xref: /linux/samples/bpf/sock_flags.bpf.c (revision a36e9f5cfe9eb3a1dce8769c7058251c42705357) 
1 // SPDX-License-Identifier: GPL-2.0
2 #include "vmlinux.h"
3 #include "net_shared.h"
4 #include <bpf/bpf_helpers.h>
5 
6 SEC("cgroup/sock")
7 int bpf_prog1(struct bpf_sock *sk)
8 {
9 	char fmt[] = "socket: family %d type %d protocol %d\n";
10 	char fmt2[] = "socket: uid %u gid %u\n";
11 	__u64 gid_uid = bpf_get_current_uid_gid();
12 	__u32 uid = gid_uid & 0xffffffff;
13 	__u32 gid = gid_uid >> 32;
14 
15 	bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
16 	bpf_trace_printk(fmt2, sizeof(fmt2), uid, gid);
17 
18 	/* block AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6 sockets
19 	 * ie., make ping6 fail
20 	 */
21 	if (sk->family == AF_INET6 &&
22 	    sk->type == SOCK_DGRAM   &&
23 	    sk->protocol == IPPROTO_ICMPV6)
24 		return 0;
25 
26 	return 1;
27 }
28 
29 SEC("cgroup/sock")
30 int bpf_prog2(struct bpf_sock *sk)
31 {
32 	char fmt[] = "socket: family %d type %d protocol %d\n";
33 
34 	bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
35 
36 	/* block AF_INET, SOCK_DGRAM, IPPROTO_ICMP sockets
37 	 * ie., make ping fail
38 	 */
39 	if (sk->family == AF_INET &&
40 	    sk->type == SOCK_DGRAM  &&
41 	    sk->protocol == IPPROTO_ICMP)
42 		return 0;
43 
44 	return 1;
45 }
46 
47 char _license[] SEC("license") = "GPL";
48