bpf netd: Add local_net_access bpf map along with lookup method.
local_net_access is of type BPF_MAP_TYPE_LPM_TRIE (longest prefix
matching map) which stores interface index, remote address, protocol
and remote port. Lookup method is_local_net_access_allowed() returns
false if the arguments are found in the map and disallowed, otherwise
it returns true.
Test: Locally tested by adding values from userspace and querying the
bpf map.
Bug: 373608779
Change-Id: Ia34b3cb5613b56f6db5b224ec03f8c9909a49fe1
diff --git a/bpf/progs/netd.h b/bpf/progs/netd.h
index be7c311..6561311 100644
--- a/bpf/progs/netd.h
+++ b/bpf/progs/netd.h
@@ -185,6 +185,7 @@
#define PACKET_TRACE_RINGBUF_PATH BPF_NETD_PATH "map_netd_packet_trace_ringbuf"
#define PACKET_TRACE_ENABLED_MAP_PATH BPF_NETD_PATH "map_netd_packet_trace_enabled_map"
#define DATA_SAVER_ENABLED_MAP_PATH BPF_NETD_PATH "map_netd_data_saver_enabled_map"
+#define LOCAL_NET_ACCESS_MAP_PATH BPF_NETD_PATH "map_netd_local_net_access_map"
#endif // __cplusplus
@@ -245,6 +246,18 @@
} IngressDiscardValue;
STRUCT_SIZE(IngressDiscardValue, 2 * 4); // 8
+typedef struct {
+ // Longest prefix match length in bits (value from 0 to 192).
+ uint32_t lpm_bitlen;
+ uint32_t if_index;
+ // IPv4 uses IPv4-mapped IPv6 address format.
+ struct in6_addr remote_ip6;
+ // u16 instead of u8 to avoid padding due to alignment requirement.
+ uint16_t protocol;
+ __be16 remote_port;
+} LocalNetAccessKey;
+STRUCT_SIZE(LocalNetAccessKey, 4 + 4 + 16 + 2 + 2); // 28
+
// Entry in the configuration map that stores which UID rules are enabled.
#define UID_RULES_CONFIGURATION_KEY 0
// Entry in the configuration map that stores which stats map is currently in use.