added ebpf tc handle

giangndm · Nov 28, 2023 · 49a9068 · 49a9068
1 parent 3b74d6e
commit 49a9068
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 9 deletions.
diff --git a/sdf-ebpf/src/main.rs b/sdf-ebpf/src/main.rs
@@ -1,7 +1,8 @@
 #![no_std]
 #![no_main]
 
-use aya_bpf::{bindings::xdp_action, macros::{xdp, map}, programs::XdpContext, maps::HashMap};
+use aya_bpf::{bindings::xdp_action, macros::{xdp, classifier, map}, programs::{XdpContext, TcContext}, maps::HashMap};
+use aya_log_ebpf::info;
 use network_types::{eth::{EthHdr, EtherType}, ip::{Ipv4Hdr, IpProto}, udp::UdpHdr, tcp::TcpHdr};
 
 use crate::parse::ptr_at;
@@ -21,13 +22,21 @@ static PORT_BLACKLIST: HashMap<u16, u8> = HashMap::<u16, u8>::with_max_entries(4
 static BLOCKED_STATS: HashMap<u16, u64> = HashMap::<u16, u64>::with_max_entries(1 << 16, 0);
 
 #[xdp]
-pub fn sdf(ctx: XdpContext) -> u32 {
-    match try_sdf(ctx) {
+pub fn sdf_ingress(ctx: XdpContext) -> u32 {
+    match try_sdf_ingress(ctx) {
         Ok(ret) => ret,
         Err(_) => xdp_action::XDP_ABORTED,
     }
 }
 
+#[classifier]
+pub fn sdf_egress(ctx: TcContext) -> i32 {
+    match try_sdf_egress(ctx) {
+        Ok(ret) => ret,
+        Err(ret) => ret,
+    }
+}
+
 fn increase_drop(map: &HashMap<u16, u64>, port: u16) {
     if let Some(slot) = map.get_ptr_mut(&port) {
         unsafe { *slot += 1 };
@@ -40,7 +49,7 @@ fn allow_port(_ctx: &XdpContext, blacklist: &HashMap<u16, u8>, port: u16) -> boo
     unsafe { blacklist.get(&port).is_none() }
 }
 
-fn try_sdf(ctx: XdpContext) -> Result<u32, ()> {
+fn try_sdf_ingress(ctx: XdpContext) -> Result<u32, ()> {
     let ethhdr: *const EthHdr = unsafe { ptr_at(&ctx, 0)? };
     match unsafe { (*ethhdr).ether_type } {
         EtherType::Ipv4 => {}
@@ -81,7 +90,12 @@ fn try_sdf(ctx: XdpContext) -> Result<u32, ()> {
     Ok(xdp_action::XDP_PASS)
 }
 
+fn try_sdf_egress(ctx: TcContext) -> Result<i32, i32> {
+    info!(&ctx, "received a packet");
+    Ok(1)
+}
+
 #[panic_handler]
 fn panic(_info: &core::panic::PanicInfo) -> ! {
     unsafe { core::hint::unreachable_unchecked() }
-}
+}
diff --git a/sdf/src/main.rs b/sdf/src/main.rs
@@ -1,6 +1,6 @@
 use anyhow::Context;
 use aya::maps::HashMap;
-use aya::programs::{Xdp, XdpFlags};
+use aya::programs::{tc, SchedClassifier, TcAttachType, Xdp, XdpFlags};
 use aya::{include_bytes_aligned, Bpf};
 use aya_log::BpfLogger;
 use clap::Parser;
@@ -62,11 +62,21 @@ async fn main() -> Result<(), anyhow::Error> {
         // This can happen if you remove all log statements from your eBPF program.
         warn!("failed to initialize eBPF logger: {}", e);
     }
-    let program: &mut Xdp = bpf.program_mut("sdf").unwrap().try_into()?;
-    program.load()?;
-    program.attach(&opt.iface, XdpFlags::default())
+
+    info!("loading sdf_ingress");
+    let program_ingress: &mut Xdp = bpf.program_mut("sdf_ingress").unwrap().try_into()?;
+    program_ingress.load()?;
+    program_ingress.attach(&opt.iface, XdpFlags::default())
         .context("failed to attach the XDP program with default flags - try changing XdpFlags::default() to XdpFlags::SKB_MODE")?;
 
+    info!("loading sdf_egress");
+    let _ = tc::qdisc_add_clsact(&opt.iface);
+    let program_egress: &mut SchedClassifier = bpf.program_mut("sdf_egress").unwrap().try_into()?;
+    program_egress.load()?;
+    program_egress.attach(&opt.iface, TcAttachType::Egress)?;
+
+    info!("loaded ebpf programs");
+
     let mut interval = tokio::time::interval(std::time::Duration::from_secs(5));
 
     let (tx, mut rx) = mpsc::channel(100);