samples/bpf/sock_flags_kern.c

   1 #include <uapi/linux/bpf.h>
   2 #include <linux/socket.h>
   3 #include <linux/net.h>
   4 #include <uapi/linux/in.h>
   5 #include <uapi/linux/in6.h>
   6 #include <bpf/bpf_helpers.h>
   7
   8 SEC("cgroup/sock1")
   9 int bpf_prog1(struct bpf_sock *sk)
  10 {
  11         char fmt[] = "socket: family %d type %d protocol %d\n";
  12         char fmt2[] = "socket: uid %u gid %u\n";
  13         __u64 gid_uid = bpf_get_current_uid_gid();
  14         __u32 uid = gid_uid & 0xffffffff;
  15         __u32 gid = gid_uid >> 32;
  16
  17         bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
  18         bpf_trace_printk(fmt2, sizeof(fmt2), uid, gid);
  19
  20         /* block PF_INET6, SOCK_RAW, IPPROTO_ICMPV6 sockets
  21          * ie., make ping6 fail
  22          */
  23         if (sk->family == PF_INET6 &&
  24             sk->type == SOCK_RAW   &&
  25             sk->protocol == IPPROTO_ICMPV6)
  26                 return 0;
  27
  28         return 1;
  29 }
  30
  31 SEC("cgroup/sock2")
  32 int bpf_prog2(struct bpf_sock *sk)
  33 {
  34         char fmt[] = "socket: family %d type %d protocol %d\n";
  35
  36         bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
  37
  38         /* block PF_INET, SOCK_RAW, IPPROTO_ICMP sockets
  39          * ie., make ping fail
  40          */
  41         if (sk->family == PF_INET &&
  42             sk->type == SOCK_RAW  &&
  43             sk->protocol == IPPROTO_ICMP)
  44                 return 0;
  45
  46         return 1;
  47 }
  48
  49 char _license[] SEC("license") = "GPL";