Skip to content

Commit df8758f

Browse files
pythopspythops
committed
refactor: use ptr_at instead of ctx.load
1 parent 2212068 commit df8758f

File tree

1 file changed

+133
-100
lines changed

1 file changed

+133
-100
lines changed

oryx-ebpf/src/main.rs

Lines changed: 133 additions & 100 deletions
Original file line numberDiff line numberDiff line change
@@ -152,31 +152,34 @@ fn filter_packet(protocol: Protocol) -> bool {
152152

153153
#[inline]
154154
fn process(ctx: TcContext) -> Result<i32, ()> {
155-
let ethhdr: EthHdr = ctx.load(0).map_err(|_| ())?;
155+
let eth_header: *const EthHdr = ptr_at(&ctx, 0)?;
156156

157157
let pid = if is_ingress() {
158158
None
159159
} else {
160160
Some((bpf_get_current_pid_tgid() >> 32) as u32)
161161
};
162162

163-
match ethhdr.ether_type {
163+
match unsafe { (*eth_header).ether_type } {
164164
EtherType::Ipv4 => {
165-
let header: Ipv4Hdr = ctx.load(EthHdr::LEN).map_err(|_| ())?;
165+
let ipv4_header: *const Ipv4Hdr = ptr_at(&ctx, EthHdr::LEN)?;
166166

167-
let addr = if is_ingress() {
168-
u32::from_be(header.src_addr)
169-
} else {
170-
u32::from_be(header.dst_addr)
167+
let addr = unsafe {
168+
if is_ingress() {
169+
u32::from_be((*ipv4_header).src_addr)
170+
} else {
171+
u32::from_be((*ipv4_header).dst_addr)
172+
}
171173
};
172174

173-
match header.proto {
175+
match unsafe { (*ipv4_header).proto } {
174176
IpProto::Tcp => {
175-
let tcphdr: *const TcpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv4Hdr::LEN)?;
177+
let tcp_header: *const TcpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv4Hdr::LEN)?;
178+
176179
let port = if is_ingress() {
177-
u16::from_be(unsafe { (*tcphdr).source })
180+
u16::from_be(unsafe { (*tcp_header).source })
178181
} else {
179-
u16::from_be(unsafe { (*tcphdr).dest })
182+
u16::from_be(unsafe { (*tcp_header).dest })
180183
};
181184

182185
if block_ipv4(addr, port) {
@@ -190,23 +193,26 @@ fn process(ctx: TcContext) -> Result<i32, ()> {
190193
return Ok(TC_ACT_PIPE);
191194
}
192195

193-
submit(RawData {
194-
frame: RawFrame {
195-
header: ethhdr,
196-
payload: RawPacket::Ip(
197-
IpHdr::V4(header),
198-
ProtoHdr::Tcp(unsafe { *tcphdr }),
199-
),
200-
},
201-
pid,
202-
});
196+
unsafe {
197+
submit(RawData {
198+
frame: RawFrame {
199+
header: *eth_header,
200+
payload: RawPacket::Ip(
201+
IpHdr::V4(*ipv4_header),
202+
ProtoHdr::Tcp(*tcp_header),
203+
),
204+
},
205+
pid,
206+
});
207+
}
203208
}
204209
IpProto::Udp => {
205-
let udphdr: *const UdpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv4Hdr::LEN)?;
210+
let udp_header: *const UdpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv4Hdr::LEN)?;
211+
206212
let port = if is_ingress() {
207-
u16::from_be(unsafe { (*udphdr).source })
213+
u16::from_be(unsafe { (*udp_header).source })
208214
} else {
209-
u16::from_be(unsafe { (*udphdr).dest })
215+
u16::from_be(unsafe { (*udp_header).dest })
210216
};
211217

212218
if block_ipv4(addr, port) {
@@ -220,51 +226,62 @@ fn process(ctx: TcContext) -> Result<i32, ()> {
220226
return Ok(TC_ACT_PIPE);
221227
}
222228

223-
submit(RawData {
224-
frame: RawFrame {
225-
header: ethhdr,
226-
payload: RawPacket::Ip(
227-
IpHdr::V4(header),
228-
ProtoHdr::Udp(unsafe { *udphdr }),
229-
),
230-
},
231-
pid,
232-
});
229+
unsafe {
230+
submit(RawData {
231+
frame: RawFrame {
232+
header: *eth_header,
233+
payload: RawPacket::Ip(
234+
IpHdr::V4(*ipv4_header),
235+
ProtoHdr::Udp(*udp_header),
236+
),
237+
},
238+
pid,
239+
});
240+
}
233241
}
234242
IpProto::Icmp => {
235243
if filter_packet(Protocol::Network(NetworkProtocol::Icmp)) {
236244
return Ok(TC_ACT_PIPE);
237245
}
238-
let icmphdr: *const IcmpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv4Hdr::LEN)?;
239-
submit(RawData {
240-
frame: RawFrame {
241-
header: ethhdr,
242-
payload: RawPacket::Ip(
243-
IpHdr::V4(header),
244-
ProtoHdr::Icmp(unsafe { *icmphdr }),
245-
),
246-
},
247-
pid,
248-
});
246+
let icmp_header: *const IcmpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv4Hdr::LEN)?;
247+
248+
unsafe {
249+
submit(RawData {
250+
frame: RawFrame {
251+
header: *eth_header,
252+
payload: RawPacket::Ip(
253+
IpHdr::V4(*ipv4_header),
254+
ProtoHdr::Icmp(*icmp_header),
255+
),
256+
},
257+
pid,
258+
});
259+
}
249260
}
250261
_ => {}
251262
}
252263
}
253264
EtherType::Ipv6 => {
254-
let header: Ipv6Hdr = ctx.load(EthHdr::LEN).map_err(|_| ())?;
255-
let addr = if is_ingress() {
256-
header.src_addr().to_bits()
257-
} else {
258-
header.dst_addr().to_bits()
265+
let ipv6_header: *const Ipv6Hdr = ptr_at(&ctx, EthHdr::LEN)?;
266+
267+
let addr = unsafe {
268+
if is_ingress() {
269+
(*ipv6_header).src_addr().to_bits()
270+
} else {
271+
(*ipv6_header).dst_addr().to_bits()
272+
}
259273
};
260274

261-
match header.next_hdr {
275+
match unsafe { (*ipv6_header).next_hdr } {
262276
IpProto::Tcp => {
263-
let tcphdr: *const TcpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv6Hdr::LEN)?;
264-
let port = if is_ingress() {
265-
u16::from_be(unsafe { (*tcphdr).source })
266-
} else {
267-
u16::from_be(unsafe { (*tcphdr).dest })
277+
let tcp_header: *const TcpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv6Hdr::LEN)?;
278+
279+
let port = unsafe {
280+
if is_ingress() {
281+
u16::from_be((*tcp_header).source)
282+
} else {
283+
u16::from_be((*tcp_header).dest)
284+
}
268285
};
269286

270287
if block_ipv6(addr, port) {
@@ -277,23 +294,29 @@ fn process(ctx: TcContext) -> Result<i32, ()> {
277294
{
278295
return Ok(TC_ACT_PIPE);
279296
}
280-
submit(RawData {
281-
frame: RawFrame {
282-
header: ethhdr,
283-
payload: RawPacket::Ip(
284-
IpHdr::V6(header),
285-
ProtoHdr::Tcp(unsafe { *tcphdr }),
286-
),
287-
},
288-
pid,
289-
});
297+
298+
unsafe {
299+
submit(RawData {
300+
frame: RawFrame {
301+
header: *eth_header,
302+
payload: RawPacket::Ip(
303+
IpHdr::V6(*ipv6_header),
304+
ProtoHdr::Tcp(*tcp_header),
305+
),
306+
},
307+
pid,
308+
});
309+
}
290310
}
291311
IpProto::Udp => {
292-
let udphdr: *const UdpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv6Hdr::LEN)?;
293-
let port = if is_ingress() {
294-
u16::from_be(unsafe { (*udphdr).source })
295-
} else {
296-
u16::from_be(unsafe { (*udphdr).dest })
312+
let udp_header: *const UdpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv6Hdr::LEN)?;
313+
314+
let port = unsafe {
315+
if is_ingress() {
316+
u16::from_be((*udp_header).source)
317+
} else {
318+
u16::from_be((*udp_header).dest)
319+
}
297320
};
298321

299322
if block_ipv6(addr, port) {
@@ -306,32 +329,38 @@ fn process(ctx: TcContext) -> Result<i32, ()> {
306329
{
307330
return Ok(TC_ACT_PIPE);
308331
}
309-
submit(RawData {
310-
frame: RawFrame {
311-
header: ethhdr,
312-
payload: RawPacket::Ip(
313-
IpHdr::V6(header),
314-
ProtoHdr::Udp(unsafe { *udphdr }),
315-
),
316-
},
317-
pid,
318-
});
332+
333+
unsafe {
334+
submit(RawData {
335+
frame: RawFrame {
336+
header: *eth_header,
337+
payload: RawPacket::Ip(
338+
IpHdr::V6(*ipv6_header),
339+
ProtoHdr::Udp(*udp_header),
340+
),
341+
},
342+
pid,
343+
});
344+
}
319345
}
320346
IpProto::Icmp => {
321347
if filter_packet(Protocol::Network(NetworkProtocol::Icmp)) {
322348
return Ok(TC_ACT_PIPE);
323349
}
324-
let icmphdr: *const IcmpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv6Hdr::LEN)?;
325-
submit(RawData {
326-
frame: RawFrame {
327-
header: ethhdr,
328-
payload: RawPacket::Ip(
329-
IpHdr::V6(header),
330-
ProtoHdr::Icmp(unsafe { *icmphdr }),
331-
),
332-
},
333-
pid,
334-
});
350+
let icmp_header: *const IcmpHdr = ptr_at(&ctx, EthHdr::LEN + Ipv6Hdr::LEN)?;
351+
352+
unsafe {
353+
submit(RawData {
354+
frame: RawFrame {
355+
header: *eth_header,
356+
payload: RawPacket::Ip(
357+
IpHdr::V6(*ipv6_header),
358+
ProtoHdr::Icmp(*icmp_header),
359+
),
360+
},
361+
pid,
362+
});
363+
}
335364
}
336365
_ => {}
337366
}
@@ -340,14 +369,18 @@ fn process(ctx: TcContext) -> Result<i32, ()> {
340369
if filter_packet(Protocol::Link(LinkProtocol::Arp)) {
341370
return Ok(TC_ACT_PIPE);
342371
}
343-
let header: ArpHdr = ctx.load(EthHdr::LEN).map_err(|_| ())?;
344-
submit(RawData {
345-
frame: RawFrame {
346-
header: ethhdr,
347-
payload: RawPacket::Arp(header),
348-
},
349-
pid,
350-
});
372+
373+
let arp_header: *const ArpHdr = ptr_at(&ctx, EthHdr::LEN)?;
374+
375+
unsafe {
376+
submit(RawData {
377+
frame: RawFrame {
378+
header: *eth_header,
379+
payload: RawPacket::Arp(*arp_header),
380+
},
381+
pid,
382+
});
383+
}
351384
}
352385
_ => {}
353386
};

0 commit comments

Comments
 (0)