143d2b88cSDaniel Borkmann // SPDX-License-Identifier: GPL-2.0 243d2b88cSDaniel Borkmann 343d2b88cSDaniel Borkmann #include <string.h> 443d2b88cSDaniel Borkmann 543d2b88cSDaniel Borkmann #include <linux/stddef.h> 643d2b88cSDaniel Borkmann #include <linux/bpf.h> 743d2b88cSDaniel Borkmann 843d2b88cSDaniel Borkmann #include <sys/socket.h> 943d2b88cSDaniel Borkmann 1043d2b88cSDaniel Borkmann #include <bpf/bpf_helpers.h> 1143d2b88cSDaniel Borkmann #include <bpf/bpf_endian.h> 1243d2b88cSDaniel Borkmann 1343d2b88cSDaniel Borkmann #define VERDICT_REJECT 0 1443d2b88cSDaniel Borkmann #define VERDICT_PROCEED 1 1543d2b88cSDaniel Borkmann 1643d2b88cSDaniel Borkmann SEC("cgroup/connect4") connect_v4_dropper(struct bpf_sock_addr * ctx)1743d2b88cSDaniel Borkmannint connect_v4_dropper(struct bpf_sock_addr *ctx) 1843d2b88cSDaniel Borkmann { 1943d2b88cSDaniel Borkmann if (ctx->type != SOCK_STREAM) 2043d2b88cSDaniel Borkmann return VERDICT_PROCEED; 21*445e72c7SYucong Sun if (ctx->user_port == bpf_htons(60120)) 2243d2b88cSDaniel Borkmann return VERDICT_REJECT; 2343d2b88cSDaniel Borkmann return VERDICT_PROCEED; 2443d2b88cSDaniel Borkmann } 2543d2b88cSDaniel Borkmann 2643d2b88cSDaniel Borkmann char _license[] SEC("license") = "GPL"; 27