1 // SPDX-License-Identifier: GPL-2.0
2 
3 #include <linux/ptrace.h>
4 #include <linux/bpf.h>
5 
6 #include <netinet/in.h>
7 
8 #include <bpf/bpf_helpers.h>
9 #include <bpf/bpf_tracing.h>
10 
11 #if defined(__TARGET_ARCH_x86)
12 #define SYSCALL_WRAPPER 1
13 #define SYS_PREFIX "__x64_"
14 #elif defined(__TARGET_ARCH_s390)
15 #define SYSCALL_WRAPPER 1
16 #define SYS_PREFIX "__s390x_"
17 #elif defined(__TARGET_ARCH_arm64)
18 #define SYSCALL_WRAPPER 1
19 #define SYS_PREFIX "__arm64_"
20 #else
21 #define SYSCALL_WRAPPER 0
22 #define SYS_PREFIX ""
23 #endif
24 
25 static struct sockaddr_in old;
26 
27 SEC("kprobe/" SYS_PREFIX "sys_connect")
28 int BPF_KPROBE(handle_sys_connect)
29 {
30 #if SYSCALL_WRAPPER == 1
31 	struct pt_regs *real_regs;
32 #endif
33 	struct sockaddr_in new;
34 	void *ptr;
35 
36 #if SYSCALL_WRAPPER == 0
37 	ptr = (void *)PT_REGS_PARM2(ctx);
38 #else
39 	real_regs = (struct pt_regs *)PT_REGS_PARM1(ctx);
40 	bpf_probe_read_kernel(&ptr, sizeof(ptr), &PT_REGS_PARM2(real_regs));
41 #endif
42 
43 	bpf_probe_read_user(&old, sizeof(old), ptr);
44 	__builtin_memset(&new, 0xab, sizeof(new));
45 	bpf_probe_write_user(ptr, &new, sizeof(new));
46 
47 	return 0;
48 }
49 
50 char _license[] SEC("license") = "GPL";
51