1
2
3
4#include <string.h>
5
6#include <linux/stddef.h>
7#include <linux/bpf.h>
8#include <linux/in.h>
9#include <linux/in6.h>
10#include <sys/socket.h>
11
12#include <bpf/bpf_helpers.h>
13#include <bpf/bpf_endian.h>
14
15#define SRC_REWRITE_IP4 0x7f000004U
16#define DST_REWRITE_IP4 0x7f000001U
17#define DST_REWRITE_PORT4 4444
18
19int _version SEC("version") = 1;
20
21__attribute__ ((noinline))
22int do_bind(struct bpf_sock_addr *ctx)
23{
24 struct sockaddr_in sa = {};
25
26 sa.sin_family = AF_INET;
27 sa.sin_port = bpf_htons(0);
28 sa.sin_addr.s_addr = bpf_htonl(SRC_REWRITE_IP4);
29
30 if (bpf_bind(ctx, (struct sockaddr *)&sa, sizeof(sa)) != 0)
31 return 0;
32
33 return 1;
34}
35
36SEC("cgroup/connect4")
37int connect_v4_prog(struct bpf_sock_addr *ctx)
38{
39 struct bpf_sock_tuple tuple = {};
40 struct bpf_sock *sk;
41
42
43 memset(&tuple.ipv4.saddr, 0, sizeof(tuple.ipv4.saddr));
44 memset(&tuple.ipv4.sport, 0, sizeof(tuple.ipv4.sport));
45
46 tuple.ipv4.daddr = bpf_htonl(DST_REWRITE_IP4);
47 tuple.ipv4.dport = bpf_htons(DST_REWRITE_PORT4);
48
49 if (ctx->type != SOCK_STREAM && ctx->type != SOCK_DGRAM)
50 return 0;
51 else if (ctx->type == SOCK_STREAM)
52 sk = bpf_sk_lookup_tcp(ctx, &tuple, sizeof(tuple.ipv4),
53 BPF_F_CURRENT_NETNS, 0);
54 else
55 sk = bpf_sk_lookup_udp(ctx, &tuple, sizeof(tuple.ipv4),
56 BPF_F_CURRENT_NETNS, 0);
57
58 if (!sk)
59 return 0;
60
61 if (sk->src_ip4 != tuple.ipv4.daddr ||
62 sk->src_port != DST_REWRITE_PORT4) {
63 bpf_sk_release(sk);
64 return 0;
65 }
66
67 bpf_sk_release(sk);
68
69
70 ctx->user_ip4 = bpf_htonl(DST_REWRITE_IP4);
71 ctx->user_port = bpf_htons(DST_REWRITE_PORT4);
72
73 return do_bind(ctx) ? 1 : 0;
74}
75
76char _license[] SEC("license") = "GPL";
77
