linux/tools/testing/selftests/bpf/progs/twfw.c

// SPDX-License-Identifier: GPL-2.0
/* Copyright (c) 2021 Facebook */
#include <linux/types.h>
#include <bpf/bpf_helpers.h>
#include <linux/bpf.h>
#include <stdint.h>

#define TWFW_MAX_TIERS (64)
/*
 * load is successful
 * #define TWFW_MAX_TIERS (64u)$
 */

struct twfw_tier_value {
	unsigned long mask[1];
};

struct rule {
	uint8_t seqnum;
};

struct rules_map {
	__uint(type, BPF_MAP_TYPE_ARRAY);
	__type(key, __u32);
	__type(value, struct rule);
	__uint(max_entries, 1);
};

struct tiers_map {
	__uint(type, BPF_MAP_TYPE_ARRAY);
	__type(key, __u32);
	__type(value, struct twfw_tier_value);
	__uint(max_entries, 1);
};

struct rules_map rules SEC(".maps");
struct tiers_map tiers SEC(".maps");

SEC("cgroup_skb/ingress")
int twfw_verifier(struct __sk_buff* skb)
{
	const uint32_t key = 0;
	const struct twfw_tier_value* tier = bpf_map_lookup_elem(&tiers, &key);
	if (!tier)
		return 1;

	struct rule* rule = bpf_map_lookup_elem(&rules, &key);
	if (!rule)
		return 1;

	if (rule && rule->seqnum < TWFW_MAX_TIERS) {
		/* rule->seqnum / 64 should always be 0 */
		unsigned long mask = tier->mask[rule->seqnum / 64];
		if (mask)
			return 0;
	}
	return 1;
}