1// SPDX-License-Identifier: GPL-2.0 2 3#include <linux/stddef.h> 4#include <linux/bpf.h> 5#include <sys/types.h> 6#include <sys/socket.h> 7#include <bpf/bpf_helpers.h> 8#include <bpf/bpf_endian.h> 9 10static __always_inline int bind_prog(struct bpf_sock_addr *ctx, int family) 11{ 12 struct bpf_sock *sk; 13 14 sk = ctx->sk; 15 if (!sk) 16 return 0; 17 18 if (sk->family != family) 19 return 0; 20 21 if (ctx->type != SOCK_STREAM) 22 return 0; 23 24 /* Return 1 OR'ed with the first bit set to indicate 25 * that CAP_NET_BIND_SERVICE should be bypassed. 26 */ 27 if (ctx->user_port == bpf_htons(111)) 28 return (1 | 2); 29 30 return 1; 31} 32 33SEC("cgroup/bind4") 34int bind_v4_prog(struct bpf_sock_addr *ctx) 35{ 36 return bind_prog(ctx, AF_INET); 37} 38 39SEC("cgroup/bind6") 40int bind_v6_prog(struct bpf_sock_addr *ctx) 41{ 42 return bind_prog(ctx, AF_INET6); 43} 44 45char _license[] SEC("license") = "GPL"; 46