linux/samples/bpf/sock_flags_kern.c
<<
>>
Prefs
   1#include <uapi/linux/bpf.h>
   2#include <linux/socket.h>
   3#include <linux/net.h>
   4#include <uapi/linux/in.h>
   5#include <uapi/linux/in6.h>
   6#include <bpf/bpf_helpers.h>
   7
   8SEC("cgroup/sock1")
   9int bpf_prog1(struct bpf_sock *sk)
  10{
  11        char fmt[] = "socket: family %d type %d protocol %d\n";
  12        char fmt2[] = "socket: uid %u gid %u\n";
  13        __u64 gid_uid = bpf_get_current_uid_gid();
  14        __u32 uid = gid_uid & 0xffffffff;
  15        __u32 gid = gid_uid >> 32;
  16
  17        bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
  18        bpf_trace_printk(fmt2, sizeof(fmt2), uid, gid);
  19
  20        /* block PF_INET6, SOCK_RAW, IPPROTO_ICMPV6 sockets
  21         * ie., make ping6 fail
  22         */
  23        if (sk->family == PF_INET6 &&
  24            sk->type == SOCK_RAW   &&
  25            sk->protocol == IPPROTO_ICMPV6)
  26                return 0;
  27
  28        return 1;
  29}
  30
  31SEC("cgroup/sock2")
  32int bpf_prog2(struct bpf_sock *sk)
  33{
  34        char fmt[] = "socket: family %d type %d protocol %d\n";
  35
  36        bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
  37
  38        /* block PF_INET, SOCK_RAW, IPPROTO_ICMP sockets
  39         * ie., make ping fail
  40         */
  41        if (sk->family == PF_INET &&
  42            sk->type == SOCK_RAW  &&
  43            sk->protocol == IPPROTO_ICMP)
  44                return 0;
  45
  46        return 1;
  47}
  48
  49char _license[] SEC("license") = "GPL";
  50