Eric Lee / smarc-fsl-linux-kernel

Blame view

samples/bpf/sock_flags_kern.c 1.16 KB
edit raw normal view history
554ae6e79   David Ahern   samples/bpf: add ... 
1
2
3
4
5
6
7
8
9
10
11
12
 
  #include <uapi/linux/bpf.h>
  #include <linux/socket.h>
  #include <linux/net.h>
  #include <uapi/linux/in.h>
  #include <uapi/linux/in6.h>
  #include "bpf_helpers.h"
  
  SEC("cgroup/sock1")
  int bpf_prog1(struct bpf_sock *sk)
  {
  	char fmt[] = "socket: family %d type %d protocol %d
  ";
0adc3dd90   David Ahern   samples/bpf: Upda... 
13
14
15
16
17
 
  	char fmt2[] = "socket: uid %u gid %u
  ";
  	__u64 gid_uid = bpf_get_current_uid_gid();
  	__u32 uid = gid_uid & 0xffffffff;
  	__u32 gid = gid_uid >> 32;
554ae6e79   David Ahern   samples/bpf: add ... 
18
19
 
  
  	bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
0adc3dd90   David Ahern   samples/bpf: Upda... 
20
 
  	bpf_trace_printk(fmt2, sizeof(fmt2), uid, gid);
554ae6e79   David Ahern   samples/bpf: add ... 
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
  
  	/* block PF_INET6, SOCK_RAW, IPPROTO_ICMPV6 sockets
  	 * ie., make ping6 fail
  	 */
  	if (sk->family == PF_INET6 &&
  	    sk->type == SOCK_RAW   &&
  	    sk->protocol == IPPROTO_ICMPV6)
  		return 0;
  
  	return 1;
  }
  
  SEC("cgroup/sock2")
  int bpf_prog2(struct bpf_sock *sk)
  {
  	char fmt[] = "socket: family %d type %d protocol %d
  ";
  
  	bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
  
  	/* block PF_INET, SOCK_RAW, IPPROTO_ICMP sockets
  	 * ie., make ping fail
  	 */
  	if (sk->family == PF_INET &&
  	    sk->type == SOCK_RAW  &&
  	    sk->protocol == IPPROTO_ICMP)
  		return 0;
  
  	return 1;
  }
  
  char _license[] SEC("license") = "GPL";