Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_bpf / 9cd8f14ed0ed01675b18b4880fcf465782b5ffd7 / . / progs / netd.h
blob: ff9775373820135c3f44cbd0caaeff84ab9f93c3 [file] [log] [blame]
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]1/*
2 * Copyright (C) 2018 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/*
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]18 * This h file together with netd.c is used for compiling the eBPF kernel
Chenbo Feng4c9e9ec2018-10-16 20:31:52 -0700[diff] [blame]19 * program.
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]20 */
21
22#include <linux/bpf.h>
23#include <linux/if.h>
24#include <linux/if_ether.h>
25#include <linux/in.h>
26#include <linux/in6.h>
27#include <linux/ip.h>
28#include <linux/ipv6.h>
29#include <stdbool.h>
30#include <stdint.h>
Chenbo Feng4c9e9ec2018-10-16 20:31:52 -0700[diff] [blame]31#include "netdbpf/bpf_shared.h"
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]32
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]33#define SEC(NAME) __attribute__((section(NAME), used))
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]34
35struct uid_tag {
36 uint32_t uid;
37 uint32_t tag;
38};
39
40struct stats_key {
41 uint32_t uid;
42 uint32_t tag;
43 uint32_t counterSet;
44 uint32_t ifaceIndex;
45};
46
47struct stats_value {
48 uint64_t rxPackets;
49 uint64_t rxBytes;
50 uint64_t txPackets;
51 uint64_t txBytes;
52};
53
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]54struct IfaceValue {
55 char name[IFNAMSIZ];
56};
57
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]58/* helper functions called from eBPF programs written in C */
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]59static void* (*find_map_entry)(void* map, void* key) = (void*)BPF_FUNC_map_lookup_elem;
60static int (*write_to_map_entry)(void* map, void* key, void* value,
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]61 uint64_t flags) = (void*)BPF_FUNC_map_update_elem;
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]62static int (*delete_map_entry)(void* map, void* key) = (void*)BPF_FUNC_map_delete_elem;
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]63static uint64_t (*get_socket_cookie)(struct __sk_buff* skb) = (void*)BPF_FUNC_get_socket_cookie;
64static uint32_t (*get_socket_uid)(struct __sk_buff* skb) = (void*)BPF_FUNC_get_socket_uid;
65static int (*bpf_skb_load_bytes)(struct __sk_buff* skb, int off, void* to,
66 int len) = (void*)BPF_FUNC_skb_load_bytes;
67
68// This is defined for cgroup bpf filter only.
69#define BPF_PASS 1
70#define BPF_DROP 0
71
72// This is used for xt_bpf program only.
73#define BPF_NOMATCH 0
74#define BPF_MATCH 1
75
76#define BPF_EGRESS 0
77#define BPF_INGRESS 1
78
79#define IP_PROTO_OFF offsetof(struct iphdr, protocol)
80#define IPV6_PROTO_OFF offsetof(struct ipv6hdr, nexthdr)
81#define IPPROTO_IHL_OFF 0
82#define TCP_FLAG_OFF 13
83#define RST_OFFSET 2
84
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]85/* loader usage */
86struct bpf_map_def {
87 unsigned int type;
88 unsigned int key_size;
89 unsigned int value_size;
90 unsigned int max_entries;
91 unsigned int map_flags;
92 unsigned int pad[2];
93};
94
95struct bpf_map_def SEC("maps") cookie_tag_map = {
96 .type = BPF_MAP_TYPE_HASH,
97 .key_size = sizeof(uint64_t),
98 .value_size = sizeof(struct uid_tag),
99 .max_entries = COOKIE_UID_MAP_SIZE,
100};
101
102struct bpf_map_def SEC("maps") uid_counterset_map = {
103 .type = BPF_MAP_TYPE_HASH,
104 .key_size = sizeof(uint32_t),
105 .value_size = sizeof(uint8_t),
106 .max_entries = UID_COUNTERSET_MAP_SIZE,
107};
108
109struct bpf_map_def SEC("maps") app_uid_stats_map = {
110 .type = BPF_MAP_TYPE_HASH,
111 .key_size = sizeof(uint32_t),
112 .value_size = sizeof(struct stats_value),
Chenbo Feng9cd8f142018-12-04 16:54:56 -0800[diff] [blame^]113 .max_entries = APP_STATS_MAP_SIZE,
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]114};
115
Chenbo Feng9cd8f142018-12-04 16:54:56 -0800[diff] [blame^]116struct bpf_map_def SEC("maps") stats_map_A = {
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]117 .type = BPF_MAP_TYPE_HASH,
118 .key_size = sizeof(struct stats_key),
119 .value_size = sizeof(struct stats_value),
Chenbo Feng9cd8f142018-12-04 16:54:56 -0800[diff] [blame^]120 .max_entries = STATS_MAP_SIZE,
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]121};
122
Chenbo Feng9cd8f142018-12-04 16:54:56 -0800[diff] [blame^]123struct bpf_map_def SEC("maps") stats_map_B = {
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]124 .type = BPF_MAP_TYPE_HASH,
125 .key_size = sizeof(struct stats_key),
126 .value_size = sizeof(struct stats_value),
Chenbo Feng9cd8f142018-12-04 16:54:56 -0800[diff] [blame^]127 .max_entries = STATS_MAP_SIZE,
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]128};
129
130struct bpf_map_def SEC("maps") iface_stats_map = {
131 .type = BPF_MAP_TYPE_HASH,
132 .key_size = sizeof(uint32_t),
133 .value_size = sizeof(struct stats_value),
134 .max_entries = IFACE_STATS_MAP_SIZE,
135};
136
137struct bpf_map_def SEC("maps") configuration_map = {
138 .type = BPF_MAP_TYPE_HASH,
139 .key_size = sizeof(uint32_t),
140 .value_size = sizeof(uint8_t),
141 .max_entries = CONFIGURATION_MAP_SIZE,
142};
143
144struct bpf_map_def SEC("maps") uid_owner_map = {
145 .type = BPF_MAP_TYPE_HASH,
146 .key_size = sizeof(uint32_t),
147 .value_size = sizeof(uint8_t),
148 .max_entries = UID_OWNER_MAP_SIZE,
149};
150
151struct bpf_map_def SEC("maps") iface_index_name_map = {
152 .type = BPF_MAP_TYPE_HASH,
153 .key_size = sizeof(uint32_t),
154 .value_size = sizeof(struct IfaceValue),
155 .max_entries = IFACE_INDEX_NAME_MAP_SIZE,
156};
157
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]158static __always_inline int is_system_uid(uint32_t uid) {
159 return (uid <= MAX_SYSTEM_UID) && (uid >= MIN_SYSTEM_UID);
160}
161
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]162static __always_inline inline void bpf_update_stats(struct __sk_buff* skb, struct bpf_map_def* map,
163 int direction, void* key) {
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]164 struct stats_value* value;
165 value = find_map_entry(map, key);
166 if (!value) {
167 struct stats_value newValue = {};
168 write_to_map_entry(map, key, &newValue, BPF_NOEXIST);
169 value = find_map_entry(map, key);
170 }
171 if (value) {
172 if (direction == BPF_EGRESS) {
173 __sync_fetch_and_add(&value->txPackets, 1);
174 __sync_fetch_and_add(&value->txBytes, skb->len);
175 } else if (direction == BPF_INGRESS) {
176 __sync_fetch_and_add(&value->rxPackets, 1);
177 __sync_fetch_and_add(&value->rxBytes, skb->len);
178 }
179 }
180}
181
182static inline bool skip_owner_match(struct __sk_buff* skb) {
183 int offset = -1;
184 int ret = 0;
185 if (skb->protocol == ETH_P_IP) {
186 offset = IP_PROTO_OFF;
187 uint8_t proto, ihl;
188 uint16_t flag;
189 ret = bpf_skb_load_bytes(skb, offset, &proto, 1);
190 if (!ret) {
191 if (proto == IPPROTO_ESP) {
192 return true;
193 } else if (proto == IPPROTO_TCP) {
194 ret = bpf_skb_load_bytes(skb, IPPROTO_IHL_OFF, &ihl, 1);
195 ihl = ihl & 0x0F;
196 ret = bpf_skb_load_bytes(skb, ihl * 4 + TCP_FLAG_OFF, &flag, 1);
197 if (ret == 0 && (flag >> RST_OFFSET & 1)) {
198 return true;
199 }
200 }
201 }
202 } else if (skb->protocol == ETH_P_IPV6) {
203 offset = IPV6_PROTO_OFF;
204 uint8_t proto;
205 ret = bpf_skb_load_bytes(skb, offset, &proto, 1);
206 if (!ret) {
207 if (proto == IPPROTO_ESP) {
208 return true;
209 } else if (proto == IPPROTO_TCP) {
210 uint16_t flag;
211 ret = bpf_skb_load_bytes(skb, sizeof(struct ipv6hdr) + TCP_FLAG_OFF, &flag, 1);
212 if (ret == 0 && (flag >> RST_OFFSET & 1)) {
213 return true;
214 }
215 }
216 }
217 }
218 return false;
219}
220
Chenbo Feng9cd8f142018-12-04 16:54:56 -0800[diff] [blame^]221static __always_inline BpfConfig getConfig(uint32_t configKey) {
222 uint32_t mapSettingKey = configKey;
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]223 BpfConfig* config = find_map_entry(&configuration_map, &mapSettingKey);
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]224 if (!config) {
225 // Couldn't read configuration entry. Assume everything is disabled.
226 return DEFAULT_CONFIG;
227 }
228 return *config;
229}
230
231static inline int bpf_owner_match(struct __sk_buff* skb, uint32_t uid) {
232 if (skip_owner_match(skb)) return BPF_PASS;
233
234 if ((uid <= MAX_SYSTEM_UID) && (uid >= MIN_SYSTEM_UID)) return BPF_PASS;
235
Chenbo Feng9cd8f142018-12-04 16:54:56 -0800[diff] [blame^]236 BpfConfig enabledRules = getConfig(UID_RULES_CONFIGURATION_KEY);
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]237 if (!enabledRules) {
238 return BPF_PASS;
239 }
240
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]241 uint8_t* uidEntry = find_map_entry(&uid_owner_map, &uid);
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]242 uint8_t uidRules = uidEntry ? *uidEntry : 0;
243 if ((enabledRules & DOZABLE_MATCH) && !(uidRules & DOZABLE_MATCH)) {
244 return BPF_DROP;
245 }
246 if ((enabledRules & STANDBY_MATCH) && (uidRules & STANDBY_MATCH)) {
247 return BPF_DROP;
248 }
249 if ((enabledRules & POWERSAVE_MATCH) && !(uidRules & POWERSAVE_MATCH)) {
250 return BPF_DROP;
251 }
252 return BPF_PASS;
253}
254
Chenbo Feng9cd8f142018-12-04 16:54:56 -0800[diff] [blame^]255static __always_inline inline void update_stats_with_config(struct __sk_buff* skb, int direction,
256 void* key, uint8_t selectedMap) {
257 if (selectedMap == SELECT_MAP_A) {
258 bpf_update_stats(skb, &stats_map_A, direction, key);
259 } else if (selectedMap == SELECT_MAP_B) {
260 bpf_update_stats(skb, &stats_map_B, direction, key);
261 }
262}
263
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]264static __always_inline inline int bpf_traffic_account(struct __sk_buff* skb, int direction) {
265 uint32_t sock_uid = get_socket_uid(skb);
266 int match = bpf_owner_match(skb, sock_uid);
267 if ((direction == BPF_EGRESS) && (match == BPF_DROP)) {
268 // If an outbound packet is going to be dropped, we do not count that
269 // traffic.
270 return match;
271 }
272
273 uint64_t cookie = get_socket_cookie(skb);
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]274 struct uid_tag* utag = find_map_entry(&cookie_tag_map, &cookie);
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]275 uint32_t uid, tag;
276 if (utag) {
277 uid = utag->uid;
278 tag = utag->tag;
279 } else {
280 uid = sock_uid;
281 tag = 0;
282 }
283
284 struct stats_key key = {.uid = uid, .tag = tag, .counterSet = 0, .ifaceIndex = skb->ifindex};
285
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]286 uint8_t* counterSet = find_map_entry(&uid_counterset_map, &uid);
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]287 if (counterSet) key.counterSet = (uint32_t)*counterSet;
288
Chenbo Feng9cd8f142018-12-04 16:54:56 -0800[diff] [blame^]289 uint32_t mapSettingKey = CURRENT_STATS_MAP_CONFIGURATION_KEY;
290 uint8_t* selectedMap = find_map_entry(&configuration_map, &mapSettingKey);
291 if (!selectedMap) {
292 return match;
293 }
294
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]295 if (tag) {
Chenbo Feng9cd8f142018-12-04 16:54:56 -0800[diff] [blame^]296 update_stats_with_config(skb, direction, &key, *selectedMap);
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]297 }
298
299 key.tag = 0;
Chenbo Feng9cd8f142018-12-04 16:54:56 -0800[diff] [blame^]300 update_stats_with_config(skb, direction, &key, *selectedMap);
Chenbo Fengc1dd7642018-12-22 11:41:20 -0800[diff] [blame]301 bpf_update_stats(skb, &app_uid_stats_map, direction, &uid);
Chenbo Feng75b410b2018-10-10 15:01:19 -0700[diff] [blame]302 return match;
303}