1 // SPDX-License-Identifier: GPL-2.0 2 3 #include <linux/ptrace.h> 4 #include <linux/bpf.h> 5 6 #include <netinet/in.h> 7 8 #include <bpf/bpf_helpers.h> 9 #include <bpf/bpf_tracing.h> 10 11 #if defined(__TARGET_ARCH_x86) 12 #define SYSCALL_WRAPPER 1 13 #define SYS_PREFIX "__x64_" 14 #elif defined(__TARGET_ARCH_s390) 15 #define SYSCALL_WRAPPER 1 16 #define SYS_PREFIX "__s390x_" 17 #elif defined(__TARGET_ARCH_arm64) 18 #define SYSCALL_WRAPPER 1 19 #define SYS_PREFIX "__arm64_" 20 #else 21 #define SYSCALL_WRAPPER 0 22 #define SYS_PREFIX "" 23 #endif 24 25 static struct sockaddr_in old; 26 27 SEC("kprobe/" SYS_PREFIX "sys_connect") 28 int BPF_KPROBE(handle_sys_connect) 29 { 30 #if SYSCALL_WRAPPER == 1 31 struct pt_regs *real_regs; 32 #endif 33 struct sockaddr_in new; 34 void *ptr; 35 36 #if SYSCALL_WRAPPER == 0 37 ptr = (void *)PT_REGS_PARM2(ctx); 38 #else 39 real_regs = (struct pt_regs *)PT_REGS_PARM1(ctx); 40 bpf_probe_read_kernel(&ptr, sizeof(ptr), &PT_REGS_PARM2(real_regs)); 41 #endif 42 43 bpf_probe_read_user(&old, sizeof(old), ptr); 44 __builtin_memset(&new, 0xab, sizeof(new)); 45 bpf_probe_write_user(ptr, &new, sizeof(new)); 46 47 return 0; 48 } 49 50 char _license[] SEC("license") = "GPL"; 51