __sk_buff *skb) {

cleanup:
// finally, when flow receives FIN or RST, clean flow_directions
if(flags & FIN_FLAG || flags & RST_FLAG) {
if (flags & FIN_FLAG || flags & RST_FLAG) {
bpf_map_delete_elem(&flow_directions, &id);
}
return TC_ACT_OK;
Expand Down
3 changes: 2 additions & 1 deletion bpf/go_byte_arr.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,8 @@
#include "utils.h"
#include "bpf_dbg.h"

static __inline int read_go_byte_arr(char *name, void *base_ptr, u8 offset, void *field, u64 *size_ptr, u64 max_size) {
static __inline int
read_go_byte_arr(char *name, void *base_ptr, u8 offset, void *field, u64 *size_ptr, u64 max_size) {
void *ptr = 0;
if (bpf_probe_read(&ptr, sizeof(ptr), (void *)(base_ptr + offset)) != 0) {
bpf_dbg_printk("can't read ptr for %s", name);
Expand Down
Loading

0 comments on commit 593ce93

Please sign in to comment.