xref: /openbmc/linux/samples/bpf/sock_flags.bpf.c (revision 9a87ffc99ec8eb8d35eed7c4f816d75f5cc9662e) 
1*e04946f5SDaniel T. Lee // SPDX-License-Identifier: GPL-2.0
2*e04946f5SDaniel T. Lee #include "vmlinux.h"
3*e04946f5SDaniel T. Lee #include "net_shared.h"
4*e04946f5SDaniel T. Lee #include <bpf/bpf_helpers.h>
5*e04946f5SDaniel T. Lee 
6*e04946f5SDaniel T. Lee SEC("cgroup/sock")
bpf_prog1(struct bpf_sock * sk)7*e04946f5SDaniel T. Lee int bpf_prog1(struct bpf_sock *sk)
8*e04946f5SDaniel T. Lee {
9*e04946f5SDaniel T. Lee 	char fmt[] = "socket: family %d type %d protocol %d\n";
10*e04946f5SDaniel T. Lee 	char fmt2[] = "socket: uid %u gid %u\n";
11*e04946f5SDaniel T. Lee 	__u64 gid_uid = bpf_get_current_uid_gid();
12*e04946f5SDaniel T. Lee 	__u32 uid = gid_uid & 0xffffffff;
13*e04946f5SDaniel T. Lee 	__u32 gid = gid_uid >> 32;
14*e04946f5SDaniel T. Lee 
15*e04946f5SDaniel T. Lee 	bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
16*e04946f5SDaniel T. Lee 	bpf_trace_printk(fmt2, sizeof(fmt2), uid, gid);
17*e04946f5SDaniel T. Lee 
18*e04946f5SDaniel T. Lee 	/* block AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6 sockets
19*e04946f5SDaniel T. Lee 	 * ie., make ping6 fail
20*e04946f5SDaniel T. Lee 	 */
21*e04946f5SDaniel T. Lee 	if (sk->family == AF_INET6 &&
22*e04946f5SDaniel T. Lee 	    sk->type == SOCK_DGRAM   &&
23*e04946f5SDaniel T. Lee 	    sk->protocol == IPPROTO_ICMPV6)
24*e04946f5SDaniel T. Lee 		return 0;
25*e04946f5SDaniel T. Lee 
26*e04946f5SDaniel T. Lee 	return 1;
27*e04946f5SDaniel T. Lee }
28*e04946f5SDaniel T. Lee 
29*e04946f5SDaniel T. Lee SEC("cgroup/sock")
bpf_prog2(struct bpf_sock * sk)30*e04946f5SDaniel T. Lee int bpf_prog2(struct bpf_sock *sk)
31*e04946f5SDaniel T. Lee {
32*e04946f5SDaniel T. Lee 	char fmt[] = "socket: family %d type %d protocol %d\n";
33*e04946f5SDaniel T. Lee 
34*e04946f5SDaniel T. Lee 	bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
35*e04946f5SDaniel T. Lee 
36*e04946f5SDaniel T. Lee 	/* block AF_INET, SOCK_DGRAM, IPPROTO_ICMP sockets
37*e04946f5SDaniel T. Lee 	 * ie., make ping fail
38*e04946f5SDaniel T. Lee 	 */
39*e04946f5SDaniel T. Lee 	if (sk->family == AF_INET &&
40*e04946f5SDaniel T. Lee 	    sk->type == SOCK_DGRAM  &&
41*e04946f5SDaniel T. Lee 	    sk->protocol == IPPROTO_ICMP)
42*e04946f5SDaniel T. Lee 		return 0;
43*e04946f5SDaniel T. Lee 
44*e04946f5SDaniel T. Lee 	return 1;
45*e04946f5SDaniel T. Lee }
46*e04946f5SDaniel T. Lee 
47*e04946f5SDaniel T. Lee char _license[] SEC("license") = "GPL";
48