{ "direct packet read test#1 for CGROUP_SKB", .insns = { BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, offsetof(struct __sk_buff, data)), BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, offsetof(struct __sk_buff, data_end)), BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, offsetof(struct __sk_buff, len)), BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, offsetof(struct __sk_buff, pkt_type)), BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, offsetof(struct __sk_buff, mark)), BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_6, offsetof(struct __sk_buff, mark)), BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1, offsetof(struct __sk_buff, queue_mapping)), BPF_LDX_MEM(BPF_W, BPF_REG_8, BPF_REG_1, offsetof(struct __sk_buff, protocol)), BPF_LDX_MEM(BPF_W, BPF_REG_9, BPF_REG_1, offsetof(struct __sk_buff, vlan_present)), BPF_MOV64_REG(BPF_REG_0, BPF_REG_2), BPF_ALU64_IMM(BPF_ADD, BPF_REG_0, 8), BPF_JMP_REG(BPF_JGT, BPF_REG_0, BPF_REG_3, 1), BPF_LDX_MEM(BPF_B, BPF_REG_0, BPF_REG_2, 0), BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, .result = ACCEPT, .result_unpriv = REJECT, .errstr_unpriv = "invalid bpf_context access off=76 size=4", .prog_type = BPF_PROG_TYPE_CGROUP_SKB, }, { "direct packet read test#2 for CGROUP_SKB", .insns = { BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, offsetof(struct __sk_buff, vlan_tci)), BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, offsetof(struct __sk_buff, vlan_proto)), BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, offsetof(struct __sk_buff, priority)), BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_6, offsetof(struct __sk_buff, priority)), BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1, offsetof(struct __sk_buff, ingress_ifindex)), BPF_LDX_MEM(BPF_W, BPF_REG_8, BPF_REG_1, offsetof(struct __sk_buff, tc_index)), BPF_LDX_MEM(BPF_W, BPF_REG_9, BPF_REG_1, offsetof(struct __sk_buff, hash)), BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, .result = ACCEPT, .prog_type = BPF_PROG_TYPE_CGROUP_SKB, }, { "direct packet read test#3 for CGROUP_SKB", .insns = { BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, offsetof(struct __sk_buff, cb[0])), BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, offsetof(struct __sk_buff, cb[1])), BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, offsetof(struct __sk_buff, cb[2])), BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1, offsetof(struct __sk_buff, cb[3])), BPF_LDX_MEM(BPF_W, BPF_REG_8, BPF_REG_1, offsetof(struct __sk_buff, cb[4])), BPF_LDX_MEM(BPF_W, BPF_REG_9, BPF_REG_1, offsetof(struct __sk_buff, napi_id)), BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_4, offsetof(struct __sk_buff, cb[0])), BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_5, offsetof(struct __sk_buff, cb[1])), BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_6, offsetof(struct __sk_buff, cb[2])), BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_7, offsetof(struct __sk_buff, cb[3])), BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_8, offsetof(struct __sk_buff, cb[4])), BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, .result = ACCEPT, .prog_type = BPF_PROG_TYPE_CGROUP_SKB, }, { "direct packet read test#4 for CGROUP_SKB", .insns = { BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, offsetof(struct __sk_buff, family)), BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, offsetof(struct __sk_buff, remote_ip4)), BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, offsetof(struct __sk_buff, local_ip4)), BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, offsetof(struct __sk_buff, remote_ip6[0])), BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, offsetof(struct __sk_buff, remote_ip6[1])), BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, offsetof(struct __sk_buff, remote_ip6[2])), BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, offsetof(struct __sk_buff, remote_ip6[3])), BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, offsetof(struct __sk_buff, local_ip6[0])), BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, offsetof(struct __sk_buff, local_ip6[1])), BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, offsetof(struct __sk_buff, local_ip6[2])), BPF_LDX_MEM(BPF_W, BPF_REG_6, BPF_REG_1, offsetof(struct __sk_buff, local_ip6[3])), BPF_LDX_MEM(BPF_W, BPF_REG_7, BPF_REG_1, offsetof(struct __sk_buff, remote_port)), BPF_LDX_MEM(BPF_W, BPF_REG_8, BPF_REG_1, offsetof(struct __sk_buff, local_port)), BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, .result = ACCEPT, .prog_type = BPF_PROG_TYPE_CGROUP_SKB, }, { "invalid access of tc_classid for CGROUP_SKB", .insns = { BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, offsetof(struct __sk_buff, tc_classid)), BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, .result = REJECT, .errstr = "invalid bpf_context access", .prog_type = BPF_PROG_TYPE_CGROUP_SKB, }, { "invalid access of data_meta for CGROUP_SKB", .insns = { BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, offsetof(struct __sk_buff, data_meta)), BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, .result = REJECT, .errstr = "invalid bpf_context access", .prog_type = BPF_PROG_TYPE_CGROUP_SKB, }, { "invalid access of flow_keys for CGROUP_SKB", .insns = { BPF_LDX_MEM(BPF_W, BPF_REG_0, BPF_REG_1, offsetof(struct __sk_buff, flow_keys)), BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, .result = REJECT, .errstr = "invalid bpf_context access", .prog_type = BPF_PROG_TYPE_CGROUP_SKB, }, { "invalid write access to napi_id for CGROUP_SKB", .insns = { BPF_LDX_MEM(BPF_W, BPF_REG_9, BPF_REG_1, offsetof(struct __sk_buff, napi_id)), BPF_STX_MEM(BPF_W, BPF_REG_1, BPF_REG_9, offsetof(struct __sk_buff, napi_id)), BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, .result = REJECT, .errstr = "invalid bpf_context access", .prog_type = BPF_PROG_TYPE_CGROUP_SKB, }, { "write tstamp from CGROUP_SKB", .insns = { BPF_MOV64_IMM(BPF_REG_0, 0), BPF_STX_MEM(BPF_DW, BPF_REG_1, BPF_REG_0, offsetof(struct __sk_buff, tstamp)), BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, .result = ACCEPT, .result_unpriv = REJECT, .errstr_unpriv = "invalid bpf_context access off=152 size=8", .prog_type = BPF_PROG_TYPE_CGROUP_SKB, }, { "read tstamp from CGROUP_SKB", .insns = { BPF_LDX_MEM(BPF_DW, BPF_REG_0, BPF_REG_1, offsetof(struct __sk_buff, tstamp)), BPF_MOV64_IMM(BPF_REG_0, 0), BPF_EXIT_INSN(), }, .result = ACCEPT, .prog_type = BPF_PROG_TYPE_CGROUP_SKB, },