#include <linux/bpf.h>
#include <linux/if_ether.h>
#include <linux/in.h>
#include <linux/ip.h>
#include <linux/udp.h>
#include <bpf/bpf_helpers.h>
#define MAX_PORTS 64
struct bpf_map_def {
unsigned int type;
unsigned int key_size;
unsigned int value_size;
unsigned int max_entries;
unsigned int map_flags;
};
struct bpf_map_def SEC(".maps") xsks_map = {
.type = BPF_MAP_TYPE_XSKMAP,
.key_size = sizeof(__u32),
.value_size = sizeof(__u32),
.max_entries = 64,
.map_flags = 0,
};
struct bpf_map_def SEC(".maps") port_filter = {
.type = BPF_MAP_TYPE_HASH,
.key_size = sizeof(__u16),
.value_size = sizeof(__u8),
.max_entries = MAX_PORTS,
.map_flags = 0,
};
SEC("xdp_sock")
int xdp_udp_filter(struct xdp_md *ctx) {
void *data_end = (void *)(long)ctx->data_end;
void *data = (void *)(long)ctx->data;
struct ethhdr *eth = data;
if ((void *)(eth + 1) > data_end)
return XDP_PASS;
if (eth->h_proto != __constant_htons(ETH_P_IP))
return XDP_PASS;
struct iphdr *ip = (void *)(eth + 1);
if ((void *)(ip + 1) > data_end)
return XDP_PASS;
if (ip->protocol != IPPROTO_UDP)
return XDP_PASS;
struct udphdr *udp = (void *)ip + ip->ihl * 4;
if ((void *)(udp + 1) > data_end)
return XDP_PASS;
__u16 dport = udp->dest;
__u8 *accept = bpf_map_lookup_elem(&port_filter, &dport);
if (!accept)
return XDP_PASS;
__u32 qid = ctx->rx_queue_index;
if (bpf_map_lookup_elem(&xsks_map, &qid))
return bpf_redirect_map(&xsks_map, qid, 0);
return XDP_PASS;
}
char _license[] SEC("license") = "GPL";