Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_bpf / 5aee2f14a5c69a4748440c15c14b9b15e8609185 / . / progs / netd.c
blob: 5f89839a0bd5b52bae746c2740424e9431728828 [file] [log] [blame]
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]1/*
2 * Copyright (C) 2018 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]17#include "netd.h"
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]18#include <linux/bpf.h>
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]19
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]20SEC("cgroupskb/ingress/stats")
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]21int bpf_cgroup_ingress(struct __sk_buff* skb) {
22 return bpf_traffic_account(skb, BPF_INGRESS);
23}
24
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]25SEC("cgroupskb/egress/stats")
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]26int bpf_cgroup_egress(struct __sk_buff* skb) {
27 return bpf_traffic_account(skb, BPF_EGRESS);
28}
29
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]30SEC("skfilter/egress/xtbpf")
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]31int xt_bpf_egress_prog(struct __sk_buff* skb) {
32 uint32_t key = skb->ifindex;
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]33 bpf_update_stats(skb, &iface_stats_map, BPF_EGRESS, &key);
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]34 return BPF_MATCH;
35}
36
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]37SEC("skfilter/ingress/xtbpf")
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]38int xt_bpf_ingress_prog(struct __sk_buff* skb) {
39 uint32_t key = skb->ifindex;
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]40 bpf_update_stats(skb, &iface_stats_map, BPF_INGRESS, &key);
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]41 return BPF_MATCH;
42}
43
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]44SEC("skfilter/whitelist/xtbpf")
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]45int xt_bpf_whitelist_prog(struct __sk_buff* skb) {
46 uint32_t sock_uid = get_socket_uid(skb);
47 if (is_system_uid(sock_uid)) return BPF_MATCH;
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]48 uint8_t* whitelistMatch = find_map_entry(&uid_owner_map, &sock_uid);
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]49 if (whitelistMatch) return *whitelistMatch & HAPPY_BOX_MATCH;
50 return BPF_NOMATCH;
51}
52
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]53SEC("skfilter/blacklist/xtbpf")
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]54int xt_bpf_blacklist_prog(struct __sk_buff* skb) {
55 uint32_t sock_uid = get_socket_uid(skb);
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]56 uint8_t* blacklistMatch = find_map_entry(&uid_owner_map, &sock_uid);
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]57 if (blacklistMatch) return *blacklistMatch & PENALTY_BOX_MATCH;
58 return BPF_NOMATCH;
59}
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]60
Chenbo Feng5aee2f12018-12-26 16:14:05 -0800[diff] [blame^]61struct bpf_map_def SEC("maps") uid_permission_map = {
62 .type = BPF_MAP_TYPE_HASH,
63 .key_size = sizeof(uint32_t),
64 .value_size = sizeof(uint8_t),
65 .max_entries = UID_OWNER_MAP_SIZE,
66};
67
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]68char _license[] SEC("license") = "Apache 2.0";