Blame - bpf/progs/dscpPolicy.c - android_packages_modules_Connectivity

blob: 94d717be5da60e084a6a9a5a449312ab2a572e5a [file] [log] [blame]

Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	1	/*
				2	* Copyright (C) 2021 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
Maciej Żenczykowski	11141da	2024-03-15 18:21:33 -0700	[diff] [blame]	17	// The resulting .o needs to load on Android T+
Maciej Żenczykowski	4e4f872	2024-06-15 06:38:08 -0700	[diff] [blame]	18	#define BPFLOADER_MIN_VER BPFLOADER_MAINLINE_T_VERSION
Maciej Żenczykowski	acebffb	2022-05-16 16:05:15 -0700	[diff] [blame]	19
Maciej Żenczykowski	85c9c99	2024-08-16 17:57:36 -0700	[diff] [blame]	20	#include "bpf_net_helpers.h"
Ken Chen	74ff3ee	2022-07-14 16:46:39 +0800	[diff] [blame]	21	#include "dscpPolicy.h"
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	22
Tyler Wear	11f494f	2022-06-14 16:04:49 -0700	[diff] [blame]	23	#define ECN_MASK 3
Maciej Żenczykowski	d7b92c0	2022-07-27 19:57:15 +0000	[diff] [blame]	24	#define UPDATE_TOS(dscp, tos) ((dscp) << 2) \| ((tos) & ECN_MASK)
Tyler Wear	11f494f	2022-06-14 16:04:49 -0700	[diff] [blame]	25
Maciej Żenczykowski	52ff2b6	2024-08-27 18:17:33 -0700	[diff] [blame]	26	// The cache is never read nor written by userspace and is indexed by socket cookie % CACHE_MAP_SIZE
				27	#define CACHE_MAP_SIZE 32 // should be a power of two so we can % cheaply
Maciej Żenczykowski	1ec8d7d	2024-09-04 16:44:04 -0700	[diff] [blame]	28	DEFINE_BPF_MAP_KERNEL_INTERNAL(socket_policy_cache_map, PERCPU_ARRAY, uint32_t, RuleEntry,
				29	CACHE_MAP_SIZE)
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	30
Tyler Wear	11f494f	2022-06-14 16:04:49 -0700	[diff] [blame]	31	DEFINE_BPF_MAP_GRW(ipv4_dscp_policies_map, ARRAY, uint32_t, DscpPolicy, MAX_POLICIES, AID_SYSTEM)
				32	DEFINE_BPF_MAP_GRW(ipv6_dscp_policies_map, ARRAY, uint32_t, DscpPolicy, MAX_POLICIES, AID_SYSTEM)
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	33
Maciej Żenczykowski	116d17a	2024-08-26 16:40:57 -0700	[diff] [blame]	34	static inline __always_inline uint64_t calculate_u64(uint64_t v) {
				35	COMPILER_FORCE_CALCULATION(v);
				36	return v;
				37	}
				38
Maciej Żenczykowski	1ab3ad8	2024-08-22 17:30:20 +0000	[diff] [blame]	39	static inline __always_inline void match_policy(struct __sk_buff* skb, const bool ipv4) {
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	40	void* data = (void*)(long)skb->data;
				41	const void* data_end = (void*)(long)skb->data_end;
				42
Patrick Rohr	7f325cc	2022-07-25 10:15:02 -0700	[diff] [blame]	43	const int l2_header_size = sizeof(struct ethhdr);
				44	struct ethhdr* eth = data;
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	45
				46	if (data + l2_header_size > data_end) return;
				47
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	48	int hdr_size = 0;
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	49
				50	// used for map lookup
				51	uint64_t cookie = bpf_get_socket_cookie(skb);
Tyler Wear	11f494f	2022-06-14 16:04:49 -0700	[diff] [blame]	52	if (!cookie) return;
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	53
Maciej Żenczykowski	52ff2b6	2024-08-27 18:17:33 -0700	[diff] [blame]	54	uint32_t cacheid = cookie % CACHE_MAP_SIZE;
				55
Maciej Żenczykowski	640752b	2022-08-09 23:02:57 +0000	[diff] [blame]	56	__be16 sport = 0;
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	57	uint16_t dport = 0;
Tyler Wear	11f494f	2022-06-14 16:04:49 -0700	[diff] [blame]	58	uint8_t protocol = 0; // TODO: Use are reserved value? Or int (-1) and cast to uint below?
Tyler Wear	9228105	2022-06-22 15:32:14 -0700	[diff] [blame]	59	struct in6_addr src_ip = {};
				60	struct in6_addr dst_ip = {};
Maciej Żenczykowski	242af39	2022-08-22 09:11:10 +0000	[diff] [blame]	61	uint8_t tos = 0; // Only used for IPv4
				62	__be32 old_first_be32 = 0; // Only used for IPv6
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	63	if (ipv4) {
Patrick Rohr	7f325cc	2022-07-25 10:15:02 -0700	[diff] [blame]	64	const struct iphdr* const iph = (void*)(eth + 1);
Tyler Wear	11f494f	2022-06-14 16:04:49 -0700	[diff] [blame]	65	hdr_size = l2_header_size + sizeof(struct iphdr);
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	66	// Must have ipv4 header
Tyler Wear	11f494f	2022-06-14 16:04:49 -0700	[diff] [blame]	67	if (data + hdr_size > data_end) return;
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	68
				69	// IP version must be 4
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	70	if (iph->version != 4) return;
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	71
				72	// We cannot handle IP options, just standard 20 byte == 5 dword minimal IPv4 header
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	73	if (iph->ihl != 5) return;
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	74
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	75	// V4 mapped address in in6_addr sets 10/11 position to 0xff.
Tyler Wear	9228105	2022-06-22 15:32:14 -0700	[diff] [blame]	76	src_ip.s6_addr32[2] = htonl(0x0000ffff);
				77	dst_ip.s6_addr32[2] = htonl(0x0000ffff);
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	78
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	79	// Copy IPv4 address into in6_addr for easy comparison below.
Tyler Wear	9228105	2022-06-22 15:32:14 -0700	[diff] [blame]	80	src_ip.s6_addr32[3] = iph->saddr;
				81	dst_ip.s6_addr32[3] = iph->daddr;
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	82	protocol = iph->protocol;
				83	tos = iph->tos;
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	84	} else {
Patrick Rohr	7f325cc	2022-07-25 10:15:02 -0700	[diff] [blame]	85	struct ipv6hdr* ip6h = (void*)(eth + 1);
Tyler Wear	11f494f	2022-06-14 16:04:49 -0700	[diff] [blame]	86	hdr_size = l2_header_size + sizeof(struct ipv6hdr);
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	87	// Must have ipv6 header
Tyler Wear	11f494f	2022-06-14 16:04:49 -0700	[diff] [blame]	88	if (data + hdr_size > data_end) return;
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	89
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	90	if (ip6h->version != 6) return;
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	91
Tyler Wear	9228105	2022-06-22 15:32:14 -0700	[diff] [blame]	92	src_ip = ip6h->saddr;
				93	dst_ip = ip6h->daddr;
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	94	protocol = ip6h->nexthdr;
Maciej Żenczykowski	242af39	2022-08-22 09:11:10 +0000	[diff] [blame]	95	old_first_be32 = (__be32)ip6h;
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	96	}
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	97
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	98	switch (protocol) {
				99	case IPPROTO_UDP:
Tyler Wear	11f494f	2022-06-14 16:04:49 -0700	[diff] [blame]	100	case IPPROTO_UDPLITE: {
				101	struct udphdr* udp;
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	102	udp = data + hdr_size;
				103	if ((void*)(udp + 1) > data_end) return;
				104	sport = udp->source;
Maciej Żenczykowski	640752b	2022-08-09 23:02:57 +0000	[diff] [blame]	105	dport = ntohs(udp->dest);
Tyler Wear	11f494f	2022-06-14 16:04:49 -0700	[diff] [blame]	106	} break;
				107	case IPPROTO_TCP: {
				108	struct tcphdr* tcp;
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	109	tcp = data + hdr_size;
				110	if ((void*)(tcp + 1) > data_end) return;
				111	sport = tcp->source;
Maciej Żenczykowski	640752b	2022-08-09 23:02:57 +0000	[diff] [blame]	112	dport = ntohs(tcp->dest);
Tyler Wear	11f494f	2022-06-14 16:04:49 -0700	[diff] [blame]	113	} break;
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	114	default:
				115	return;
				116	}
				117
Maciej Żenczykowski	52ff2b6	2024-08-27 18:17:33 -0700	[diff] [blame]	118	// this array lookup cannot actually fail
				119	RuleEntry* existing_rule = bpf_socket_policy_cache_map_lookup_elem(&cacheid);
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	120
Maciej Żenczykowski	bbb5499	2024-08-29 18:15:30 -0700	[diff] [blame]	121	if (!existing_rule) return; // impossible
				122
Maciej Żenczykowski	3188abb	2024-08-30 11:44:31 -0700	[diff] [blame]	123	uint64_t nomatch = 0;
				124	nomatch \|= v6_not_equal(src_ip, existing_rule->src_ip);
				125	nomatch \|= v6_not_equal(dst_ip, existing_rule->dst_ip);
				126	nomatch \|= (skb->ifindex ^ existing_rule->ifindex);
				127	nomatch \|= (sport ^ existing_rule->src_port);
				128	nomatch \|= (dport ^ existing_rule->dst_port);
				129	nomatch \|= (protocol ^ existing_rule->proto);
				130	COMPILER_FORCE_CALCULATION(nomatch);
				131
				132	/*
				133	* After the above funky bitwise arithmetic we have 'nomatch == 0' iff
				134	* src_ip == existing_rule->src_ip &&
				135	* dst_ip == existing_rule->dst_ip &&
				136	* skb->ifindex == existing_rule->ifindex &&
				137	* sport == existing_rule->src_port &&
				138	* dport == existing_rule->dst_port &&
				139	* protocol == existing_rule->proto
				140	*/
				141
				142	if (!nomatch) {
				143	if (existing_rule->dscp_val < 0) return; // cached no-op
				144
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	145	if (ipv4) {
Tyler Wear	9228105	2022-06-22 15:32:14 -0700	[diff] [blame]	146	uint8_t newTos = UPDATE_TOS(existing_rule->dscp_val, tos);
Maciej Żenczykowski	85c9c99	2024-08-16 17:57:36 -0700	[diff] [blame]	147	bpf_l3_csum_replace(skb, l2_header_size + IP4_OFFSET(check), htons(tos), htons(newTos),
Tyler Wear	11f494f	2022-06-14 16:04:49 -0700	[diff] [blame]	148	sizeof(uint16_t));
Maciej Żenczykowski	85c9c99	2024-08-16 17:57:36 -0700	[diff] [blame]	149	bpf_skb_store_bytes(skb, l2_header_size + IP4_OFFSET(tos), &newTos, sizeof(newTos), 0);
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	150	} else {
Maciej Żenczykowski	242af39	2022-08-22 09:11:10 +0000	[diff] [blame]	151	__be32 new_first_be32 =
				152	htonl(ntohl(old_first_be32) & 0xF03FFFFF \| (existing_rule->dscp_val << 22));
				153	bpf_skb_store_bytes(skb, l2_header_size, &new_first_be32, sizeof(__be32),
Tyler Wear	4e8949b	2022-06-23 14:15:58 -0700	[diff] [blame]	154	BPF_F_RECOMPUTE_CSUM);
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	155	}
Maciej Żenczykowski	3188abb	2024-08-30 11:44:31 -0700	[diff] [blame]	156	return; // cached DSCP mutation
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	157	}
				158
Maciej Żenczykowski	116d17a	2024-08-26 16:40:57 -0700	[diff] [blame]	159	// Linear scan ipv?_dscp_policies_map since stored params didn't match skb.
				160	uint64_t best_score = 0;
				161	int8_t new_dscp = -1; // meaning no mutation
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	162
				163	for (register uint64_t i = 0; i < MAX_POLICIES; i++) {
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	164	// Using a uint64 in for loop prevents infinite loop during BPF load,
				165	// but the key is uint32, so convert back.
				166	uint32_t key = i;
				167
				168	DscpPolicy* policy;
				169	if (ipv4) {
				170	policy = bpf_ipv4_dscp_policies_map_lookup_elem(&key);
				171	} else {
				172	policy = bpf_ipv6_dscp_policies_map_lookup_elem(&key);
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	173	}
				174
Maciej Żenczykowski	1ab3ad8	2024-08-22 17:30:20 +0000	[diff] [blame]	175	// Lookup failure cannot happen on an array with MAX_POLICIES entries.
				176	// While 'continue' would make logical sense here, 'return' should be
				177	// easier for the verifier to analyze.
				178	if (!policy) return;
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	179
Maciej Żenczykowski	116d17a	2024-08-26 16:40:57 -0700	[diff] [blame]	180	// Think of 'nomatch' as a 64-bit boolean: false iff zero, true iff non-zero.
				181	// Start off with nomatch being false, ie. we assume things are matching.
				182	uint64_t nomatch = 0;
				183
				184	// Due to 'a ^ b' being 0 iff a == b:
				185	// nomatch \|= a ^ b
				186	// should/can be read as:
				187	// nomatch \|\|= (a != b)
				188	// which you can also think of as:
				189	// match &&= (a == b)
				190
Maciej Żenczykowski	1feaa43	2022-07-29 21:17:07 +0000	[diff] [blame]	191	// If policy iface index does not match skb, then skip to next policy.
Maciej Żenczykowski	116d17a	2024-08-26 16:40:57 -0700	[diff] [blame]	192	nomatch \|= (policy->ifindex ^ skb->ifindex);
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	193
Maciej Żenczykowski	116d17a	2024-08-26 16:40:57 -0700	[diff] [blame]	194	// policy->match_* are normal booleans, and should thus always be 0 or 1,
				195	// thus you can think of these as:
				196	// if (policy->match_foo) match &&= (foo == policy->foo);
				197	nomatch \|= policy->match_proto * (protocol ^ policy->proto);
				198	nomatch \|= policy->match_src_ip * v6_not_equal(src_ip, policy->src_ip);
				199	nomatch \|= policy->match_dst_ip * v6_not_equal(dst_ip, policy->dst_ip);
				200	nomatch \|= policy->match_src_port * (sport ^ policy->src_port);
Maciej Żenczykowski	1feaa43	2022-07-29 21:17:07 +0000	[diff] [blame]	201
Maciej Żenczykowski	116d17a	2024-08-26 16:40:57 -0700	[diff] [blame]	202	// Since these values are u16s (<=63 bits), we can rely on u64 subtraction
				203	// underflow setting the topmost bit. Basically, you can think of:
				204	// nomatch \|= (a - b) >> 63
				205	// as:
				206	// match &&= (a >= b)
				207	uint64_t dport64 = dport; // Note: dst_port_{start_end} range is inclusive of both ends.
				208	nomatch \|= calculate_u64(dport64 - policy->dst_port_start) >> 63;
				209	nomatch \|= calculate_u64(policy->dst_port_end - dport64) >> 63;
Maciej Żenczykowski	1feaa43	2022-07-29 21:17:07 +0000	[diff] [blame]	210
Maciej Żenczykowski	116d17a	2024-08-26 16:40:57 -0700	[diff] [blame]	211	// score is 0x10000 for each matched field (proto, src_ip, dst_ip, src_port)
				212	// plus 1..0x10000 for the dst_port range match (smaller for bigger ranges)
				213	uint64_t score = 0;
				214	score += policy->match_proto; // reminder: match_* are boolean, thus 0 or 1
				215	score += policy->match_src_ip;
				216	score += policy->match_dst_ip;
				217	score += policy->match_src_port;
				218	score += 1; // for a 1 element dst_port_{start,end} range
				219	score <<= 16; // scale up: ie. *= 0x10000
				220	// now reduce score if the dst_port range is more than a single element
				221	// we want to prioritize (ie. better score) matches of smaller ranges
				222	score -= (policy->dst_port_end - policy->dst_port_start); // -= 0..0xFFFF
				223
				224	// Here we need:
				225	// match &&= (score > best_score)
				226	// which is the same as
				227	// match &&= (score >= best_score + 1)
				228	// > not >= because we want equal score matches to prefer choosing earlier policies
				229	nomatch \|= calculate_u64(score - best_score - 1) >> 63;
				230
				231	COMPILER_FORCE_CALCULATION(nomatch);
				232	if (nomatch) continue;
				233
				234	// only reachable if we matched the policy and (score > best_score)
				235	best_score = score;
				236	new_dscp = policy->dscp_val;
Maciej Żenczykowski	d7b92c0	2022-07-27 19:57:15 +0000	[diff] [blame]	237	}
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	238
Maciej Żenczykowski	bbb5499	2024-08-29 18:15:30 -0700	[diff] [blame]	239	// Update cache with found policy.
				240	*existing_rule = (RuleEntry){
Tyler Wear	9228105	2022-06-22 15:32:14 -0700	[diff] [blame]	241	.src_ip = src_ip,
				242	.dst_ip = dst_ip,
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	243	.ifindex = skb->ifindex,
Tyler Wear	9228105	2022-06-22 15:32:14 -0700	[diff] [blame]	244	.src_port = sport,
				245	.dst_port = dport,
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	246	.proto = protocol,
Tyler Wear	9228105	2022-06-22 15:32:14 -0700	[diff] [blame]	247	.dscp_val = new_dscp,
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	248	};
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	249
Maciej Żenczykowski	d7b92c0	2022-07-27 19:57:15 +0000	[diff] [blame]	250	if (new_dscp < 0) return;
				251
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	252	// Need to store bytes after updating map or program will not load.
Tyler Wear	4e8949b	2022-06-23 14:15:58 -0700	[diff] [blame]	253	if (ipv4) {
				254	uint8_t new_tos = UPDATE_TOS(new_dscp, tos);
Maciej Żenczykowski	85c9c99	2024-08-16 17:57:36 -0700	[diff] [blame]	255	bpf_l3_csum_replace(skb, l2_header_size + IP4_OFFSET(check), htons(tos), htons(new_tos), 2);
				256	bpf_skb_store_bytes(skb, l2_header_size + IP4_OFFSET(tos), &new_tos, sizeof(new_tos), 0);
Tyler Wear	4e8949b	2022-06-23 14:15:58 -0700	[diff] [blame]	257	} else {
Maciej Żenczykowski	242af39	2022-08-22 09:11:10 +0000	[diff] [blame]	258	__be32 new_first_be32 = htonl(ntohl(old_first_be32) & 0xF03FFFFF \| (new_dscp << 22));
				259	bpf_skb_store_bytes(skb, l2_header_size, &new_first_be32, sizeof(__be32),
Tyler Wear	4e8949b	2022-06-23 14:15:58 -0700	[diff] [blame]	260	BPF_F_RECOMPUTE_CSUM);
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	261	}
				262	return;
				263	}
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	264
Tyler Wear	4e8949b	2022-06-23 14:15:58 -0700	[diff] [blame]	265	DEFINE_BPF_PROG_KVER("schedcls/set_dscp_ether", AID_ROOT, AID_SYSTEM, schedcls_set_dscp_ether,
Maciej Żenczykowski	901c710	2023-10-06 15:47:46 -0700	[diff] [blame]	266	KVER_5_15)
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	267	(struct __sk_buff* skb) {
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	268	if (skb->pkt_type != PACKET_HOST) return TC_ACT_PIPE;
				269
				270	if (skb->protocol == htons(ETH_P_IP)) {
Patrick Rohr	7f325cc	2022-07-25 10:15:02 -0700	[diff] [blame]	271	match_policy(skb, true);
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	272	} else if (skb->protocol == htons(ETH_P_IPV6)) {
Patrick Rohr	7f325cc	2022-07-25 10:15:02 -0700	[diff] [blame]	273	match_policy(skb, false);
Tyler Wear	3ad8089	2022-02-03 15:14:44 -0800	[diff] [blame]	274	}
				275
				276	// Always return TC_ACT_PIPE
				277	return TC_ACT_PIPE;
				278	}
				279
Tyler Wear	7238821	2021-09-09 14:49:02 -0700	[diff] [blame]	280	LICENSE("Apache 2.0");
				281	CRITICAL("Connectivity");