eBPFxdp prog

// xdp_tun_nat.c - 修改版：匹配时也返回 XDP_PASS，让内核继续处理// 编译命令同上#include<linux/bpf.h>#include<linux/ip.h>#include<linux/tcp.h>#include<bpf/bpf_helpers.h>#include<bpf/bpf_endian.h>#ifndefIPPROTO_TCP#defineIPPROTO_TCP6#endif#ifndefIP_MF#defineIP_MF0x2000#endif#ifndefIP_OFFSET#defineIP_OFFSET0x1FFF#endifstatic__inline__ __be16csum_fold(__u32 csum){csum=(csum&0xffff)+(csum>>16);csum=(csum&0xffff)+(csum>>16);return(__be16)~csum;}structipv4_tuple{__be32 saddr;__be32 daddr;__be16 sport;__be16 dport;};structnat_entry{__be32 new_saddr;__be32 new_daddr;__be16 new_sport;__be16 new_dport;};struct{__uint(type,BPF_MAP_TYPE_HASH);__uint(max_entries,100000);__type(key,structipv4_tuple);__type(value,structnat_entry);}nat_tableSEC(".maps");SEC("xdp")intxdp_tun_nat(structxdp_md*ctx){void*data_end=(void*)(long)ctx->data_end;void*data=(void*)(long)ctx->data;structiphdr*ip=data;if((void*)(ip+1)>data_end)returnXDP_PASS;if(ip->version!=4)returnXDP_PASS;if(ip->protocol!=IPPROTO_TCP)returnXDP_PASS;if(ip->frag_off&bpf_htons(IP_MF|IP_OFFSET))returnXDP_PASS;unsignedintip_hdr_len=ip->ihl<<2;if(ip_hdr_len<sizeof(structiphdr))returnXDP_PASS;structtcphdr*tcp=(void*)ip+ip_hdr_len;if((void*)(tcp+1)>data_end)returnXDP_PASS;structipv4_tuplekey={.saddr=ip->saddr,.daddr=ip->daddr,.sport=tcp->source,.dport=tcp->dest,};structnat_entry*entry=bpf_map_lookup_elem(&nat_table,&key);if(!entry)returnXDP_PASS;// 无映射，交给 TUN// 记录原始值__u32 old_saddr=ip->saddr;__u32 old_daddr=ip->daddr;__u16 old_sport=tcp->source;__u16 old_dport=tcp->dest;// 修改 IPip->saddr=entry->new_saddr;ip->daddr=entry->new_daddr;// 增量 IP 校验和__wsum sum_ip=0;sum_ip=bpf_csum_diff(&old_saddr,4,&entry->new_saddr,4,sum_ip);sum_ip=bpf_csum_diff(&old_daddr,4,&entry->new_daddr,4,sum_ip);__u32 old_ip_csum=ip->check;ip->check=0;ip->check=(__be16)~csum_fold(old_ip_csum+sum_ip);// 修改 TCP 端口tcp->source=entry->new_sport;tcp->dest=entry->new_dport;// 增量 TCP 校验和__wsum sum=0;sum=bpf_csum_diff(&old_saddr,4,&entry->new_saddr,4,sum);sum=bpf_csum_diff(&old_daddr,4,&entry->new_daddr,4,sum);__be32 old_sport32=(__be32)old_sport;__be32 new_sport32=(__be32)entry->new_sport;__be32 old_dport32=(__be32)old_dport;__be32 new_dport32=(__be32)entry->new_dport;sum=bpf_csum_diff(&old_sport32,4,&new_sport32,4,sum);sum=bpf_csum_diff(&old_dport32,4,&new_dport32,4,sum);__u32 old_csum=tcp->check;tcp->check=0;__u32 new_csum=old_csum+sum;tcp->check=(__be16)~csum_fold(new_csum);// 关键修改：匹配后仍然返回 XDP_PASS，让内核继续处理returnXDP_PASS;}char_license[]SEC("license")="GPL";