tctc_redirect.c// tc_redirect.c - TC 程序无条件将 TCP 包重定向到 111.63.65.103:80#includelinux/bpf.h#includelinux/ip.h#includelinux/tcp.h#includebpf/bpf_helpers.h#includebpf/bpf_endian.h#ifndefIPPROTO_TCP#defineIPPROTO_TCP6#endif#ifndefIP_MF#defineIP_MF0x2000#endif#ifndefIP_OFFSET#defineIP_OFFSET0x1FFF#endifstatic__inline__ __be16csum_fold(__u32 csum){csum(csum0xffff)(csum16);csum(csum0xffff)(csum16);return(__be16)~csum;}SEC(classifier)inttc_redirect(struct__sk_buff*skb){void*data_end(void*)(long)skb-data_end;void*data(void*)(long)skb-data;// 解析 IP 头TUN 模式无以太网头structiphdr*ipdata;if((void*)(ip1)data_end)return0;// TC_ACT_OKif(ip-version!4)return0;if(ip-protocol!IPPROTO_TCP)return0;if(ip-frag_offbpf_htons(IP_MF|IP_OFFSET))return0;unsignedintip_hdr_lenip-ihl2;if(ip_hdr_lensizeof(structiphdr))return0;structtcphdr*tcp(void*)ipip_hdr_len;if((void*)(tcp1)data_end)return0;// 记录原始目的地址和端口__u32 old_daddrip-daddr;__be16 new_daddr0x6F3F4167;// 111.63.65.103__u16 old_dporttcp-dest;__be16 new_dport0x0050;// 80// 修改 IP 头ip-daddrnew_daddr;// 增量更新 IP 校验和__wsum sum_ip0;sum_ipbpf_csum_diff(old_daddr,4,new_daddr,4,sum_ip);__u32 old_ip_csumip-check;ip-check0;ip-check(__be16)~csum_fold(old_ip_csumsum_ip);// 修改 TCP 头tcp-destnew_dport;// 增量更新 TCP 校验和__wsum sum0;sumbpf_csum_diff(old_daddr,4,new_daddr,4,sum);__be32 old_dport32(__be32)old_dport;__be32 new_dport32(__be32)new_dport;sumbpf_csum_diff(old_dport32,4,new_dport32,4,sum);__u32 old_csumtcp-check;tcp-check0;__u32 new_csumold_csumsum;tcp-check(__be16)~csum_fold(new_csum);return0;// TC_ACT_OK}char_license[]SEC(license)GPL;# 编译 TC 程序clang-targetbpf-O2-g-I/usr/include/x86_64-linux-gnu -I/usr/src/linux-headers-$(uname-r)/include -I/usr/src/linux-headers-$(uname-r)/arch/x86/include -I/usr/include/bpf-ctc_redirect.c-otc_redirect.o# 挂载 TC 程序到 tun0 的 egress 方向# 创建 qdisc如果不存在tc qdiscadddev tun0 clsact# 挂载程序到 egress出方向tc filteradddev tun0 egress bpf obj tc_redirect.o sec classifier# 测试curl--interface10.0.0.1 --local-port12345http://10.0.0.2:8080-v# 抓包tcpdump-iany-n-v# 清理tc filter del dev tun0 egress tc qdisc del dev tun0 clsact
eBPF tc prog
发布时间:2026/5/25 2:20:32
tctc_redirect.c// tc_redirect.c - TC 程序无条件将 TCP 包重定向到 111.63.65.103:80#includelinux/bpf.h#includelinux/ip.h#includelinux/tcp.h#includebpf/bpf_helpers.h#includebpf/bpf_endian.h#ifndefIPPROTO_TCP#defineIPPROTO_TCP6#endif#ifndefIP_MF#defineIP_MF0x2000#endif#ifndefIP_OFFSET#defineIP_OFFSET0x1FFF#endifstatic__inline__ __be16csum_fold(__u32 csum){csum(csum0xffff)(csum16);csum(csum0xffff)(csum16);return(__be16)~csum;}SEC(classifier)inttc_redirect(struct__sk_buff*skb){void*data_end(void*)(long)skb-data_end;void*data(void*)(long)skb-data;// 解析 IP 头TUN 模式无以太网头structiphdr*ipdata;if((void*)(ip1)data_end)return0;// TC_ACT_OKif(ip-version!4)return0;if(ip-protocol!IPPROTO_TCP)return0;if(ip-frag_offbpf_htons(IP_MF|IP_OFFSET))return0;unsignedintip_hdr_lenip-ihl2;if(ip_hdr_lensizeof(structiphdr))return0;structtcphdr*tcp(void*)ipip_hdr_len;if((void*)(tcp1)data_end)return0;// 记录原始目的地址和端口__u32 old_daddrip-daddr;__be16 new_daddr0x6F3F4167;// 111.63.65.103__u16 old_dporttcp-dest;__be16 new_dport0x0050;// 80// 修改 IP 头ip-daddrnew_daddr;// 增量更新 IP 校验和__wsum sum_ip0;sum_ipbpf_csum_diff(old_daddr,4,new_daddr,4,sum_ip);__u32 old_ip_csumip-check;ip-check0;ip-check(__be16)~csum_fold(old_ip_csumsum_ip);// 修改 TCP 头tcp-destnew_dport;// 增量更新 TCP 校验和__wsum sum0;sumbpf_csum_diff(old_daddr,4,new_daddr,4,sum);__be32 old_dport32(__be32)old_dport;__be32 new_dport32(__be32)new_dport;sumbpf_csum_diff(old_dport32,4,new_dport32,4,sum);__u32 old_csumtcp-check;tcp-check0;__u32 new_csumold_csumsum;tcp-check(__be16)~csum_fold(new_csum);return0;// TC_ACT_OK}char_license[]SEC(license)GPL;# 编译 TC 程序clang-targetbpf-O2-g-I/usr/include/x86_64-linux-gnu -I/usr/src/linux-headers-$(uname-r)/include -I/usr/src/linux-headers-$(uname-r)/arch/x86/include -I/usr/include/bpf-ctc_redirect.c-otc_redirect.o# 挂载 TC 程序到 tun0 的 egress 方向# 创建 qdisc如果不存在tc qdiscadddev tun0 clsact# 挂载程序到 egress出方向tc filteradddev tun0 egress bpf obj tc_redirect.o sec classifier# 测试curl--interface10.0.0.1 --local-port12345http://10.0.0.2:8080-v# 抓包tcpdump-iany-n-v# 清理tc filter del dev tun0 egress tc qdisc del dev tun0 clsact
:含12组经DxO Lab实测验证的--stylize与--chaos黄金配比表)
:测试如何提前在代码提交阶段发现 Bug?)
)
