1// SPDX-License-Identifier: GPL-2.0 2#include "vmlinux.h" 3#include "net_shared.h" 4#include <bpf/bpf_helpers.h> 5 6SEC("cgroup/sock") 7int bpf_prog1(struct bpf_sock *sk) 8{ 9 char fmt[] = "socket: family %d type %d protocol %d\n"; 10 char fmt2[] = "socket: uid %u gid %u\n"; 11 __u64 gid_uid = bpf_get_current_uid_gid(); 12 __u32 uid = gid_uid & 0xffffffff; 13 __u32 gid = gid_uid >> 32; 14 15 bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol); 16 bpf_trace_printk(fmt2, sizeof(fmt2), uid, gid); 17 18 /* block AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6 sockets 19 * ie., make ping6 fail 20 */ 21 if (sk->family == AF_INET6 && 22 sk->type == SOCK_DGRAM && 23 sk->protocol == IPPROTO_ICMPV6) 24 return 0; 25 26 return 1; 27} 28 29SEC("cgroup/sock") 30int bpf_prog2(struct bpf_sock *sk) 31{ 32 char fmt[] = "socket: family %d type %d protocol %d\n"; 33 34 bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol); 35 36 /* block AF_INET, SOCK_DGRAM, IPPROTO_ICMP sockets 37 * ie., make ping fail 38 */ 39 if (sk->family == AF_INET && 40 sk->type == SOCK_DGRAM && 41 sk->protocol == IPPROTO_ICMP) 42 return 0; 43 44 return 1; 45} 46 47char _license[] SEC("license") = "GPL"; 48