4c3384d7ab
Those hooks run as BPF_CGROUP_RUN_SA_PROG_LOCK and operate on a locked socket. Note that we could remove the switch for prog->expected_attach_type altogether since all current sock_addr attach types are covered. However, it makes sense to keep it as a safe-guard in case new sock_addr attach types are added that might not operate on a locked socket. Therefore, avoid to let this slip through. Signed-off-by: Stanislav Fomichev <sdf@google.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/20210127232853.3753823-5-sdf@google.com
43 lines
758 B
C
43 lines
758 B
C
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
#include <linux/stddef.h>
|
|
#include <linux/bpf.h>
|
|
#include <linux/in.h>
|
|
#include <sys/socket.h>
|
|
|
|
#include <bpf/bpf_helpers.h>
|
|
#include <bpf/bpf_endian.h>
|
|
|
|
#include <bpf_sockopt_helpers.h>
|
|
|
|
#define SERV4_IP 0xc0a801feU /* 192.168.1.254 */
|
|
#define SERV4_PORT 4040
|
|
|
|
SEC("cgroup/recvmsg4")
|
|
int recvmsg4_prog(struct bpf_sock_addr *ctx)
|
|
{
|
|
struct bpf_sock *sk;
|
|
__u32 user_ip4;
|
|
__u16 user_port;
|
|
|
|
sk = ctx->sk;
|
|
if (!sk)
|
|
return 1;
|
|
|
|
if (sk->family != AF_INET)
|
|
return 1;
|
|
|
|
if (ctx->type != SOCK_STREAM && ctx->type != SOCK_DGRAM)
|
|
return 1;
|
|
|
|
if (!get_set_sk_priority(ctx))
|
|
return 1;
|
|
|
|
ctx->user_ip4 = bpf_htonl(SERV4_IP);
|
|
ctx->user_port = bpf_htons(SERV4_PORT);
|
|
|
|
return 1;
|
|
}
|
|
|
|
char _license[] SEC("license") = "GPL";
|