1 | /* Copyright (c) 2016 Sargun Dhillon <sargun@sargun.me> |
2 | * |
3 | * This program is free software; you can redistribute it and/or |
4 | * modify it under the terms of version 2 of the GNU General Public |
5 | * License as published by the Free Software Foundation. |
6 | */ |
7 | #include "vmlinux.h" |
8 | #include <string.h> |
9 | #include <linux/version.h> |
10 | #include <bpf/bpf_helpers.h> |
11 | #include <bpf/bpf_tracing.h> |
12 | #include <bpf/bpf_core_read.h> |
13 | |
14 | struct { |
15 | __uint(type, BPF_MAP_TYPE_HASH); |
16 | __type(key, struct sockaddr_in); |
17 | __type(value, struct sockaddr_in); |
18 | __uint(max_entries, 256); |
19 | } dnat_map SEC(".maps" ); |
20 | |
21 | /* kprobe is NOT a stable ABI |
22 | * kernel functions can be removed, renamed or completely change semantics. |
23 | * Number of arguments and their positions can change, etc. |
24 | * In such case this bpf+kprobe example will no longer be meaningful |
25 | * |
26 | * This example sits on a syscall, and the syscall ABI is relatively stable |
27 | * of course, across platforms, and over time, the ABI may change. |
28 | */ |
29 | SEC("ksyscall/connect" ) |
30 | int BPF_KSYSCALL(bpf_prog1, int fd, struct sockaddr_in *uservaddr, |
31 | int addrlen) |
32 | { |
33 | struct sockaddr_in new_addr, orig_addr = {}; |
34 | struct sockaddr_in *mapped_addr; |
35 | |
36 | if (addrlen > sizeof(orig_addr)) |
37 | return 0; |
38 | |
39 | if (bpf_probe_read_user(&orig_addr, sizeof(orig_addr), uservaddr) != 0) |
40 | return 0; |
41 | |
42 | mapped_addr = bpf_map_lookup_elem(&dnat_map, &orig_addr); |
43 | if (mapped_addr != NULL) { |
44 | memcpy(dest: &new_addr, src: mapped_addr, n: sizeof(new_addr)); |
45 | bpf_probe_write_user(uservaddr, &new_addr, |
46 | sizeof(new_addr)); |
47 | } |
48 | return 0; |
49 | } |
50 | |
51 | char _license[] SEC("license" ) = "GPL" ; |
52 | u32 _version SEC("version" ) = LINUX_VERSION_CODE; |
53 | |