1 // SPDX-License-Identifier: GPL-2.0 2 3 #include <linux/stddef.h> 4 #include <linux/bpf.h> 5 #include <sys/types.h> 6 #include <sys/socket.h> 7 #include <bpf/bpf_helpers.h> 8 #include <bpf/bpf_endian.h> 9 10 static __always_inline int bind_prog(struct bpf_sock_addr *ctx, int family) 11 { 12 struct bpf_sock *sk; 13 14 sk = ctx->sk; 15 if (!sk) 16 return 0; 17 18 if (sk->family != family) 19 return 0; 20 21 if (ctx->type != SOCK_STREAM) 22 return 0; 23 24 /* Return 1 OR'ed with the first bit set to indicate 25 * that CAP_NET_BIND_SERVICE should be bypassed. 26 */ 27 if (ctx->user_port == bpf_htons(111)) 28 return (1 | 2); 29 30 return 1; 31 } 32 33 SEC("cgroup/bind4") 34 int bind_v4_prog(struct bpf_sock_addr *ctx) 35 { 36 return bind_prog(ctx, AF_INET); 37 } 38 39 SEC("cgroup/bind6") 40 int bind_v6_prog(struct bpf_sock_addr *ctx) 41 { 42 return bind_prog(ctx, AF_INET6); 43 } 44 45 char _license[] SEC("license") = "GPL"; 46