| David Ahern | 554ae6e | 2016-12-01 08:48:08 -0800 | [diff] [blame] | 1 | #include <uapi/linux/bpf.h> |
| 2 | #include <linux/socket.h> |
| 3 | #include <linux/net.h> |
| 4 | #include <uapi/linux/in.h> |
| 5 | #include <uapi/linux/in6.h> |
| 6 | #include "bpf_helpers.h" |
| 7 | |
| 8 | SEC("cgroup/sock1") |
| 9 | int bpf_prog1(struct bpf_sock *sk) |
| 10 | { |
| 11 | char fmt[] = "socket: family %d type %d protocol %d\n"; |
| 12 | |
| 13 | bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol); |
| 14 | |
| 15 | /* block PF_INET6, SOCK_RAW, IPPROTO_ICMPV6 sockets |
| 16 | * ie., make ping6 fail |
| 17 | */ |
| 18 | if (sk->family == PF_INET6 && |
| 19 | sk->type == SOCK_RAW && |
| 20 | sk->protocol == IPPROTO_ICMPV6) |
| 21 | return 0; |
| 22 | |
| 23 | return 1; |
| 24 | } |
| 25 | |
| 26 | SEC("cgroup/sock2") |
| 27 | int bpf_prog2(struct bpf_sock *sk) |
| 28 | { |
| 29 | char fmt[] = "socket: family %d type %d protocol %d\n"; |
| 30 | |
| 31 | bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol); |
| 32 | |
| 33 | /* block PF_INET, SOCK_RAW, IPPROTO_ICMP sockets |
| 34 | * ie., make ping fail |
| 35 | */ |
| 36 | if (sk->family == PF_INET && |
| 37 | sk->type == SOCK_RAW && |
| 38 | sk->protocol == IPPROTO_ICMP) |
| 39 | return 0; |
| 40 | |
| 41 | return 1; |
| 42 | } |
| 43 | |
| 44 | char _license[] SEC("license") = "GPL"; |