cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

tcp_clamp_kern.c (2758B)

      1/* Copyright (c) 2017 Facebook
      2 *
      3 * This program is free software; you can redistribute it and/or
      4 * modify it under the terms of version 2 of the GNU General Public
      5 * License as published by the Free Software Foundation.
      6 *
      7 * Sample BPF program to set send and receive buffers to 150KB, sndcwnd clamp
      8 * to 100 packets and SYN and SYN_ACK RTOs to 10ms when both hosts are within
      9 * the same datacenter. For his example, we assume they are within the same
     10 * datacenter when the first 5.5 bytes of their IPv6 addresses are the same.
     11 *
     12 * Use "bpftool cgroup attach $cg sock_ops $prog" to load this BPF program.
     13 */
     14
     15#include <uapi/linux/bpf.h>
     16#include <uapi/linux/if_ether.h>
     17#include <uapi/linux/if_packet.h>
     18#include <uapi/linux/ip.h>
     19#include <linux/socket.h>
     20#include <bpf/bpf_helpers.h>
     21#include <bpf/bpf_endian.h>
     22
     23#define DEBUG 1
     24
     25SEC("sockops")
     26int bpf_clamp(struct bpf_sock_ops *skops)
     27{
     28	int bufsize = 150000;
     29	int to_init = 10;
     30	int clamp = 100;
     31	int rv = 0;
     32	int op;
     33
     34	/* For testing purposes, only execute rest of BPF program
     35	 * if neither port numberis 55601
     36	 */
     37	if (bpf_ntohl(skops->remote_port) != 55601 && skops->local_port != 55601) {
     38		skops->reply = -1;
     39		return 0;
     40	}
     41
     42	op = (int) skops->op;
     43
     44#ifdef DEBUG
     45	bpf_printk("BPF command: %d\n", op);
     46#endif
     47
     48	/* Check that both hosts are within same datacenter. For this example
     49	 * it is the case when the first 5.5 bytes of their IPv6 addresses are
     50	 * the same.
     51	 */
     52	if (skops->family == AF_INET6 &&
     53	    skops->local_ip6[0] == skops->remote_ip6[0] &&
     54	    (bpf_ntohl(skops->local_ip6[1]) & 0xfff00000) ==
     55	    (bpf_ntohl(skops->remote_ip6[1]) & 0xfff00000)) {
     56		switch (op) {
     57		case BPF_SOCK_OPS_TIMEOUT_INIT:
     58			rv = to_init;
     59			break;
     60		case BPF_SOCK_OPS_TCP_CONNECT_CB:
     61			/* Set sndbuf and rcvbuf of active connections */
     62			rv = bpf_setsockopt(skops, SOL_SOCKET, SO_SNDBUF,
     63					    &bufsize, sizeof(bufsize));
     64			rv += bpf_setsockopt(skops, SOL_SOCKET,
     65					     SO_RCVBUF, &bufsize,
     66					     sizeof(bufsize));
     67			break;
     68		case BPF_SOCK_OPS_ACTIVE_ESTABLISHED_CB:
     69			rv = bpf_setsockopt(skops, SOL_TCP,
     70					    TCP_BPF_SNDCWND_CLAMP,
     71					    &clamp, sizeof(clamp));
     72			break;
     73		case BPF_SOCK_OPS_PASSIVE_ESTABLISHED_CB:
     74			/* Set sndbuf and rcvbuf of passive connections */
     75			rv = bpf_setsockopt(skops, SOL_TCP,
     76					    TCP_BPF_SNDCWND_CLAMP,
     77					    &clamp, sizeof(clamp));
     78			rv += bpf_setsockopt(skops, SOL_SOCKET,
     79					     SO_SNDBUF, &bufsize,
     80					     sizeof(bufsize));
     81			rv += bpf_setsockopt(skops, SOL_SOCKET,
     82					     SO_RCVBUF, &bufsize,
     83					     sizeof(bufsize));
     84			break;
     85		default:
     86			rv = -1;
     87		}
     88	} else {
     89		rv = -1;
     90	}
     91#ifdef DEBUG
     92	bpf_printk("Returning %d\n", rv);
     93#endif
     94	skops->reply = rv;
     95	return 1;
     96}
     97char _license[] SEC("license") = "GPL";