]>
Commit | Line | Data |
---|---|---|
554ae6e7 DA |
1 | #include <uapi/linux/bpf.h> |
2 | #include <linux/socket.h> | |
3 | #include <linux/net.h> | |
4 | #include <uapi/linux/in.h> | |
5 | #include <uapi/linux/in6.h> | |
6 | #include "bpf_helpers.h" | |
7 | ||
8 | SEC("cgroup/sock1") | |
9 | int bpf_prog1(struct bpf_sock *sk) | |
10 | { | |
11 | char fmt[] = "socket: family %d type %d protocol %d\n"; | |
0adc3dd9 DA |
12 | char fmt2[] = "socket: uid %u gid %u\n"; |
13 | __u64 gid_uid = bpf_get_current_uid_gid(); | |
14 | __u32 uid = gid_uid & 0xffffffff; | |
15 | __u32 gid = gid_uid >> 32; | |
554ae6e7 DA |
16 | |
17 | bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol); | |
0adc3dd9 | 18 | bpf_trace_printk(fmt2, sizeof(fmt2), uid, gid); |
554ae6e7 DA |
19 | |
20 | /* block PF_INET6, SOCK_RAW, IPPROTO_ICMPV6 sockets | |
21 | * ie., make ping6 fail | |
22 | */ | |
23 | if (sk->family == PF_INET6 && | |
24 | sk->type == SOCK_RAW && | |
25 | sk->protocol == IPPROTO_ICMPV6) | |
26 | return 0; | |
27 | ||
28 | return 1; | |
29 | } | |
30 | ||
31 | SEC("cgroup/sock2") | |
32 | int bpf_prog2(struct bpf_sock *sk) | |
33 | { | |
34 | char fmt[] = "socket: family %d type %d protocol %d\n"; | |
35 | ||
36 | bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol); | |
37 | ||
38 | /* block PF_INET, SOCK_RAW, IPPROTO_ICMP sockets | |
39 | * ie., make ping fail | |
40 | */ | |
41 | if (sk->family == PF_INET && | |
42 | sk->type == SOCK_RAW && | |
43 | sk->protocol == IPPROTO_ICMP) | |
44 | return 0; | |
45 | ||
46 | return 1; | |
47 | } | |
48 | ||
49 | char _license[] SEC("license") = "GPL"; |