Merge "add a test xdp program that drops all IPv4/UDP packets" am: d4bcf54678 am: 7c0b1b6149 am: 590d3026d9

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/1554236 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I5b5b9ef992be20fa56d497929bf387f14be44f93
2021-01-20 08:15:21 +00:00
parent 0feccef671 590d3026d9
commit 812fcb9237
1 changed files with 22 additions and 0 deletions
--- a/Tethering/bpf_progs/test.c
+++ b/Tethering/bpf_progs/test.c
@@ -14,6 +14,10 @@
 * limitations under the License.
 */

+#include <linux/if_ether.h>
+#include <linux/in.h>
+#include <linux/ip.h>
+
 #include "bpf_helpers.h"
 #include "bpf_net_helpers.h"
 #include "netdbpf/bpf_shared.h"
@@ -22,4 +26,22 @@
 DEFINE_BPF_MAP_GRW(tether_ingress_map, HASH, TetherIngressKey, TetherIngressValue, 16,
                   AID_NETWORK_STACK)

+DEFINE_BPF_PROG_KVER("xdp/drop_ipv4_udp_ether", AID_ROOT, AID_ROOT,
+                      xdp_test, KVER(5, 9, 0))
+(struct xdp_md *ctx) {
+    void *data = (void *)(long)ctx->data;
+    void *data_end = (void *)(long)ctx->data_end;
+
+    struct ethhdr *eth = data;
+    int hsize = sizeof(*eth);
+
+    struct iphdr *ip = data + hsize;
+    hsize += sizeof(struct iphdr);
+
+    if (data + hsize > data_end) return XDP_PASS;
+    if (eth->h_proto != htons(ETH_P_IP)) return XDP_PASS;
+    if (ip->protocol == IPPROTO_UDP) return XDP_DROP;
+    return XDP_PASS;
+}
+
 LICENSE("Apache 2.0");