Skip to content
This repository has been archived by the owner on Apr 28, 2024. It is now read-only.

Commit

Permalink
Refactored ring_buffer to report only errors and ICMP Unreachables by…
Browse files Browse the repository at this point in the history
… default and

   require verbose for all valid traffic monitoring and added new error code: ICMP_INNER_IP_HEADER_TOO_BIG.
  • Loading branch information
r-caamano committed Jan 6, 2024
1 parent 594846b commit f84eeec
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 37 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ All notable changes to this project will be documented in this file. The format
-- Changed ICMP Unreachable logging to default level
-- Added -L, --write-log option to -M, --monitor output to a specified log file
-- Removed redundant check on ifname in process_events
-- Refactored ring_buffer to report only errors and ICMP Unreachables by default and
require verbose for all valid traffic monitoring.
-- Added new error code ICMP_INNER_IP_HEADER_TOO_BIG
-- Code consolidation in zfw_tc_ingress.c

# [0.5.4] - 2023-12-24
Expand Down
9 changes: 9 additions & 0 deletions src/zfw.c
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@
#define TCP_CONNECTION_ESTABLISHED 10
#define CLIENT_FINAL_ACK_RCVD 11
#define CLIENT_INITIATED_UDP_SESSION 12
#define ICMP_INNER_IP_HEADER_TOO_BIG 13

bool add = false;
bool delete = false;
Expand Down Expand Up @@ -1665,6 +1666,14 @@ static int process_events(void *ctx, void *data, size_t len){
printf("%s", message);
}
}
else if(evt->error_code == ICMP_INNER_IP_HEADER_TOO_BIG){
sprintf(message, "%s : %s : %s : ICMP Inner IP Header Too Big\n", ts, ifname, (evt->direction == INGRESS) ? "INGRESS" : "EGRESS");
if(logging){
res = write_log(log_file_name, message);
}else{
printf("%s", message);
}
}
else if(evt->error_code == IF_LIST_MATCH_ERROR){
sprintf(message, "%s : %s : %s : Interface did not match and per interface filtering is enabled\n", ts, ifname, (evt->direction == INGRESS) ? "INGRESS" : "EGRESS");
if(logging){
Expand Down
65 changes: 28 additions & 37 deletions src/zfw_tc_ingress.c
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@
#define SERVER_FINAL_ACK_RCVD 4
#define UDP_MATCHED_EXPIRED_STATE 5
#define UDP_MATCHED_ACTIVE_STATE 6
#define ICMP_INNER_IP_HEADER_TOO_BIG 13
#ifndef memcpy
#define memcpy(dest, src, n) __builtin_memcpy((dest), (src), (n))
#endif
Expand Down Expand Up @@ -509,10 +510,8 @@ static struct bpf_sock_tuple *get_tuple(struct __sk_buff *skb, __u64 nh_off,

/* ensure ip header is in packet bounds */
if ((unsigned long)(iph + 1) > (unsigned long)skb->data_end){
if(local_diag->verbose){
event->error_code = IP_HEADER_TOO_BIG;
send_event(event);
}
event->error_code = IP_HEADER_TOO_BIG;
send_event(event);
return NULL;
}
/* ip options not allowed */
Expand All @@ -530,10 +529,8 @@ static struct bpf_sock_tuple *get_tuple(struct __sk_buff *skb, __u64 nh_off,
/* check outer ip header */
struct udphdr *udph = (struct udphdr *)(skb->data + nh_off + sizeof(struct iphdr));
if ((unsigned long)(udph + 1) > (unsigned long)skb->data_end){
if(local_diag->verbose){
event->error_code = UDP_HEADER_TOO_BIG;
send_event(event);
}
event->error_code = UDP_HEADER_TOO_BIG;
send_event(event);
return NULL;
}

Expand All @@ -542,40 +539,32 @@ static struct bpf_sock_tuple *get_tuple(struct __sk_buff *skb, __u64 nh_off,
/* read receive geneve version and header length */
__u8 *genhdr = (void *)(unsigned long)(skb->data + nh_off + sizeof(struct iphdr) + sizeof(struct udphdr));
if ((unsigned long)(genhdr + 1) > (unsigned long)skb->data_end){
if(local_diag->verbose){
event->error_code = GENEVE_HEADER_TOO_BIG;
send_event(event);
}
event->error_code = GENEVE_HEADER_TOO_BIG;
send_event(event);
return NULL;
}
__u32 gen_ver = genhdr[0] & 0xC0 >> 6;
__u32 gen_hdr_len = genhdr[0] & 0x3F;

/* if the length is not equal to 32 bytes and version 0 */
if ((gen_hdr_len != AWS_GNV_HDR_OPT_LEN / 4) || (gen_ver != GENEVE_VER)){
if(local_diag->verbose){
event->error_code = GENEVE_HEADER_LENGTH_VERSION_ERROR;
send_event(event);
}
event->error_code = GENEVE_HEADER_LENGTH_VERSION_ERROR;
send_event(event);
return NULL;
}

/* Updating the skb to pop geneve header */
ret = bpf_skb_adjust_room(skb, -68, BPF_ADJ_ROOM_MAC, 0);
if (ret) {
if(local_diag->verbose){
event->error_code = SKB_ADJUST_ERROR;
send_event(event);
}
event->error_code = SKB_ADJUST_ERROR;
send_event(event);
return NULL;
}
/* Initialize iph for after popping outer */
iph = (struct iphdr *)(skb->data + nh_off);
if((unsigned long)(iph + 1) > (unsigned long)skb->data_end){
if(local_diag->verbose){
event->error_code = IP_HEADER_TOO_BIG;
send_event(event);
}
event->error_code = IP_HEADER_TOO_BIG;
send_event(event);
return NULL;
}
proto = iph->protocol;
Expand Down Expand Up @@ -724,10 +713,8 @@ int bpf_sk_splice(struct __sk_buff *skb){
}
struct icmphdr *icmph = (struct icmphdr *)((unsigned long)iph + sizeof(*iph));
if ((unsigned long)(icmph + 1) > (unsigned long)skb->data_end){
if(local_diag->verbose){
event.error_code = ICMP_HEADER_TOO_BIG;
send_event(&event);
}
event.error_code = ICMP_HEADER_TOO_BIG;
send_event(&event);
return TC_ACT_SHOT;
}
else if((icmph->type == 8) && (icmph->code == 0)){
Expand All @@ -745,7 +732,7 @@ int bpf_sk_splice(struct __sk_buff *skb){
struct iphdr *inner_iph = (struct iphdr *)((unsigned long)icmph + sizeof(*icmph));
if ((unsigned long)(inner_iph + 1) > (unsigned long)skb->data_end){
if(local_diag->verbose){
event.error_code = IP_HEADER_TOO_BIG;
event.error_code = ICMP_INNER_IP_HEADER_TOO_BIG;
send_event(&event);
}
return TC_ACT_SHOT;
Expand Down Expand Up @@ -1438,10 +1425,12 @@ int bpf_sk_splice5(struct __sk_buff *skb){
}
struct ifindex_tun *tun_index = get_tun_index(0);
if(tun_index){
memcpy(event.source, eth->h_source, 6);
memcpy(event.dest, eth->h_dest, 6);
event.tun_ifindex = tun_index->index;
send_event(&event);
if(local_diag->verbose){
memcpy(event.source, eth->h_source, 6);
memcpy(event.dest, eth->h_dest, 6);
event.tun_ifindex = tun_index->index;
send_event(&event);
}
return bpf_redirect(tun_index->index, 0);
}
}
Expand Down Expand Up @@ -1485,10 +1474,12 @@ int bpf_sk_splice5(struct __sk_buff *skb){
}
struct ifindex_tun *tun_index = get_tun_index(0);
if(tun_index){
memcpy(event.source, eth->h_source, 6);
memcpy(event.dest, eth->h_dest, 6);
event.tun_ifindex = tun_index->index;
send_event(&event);
if(local_diag->verbose){
memcpy(event.source, eth->h_source, 6);
memcpy(event.dest, eth->h_dest, 6);
event.tun_ifindex = tun_index->index;
send_event(&event);
}
return bpf_redirect(tun_index->index, 0);
}
}
Expand Down

0 comments on commit f84eeec

Please sign in to comment.