Revert "Switch to using typesafe kernel ebpf map accessors"
This reverts commit d07962a3f6d6a9c3f63a12b7cfd8c486cd7c78e3.
diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index 65f3b47..e752dc3 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c
@@ -45,7 +45,7 @@
int xt_bpf_whitelist_prog(struct __sk_buff* skb) {
uint32_t sock_uid = bpf_get_socket_uid(skb);
if (is_system_uid(sock_uid)) return BPF_MATCH;
- UidOwnerValue* whitelistMatch = bpf_uid_owner_map_lookup_elem(&sock_uid);
+ struct UidOwnerValue* whitelistMatch = bpf_map_lookup_elem(&uid_owner_map, &sock_uid);
if (whitelistMatch) return whitelistMatch->rule & HAPPY_BOX_MATCH;
return BPF_NOMATCH;
}
@@ -53,12 +53,17 @@
SEC("skfilter/blacklist/xtbpf")
int xt_bpf_blacklist_prog(struct __sk_buff* skb) {
uint32_t sock_uid = bpf_get_socket_uid(skb);
- UidOwnerValue* blacklistMatch = bpf_uid_owner_map_lookup_elem(&sock_uid);
+ struct UidOwnerValue* blacklistMatch = bpf_map_lookup_elem(&uid_owner_map, &sock_uid);
if (blacklistMatch) return blacklistMatch->rule & PENALTY_BOX_MATCH;
return BPF_NOMATCH;
}
-DEFINE_BPF_MAP(uid_permission_map, HASH, uint32_t, uint8_t, UID_OWNER_MAP_SIZE)
+struct bpf_map_def SEC("maps") uid_permission_map = {
+ .type = BPF_MAP_TYPE_HASH,
+ .key_size = sizeof(uint32_t),
+ .value_size = sizeof(uint8_t),
+ .max_entries = UID_OWNER_MAP_SIZE,
+};
SEC("cgroupsock/inet/create")
int inet_socket_create(struct bpf_sock* sk) {
@@ -70,7 +75,7 @@
* run time. See UserHandle#isSameApp for detail.
*/
uint32_t appId = (gid_uid & 0xffffffff) % PER_USER_RANGE;
- uint8_t* permissions = bpf_uid_permission_map_lookup_elem(&appId);
+ uint8_t* permissions = bpf_map_lookup_elem(&uid_permission_map, &appId);
if (!permissions) {
// UID not in map. Default to just INTERNET permission.
return 1;