// SPDX-License-Identifier: GPL-2.0 #include #include #include #include #include #if defined(__TARGET_ARCH_x86) #define SYSCALL_WRAPPER 1 #define SYS_PREFIX "__x64_" #elif defined(__TARGET_ARCH_s390) #define SYSCALL_WRAPPER 1 #define SYS_PREFIX "__s390x_" #elif defined(__TARGET_ARCH_arm64) #define SYSCALL_WRAPPER 1 #define SYS_PREFIX "__arm64_" #else #define SYSCALL_WRAPPER 0 #define SYS_PREFIX "" #endif static struct sockaddr_in old; SEC("kprobe/" SYS_PREFIX "sys_connect") int BPF_KPROBE(handle_sys_connect) { #if SYSCALL_WRAPPER == 1 struct pt_regs *real_regs; #endif struct sockaddr_in new; void *ptr; #if SYSCALL_WRAPPER == 0 ptr = (void *)PT_REGS_PARM2(ctx); #else real_regs = (struct pt_regs *)PT_REGS_PARM1(ctx); bpf_probe_read_kernel(&ptr, sizeof(ptr), &PT_REGS_PARM2(real_regs)); #endif bpf_probe_read_user(&old, sizeof(old), ptr); __builtin_memset(&new, 0xab, sizeof(new)); bpf_probe_write_user(ptr, &new, sizeof(new)); return 0; } char _license[] SEC("license") = "GPL";