c2f4f5593e
This commit applies "net_shared.h" to BPF programs to remove existing network related header dependencies. Also, this commit removes unnecessary headers before applying "vmlinux.h" to the BPF programs. Mostly, endianness conversion function has been applied to the source. In addition, several macros have been defined to fulfill the INET, TC-related constants. Signed-off-by: Daniel T. Lee <danieltimlee@gmail.com> Link: https://lore.kernel.org/r/20230115071613.125791-9-danieltimlee@gmail.com Signed-off-by: Alexei Starovoitov <ast@kernel.org>
49 lines
1.2 KiB
C
49 lines
1.2 KiB
C
#include "net_shared.h"
|
|
#include <uapi/linux/bpf.h>
|
|
#include <linux/net.h>
|
|
#include <uapi/linux/in.h>
|
|
#include <uapi/linux/in6.h>
|
|
#include <bpf/bpf_helpers.h>
|
|
|
|
SEC("cgroup/sock")
|
|
int bpf_prog1(struct bpf_sock *sk)
|
|
{
|
|
char fmt[] = "socket: family %d type %d protocol %d\n";
|
|
char fmt2[] = "socket: uid %u gid %u\n";
|
|
__u64 gid_uid = bpf_get_current_uid_gid();
|
|
__u32 uid = gid_uid & 0xffffffff;
|
|
__u32 gid = gid_uid >> 32;
|
|
|
|
bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
|
|
bpf_trace_printk(fmt2, sizeof(fmt2), uid, gid);
|
|
|
|
/* block AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6 sockets
|
|
* ie., make ping6 fail
|
|
*/
|
|
if (sk->family == AF_INET6 &&
|
|
sk->type == SOCK_DGRAM &&
|
|
sk->protocol == IPPROTO_ICMPV6)
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
SEC("cgroup/sock")
|
|
int bpf_prog2(struct bpf_sock *sk)
|
|
{
|
|
char fmt[] = "socket: family %d type %d protocol %d\n";
|
|
|
|
bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
|
|
|
|
/* block AF_INET, SOCK_DGRAM, IPPROTO_ICMP sockets
|
|
* ie., make ping fail
|
|
*/
|
|
if (sk->family == AF_INET &&
|
|
sk->type == SOCK_DGRAM &&
|
|
sk->protocol == IPPROTO_ICMP)
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
char _license[] SEC("license") = "GPL";
|