Orange Pi5 kernel

^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  1) #include <uapi/linux/bpf.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  2) #include <linux/socket.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  3) #include <linux/net.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  4) #include <uapi/linux/in.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  5) #include <uapi/linux/in6.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  6) #include <bpf/bpf_helpers.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  7) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  8) SEC("cgroup/sock1")
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  9) int bpf_prog1(struct bpf_sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) 	char fmt[] = "socket: family %d type %d protocol %d\n";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) 	char fmt2[] = "socket: uid %u gid %u\n";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) 	__u64 gid_uid = bpf_get_current_uid_gid();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) 	__u32 uid = gid_uid & 0xffffffff;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) 	__u32 gid = gid_uid >> 32;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) 	bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) 	bpf_trace_printk(fmt2, sizeof(fmt2), uid, gid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) 	/* block PF_INET6, SOCK_RAW, IPPROTO_ICMPV6 sockets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) 	 * ie., make ping6 fail
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) 	if (sk->family == PF_INET6 &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) 	    sk->type == SOCK_RAW   &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) 	    sk->protocol == IPPROTO_ICMPV6)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) 	return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) SEC("cgroup/sock2")
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) int bpf_prog2(struct bpf_sock *sk)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) 	char fmt[] = "socket: family %d type %d protocol %d\n";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) 	bpf_trace_printk(fmt, sizeof(fmt), sk->family, sk->type, sk->protocol);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) 	/* block PF_INET, SOCK_RAW, IPPROTO_ICMP sockets
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) 	 * ie., make ping fail
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) 	 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) 	if (sk->family == PF_INET &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) 	    sk->type == SOCK_RAW  &&
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) 	    sk->protocol == IPPROTO_ICMP)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) 	return 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) char _license[] SEC("license") = "GPL";